Skip to content

Commit

Permalink
Merge pull request #394 from ministryofjustice/nomis-xtag-secrets
Browse files Browse the repository at this point in the history
nomis-xtag-secrets
  • Loading branch information
wullub authored Nov 15, 2023
2 parents cf3a9e8 + f601499 commit 1ab67f6
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 13 deletions.
2 changes: 2 additions & 0 deletions ansible/group_vars/ami_nomis_rhel_7_9_weblogic_xtag_10_3.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,5 @@ ami_roles_list:

# the below vars are defined in multiple groups. Keep the values the same to avoid unexpected behaviour
roles_list: "{{ (ami_roles_list | default([]) | difference(server_type_roles_list | default([]))) + (server_type_roles_list | default([])) }}"

use_ssm_params: true
2 changes: 2 additions & 0 deletions ansible/group_vars/server_type_nomis_xtag.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,3 +30,5 @@ collectd_monitored_services_servertype:
shell_cmd: "systemctl is-active wls_adminserver"
- metric_name: wlsmanagedserver
shell_cmd: "systemctl is-active wls_managedserver"

use_ssm_params: true
8 changes: 7 additions & 1 deletion ansible/roles/nomis-xtag-weblogic/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,12 +29,18 @@ weblogic_servers:
- { name: AdminServer }

db_config: "{{ db_configs[weblogic_db_name] }}"
xtag_ssm_passwords:

use_ssm_params: false
xtag_secretsmanager_passwords:
weblogic:
parameter: "/oracle/weblogic/{{ nomis_environment }}/passwords"
secret: "/oracle/weblogic/{{ nomis_environment }}/passwords"
users:
- weblogic: auto
db:
parameter: "/oracle/database/{{ db_config.db_name }}/weblogic-passwords"
secret: "/oracle/database/{{ db_config.db_name }}/weblogic-passwords"
users:
- xtag:

xtag_ssm_passwords: "{{ xtag_secretsmanager_passwords }}"
45 changes: 33 additions & 12 deletions ansible/roles/nomis-xtag-weblogic/tasks/get-facts.yml
Original file line number Diff line number Diff line change
@@ -1,14 +1,35 @@
---
- name: Get SSM parameters
import_role:
name: ssm-passwords
vars:
ssm_passwords: "{{ xtag_ssm_passwords }}"
- name: Get secretsmanager passwords
block:
- name: secretsmanager passwords
import_role:
name: secretsmanager-passwords
vars:
secretsmanager_passwords: "{{ xtag_secretsmanager_passwords }}"

- name: Get SSM parameters
set_fact:
weblogic_admin_password: "{{ ssm_passwords_dict['weblogic'].passwords[weblogic_admin_username] }}"
weblogic_db_password: "{{ ssm_passwords_dict['db'].passwords[weblogic_db_username] }}"
- name: secretsmanager passwords
set_fact:
weblogic_admin_password: "{{ secretsmanager_passwords_dict['weblogic'].passwords[weblogic_admin_username] }}"
weblogic_db_password: "{{ secretsmanager_passwords_dict['db'].passwords[weblogic_db_username] }}"

when: not use_ssm_params


- name: Get SSM params
block:
- name: Get SSM parameters
import_role:
name: ssm-passwords
vars:
ssm_passwords: "{{ xtag_ssm_passwords }}"

- name: Get SSM parameters
set_fact:
weblogic_admin_password: "{{ ssm_passwords_dict['weblogic'].passwords[weblogic_admin_username] }}"
weblogic_db_password: "{{ ssm_passwords_dict['db'].passwords[weblogic_db_username] }}"
when: ssm_passwords_dict is defined

when: use_ssm_params

- debug:
msg: "Configuring Oracle DB {{ weblogic_db_name }} on {{ weblogic_db_hostname_a }},{{ weblogic_db_hostname_b }} with username {{ weblogic_db_username }}"
Expand All @@ -19,7 +40,7 @@
- debug:
msg: "Configuring NDH EMS server to {{ ndh_ems_server }}"

- name: Check all SSM parameters and tags are set
- name: Check all secrets and tags are set
set_fact:
weblogic_all_variables_set: true
when:
Expand All @@ -31,7 +52,7 @@
- weblogic_db_hostname_b|length > 0
- ndh_ems_server|length > 0

- name: Fail if missing SSM parameters or tags
- name: Fail if missing secrets or tags
fail:
msg: Ensure all required SSM parameters and tags are set
msg: Ensure all required secrets and tags are set
when: not weblogic_all_variables_set|default(false)

0 comments on commit 1ab67f6

Please sign in to comment.