From 2f581c40049904387f4c62a4bf0b68e1c887e79a Mon Sep 17 00:00:00 2001 From: Thorsten Bruhns Date: Wed, 4 Sep 2024 04:50:41 +0000 Subject: [PATCH 1/6] orasw_download_patches: added support for downloading apex installation archives --- changelogs/fragments/apex_download.yml | 3 + roles/orasw_download_patches/tasks/apex.yml | 61 +++++++++++++++++++++ roles/orasw_download_patches/tasks/main.yml | 14 ++++- 3 files changed, 76 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/apex_download.yml create mode 100644 roles/orasw_download_patches/tasks/apex.yml diff --git a/changelogs/fragments/apex_download.yml b/changelogs/fragments/apex_download.yml new file mode 100644 index 000000000..1948fa7b6 --- /dev/null +++ b/changelogs/fragments/apex_download.yml @@ -0,0 +1,3 @@ +--- +major_changes: + - "orasw_download_patches: added support for downloading apex installation archives (oravirt#473)" diff --git a/roles/orasw_download_patches/tasks/apex.yml b/roles/orasw_download_patches/tasks/apex.yml new file mode 100644 index 000000000..a2b65bdc4 --- /dev/null +++ b/roles/orasw_download_patches/tasks/apex.yml @@ -0,0 +1,61 @@ +--- +# selectattr on apex_state is more selective then on state +- name: apex | get version from oracle_databases + ansible.builtin.set_fact: + _orasw_download_patches_apex_versions: |- + {{ _download_apex_versions | default({}) + | combine(__apex_version_dict)}} + with_items: + - "{{ oracle_databases | default([]) | selectattr('apex_state', 'match', 'present') }}" + loop_control: + loop_var: apex_loop + label: >- + db_name: {{ apex_loop.oracle_db_name | default('') }} + apex_version: {{ apex_loop.apex_version | default('') }} + vars: + __apex_version_item: + - key: "{{ apex_loop.apex_version }}" + value: present + __apex_version_dict: "{{ __apex_version_item | items2dict }}" + when: + - apex_loop.state | default('') == 'present' + - apex_loop.apex_version is defined + +# selectattr on apex_state is more selective then on state +- name: apex | get version from oracle_pdbs + ansible.builtin.set_fact: + _orasw_download_patches_apex_versions: |- + {{ _download_apex_versions | default({}) + | combine(__apex_version_dict)}} + with_items: + - "{{ oracle_pdbs | default([]) }}" + loop_control: + loop_var: apex_loop + label: >- + db_name: {{ apex_loop.cdb | default('') }} + pdb_name: {{ apex_loop.pdb_name | default('') }} + state: {{ apex_loop.state | default('') }} + apex_version: {{ apex_loop.apex_version | default('') }} + vars: + __apex_version_item: + - key: "{{ apex_loop.apex_version }}" + value: present + __apex_version_dict: "{{ __apex_version_item | items2dict }}" + when: + - apex_loop.state | default('') == 'present' + - apex_loop.apex_version is defined + +- name: apex | Download APEX from Oracle + ansible.builtin.get_url: + url: "{{ _oraapex_url_prefix }}/{{ _oraapex_archive }}" + dest: "{{ oracle_sw_source_local }}/{{ _oraapex_archive }}" + mode: '0644' + with_dict: "{{ _orasw_download_patches_apex_versions }}" + loop_control: + label: >- + version: {{ item.key }} + when: + - _orasw_download_patches_apex_versions is defined + vars: + _oraapex_archive: "apex_{{ item.key }}.zip" + _oraapex_url_prefix: https://download.oracle.com/otn_software/apex diff --git a/roles/orasw_download_patches/tasks/main.yml b/roles/orasw_download_patches/tasks/main.yml index 275c8d5d6..9ec0fe512 100644 --- a/roles/orasw_download_patches/tasks/main.yml +++ b/roles/orasw_download_patches/tasks/main.yml @@ -30,7 +30,16 @@ ansible.builtin.file: path: "{{ oracle_patch_download_dir }}" state: directory - mode: 0755 + mode: "0755" + + # APEX download is possible without login at Oracle! + - name: Download APEX images + ansible.builtin.include_tasks: apex.yml + when: + - (oracle_databases | selectattr('apex_state', 'defined') | list | length > 0 + or + oracle_pdbs | selectattr('apex_state', 'defined') | list | length > 0 + ) - name: Login to Oracle ansible.builtin.uri: @@ -57,6 +66,7 @@ when: - opatch.filename | length > 0 - "opatch.filename not in (opatchinfo | map(attribute='filename'))" # do not create duplicates + - opatch.opatch_install | default(true) | bool loop_control: label: "{{ item.home }}: {{ opatch.filename | d('cannot find oracle_opatch_patch entry for ' + db_version, true) }}" @@ -152,7 +162,7 @@ use_proxy: "{{ use_proxy }}" # owner: "{{ oracle_user }}" # not always ansible contorller knows this user # group: "{{ oracle_group }}" # not always ansible contorller knows this group - mode: 0644 + mode: "0644" environment: "{{ proxy_env }}" register: download_patches with_items: From 4c17e7f82c0d58eca468090efc4b8de262fa20d5 Mon Sep 17 00:00:00 2001 From: Thorsten Bruhns Date: Mon, 2 Sep 2024 21:22:17 +0000 Subject: [PATCH 2/6] oraapex: New role to install APEX in databases - experimental --- changelogs/fragments/apex.yml | 3 + .../databases.yml | 2 + playbooks/manage_db.yml | 1 + roles/oraapex/.ansibledoctor.yml | 5 + roles/oraapex/README.md | 120 +++++++++++++ roles/oraapex/defaults/main.yml | 28 +++ roles/oraapex/files/apex_catcon.sql | 5 + roles/oraapex/files/apex_copy_patch.sh | 26 +++ .../oraapex/files/apex_create_admin_user.sql | 43 +++++ .../files/apex_reset_admin_password.sql | 51 ++++++ .../oraapex/files/apex_set_image_loc_cdn.sql | 17 ++ roles/oraapex/files/install_apex.sh | 10 ++ roles/oraapex/meta/main.yml | 44 +++++ roles/oraapex/tasks/assert.yml | 23 +++ roles/oraapex/tasks/loop_databases.yml | 159 ++++++++++++++++++ .../oraapex/tasks/loop_databases_patching.yml | 118 +++++++++++++ roles/oraapex/tasks/main.yml | 32 ++++ roles/oraapex/vars/main.yml | 12 ++ 18 files changed, 699 insertions(+) create mode 100644 changelogs/fragments/apex.yml create mode 100644 roles/oraapex/.ansibledoctor.yml create mode 100644 roles/oraapex/README.md create mode 100644 roles/oraapex/defaults/main.yml create mode 100644 roles/oraapex/files/apex_catcon.sql create mode 100644 roles/oraapex/files/apex_copy_patch.sh create mode 100644 roles/oraapex/files/apex_create_admin_user.sql create mode 100644 roles/oraapex/files/apex_reset_admin_password.sql create mode 100644 roles/oraapex/files/apex_set_image_loc_cdn.sql create mode 100644 roles/oraapex/files/install_apex.sh create mode 100644 roles/oraapex/meta/main.yml create mode 100644 roles/oraapex/tasks/assert.yml create mode 100644 roles/oraapex/tasks/loop_databases.yml create mode 100644 roles/oraapex/tasks/loop_databases_patching.yml create mode 100644 roles/oraapex/tasks/main.yml create mode 100644 roles/oraapex/vars/main.yml diff --git a/changelogs/fragments/apex.yml b/changelogs/fragments/apex.yml new file mode 100644 index 000000000..90cc242da --- /dev/null +++ b/changelogs/fragments/apex.yml @@ -0,0 +1,3 @@ +--- +major_changes: + - "oraapex: New role to install APEX in databases - experimental (oravirt#473)" diff --git a/example/beginner_patching/ansible/inventory/host_vars/beginner-dbfs-patching-151-192-168-56-162.nip.io/databases.yml b/example/beginner_patching/ansible/inventory/host_vars/beginner-dbfs-patching-151-192-168-56-162.nip.io/databases.yml index 9f28a15e8..35f143c8e 100644 --- a/example/beginner_patching/ansible/inventory/host_vars/beginner-dbfs-patching-151-192-168-56-162.nip.io/databases.yml +++ b/example/beginner_patching/ansible/inventory/host_vars/beginner-dbfs-patching-151-192-168-56-162.nip.io/databases.yml @@ -108,6 +108,8 @@ oracle_pdbs: cdb: *oracle_db_name pdb_name: PDB1 state: present + apex_state: present + apex_version: 23.2 profiles: "{{ oracle_default_profiles }}" statspack: purgedays: 14 diff --git a/playbooks/manage_db.yml b/playbooks/manage_db.yml index 517a63f11..d4b2750e2 100644 --- a/playbooks/manage_db.yml +++ b/playbooks/manage_db.yml @@ -12,6 +12,7 @@ - opitzconsulting.ansible_oracle.oradb_manage_redo - opitzconsulting.ansible_oracle.oradb_manage_profiles - opitzconsulting.ansible_oracle.oradb_manage_statspack + - opitzconsulting.ansible_oracle.oraapex - opitzconsulting.ansible_oracle.oradb_manage_roles - opitzconsulting.ansible_oracle.oradb_manage_users - opitzconsulting.ansible_oracle.oradb_manage_grants diff --git a/roles/oraapex/.ansibledoctor.yml b/roles/oraapex/.ansibledoctor.yml new file mode 100644 index 000000000..30b441754 --- /dev/null +++ b/roles/oraapex/.ansibledoctor.yml @@ -0,0 +1,5 @@ +--- +logging: + level: warning +template: readme +force_overwrite: true diff --git a/roles/oraapex/README.md b/roles/oraapex/README.md new file mode 100644 index 000000000..5c6ca4403 --- /dev/null +++ b/roles/oraapex/README.md @@ -0,0 +1,120 @@ +# oraapex + +The role is in pre ALPHA state. + +A lot of changes are planned during development at the moment. + +Limitations: + +- Oracle RDBMS 19c+ - older versions may work but not tested anymore. +- Installation in nonCDB or single PDB only - no CDB installation at the moment +- RAC not tested yet. + +Documentation: https://github.com/oravirt/ansible-oracle/blob/master/doc/guides/apex_ords.adoc + +## Table of content + +- [Requirements](#requirements) +- [Default Variables](#default-variables) + - [oraapex_base](#oraapex_base) + - [oraapex_default_admin_password](#oraapex_default_admin_password) + - [oraapex_default_files_tablespace](#oraapex_default_files_tablespace) + - [oraapex_default_tablespace](#oraapex_default_tablespace) + - [oraapex_default_temp_tablespace](#oraapex_default_temp_tablespace) + - [oraapex_image_path](#oraapex_image_path) + - [oraapex_rac_primary_node_only](#oraapex_rac_primary_node_only) + - [oraapex_rac_primary_only](#oraapex_rac_primary_only) +- [Open Tasks](#open-tasks) +- [Dependencies](#dependencies) +- [License](#license) +- [Author](#author) + +--- + +## Requirements + +- Minimum Ansible version: `2.15.0` + +## Default Variables + +### oraapex_base + +`oraapex_base` is used as a prefix directory for unzip for apex.zip. + +#### Default value + +```YAML +oraapex_base: >- + {{ oracle_base }}/product +``` + +### oraapex_default_admin_password + +Password for apex_admin_user from `oracle_databases` or `oracle_pdbs`. + +### oraapex_default_files_tablespace + +#### Default value + +```YAML +oraapex_default_files_tablespace: SYSAUX +``` + +### oraapex_default_tablespace + +#### Default value + +```YAML +oraapex_default_tablespace: SYSAUX +``` + +### oraapex_default_temp_tablespace + +#### Default value + +```YAML +oraapex_default_temp_tablespace: TEMP +``` + +### oraapex_image_path + +#### Default value + +```YAML +oraapex_image_path: /i/ +``` + +### oraapex_rac_primary_node_only + +#### Default value + +```YAML +oraapex_rac_primary_node_only: true +``` + +### oraapex_rac_primary_only + +unarchive apex.zip in RAC only on 1st node or on all nodes? + +This is only true, when ORDS runs on RAC nodes as well, because we need +the images for ORDS. This should not be done on production setups! + + +## Open Tasks + +- (information): oraapex_rac_primary_only not implemented yet. + +## Dependencies + +- orahost_meta +- orasw_meta + +## License + +license (MIT) + +## Author + + + +- Thorsten Bruhns diff --git a/roles/oraapex/defaults/main.yml b/roles/oraapex/defaults/main.yml new file mode 100644 index 000000000..d5655ff1c --- /dev/null +++ b/roles/oraapex/defaults/main.yml @@ -0,0 +1,28 @@ +--- +# @var oraapex_base:description: > +# `oraapex_base` is used as a prefix directory for unzip for apex.zip. +# +# @end +oraapex_base: >- + {{ oracle_base }}/product + +oraapex_default_tablespace: SYSAUX +oraapex_default_files_tablespace: SYSAUX +oraapex_default_temp_tablespace: TEMP +oraapex_image_path: /i/ + +# @var oraapex_default_admin_password:description: > +# Password for apex_admin_user from `oracle_databases` or `oracle_pdbs`. +# +# @end +# oraapex_default_admin_password: + +# @todo information: oraapex_rac_primary_only not implemented yet. + +# @var oraapex_rac_primary_only:description: > +# unarchive apex.zip in RAC only on 1st node or on all nodes? +# +# This is only true, when ORDS runs on RAC nodes as well, because we need +# the images for ORDS. This should not be done on production setups! +# @end +oraapex_rac_primary_node_only: true diff --git a/roles/oraapex/files/apex_catcon.sql b/roles/oraapex/files/apex_catcon.sql new file mode 100644 index 000000000..78e0ee78e --- /dev/null +++ b/roles/oraapex/files/apex_catcon.sql @@ -0,0 +1,5 @@ +set serverout on + +-- execute catcon on APEX +-- store current patching state in statefile +-- => That is used by oraapex to get the current statue for the database diff --git a/roles/oraapex/files/apex_copy_patch.sh b/roles/oraapex/files/apex_copy_patch.sh new file mode 100644 index 000000000..62badb348 --- /dev/null +++ b/roles/oraapex/files/apex_copy_patch.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash +set -eu +set -o pipefail + +echo "APEX_HOME: ${APEX_HOME}" +echo "APEX_VERSION: ${APEX_VERSION}" +echo "APEX_PATCHID: ${APEX_PATCHID}" +echo "" + +copy_patch_data() { + echo "" + echo "Copy patch into ${APEX_HOME}" + cp -r "${APEX_HOME}/${APEX_PATCHID}/"* "${APEX_HOME}/apex" + + echo "Remove unarchive directory: ${APEX_HOME}/${APEX_PATCHID}" + rm -rf "${APEX_HOME:?}/${APEX_PATCHID:?}" + echo "removal done" + + # Read current patchversion from copied data + patchversion=$(head -1 "${APEX_HOME}/apex/README.txt" | tr -d '[:space:]' | cut -d":" -f2) + statefile="${APEX_HOME}/.ansible_apex_patchstate" + echo "${patchversion}" > "${statefile}" + echo "patch statefile ${statefile} created" +} + +copy_patch_data diff --git a/roles/oraapex/files/apex_create_admin_user.sql b/roles/oraapex/files/apex_create_admin_user.sql new file mode 100644 index 000000000..4387b9230 --- /dev/null +++ b/roles/oraapex/files/apex_create_admin_user.sql @@ -0,0 +1,43 @@ +-- +-- Parameter: +-- - APEX-Version +-- - Admin-Username +-- - Admin-Password +-- - Admin-Email + +define APEXVERSION = &1 +define APEXUSER = &2 +define APEXPASS = &3 +define APEXEMAIL = &4 + +set serverout on +set verify off + +begin + dbms_output.enable(10000); + -- check if admin user exists + -- => We do not update existing admin users! + declare + l_user_id varchar2(100); + l_password varchar2(50) := '&APEXPASS'; + begin + select user_id + into l_user_id + from &APEXVERSION..wwv_flow_fnd_user + where security_group_id = 10 + and upper(user_name) = upper('&APEXUSER'); + + dbms_output.put_line('Admin-User (&APEXUSER) with user_id(' || l_user_id || ') existing!'); + exception + when no_data_found then + -- admin-user not found + -- => we can created him! + &APEXVERSION..wwv_flow_instance_admin.create_or_update_admin_user ( + p_username => upper( '&APEXUSER.' ), + p_email => '&APEXEMAIL.', + p_password => l_password ); + commit; + dbms_output.put_line('Admin-User (&APEXUSER) created!'); + end; +end; +/ diff --git a/roles/oraapex/files/apex_reset_admin_password.sql b/roles/oraapex/files/apex_reset_admin_password.sql new file mode 100644 index 000000000..781570211 --- /dev/null +++ b/roles/oraapex/files/apex_reset_admin_password.sql @@ -0,0 +1,51 @@ +-- +-- Parameter: +-- - Admin-Password + +define APEXADMINPASS = &1 + +set serverout on +set verify off + +begin + dbms_output.enable(10000); + -- check if admin user exists + -- => We do not update existing admin users! + declare + l_user_name varchar2(30) := 'ADMIN'; + l_user_email varchar2(240); + l_user_id varchar2(100); + l_password varchar2(50) := '&APEXADMINPASS'; + l_apex_owner varchar2(30); + begin + select table_owner + into l_apex_owner + from all_synonyms + where owner = 'PUBLIC' + and table_name = 'APEX'; + + execute immediate 'alter session set current_schema=' || l_apex_owner; + + dbms_output.put_line('APEX Schema: ' || l_apex_owner); + + select user_id, email_address + into l_user_id, l_user_email + from wwv_flow_fnd_user + where security_group_id = 10 + and upper(user_name) = l_user_name; + + dbms_output.put_line('Admin-User (' || l_user_name || ') with user_id (' || l_user_id || ') existing!'); + + -- wwv_flow_fnd_user_int.create_or_update_user ( + -- p_username => upper(l_user_name), + -- p_email => l_user_email, + -- p_password => l_password ); + commit; + dbms_output.put_line('Admin-User (' || l_user_name || ') created!'); + + exception + when no_data_found then + raise_application_error(-20000, 'User ' || l_user_name || ' not found in APEX'); + end; +end; +/ diff --git a/roles/oraapex/files/apex_set_image_loc_cdn.sql b/roles/oraapex/files/apex_set_image_loc_cdn.sql new file mode 100644 index 000000000..d5f4a9489 --- /dev/null +++ b/roles/oraapex/files/apex_set_image_loc_cdn.sql @@ -0,0 +1,17 @@ +set serverout on + +begin + for cur1 in (select VERSION_NO + from apex_release) loop + + dbms_output.put_line('APEX Version: ' || cur1.version_no); + apex_instance_admin.set_parameter + ( + p_parameter => 'IMAGE_PREFIX', + p_value => 'https://static.oracle.com/cdn/apex/' || cur1.version_no || '/' + ); + + end loop; + commit; +end; +/ diff --git a/roles/oraapex/files/install_apex.sh b/roles/oraapex/files/install_apex.sh new file mode 100644 index 000000000..baa7c1665 --- /dev/null +++ b/roles/oraapex/files/install_apex.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +set -eu +set -o pipefail + +echo "ORACLE_HOME: ${ORACLE_HOME}" +echo "ORACLE_SID: ${ORACLE_SID}" +echo "IS_CONTAINER: ${IS_CONTAINER}" +echo "APEX_VERSION: ${APEX_VERSION}" +echo "APEX_TABLESPACE: ${APEX_TABLESPACE}" +echo "APEX_TEMP_TABLESPACE: ${APEX_TEMP_TABLESPACE}" diff --git a/roles/oraapex/meta/main.yml b/roles/oraapex/meta/main.yml new file mode 100644 index 000000000..9e24e5347 --- /dev/null +++ b/roles/oraapex/meta/main.yml @@ -0,0 +1,44 @@ +--- +# @meta description: > +# The role is in pre ALPHA state. +# +# A lot of changes are planned during development at the moment. +# +# Limitations: +# +# - Oracle RDBMS 19c+ - older versions may work but not tested anymore. +# - Installation in nonCDB or single PDB only - no CDB installation at the moment +# - RAC not tested yet. +# +# Documentation: https://github.com/oravirt/ansible-oracle/blob/master/doc/guides/apex_ords.adoc +# +# @end + +# @meta author: > +# +# - Thorsten Bruhns +# @end +galaxy_info: + role_name: oraapex + author: Thorsten Bruhns + description: Install APEX on Server and in Database + company: Thorsten Bruhns + + license: license (MIT) + + min_ansible_version: 2.15.0 + + platforms: + - name: EL + versions: + - "8" + - "9" + + galaxy_tags: + - database + - oracle + - apex + +dependencies: + - role: orahost_meta + - role: orasw_meta diff --git a/roles/oraapex/tasks/assert.yml b/roles/oraapex/tasks/assert.yml new file mode 100644 index 000000000..b6ded0002 --- /dev/null +++ b/roles/oraapex/tasks/assert.yml @@ -0,0 +1,23 @@ +--- +# CHeck if target is 19c or newer +# => ORACLE_PDB_SID is supported in 18c or newer + +# Check if apex_state is present +# => more is not supported at the moment + +# apex_version is mandatory when apex_state=present +- name: assert | Check for apex_state not in oracle_databases + ansible.builtin.assert: + quiet: true + that: + - odb.apex_state is not defined + fail_msg: >- + APEX is not supported in nonCDB or CDB at the moment. + with_items: + - "{{ oracle_databases | default([]) }}" + loop_control: + loop_var: odb + label: >- + db_name: {{ odb.oracle_db_name | default('') }} + when: + - oracle_databases is defined diff --git a/roles/oraapex/tasks/loop_databases.yml b/roles/oraapex/tasks/loop_databases.yml new file mode 100644 index 000000000..ddc2a943d --- /dev/null +++ b/roles/oraapex/tasks/loop_databases.yml @@ -0,0 +1,159 @@ +--- +- name: loop_databases | Assert + ansible.builtin.assert: + quiet: true + that: + - apex_loop.apex_version is defined + - apex_loop.apex_state is defined + +- name: loop_databases | work as oracle + become: true + become_user: "{{ oracle_user }}" + vars: + _oraapex_dbpassword: + apex_public_user: |- + {{ dbpasswords[apex_loop.cdb][apex_loop.pdb_name]['apex_public_user'] + | default(dbpasswords[apex_loop.cdb][apex_loop.pdb_name]['APEX_PUBLIC_USER']) }} + apex_rest_public_user: |- + {{ dbpasswords[apex_loop.cdb][apex_loop.pdb_name]['apex_rest_public_user'] + | default(dbpasswords[apex_loop.cdb][apex_loop.pdb_name]['APEX_REST_PUBLIC_USER']) }} + + block: + + - name: loop_databases | Assert passwords for apxsilentins.sql + ansible.builtin.assert: + quiet: true + fail_msg: >- + One or more passwords are missing in dbpasswords. Please define them. + that: + - _oraapex_dbpassword['apex_public_user'] | length > 0 + - _oraapex_dbpassword['apex_rest_public_user'] | length > 0 + + - name: "loop_databases | Create target directory {{ _oraapex_homedir }}" + ansible.builtin.file: + path: "{{ _oraapex_homedir }}" + state: directory + mode: "0755" + + - name: loop_databases | unarchive apex.zip + ansible.builtin.unarchive: + src: "{{ oracle_sw_source_local }}/{{ _oraapex_archive }}" + dest: "{{ _oraapex_homedir }}" + copy: true + creates: "{{ _oraapex_homedir }}/META-INF" + + - name: loop_databases | install APEX in PDB + when: + - _orasw_meta_primary_node | bool + vars: + _apex_version_string: |- + {{ apex_loop.apex_version | string }} + _apex_db_user: |- + APEX_{{ _apex_version_string.split('.')[0] }}0{{ _apex_version_string.split('.')[1] }} + _apex_db_user_long: "{{ _apex_db_user }}00" + _oraapex_admin_password: "{{ oraapex_default_admin_password }}" + + block: + + - name: loop_databases | install APEX in PDB + opitzconsulting.ansible_oracle.oracle_sqldba: + sqlscript: >- + apxsilentins.sql + {{ apex_loop.oraapex_tablespace | default(oraapex_default_tablespace) }} + {{ apex_loop.oraapex_files_tablespace | default(oraapex_default_files_tablespace) }} + {{ apex_loop.oraapex_temp_tablespace | default(oraapex_default_temp_tablespace) }} + {{ apex_loop.oraapex_image_path | default(oraapex_image_path) }} + {{ _oraapex_dbpassword['apex_public_user'] }} + {{ lookup('ansible.builtin.password', '/tmp/passwordfile', chars=['ascii_letters', 'digits']) }} + {{ _oraapex_dbpassword['apex_rest_public_user'] }} + {{ _oraapex_admin_password }} + scope: pdbs + pdb_list: "{{ apex_loop.pdb_name }}" + creates_sql: >- + select username + from DBA_USERS + where username like '{{ _apex_db_user }}%' + oracle_home: "{{ _oracle_home_db_pdb }}" + oracle_db_name: "{{ _oracle_db_instance_name }}" + chdir: "{{ _oraapex_homedir }}/apex" + when: + - apex_loop.pdb_name is defined + vars: + opdb: "{{ apex_loop }}" # odb is needed for _oracle_* variables + + # apex_create_admin_user is not working with old APEX verions. :-( + - name: loop_databases | copy sql helper for APEX configuration + ansible.builtin.copy: + src: "{{ item }}" + dest: "{{ oracle_stage }}" + mode: "0644" + loop: + # - apex_create_admin_user.sql + - apex_set_image_loc_cdn.sql + + # apex_create_admin_user is not working with old APEX verions. :-( + # We use apxsilentins.sql to configure the admin user instead. + # - name: loop_databases | create admin user in APEX + # block: + # # assert password before execution tas. + # # => no_log prevents detailed output dring admin user configuration + # - name: loop_databases | Assert admin password + # ansible.builtin.assert: + # quiet: true + # that: _oraapex_admin_password is defined + # fail_msg: >- + # Missing variable oraapex_default_admin_password in inventory. + + # - name: loop_databases | create admin user in APEX + # opitzconsulting.ansible_oracle.oracle_sqldba: + # sqlscript: >- + # {{ oracle_stage }}/apex_create_admin_user.sql + # {{ _apex_db_user_long }} + # {{ apex_loop.apex_admin_user }} + # {{ _oraapex_admin_password }} + # {{ apex_loop.apex_admin_user_email }} + # scope: pdbs + # pdb_list: "{{ apex_loop.pdb_name }}" + # creates_sql: >- + # select user_name + # from {{ _apex_db_user_long }}.wwv_flow_fnd_user + # where security_group_id = 10 + # and upper(user_name) = upper('{{ apex_loop.apex_admin_user }}') + # oracle_home: "{{ _oracle_home_db_pdb }}" + # oracle_db_name: "{{ _oracle_db_instance_name }}" + # chdir: "{{ oracle_stage }}" + # # no_log: true + # when: + # - apex_loop.pdb_name is defined + # vars: + # opdb: "{{ apex_loop }}" # odb is needed for _oracle_* variables + + # The task will execute each time a patch has been installed. + # => It's not a problem to configure the CDN each time the role is executed. + - name: loop_databases | Configure CDN (APEX Image URL pointing to OCI) + opitzconsulting.ansible_oracle.oracle_sqldba: + sqlscript: >- + @{{ oracle_stage }}/apex_set_image_loc_cdn.sql + scope: pdbs + pdb_list: "{{ apex_loop.pdb_name }}" + creates_sql: >- + SELECT 1 + FROM apex_release ar + WHERE apex_instance_admin.get_parameter('IMAGE_PREFIX') like '%/' || ar.version_no || '/' + oracle_home: "{{ _oracle_home_db_pdb }}" + oracle_db_name: "{{ _oracle_db_instance_name }}" + chdir: "{{ oracle_stage }}" + when: + - apex_loop.pdb_name is defined + - apex_loop.apex_use_cdn | default(true) | bool + vars: + opdb: "{{ apex_loop }}" # odb is needed for _oracle_* variables + + # It's important to include these after the installation + # => We need the view apex_patches inside the database! + - name: loop_databases | include loop_databases_patching.yml + ansible.builtin.include_tasks: loop_databases_patching.yml + when: + - apex_loop.apex_patchid is defined + vars: + opdb: "{{ apex_loop }}" # odb is needed for _oracle_* variables diff --git a/roles/oraapex/tasks/loop_databases_patching.yml b/roles/oraapex/tasks/loop_databases_patching.yml new file mode 100644 index 000000000..4918f43da --- /dev/null +++ b/roles/oraapex/tasks/loop_databases_patching.yml @@ -0,0 +1,118 @@ +--- +# How it works: +# Read Patch version from Database +# Read Patch Version from Patch archive by unarchive README.txt +# Check statefile for installed patch +# no Patch version from Database or no statefile +# => no patches in database +# => install patch in software an database +# +# Found Pa nothing to do +# different versions => install patch + +- name: loop_databases_patching | working on APEX Patch + when: + - apex_loop.apex_patchid is defined + vars: + _oraapex_unarchive_patch_dir: >- + {{ oracle_stage }}/apex_patches + _oraapex_statefile_version: >- + {{ _oraapex_patchuid_res.stdout | default('') }} + _oraapex_sql_patch_version: >- + {{ _oraapex_patches_db_res['state']['ROW'][0]['IMAGES_VERSION'] | default('') }} + + environment: + APEX_VERSION: "{{ apex_loop.apex_version }}" + APEX_HOME: "{{ _oraapex_homedir }}" + APEX_PATCHID: "{{ apex_loop.apex_patchid }}" + block: + + - name: Get current APEX patch state from database + opitzconsulting.ansible_oracle.oracle_sqldba: + sqlselect: >- + select * + from apex_patches + order by installed_on desc + offset 0 rows fetch next 1 rows only + scope: pdbs + pdb_list: "{{ apex_loop.pdb_name }}" + oracle_home: "{{ _oracle_home_db_pdb }}" + oracle_db_name: "{{ _oracle_db_instance_name }}" + register: _oraapex_patches_db_res + + # Important: APEX Patches are incremental + # => We need to unarchive README.txt to read the version inside the archive... + - name: loop_databases_patching | unarchive README.txt from APEX Patch + ansible.builtin.unarchive: + src: "{{ oracle_sw_source_local }}/{{ _oraapex_patch_archive }}" + dest: "{{ _oraapex_homedir }}" + copy: true + include: >- + {{ apex_loop.apex_patchid }}/README.txt + + - name: loop_databases_patching | Read patch version from README.txt + ansible.builtin.shell: # noqa: no-changed-when + cmd: |- + #!/usr/bin/env bash + set -eu + set -o pipefail + + head -1 "${APEX_HOME}/{{ apex_loop.apex_patchid }}/README.txt" | tr -d '[:space:]' | cut -d":" -f2 + register: _oraapex_patchuid_res + + - name: loop_databases_patching | statefile for existing patch + ansible.builtin.stat: + path: "{{ _oraapex_patch_statefile }}" + register: _oraapex_patch_statefile_res + + - name: loop_databases_patching | statefile debug data + ansible.builtin.debug: + msg: + - "statefile: {{ _oraapex_patch_statefile }}" + - "statefile_exists: {{ _oraapex_patch_statefile_res.stat.exists }}" + - "Software Patch: {{ _oraapex_statefile_version }}" + - "Database Patch: {{ _oraapex_sql_patch_version }}" + + # - no statefile => 1st installation + # - _oraapex_sql_patch_version | length == 0 => no patches installed + - name: loop_databases_patching | copy APEX Patch into APEX installation + when: + - (not _oraapex_patch_statefile_res.stat.exists | bool) + or _oraapex_sql_patch_version | length == 0 + or (_oraapex_sql_patch_version | length > 0 + and _oraapex_statefile_version | length > 0 + and _oraapex_sql_patch_version != _oraapex_statefile_version + ) + block: + + - name: loop_databases_patching | unarchive APEX Patch + ansible.builtin.unarchive: + src: "{{ oracle_sw_source_local }}/{{ _oraapex_patch_archive }}" + dest: "{{ _oraapex_homedir }}" + copy: true + creates: "{{ _oraapex_homedir }}/{{ apex_loop.apex_patchid }}/catpatch.sql" + + - name: loop_databases_patching | copy APEX Patch into APEX installation + ansible.builtin.script: apex_copy_patch.sh + register: _oraapex_copy_patch_res + + - name: loop_databases_patching | output copy APEX Patch into APEX installation + ansible.builtin.debug: + var: _oraapex_copy_patch_res.stdout_lines + + - name: loop_databases_patching | APEX install patch with catpatch.sql + opitzconsulting.ansible_oracle.oracle_sqldba: + sqlscript: >- + @catpatch.sql + nls_lang: American_America.AL32UTF8 + scope: pdbs + pdb_list: "{{ apex_loop.pdb_name }}" + oracle_home: "{{ _oracle_home_db_pdb }}" + oracle_db_name: "{{ _oracle_db_instance_name }}" + chdir: "{{ _oraapex_homedir }}/apex" + register: _oraapex_catpatch_res + + - name: loop_databases_patching | catpatch output + ansible.builtin.debug: + var: _oraapex_catpatch_res.msg diff --git a/roles/oraapex/tasks/main.yml b/roles/oraapex/tasks/main.yml new file mode 100644 index 000000000..2a0a1e5bd --- /dev/null +++ b/roles/oraapex/tasks/main.yml @@ -0,0 +1,32 @@ +--- +- name: assert + ansible.builtin.include_tasks: assert.yml + +# selectattr on apex_state is more selective then on state +- name: APEX installation - loop over oracle_databases + ansible.builtin.include_tasks: loop_databases.yml + with_items: + - "{{ oracle_databases | default([]) | selectattr('apex_state', 'defined') | selectattr('apex_state', 'match', 'present') }}" + loop_control: + loop_var: apex_loop + label: >- + db_name: {{ apex_loop.oracle_db_name | default('') }} + apex_version: {{ apex_loop.apex_version | default('') }} + when: + - apex_loop.state | default('') == 'present' + - apex_loop.apex_version is defined + +# selectattr on apex_state is more selective then on state +- name: APEX installation - loop over oracle_pdbs + ansible.builtin.include_tasks: loop_databases.yml + with_items: + - "{{ oracle_pdbs | default([]) | selectattr('apex_state', 'defined') | selectattr('apex_state', 'match', 'present') }}" + loop_control: + loop_var: apex_loop + label: >- + cdb: {{ apex_loop.cdb | default('') }} + pdb_name: {{ apex_loop.pdb_name | default('') }} + apex_version: {{ apex_loop.apex_version | default('') }} + when: + - apex_loop.state | default('') == 'present' + - apex_loop.apex_version is defined diff --git a/roles/oraapex/vars/main.yml b/roles/oraapex/vars/main.yml new file mode 100644 index 000000000..087a99101 --- /dev/null +++ b/roles/oraapex/vars/main.yml @@ -0,0 +1,12 @@ +--- +_oraapex_archive: >- + apex_{{ apex_loop.apex_version }}.zip + +_oraapex_patch_statefile: >- + {{ _oraapex_homedir }}/.ansible_apex_patchstate + +_oraapex_patch_archive: >- + p{{ apex_loop.apex_patchid }}_{{ apex_loop.apex_version | replace('.', '') }}0_Generic.zip + +_oraapex_homedir: >- + {{ oraapex_base }}/apex_{{ apex_loop.apex_version }} From ac7414cdc8c1d52ed1a8566edccf46436215ba5f Mon Sep 17 00:00:00 2001 From: Thorsten Bruhns Date: Sun, 16 Jun 2024 21:11:08 +0000 Subject: [PATCH 3/6] ORDS: new experimental role to install and configure ORDS on OracleLinux --- changelogs/fragments/ords.yml | 3 + playbooks/manage_ords.yml | 6 + roles/oraords/.ansibledoctor.yml | 8 ++ roles/oraords/README.md | 152 ++++++++++++++++++++ roles/oraords/defaults/main.yml | 66 +++++++++ roles/oraords/meta/main.yml | 33 +++++ roles/oraords/tasks/assert.yml | 25 ++++ roles/oraords/tasks/loop_configure_ords.yml | 95 ++++++++++++ roles/oraords/tasks/main.yml | 47 ++++++ roles/oraords/vars/main.yml | 4 + 10 files changed, 439 insertions(+) create mode 100644 changelogs/fragments/ords.yml create mode 100644 playbooks/manage_ords.yml create mode 100644 roles/oraords/.ansibledoctor.yml create mode 100644 roles/oraords/README.md create mode 100644 roles/oraords/defaults/main.yml create mode 100644 roles/oraords/meta/main.yml create mode 100644 roles/oraords/tasks/assert.yml create mode 100644 roles/oraords/tasks/loop_configure_ords.yml create mode 100644 roles/oraords/tasks/main.yml create mode 100644 roles/oraords/vars/main.yml diff --git a/changelogs/fragments/ords.yml b/changelogs/fragments/ords.yml new file mode 100644 index 000000000..3183ab57c --- /dev/null +++ b/changelogs/fragments/ords.yml @@ -0,0 +1,3 @@ +--- +major_changes: + - "ORDS: new experimental role to install and configure ORDS on OracleLinux (oravirt#473)" diff --git a/playbooks/manage_ords.yml b/playbooks/manage_ords.yml new file mode 100644 index 000000000..acdcfa3d8 --- /dev/null +++ b/playbooks/manage_ords.yml @@ -0,0 +1,6 @@ +--- +- name: Install and Configure Oracle Rest Data Services + hosts: "{{ hostgroup | default('all') }}" + any_errors_fatal: true + roles: + - opitzconsulting.ansible_oracle.oraords diff --git a/roles/oraords/.ansibledoctor.yml b/roles/oraords/.ansibledoctor.yml new file mode 100644 index 000000000..2c499bf65 --- /dev/null +++ b/roles/oraords/.ansibledoctor.yml @@ -0,0 +1,8 @@ +--- +logging: + level: warning +template: readme +force_overwrite: true +exclude_tags: + - always + - never diff --git a/roles/oraords/README.md b/roles/oraords/README.md new file mode 100644 index 000000000..49d0357c8 --- /dev/null +++ b/roles/oraords/README.md @@ -0,0 +1,152 @@ +# oraords + +Install ORDS on Oracle Linux. + +Defaults: + +ORACLE_HOME: {{ oracle_base }}/product/ords + +This role is limited to Oracle Linux, due to installation +from yum Repository from Oracle. + +## Table of content + +- [Requirements](#requirements) +- [Default Variables](#default-variables) + - [oraords_apex_image_path](#oraords_apex_image_path) + - [oraords_db_pools](#oraords_db_pools) + - [oraords_default_admin_user](#oraords_default_admin_user) + - [oraords_default_port](#oraords_default_port) + - [oraords_java_rpm](#oraords_java_rpm) + - [oraords_oracle_home](#oraords_oracle_home) + - [oraords_ords_bin](#oraords_ords_bin) + - [oraords_ords_config](#oraords_ords_config) + - [oraords_ords_logs](#oraords_ords_logs) + - [ords_config](#ords_config) +- [Discovered Tags](#discovered-tags) +- [Dependencies](#dependencies) +- [License](#license) +- [Author](#author) + +--- + +## Requirements + +- Minimum Ansible version: `2.14.0` + +## Default Variables + +### oraords_apex_image_path + +Directory for APEX Images on ORDS Host. + +### oraords_db_pools + +List of configured target in ORDS. + +Attributes: + +db_pool: + +pdb_name: + +port: + +service: + +hostname: + +#### Default value + +```YAML +oraords_db_pools: + - db_pool: default + pdb_name: orclpdb + admin_user: sys + service: orclpdb + port: 1521 +``` + +### oraords_default_admin_user + +#### Default value + +```YAML +oraords_default_admin_user: sys +``` + +### oraords_default_port + +#### Default value + +```YAML +oraords_default_port: 1521 +``` + +### oraords_java_rpm + +#### Default value + +```YAML +oraords_java_rpm: java-21-openjdk +``` + +### oraords_oracle_home + +`ORACLE_HOME` for _ORDS_. + +#### Default value + +```YAML +oraords_oracle_home: >- + {{ oracle_base }}/product/ords +``` + +### oraords_ords_bin + +#### Default value + +```YAML +oraords_ords_bin: >- + /usr/local/bin +``` + +### oraords_ords_config + +#### Default value + +```YAML +oraords_ords_config: >- + /etc/ords/config +``` + +### oraords_ords_logs + +#### Default value + +```YAML +oraords_ords_logs: >- + /etc/ords/logs +``` + +### ords_config + +APEX context path for Images. + +## Discovered Tags + +**_ords_config_** + + +## Dependencies + +- orahost_meta +- orasw_meta + +## License + +license (MIT) + +## Author + +Thorsten Bruhns diff --git a/roles/oraords/defaults/main.yml b/roles/oraords/defaults/main.yml new file mode 100644 index 000000000..24d975336 --- /dev/null +++ b/roles/oraords/defaults/main.yml @@ -0,0 +1,66 @@ +--- +# @var oraords_oracle_home:description: > +# `ORACLE_HOME` for _ORDS_. +# @end +oraords_oracle_home: >- + {{ oracle_base }}/product/ords + +# @var ords_config:description: > +# ORDS configuration directory. +# @end +oraords_ords_config: >- + /etc/ords/config + +# @var ords_config:description: > +# ORDS logging directory. +# @end +oraords_ords_logs: >- + /etc/ords/logs + +oraords_java_rpm: java-21-openjdk + +# @var ords_config:description: > +# PATH for ords binary +# @end +oraords_ords_bin: >- + /usr/local/bin + +# oraords_apex_admin_password: + +# default admin_user when no user is set in oraords_db_pools +oraords_default_admin_user: sys +oraords_default_port: 1521 + +# @var oraords_apex_image_path:description: > +# Directory for APEX Images on ORDS Host. +# +# @end +# oraords_apex_image_path: + +# @var ords_config:description: > +# APEX context path for Images. +# @end +# oraords_apex_image_context: + +# @var oraords_db_pools:description: > +# List of configured target in ORDS. +# +# Attributes: +# +# db_pool: +# +# pdb_name: +# +# port: +# +# service: +# +# hostname: +# @end +oraords_db_pools: + - db_pool: default + pdb_name: orclpdb + admin_user: sys + service: orclpdb + port: 1521 + # hostname: diff --git a/roles/oraords/meta/main.yml b/roles/oraords/meta/main.yml new file mode 100644 index 000000000..8e8e85ce9 --- /dev/null +++ b/roles/oraords/meta/main.yml @@ -0,0 +1,33 @@ +--- +# @meta description: > +# Install ORDS on Oracle Linux. +# +# Defaults: +# +# ORACLE_HOME: {{ oracle_base }}/product/ords +# +# This role is limited to Oracle Linux, due to installation +# from yum Repository from Oracle. +# +# @end +# @meta author: Thorsten Bruhns +galaxy_info: + role_name: oraswords_install + author: Thorsten Bruhns + description: Install ORDS on Oracle Linux. + company: Thorsten Bruhns + license: license (MIT) + + min_ansible_version: 2.14.0 + + platforms: + - name: EL + versions: + - "7" + - "8" + + galaxy_tags: [] + +dependencies: + - role: orahost_meta + - role: orasw_meta diff --git a/roles/oraords/tasks/assert.yml b/roles/oraords/tasks/assert.yml new file mode 100644 index 000000000..72d0bad62 --- /dev/null +++ b/roles/oraords/tasks/assert.yml @@ -0,0 +1,25 @@ +--- +- name: assert | Assert OS + ansible.builtin.assert: + that: + - ansible_distribution == 'OracleLinux' + - ansible_distribution_major_version is version('8', '>=') + fail_msg: >- + Installation of ORDS is limited to Oracle Linux 8 and 9 at the moment. + +- name: assert | Check for existing APEX Images when oraords_apex_image_path is defined + when: + - oraords_apex_image_path | default('') | length > 0 + block: + - name: assert | Check for existing APEX Images + ansible.builtin.stat: + path: "{{ oraords_apex_image_path }}/css/apex.css" + register: _oraords_apex_images_dir + + - name: assert | Assert for existing APEX Images + ansible.builtin.assert: + quiet: true + that: + - _oraords_apex_images_dir.stat.exists + fail_msg: >- + Missing APEX Images in {{ oraords_apex_image_path }} diff --git a/roles/oraords/tasks/loop_configure_ords.yml b/roles/oraords/tasks/loop_configure_ords.yml new file mode 100644 index 000000000..5720b9937 --- /dev/null +++ b/roles/oraords/tasks/loop_configure_ords.yml @@ -0,0 +1,95 @@ +--- +- name: loop_configure_ords | Assert + ansible.builtin.assert: + quiet: true + that: + - oraords_db_pools_password[_loop_pool.db_pool]['admin_password'] is defined + - oraords_db_pools_password[_loop_pool.db_pool]['ords_password'] is defined + +- name: loop_configure_ords | Defaults + tags: + - ords_config + environment: + ADMIN_USER: "{{ _loop_pool.admin_user | default(oraords_admin_user) }}" + ADMIN_PASSWORD: "{{ oraords_db_pools_password[_loop_pool.db_pool]['admin_password'] }}" + ORDS_PASSWORD: "{{ oraords_db_pools_password[_loop_pool.db_pool]['ords_password'] }}" + APEX_IMAGE_PATH: "{{ oraords_apex_image_path | default('') }}" + APEX_IMAGE_CONTEXT: "{{ oraords_apex_image_context | default('') }}" + DB_POOL: "{{ _loop_pool.db_pool }}" + block: + - name: loop_configure_ords | | DB setup + ansible.builtin.shell: # noqa: no-changed-when + chdir: /tmp + cmd: | + /usr/bin/env bash + set -eu + set -o pipefail + + echo "config: {{ oraords_ords_config }}" + echo "log: {{ oraords_ords_logs }}" + echo "admin-user: ${ADMIN_USER}" + echo "db-pool: ${DB_POOL}" + echo "db-hostname: {{ _loop_pool.host }}" + echo "db-port: {{ _loop_pool.port | default(oraords_default_port) }}" + echo "db-servicename: {{ _loop_pool.service | mandatory }}" + echo "APEX_IMAGE_PATH: ${APEX_IMAGE_PATH}" + echo "APEX_IMAGE_CONTEXT: ${APEX_IMAGE_CONTEXT}" + + if [ ${DB_POOL} = 'default' ] ; then + DB_POOL_PARAM="" + else + DB_POOL_PARAM="${DB_POOL}" + fi + + {{ oraords_ords_bin }}/ords \ + --config {{ oraords_ords_config }} \ + --verbose \ + install \ + --log-folder {{ oraords_ords_logs }} \ + ${DB_POOL_PARAM} \ + --admin-user "${ADMIN_USER}" \ + --db-hostname "{{ _loop_pool.host | mandatory }}" \ + --db-port {{ _loop_pool.port | default(oraords_default_port) }} \ + --db-servicename {{ _loop_pool.service | mandatory }} \ + --feature-db-api {{ _loop_pool.feature_db_api | default(false) | ternary('true', 'false') }} \ + --feature-rest-enabled-sql {{ _loop_pool.feature_rest_enabled_sql | default(false) | ternary('true', 'false') }} \ + --feature-sdw {{ _loop_pool.feature_sdw | default('false') | ternary('true', 'false') }} \ + --proxy-user \ + --password-stdin <- + db_pool: {{ _loop_pool.db_pool | default('') }} + service: {{ _loop_pool.service | default('') }} + loop_var: _loop_pool + when: + - oraords_db_pools is defined + tags: + - always diff --git a/roles/oraords/vars/main.yml b/roles/oraords/vars/main.yml new file mode 100644 index 000000000..18e1ecf09 --- /dev/null +++ b/roles/oraords/vars/main.yml @@ -0,0 +1,4 @@ +--- +_ords_ol_reposiory: >- + http://yum.oracle.com/repo/OracleLinux/OL{{ ansible_distribution_major_version }}/oracle/software/x86_64 +# ords_ol7_reposiory: From 6e942708ef4b1ecb3ffebbacf35b61a3a8ad945b Mon Sep 17 00:00:00 2001 From: Thorsten Bruhns Date: Sat, 7 Sep 2024 14:56:39 +0000 Subject: [PATCH 4/6] beginner_patching: Inventory for ORDS + APEX --- changelogs/fragments/beginner.yml | 3 +++ .../inventory/group_vars/all/db-homes.yml | 11 ++++++++++ .../databases.yml | 7 ++++-- .../ords.yml | 20 +++++++++++++++++ .../password.yml | 22 ++++++++++++++----- 5 files changed, 55 insertions(+), 8 deletions(-) create mode 100644 changelogs/fragments/beginner.yml create mode 100644 example/beginner_patching/ansible/inventory/host_vars/beginner-dbfs-patching-151-192-168-56-162.nip.io/ords.yml diff --git a/changelogs/fragments/beginner.yml b/changelogs/fragments/beginner.yml new file mode 100644 index 000000000..88e3e67ee --- /dev/null +++ b/changelogs/fragments/beginner.yml @@ -0,0 +1,3 @@ +--- +major_changes: + - "beginner_patching: Inventory for ORDS + APEX (oravirt#473)" diff --git a/example/beginner_patching/ansible/inventory/group_vars/all/db-homes.yml b/example/beginner_patching/ansible/inventory/group_vars/all/db-homes.yml index 3de7e1d50..2ae4fac67 100644 --- a/example/beginner_patching/ansible/inventory/group_vars/all/db-homes.yml +++ b/example/beginner_patching/ansible/inventory/group_vars/all/db-homes.yml @@ -63,6 +63,17 @@ oracle_sw_patches: patchid: 30839369 version: 21.0.0.0 description: Latest cluvfy + opatch_needed: false + - filename: p36695709_2410_Generic.zip + patchid: 36695709 + version: 24.1 + description: PSE BUNDLE FOR APEX 24.1 + opatch_needed: false + - filename: p35895964_2320_Generic.zip + patchid: 35895964 + version: 23.2 + description: PSE BUNDLE FOR APEX 23.2 + opatch_needed: false - filename: p36582781_190000_Linux-x86-64.zip patchid: 36582781 version: 19.3.0.0 diff --git a/example/beginner_patching/ansible/inventory/host_vars/beginner-dbfs-patching-151-192-168-56-162.nip.io/databases.yml b/example/beginner_patching/ansible/inventory/host_vars/beginner-dbfs-patching-151-192-168-56-162.nip.io/databases.yml index 35f143c8e..5b8460608 100644 --- a/example/beginner_patching/ansible/inventory/host_vars/beginner-dbfs-patching-151-192-168-56-162.nip.io/databases.yml +++ b/example/beginner_patching/ansible/inventory/host_vars/beginner-dbfs-patching-151-192-168-56-162.nip.io/databases.yml @@ -72,7 +72,7 @@ oracle_databases: - {name: log_buffer, value: '64M', scope: spfile, state: present} # - {name: pga_aggregate_target, value: '1024M', scope: both, state: present, dbca: false} - {name: pga_aggregate_target, value: '1G', scope: both, state: present} - - {name: sga_target, value: '3096M', scope: spfile, state: present} + - {name: sga_target, value: '2048M', scope: spfile, state: present} - {name: recyclebin, value: 'off', scope: spfile, state: present} - {name: streams_pool_size, value: '152M', scope: spfile, state: present} # "_cursor_obsolete_threshold" for 12.2+ @@ -109,7 +109,10 @@ oracle_pdbs: pdb_name: PDB1 state: present apex_state: present - apex_version: 23.2 + apex_version: 24.1 + apex_patchid: 36695709 + # apex_version: 23.2 + # apex_patchid: 35895964 profiles: "{{ oracle_default_profiles }}" statspack: purgedays: 14 diff --git a/example/beginner_patching/ansible/inventory/host_vars/beginner-dbfs-patching-151-192-168-56-162.nip.io/ords.yml b/example/beginner_patching/ansible/inventory/host_vars/beginner-dbfs-patching-151-192-168-56-162.nip.io/ords.yml new file mode 100644 index 000000000..a9399fca0 --- /dev/null +++ b/example/beginner_patching/ansible/inventory/host_vars/beginner-dbfs-patching-151-192-168-56-162.nip.io/ords.yml @@ -0,0 +1,20 @@ +--- +# Images are pulled from CDN at Oracle. +# oraords_apex_image_path: /u01/app/oracle/product/apex_24.1/apex/images/ +# oraords_apex_image_context: /i + +oraords_db_pools: + - db_pool: default + pdb_name: PDB1 + admin_user: sys + service: pdb1 + port: 1521 + host: "{{ inventory_hostname }}" + feature_db_api: true + feature_rest_enabled_sql: true + feature_sdw: true + +oraords_db_pools_password: + default: + admin_password: "{{ dbpasswords['DB1']['sys'] }}" + ords_password: "{{ dbpasswords['DB1']['PDB1']['ords_public_user'] }}" diff --git a/example/beginner_patching/ansible/inventory/host_vars/beginner-dbfs-patching-151-192-168-56-162.nip.io/password.yml b/example/beginner_patching/ansible/inventory/host_vars/beginner-dbfs-patching-151-192-168-56-162.nip.io/password.yml index 7535f9eb4..e6295b93f 100644 --- a/example/beginner_patching/ansible/inventory/host_vars/beginner-dbfs-patching-151-192-168-56-162.nip.io/password.yml +++ b/example/beginner_patching/ansible/inventory/host_vars/beginner-dbfs-patching-151-192-168-56-162.nip.io/password.yml @@ -1,7 +1,17 @@ --- -# todo: Password ist noch fehlerhaft... -# dbpasswords: -# DB1: -# SYS: Oracle123 -# PDB1: -# PDBROOT: pdb +default_dbpass: Oracle_123 + +dbpasswords: + DB1: + sys: Oracle_123 + system: Oracle_123 + dbsnmp: Oracle_456 + + PDB1: + pdbadmin: Oracle_456 + ords_public_user: ords123 + apex_public_router: ords123 + apex_public_user: ords123 + apex_rest_public_user: ords123 + +oraapex_default_admin_password: Oracle_Apex_1 From d83bfd958377ff06a6611bcad526839e1c1cf959 Mon Sep 17 00:00:00 2001 From: Thorsten Bruhns Date: Mon, 9 Sep 2024 21:39:24 +0000 Subject: [PATCH 5/6] molecule: Added APEX and ORDS to dbfs-ol9 --- changelogs/fragments/molecule.yml | 3 + extensions/molecule/dbfs-ol9/converge.yml | 3 + extensions/molecule/dbfs-ol9/molecule.yml | 1 + .../inventory/group_vars/all/oracle_db.yml | 5 ++ .../inventory/group_vars/all/password.yml | 9 +++ .../inventory/host_vars/dbfs-ol9.yml | 72 +++++++++++++++++++ 6 files changed, 93 insertions(+) create mode 100644 changelogs/fragments/molecule.yml create mode 100644 extensions/molecule/shared_config/inventory/host_vars/dbfs-ol9.yml diff --git a/changelogs/fragments/molecule.yml b/changelogs/fragments/molecule.yml new file mode 100644 index 000000000..4b0487812 --- /dev/null +++ b/changelogs/fragments/molecule.yml @@ -0,0 +1,3 @@ +--- +major_changes: + - "molecule: Added APEX and ORDS to dbfs-ol9 (oravirt#473)" diff --git a/extensions/molecule/dbfs-ol9/converge.yml b/extensions/molecule/dbfs-ol9/converge.yml index 871c651bf..aecc278d8 100644 --- a/extensions/molecule/dbfs-ol9/converge.yml +++ b/extensions/molecule/dbfs-ol9/converge.yml @@ -37,3 +37,6 @@ - name: Converge manage_db ansible.builtin.import_playbook: opitzconsulting.ansible_oracle.manage_db + +- name: Converge manage_ords + ansible.builtin.import_playbook: opitzconsulting.ansible_oracle.manage_ords diff --git a/extensions/molecule/dbfs-ol9/molecule.yml b/extensions/molecule/dbfs-ol9/molecule.yml index c56fb01b0..dfc088d49 100644 --- a/extensions/molecule/dbfs-ol9/molecule.yml +++ b/extensions/molecule/dbfs-ol9/molecule.yml @@ -25,3 +25,4 @@ provisioner: inventory: links: group_vars: ../shared_config/inventory/group_vars/ + host_vars: ../shared_config/inventory/host_vars/ diff --git a/extensions/molecule/shared_config/inventory/group_vars/all/oracle_db.yml b/extensions/molecule/shared_config/inventory/group_vars/all/oracle_db.yml index 162387826..e2dffa6fb 100644 --- a/extensions/molecule/shared_config/inventory/group_vars/all/oracle_db.yml +++ b/extensions/molecule/shared_config/inventory/group_vars/all/oracle_db.yml @@ -26,6 +26,11 @@ oracle_sw_patches: patchid: 30839369 version: 21.0.0.0 description: Latest cluvfy + - filename: p36695709_2410_Generic.zip + patchid: 36695709 + version: 24.1 + description: PSE BUNDLE FOR APEX 24.1 + opatch_needed: false - filename: p36582781_190000_Linux-x86-64.zip patchid: 36582781 version: 19.3.0.0 diff --git a/extensions/molecule/shared_config/inventory/group_vars/all/password.yml b/extensions/molecule/shared_config/inventory/group_vars/all/password.yml index 7bf3fabd9..53a46b492 100644 --- a/extensions/molecule/shared_config/inventory/group_vars/all/password.yml +++ b/extensions/molecule/shared_config/inventory/group_vars/all/password.yml @@ -8,3 +8,12 @@ dbpasswords: SYS: Oracle123 ORCLPDB: PDBROOT: pdb + DB2: + ORCLPDB1: + pdbadmin: Oracle_456 + ords_public_user: ords123 + apex_public_router: ords123 + apex_public_user: ords123 + apex_rest_public_user: ords123 + +oraapex_default_admin_password: Oracle_Apex_1 diff --git a/extensions/molecule/shared_config/inventory/host_vars/dbfs-ol9.yml b/extensions/molecule/shared_config/inventory/host_vars/dbfs-ol9.yml new file mode 100644 index 000000000..3e1c9abbe --- /dev/null +++ b/extensions/molecule/shared_config/inventory/host_vars/dbfs-ol9.yml @@ -0,0 +1,72 @@ +--- +oraords_db_pools: + - db_pool: default + pdb_name: ORCLPDB1 + admin_user: sys + service: ORCLPDB1 + port: 1521 + host: dbfs-ol9 + feature_db_api: true + feature_rest_enabled_sql: true + feature_sdw: true + +oraords_db_pools_password: + default: + admin_password: Oracle_123 + ords_password: Oracle_456 + +oracle_databases: + - home: db19-si-ee + oradb_facts_ignore_unreachable: true + oracle_db_name: &oracle_db_name2 DB2 + oracle_db_type: SI + is_container: true + storage_type: FS + oracle_database_type: MULTIPURPOSE + redolog_size: 50M + redolog_groups: 3 + datafile_dest: /u01/app/oracle/oradata + recoveryfile_dest: /u01/app/oracle//fra + listener_name: LISTENER + listener_port: 1521 + archivelog: false + flashback: false + force_logging: false + state: present + tablespaces: + - name: TEST + size: 10M + autoextend: true + next: 50M + maxsize: 4G + content: permanent + state: present + init_parameters: + - {name: db_create_file_dest, value: '/u01/app/oracle/oradata', scope: both, state: present} + - {name: db_create_online_log_dest_1, value: '/u01/app/oracle/oradata', scope: both, state: present} + - {name: recyclebin, value: 'off', scope: spfile, state: present} + - {name: pga_aggregate_target, value: '128M', scope: both, state: present} + - {name: sga_target, value: '1808M', scope: spfile, state: present} + +oracle_pdbs: + - cdb: DB2 + home: db19-si-ee + pdb_name: ORCLPDB1 + listener_port: 1521 + state: present + datafile_dest: /u01/app/oracle/oradata + apex_state: present + apex_version: 24.1 + apex_patch: 36695709 + - cdb: DB2 + home: db19-si-ee + pdb_name: ORCLPDB2 + listener_port: 1521 + state: present + datafile_dest: /u01/app/oracle/oradata + - cdb: DB2 + home: db19-si-ee + pdb_name: ORCLPDB3 + listener_port: 1521 + state: present + datafile_dest: /u01/app/oracle/oradata From ed121f286c88b1c0c964fde19a74442ee720d513 Mon Sep 17 00:00:00 2001 From: Thorsten Bruhns Date: Fri, 13 Sep 2024 20:06:28 +0000 Subject: [PATCH 6/6] ansible-oracle Documentation --- README.adoc | 32 ------ README.md | 6 +- changelogs/fragments/doc1.yml | 3 + doc/featurelist.adoc | 8 +- doc/guides/apex_ords.adoc | 205 ++++++++++++++++++++++++++++++++++ 5 files changed, 218 insertions(+), 36 deletions(-) delete mode 100644 README.adoc create mode 100644 changelogs/fragments/doc1.yml create mode 100644 doc/guides/apex_ords.adoc diff --git a/README.adoc b/README.adoc deleted file mode 100644 index a8aeccbdd..000000000 --- a/README.adoc +++ /dev/null @@ -1,32 +0,0 @@ -:toc: -:toc-placement!: -toc::[] -:sectnums: -:sectnumlevels: 4 - -== `ansible-oracle` -* Automated installation of - ** Oracle RAC databases - ** RAC One Node database and - ** single instance Oracle databases -* Start with one or more clean Linux machine(s), end up with a fully configured Oracle database system - -== Documentation - -Read link:doc/featurelist.adoc[here] for a detailed list of features of `ansible-oracle`. - -=== Getting started -* link:doc/vagrant.adoc[Vagrant Setup on Windows]: Preparation for beginner -* link:doc/guides/beginner.adoc[Beginner]: Guiding you through your first setup - -=== Next steps -* How to link:doc/development.adoc[develop in ansible-oracle] -* List of link:doc/roles.adoc[roles in ansible-oracle] -* Running link:doc/ansible.adoc[Ansible in Docker-Container] -* Running link:doc/[Read the full documentation] - - -## Pre-requisites -* Ansible Version >= 2.14. -* Oracle Linux (or any RHEL-based Linux System) >= 8 -* Oracle Database/Grid Infrastructure 21.3.0.0, 19.3.0.0 diff --git a/README.md b/README.md index 55b0bf075..42fe239fb 100644 --- a/README.md +++ b/README.md @@ -21,9 +21,9 @@ ### Next Steps -1. Read the full documentation -1. How to develop in ansible-oracle -1. List of roles in ansible-oracle +1. [APEX and ORDS in `ansible-oracle`](doc/guides/apex_ords.adoc) +2. [How to develop in ansible-oracle](doc/development.adoc) +3. [List of roles in ansible-oracle](doc/roles.adoc) ## Pre-requisites diff --git a/changelogs/fragments/doc1.yml b/changelogs/fragments/doc1.yml new file mode 100644 index 000000000..c6b30b440 --- /dev/null +++ b/changelogs/fragments/doc1.yml @@ -0,0 +1,3 @@ +--- +major_changes: + - "ansible-oracle Documentation fixes (oravirt#473)" diff --git a/doc/featurelist.adoc b/doc/featurelist.adoc index d167468e1..e54412dcf 100644 --- a/doc/featurelist.adoc +++ b/doc/featurelist.adoc @@ -35,7 +35,7 @@ Redhat Enterprise Linux |6 <> + 7 <> + 8 + -9 (experimental!) <> +9 |SuSE Linux Enterprise Server<> |15, 15.3 @@ -138,6 +138,10 @@ a|OneOff Patches<> |automatic datapatch execution<> |Patch Download from Oracle +|Oracle APEX (experimental!) +a|Installation of APEX in PDB. Not supported for CDB or nonCDB. +|{supportedfrom19} + |Environment script a|dynamic shell environment link:https://github.com/opitzconsulting/oracle-scripts[`ocenv`] for Oracle |{supportedfrom12} @@ -154,6 +158,8 @@ a|dynamic shell environment link:https://github.com/opitzconsulting/oracle-scrip Please do not use this feature in production environments. [[table1footnote]]^3^:: Limited support. Not tested for Oracle Restart & Grid-Infrastructure +[[table1footnote]]^4^:: + Only tested with PDB on 19c+. May be work in nonCDB as well but noch in CDB. [[table1footnote]]^5^:: in development and not implemented at the moment. [[table1footnote]]^6^:: diff --git a/doc/guides/apex_ords.adoc b/doc/guides/apex_ords.adoc new file mode 100644 index 000000000..ce15c2356 --- /dev/null +++ b/doc/guides/apex_ords.adoc @@ -0,0 +1,205 @@ +:toc: +:toc-placement!: +:toclevels: 4 +toc::[] + +:sectnums: +:sectnumlevels: 4 + +== Setup APEX and ORDS + +IMPORTANT: The installation of APEX and ORDS with `ansible-oracle` is currently _experimental_. + +=== Requirements + +==== APEX + +- RDBMS 19c or newer +- APEX 20.x or newer is mandatory for RDBMS 19c +- Tested with APEX 23.2, 24.1 - may work with older versions as well +- Installation is tested with PDB only. +- CDB and nonCDB is not supported at the moment. +- Download ZIP from Oracle with Playbook `patch_download.yml` supported for Version 22.1 or newer +- APEX only with ORDS - no old APEX Listener + +Important Notes: + +- Primary Note for Oracle APEX Upgrades (Doc ID 1088970.1) + +Known Issues: + +- ADMIN password of INTERNAL Workspace is wrong after APEX upgrade + Silent script to reset ADMIN password depends on APEX Relöease. + + There was no reliable solution found for the moment... + +==== ORDS + +- OracleLinux 8 or 9 only +- Installation with ords.rpm from `public-yum.oracle.com` +- Limited database configuration - see documentation + +=== APEX Configuration + +IMPORTANT: Install APEX before ORDS - otherwise, the ORDS will not detect and configure APEX. + +ORDS is only tested with existing APEX installation. + +==== Mandatory variables + +The following global variables are needed for an APEX installation. + +.Mandatory variables +[options="header,footer"] +|======================= +|Value |Description +|`oraapex_default_admin_password` | The parameter is mandatory, because it is the only way to configure a password for the admin user at the moment. +|======================= + +.Optional variables +[options="header,footer"] +|======================= +|Value |Description +|`oraapex_base` +| Default: `{{ oracle_base }}/product` + +The unzip is done into `{{ oraapex_base }}/apex_` +|`oraapex_default_tablespace` +| Default: `SYSAUX` + +Could be set in each PDB. +|`oraapex_default_files_tablespace` +| Default: `SYSAUX` + +Could be set in each PDB. +|`oraapex_default_temp_tablespace` +| Default: `TEMP` + +Could be set in each PDB. +|======================= + +==== APEX in PDB + +APEX can be installed in each PDB. + +.mandatory Variables in `oracle_pdbs` +[options="header,footer"] +|======================= +|Value |Description +| `apex_state` +| State for APEX installation. + +Only `present` supported at the moment. +| `apex_version` +| Version of APEX. + +Is used to download the Archive from Oracle. +|======================= + +.optional Variables in `oracle_pdbs` +[options="header,footer"] +|======================= +|Value |Description +| `oraapex_tablespace` +| Custom APEX Tablespace. +| `oraapex_files_tablespace` +| Custom APEX Tablespace for files. +| `oraapex_temp_tablespace` +| Custom APEX temporary Tablespace. +| `apex_patchid` +| Patchid for _PSE BUNDLE FOR APEX_ +|======================= + +IMPORTANT: The example shows the minimum attributes for an APEX installation. + +That's not the minimum needed to create a PDB. + +.Example `oracle_pdbs` +---- +oracle_pdbs: + - cdb: CDB1 + pdb_name: PDB1 + state: present + apex_state: present + apex_version: 24.1 + apex_patchid: 36695709 +---- + +IMPORTANT: `oraapex` does not use the default passwords from `ansible-oracle`. + +You have to define them in `dbpasswords`. + +The user `APEX_PUBLIC_ROUTER` is new in APEX 24.1. + +`oraapex` checks for an existing password regardless of the version of APEX. + +.Example `dbpasswords` for APEX in a PDB with mandatory values for `oraapex` +---- +dbpasswords: + CDB1: + PDB1: + apex_public_router: ords123 + apex_public_user: ords123 + apex_rest_public_user: ords123 + ords_public_user: ords123 +---- + +IMPORTANT: Do not forget to download the APEX Patch when `apex_patchid` is set in `oracle_pdbs`. + +`opatch_install` is very important, because these Patches are not applied with OPatch. + +.Example `oracle_sw_patches` +---- +oracle_sw_patches: + - filename: p36695709_2410_Generic.zip + patchid: 36695709 + version: 24.1 + description: PSE BUNDLE FOR APEX 24.1 + opatch_needed: false +---- + +==== Playbook execution + +The installation of APEX is part of `playbooks/manage_db.yml`. + +This allows the creation of custom Tablespaces, Profiles etc. for APEX, without the need to use a dedicated Playbook. + + +=== ORDS Configuration + +IMPORTANT: The configuration of ORDS is limited to the following variables at the moment. + +.Mandatory variables in `oraords_db_pools` +[options="header,footer"] +|======================= +|Value |Description +| db_pool | Database Pool +| pdb_name | PDB-Name of Target +| service | Database Service Name +| port | Listener Port +| host | Database Hostname +|======================= + +.Optional variables in `oraords_db_pools` +[options="header,footer"] +|======================= +|Value |Description +| feature_db_api | true / false (Default) +| feature_rest_enabled_sql | true / false (Default) +| feature_sdw | true / false (Default) +|======================= + +---- +oraords_db_pools: + - db_pool: default + pdb_name: PDB1 + admin_user: sys + service: pdb1 + port: 1521 + host: "{{ inventory_hostname }}" + feature_db_api: true + feature_rest_enabled_sql: true + feature_sdw: true +---- + +The passwords for Admin- and ORDS-User are defined in `oraords_db_pools_password`. + +They are set in a dedicated variable to prevent `no_log=true` in loops over `oraords_db_pools`. + +Referencing `dbpasswords` helps to reduce redundancy for passwords. + +---- +oraords_db_pools_password: + default: + admin_password: "{{ dbpasswords['DB1']['sys'] }}" + ords_password: "{{ dbpasswords['DB1']['PDB1']['ords_public_user'] }}" +---- + +==== Playbook execution + +The Playbook `playbooks/manage_ords.yml` is used to install ORDS.