Merge pull request #438 from ministryofjustice/oracle_psu_patching

Oracle 19c psu patching
ministryofjustice · Dec 14, 2023 · 607d2f0 · 607d2f0
2 parents 68e0908 + 98c3e17
commit 607d2f0
Show file tree

Hide file tree

Showing 18 changed files with 260 additions and 11 deletions.
diff --git a/ansible/group_vars/environment_name_corporate_staff_rostering_preproduction.yml b/ansible/group_vars/environment_name_corporate_staff_rostering_preproduction.yml
@@ -12,6 +12,7 @@ oracle_path: /usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/oracle
 db_env:
   ORACLE_HOME: "{{ database_home }}"
   PATH: "{{ database_home }}/bin:{{ oracle_path }}"
+oracle_ru_patch: SEP2023
 
 osbws_additional_configs:
   - name: osbws_prod

diff --git a/ansible/group_vars/environment_name_corporate_staff_rostering_test.yml b/ansible/group_vars/environment_name_corporate_staff_rostering_test.yml
@@ -12,6 +12,7 @@ oracle_path: /usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/oracle
 db_env:
   ORACLE_HOME: "{{ database_home }}"
   PATH: "{{ database_home }}/bin:{{ oracle_path }}"
+oracle_ru_patch: SEP2023
 
 # OEM server
 OMS_SERVER: test-oem-a.hmpps-oem.hmpps-test.modernisation-platform.internal

diff --git a/ansible/group_vars/environment_name_nomis_combined_reporting_test.yml b/ansible/group_vars/environment_name_nomis_combined_reporting_test.yml
@@ -12,6 +12,7 @@ oracle_path: /usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/oracle
 db_env:
   ORACLE_HOME: "{{ database_home }}"
   PATH: "{{ database_home }}/bin:{{ oracle_path }}"
+oracle_ru_patch: APR2023
 
 # OEM server
 OMS_SERVER: test-oem-a.hmpps-oem.hmpps-test.modernisation-platform.internal

diff --git a/ansible/group_vars/environment_name_oasys_test.yml b/ansible/group_vars/environment_name_oasys_test.yml
@@ -11,6 +11,7 @@ oracle_path: /usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/oracle
 db_env:
   ORACLE_HOME: "{{ database_home }}"
   PATH: "{{ database_home }}/bin:{{ oracle_path }}"
+oracle_ru_patch: SEP2023
 
 ords_trusted_origins:
   oasys-test: "https://t2.oasys.service.justice.gov.uk/eor,https://t2-int.oasys.service.justice.gov.uk/eor,http://localhost:8080/eor"

diff --git a/ansible/roles/oracle-19c/defaults/main.yml b/ansible/roles/oracle-19c/defaults/main.yml
@@ -8,15 +8,11 @@ oracle_install_group: oinstall
 oracle_asmlib_rpm: oracleasmlib-2.0.17-1.el8.x86_64.rpm
 oracle_prereq_rpm: oracle-database-preinstall-19c-1.0-2.el8.x86_64.rpm
 oracleasm_support_rpm: oracleasm-support-2.1.12-1.el8.x86_64.rpm
-opatch: p6880880_190000_Linux-x86-64-12.2.0.1.37.zip
-oracle_combo_patch: 35058172
-oracle_release_update: 35037840
-oracle_ojvm_patch: 35050341
+bkpdate: "{{ lookup('pipe', 'date +%Y%m%d-%H%M') }}"
 
 stage: "{{ artefact_dir }}/stage"
 temp: "{{ artefact_dir }}/temp"
 patch: "{{ stage }}/patches"
-psu_patch: p35058172_190000_Linux-x86-64.zip
 oracle_home: "{{ app_dir }}/oracle/product/19c"
 oracle_inventory: "{{ app_dir }}/oraInventory"
 oracle_path: /usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/oracle/.local/bin:/home/oracle/bin # this is to avoid having to source oracle environment variables
@@ -62,3 +58,25 @@ oracle_asm_flash_disks:
 
 oracle_externaljob_rdbms_path: "{{ oracle_home }}/db_1/rdbms/admin"
 oracle_externaljob_file: externaljob.ora
+
+oracle_patch_details:
+  APR2023:
+    opatch_version: 12.2.0.1.37
+    oracle_combo_patch: 35058172
+    oracle_release_update: 35037840
+    oracle_ojvm_patch: 35050341
+    psu_patch: p35058172_190000_Linux-x86-64.zip
+    patch_string: 19.19.0.0
+    ojvm_patch_string: "OJVM RELEASE UPDATE: 19.19.0.0"
+
+  SEP2023:
+    opatch_version: 12.2.0.1.37
+    oracle_combo_patch: 35742441
+    oracle_release_update: 35642822
+    oracle_ojvm_patch: 35648110
+    psu_patch: p35742441_190000_Linux-x86-64.zip
+    patch_string: 19.21.0.0
+    ojvm_patch_string: "OJVM RELEASE UPDATE: 19.21.0.0"
+
+oracle_patch: "{{ oracle_patch_details[ oracle_ru_patch ] }}"
+opatch: "p6880880_190000_Linux-x86-64-{{ oracle_patch.opatch_version }}.zip"
diff --git a/ansible/roles/oracle-19c/tasks/download_patch.yml b/ansible/roles/oracle-19c/tasks/download_patch.yml
@@ -0,0 +1,10 @@
+---
+- name: Download Oracle 19c patches from S3 bucket
+  amazon.aws.aws_s3:
+    bucket: "{{ artefacts_s3_bucket_name }}"
+    object: "{{ artefacts_s3_bucket_path }}/{{ item }}"
+    dest: "{{ stage }}/{{ item }}"
+    mode: get
+    overwrite: latest
+  loop:
+    - "{{ oracle_patch.psu_patch }}"
diff --git a/ansible/roles/oracle-19c/tasks/download_software.yml b/ansible/roles/oracle-19c/tasks/download_software.yml
@@ -36,5 +36,4 @@
   loop:
     - "{{ db_software }}"
     - "{{ grid_software }}"
-    - "{{ psu_patch }}"
     - "{{ opatch }}"
diff --git a/ansible/roles/oracle-19c/tasks/install_database.yml b/ansible/roles/oracle-19c/tasks/install_database.yml
@@ -38,7 +38,7 @@
 
     - name: Unzip database psu patch software
       ansible.builtin.unarchive:
-        src: "{{ stage }}/{{ psu_patch }}"
+        src: "{{ stage }}/{{ oracle_patch.psu_patch }}"
         dest: "{{ stage }}/psu"
         owner: "{{ oracle_install_user }}"
         group: "{{ oracle_install_group }}"

diff --git a/ansible/roles/oracle-19c/tasks/install_grid.yml b/ansible/roles/oracle-19c/tasks/install_grid.yml
@@ -38,7 +38,7 @@
 
     - name: Unzip grid psu patch software
       ansible.builtin.unarchive:
-        src: "{{ stage }}/{{ psu_patch }}"
+        src: "{{ stage }}/{{ oracle_patch.psu_patch }}"
         dest: "{{ stage }}/psu"
         owner: "{{ oracle_install_user }}"
         group: "{{ oracle_install_group }}"

diff --git a/ansible/roles/oracle-19c/tasks/main.yml b/ansible/roles/oracle-19c/tasks/main.yml
@@ -14,8 +14,15 @@
   tags:
     - ec2provision
     - oracle_db_get_facts
+    - oracle_19c_download_patch
     - oracle_19c_install_grid
 
+- import_tasks: download_patch.yml
+  tags:
+    - ec2provision
+    - ec2patch
+    - oracle_19c_download_patch
+
 - import_tasks: pre_install_tasks.yml
   tags:
     - ec2provision
@@ -45,3 +52,8 @@
     - ec2provision
     - oracle_19c_install
     - oracle_19c_post_install
+
+- import_tasks: oracle_ru_upgrade.yml
+  tags:
+    - oracle_19c_RU_upgrade
+    - never
diff --git a/ansible/roles/oracle-19c/tasks/opatch_upgrade.yml b/ansible/roles/oracle-19c/tasks/opatch_upgrade.yml
@@ -0,0 +1,51 @@
+---
+- name: Get OPatch Version
+  ansible.builtin.shell: |
+    export ORACLE_HOME={{ grid_home }}
+    {{ grid_home }}/OPatch/opatch version | head -1 | cut -d' '  -f3 | grep {{ oracle_patch.opatch_version }} | wc -l
+  register: grid_required_version_check
+
+- name: Upgrade OPatch
+  block:
+    - name: Backup previous OPatch folder
+      ansible.builtin.archive:
+        path: "{{ item }}/OPatch"
+        dest: "{{ item }}/OPatch_{{ bkpdate }}.zip"
+        format: zip
+        remove: yes
+        owner: oracle
+        group: oinstall
+      loop:
+        - "{{ database_home }}"
+        - "{{ grid_home }}"
+
+    - name: Download Oracle 19c PSU patch and OPatch files from S3 bucket
+      amazon.aws.aws_s3:
+        bucket: "{{ artefacts_s3_bucket_name }}"
+        object: "{{ artefacts_s3_bucket_path }}/{{ item }}"
+        dest: "{{ stage }}/{{ item }}"
+        mode: get
+        overwrite: latest
+      loop:
+        - "{{ psu_patch }}"
+        - "{{ opatch }}"
+
+    - name: Unarchive Opatch
+      ansible.builtin.unarchive:
+        src: "{{ stage }}/{{ opatch_zip }}"
+        dest: "{{ item }}"
+        owner: oracle
+        group: oinstall
+        mode: u=rwx,g=rx,o=rx
+        remote_src: yes
+      loop:
+        - "{{ database_home }}"
+        - "{{ grid_home }}"
+
+  #block
+  when: grid_required_version_check == "0"
+  become: true
+  become_user: "{{ oracle_install_user }}"
+  environment:
+    ORACLE_HOME: "{{ grid_home }}"
+    PATH: "{{ grid_home }}/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin"
diff --git a/ansible/roles/oracle-19c/tasks/oracle_ojvm_patch_upgrade.yml b/ansible/roles/oracle-19c/tasks/oracle_ojvm_patch_upgrade.yml
@@ -0,0 +1,72 @@
+---
+- name: Get OJVM patch details
+  ansible.builtin.shell: |
+    export ORACLE_HOME={{ database_home }}
+    {{ database_home }}/OPatch/opatch lspatches | grep {{ oracle_patch.ojvm_patch_string }} | wc -l
+  register: ojvm_patch_version_check
+
+- name: OJVM patch upgrade
+  block:
+    - name: Shutdown databases before applying OJVM patch
+      ansible.builtin.shell: |
+        export ORACLE_SID=+ASM
+        export ORAENV_ASK=NO
+        . oraenv
+        srvctl stop home -oraclehome {{ database_home }} -statefile /tmp/instances.txt
+
+    - name: Deploy OJVM Patch
+      ansible.builtin.shell: |
+        cd "{{ stage }}/{{ oracle_patch.oracle_combo_patch }}/{{ oracle_patch.oracle_ojvm_patch }}" 
+        export ORACLE_SID=`grep {{ database_home }} /etc/oratab | grep  "^[^#;]" | awk -F: '{ print $1 }' | head -1`
+        . oraenv
+        $ORACLE_HOME/OPatch/opatch apply -silent
+      register: ojvm_patch_upgrade
+      async: 1800
+      poll: 60
+
+    - name: Start databases before applying OJVM patch
+      ansible.builtin.shell: |
+        export ORACLE_SID=+ASM
+        export ORAENV_ASK=NO
+        . oraenv
+        srvctl start home -oraclehome {{ database_home }} -statefile /tmp/instances.txt
+
+    - name: Copy datapatch upgrade script
+      template:
+        src: "{{ item }}.j2"
+        dest: "{{ stage }}/{{ item }}"
+        owner: "{{ oracle_install_user }}"
+        group: "{{ oracle_install_group }}"
+        mode: "0700"
+      loop:
+        - "run_datapatch.sh"
+
+    - name: Run datapatch
+      ansible.builtin.shell: "{{ stage }}/run_datapatch.sh"
+      register: datapatch_upgrade
+      async: 9600
+      poll: 0
+
+    - name: Wait for datapatch upgrade to complete
+      ansible.builtin.async_status:
+        jid: "{{ datapatch_upgrade.ansible_job_id }}"
+      register: datapatch_upgrade
+      until: datapatch_upgrade.finished
+      delay: 60
+      retries: 180
+
+    - name: Restart databases
+      ansible.builtin.shell: |
+        export ORACLE_SID=+ASM
+        export ORAENV_ASK=NO
+        . oraenv
+        srvctl stop home -oraclehome {{ database_home }} -statefile /tmp/instances2.txt
+        srvctl start home -oraclehome {{ database_home }} -statefile /tmp/instances2.txt
+
+  #block
+  when: ojvm_patch_version_check.stdout == "0"
+  become: yes
+  become_user: "{{ oracle_install_user }}"
+  environment:
+    ORACLE_HOME: "{{ database_home }}"
+    PATH: "{{ database_home }}/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin"
diff --git a/ansible/roles/oracle-19c/tasks/oracle_patch_upgrade.yml b/ansible/roles/oracle-19c/tasks/oracle_patch_upgrade.yml
@@ -0,0 +1,55 @@
+---
+- name: Get RU patch details
+  ansible.builtin.shell: |
+    export ORACLE_HOME={{ grid_home }}
+    {{ grid_home }}/OPatch/opatch lspatches | grep {{ oracle_patch.patch_string }} | wc -l
+  register: grid_patch_version_check
+
+- name: RU patch upgrade
+  block:
+    - name: Kill sqlplus sessions if there are any
+      ansible.builtin.shell: |
+        if [ `ps -fu oracle | grep sqlplus | grep -v grep | wc -l` -gt 0 ]
+        then
+          ps -fu oracle | grep sqlplus | grep -v grep | gawk '{print $2}' | xargs kill -9
+        fi
+
+    - name: Download Oracle 19c PSU patch from S3 bucket
+      amazon.aws.aws_s3:
+        bucket: "{{ artefacts_s3_bucket_name }}"
+        object: "{{ artefacts_s3_bucket_path }}/{{ item }}"
+        dest: "{{ stage }}/{{ item }}"
+        mode: get
+        overwrite: latest
+      loop:
+        - "{{ oracle_patch.psu_patch }}"
+
+    - name: Unarchive RU patch
+      ansible.builtin.unarchive:
+        src: "{{ stage }}/{{ oracle_patch.psu_patch }}"
+        dest: "{{ stage }}"
+        owner: oracle
+        group: oinstall
+        mode: u=rwx,g=rx,o=rx
+        remote_src: yes
+
+    - name: Deploy OPatch
+      ansible.builtin.shell: |
+        $ORACLE_HOME/OPatch/opatchauto apply "{{ stage }}/{{ oracle_patch.oracle_combo_patch }}/{{ oracle_patch.oracle_release_update }}"
+      register: ru_patch_upgrade
+      async: 9600
+      poll: 0
+
+    - name: Wait for RU patch upgrade to complete
+      ansible.builtin.async_status:
+        jid: "{{ ru_patch_upgrade.ansible_job_id }}"
+      register: ru_patch_upgrade
+      until: ru_patch_upgrade.finished
+      delay: 60
+      retries: 180
+
+  #block
+  when: grid_patch_version_check.stdout == "0"
+  environment:
+    ORACLE_HOME: "{{ grid_home }}"
+    PATH: "{{ grid_home }}/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin"
diff --git a/ansible/roles/oracle-19c/tasks/oracle_ru_upgrade.yml b/ansible/roles/oracle-19c/tasks/oracle_ru_upgrade.yml
@@ -0,0 +1,7 @@
+---
+- import_tasks: opatch_upgrade.yml
+
+- import_tasks: oracle_patch_upgrade.yml
+
+- import_tasks: oracle_ojvm_patch_upgrade.yml
+# - import_tasks: oracle_bug_fixes.yml
diff --git a/ansible/roles/oracle-19c/tasks/post_install_tasks.yml b/ansible/roles/oracle-19c/tasks/post_install_tasks.yml
@@ -44,7 +44,7 @@
     - "{{ grid_response_file }}"
     - "{{ grid_install_script }}"
     - "{{ grid_software }}"
-    - "{{ psu_patch }}"
+    - "{{ oracle_patch.psu_patch }}"
     - "{{ opatch }}"
     - "{{ stage }}/psu"
     - "{{ database_response_file }}"

diff --git a/ansible/roles/oracle-19c/templates/db_install.sh.j2 b/ansible/roles/oracle-19c/templates/db_install.sh.j2
@@ -4,5 +4,5 @@ export TMP={{ temp }}
 export TMPDIR={{ temp }}
 export CV_ASSUME_DISTID=OL7.6
 echo "# Installing Oracle 19c database software"
-"{{ database_home }}/runInstaller" -silent -waitforcompletion -ignorePrereqFailure -responseFile {{ stage }}/{{ database_response_file }} -applyRU "{{ stage }}/psu/{{ oracle_combo_patch }}/{{ oracle_release_update }}" -applyOneOffs "{{ stage }}/psu/{{ oracle_combo_patch }}/{{ oracle_ojvm_patch }}" || true
+"{{ database_home }}/runInstaller" -silent -waitforcompletion -ignorePrereqFailure -responseFile {{ stage }}/{{ database_response_file }} -applyRU "{{ stage }}/psu/{{ oracle_patch.oracle_combo_patch }}/{{ oracle_patch.oracle_release_update }}" -applyOneOffs "{{ stage }}/psu/{{ oracle_patch.oracle_combo_patch }}/{{ oracle_patch.oracle_ojvm_patch }}" || true
 exit 0
diff --git a/ansible/roles/oracle-19c/templates/grid_install.sh.j2 b/ansible/roles/oracle-19c/templates/grid_install.sh.j2
@@ -4,5 +4,5 @@ export TMP={{ temp }}
 export TMPDIR={{ temp }}
 export CV_ASSUME_DISTID=OL7.6
 echo "# Installing Oracle 19c grid Infrastructure"
-"{{ grid_home }}/gridSetup.sh" -silent -waitforcompletion -ignorePrereqFailure -responseFile {{ stage }}/{{ grid_response_file }} -applyRU "{{ stage }}/psu/{{ oracle_combo_patch }}/{{ oracle_release_update }}"
+"{{ grid_home }}/gridSetup.sh" -silent -waitforcompletion -ignorePrereqFailure -responseFile {{ stage }}/{{ grid_response_file }} -applyRU "{{ stage }}/psu/{{ oracle_patch.oracle_combo_patch }}/{{ oracle_patch.oracle_release_update }}"
 exit 0 
diff --git a/ansible/roles/oracle-19c/templates/run_datapatch.sh.j2 b/ansible/roles/oracle-19c/templates/run_datapatch.sh.j2
@@ -0,0 +1,21 @@
+#!/bin/bash
+export ORAENV_ASK=NO
+echo -e "set head off \n select 'OPEN_MODE='||decode (open_mode,'READ WRITE',0,-1) from v\$database; \n select '=VERSION='|| version from v\$instance; \n  exit" > {{ stage }}/db_check.sql
+for i in `ps -fe| grep pmon| grep -v "+ASM"| grep -v grep | awk -F_ '{ print $3 }'`
+do
+    export ORACLE_SID=$i
+    . oraenv >/dev/null
+    DB_STATUS=`sqlplus -s "/ as sysdba" @{{ stage }}/db_check.sql`
+    DB_OPEN=`echo $DB_STATUS| awk -F= '{ print $2 }'`
+    DB_VERSION=`echo $DB_STATUS| awk -F= '{ print $4 }'`
+    if [ ${DB_OPEN} == 0 ]
+    then
+        if [ ${DB_VERSION} == "19.0.0.0.0" ]
+        then
+            echo "Running datapatch for " $i
+            $ORACLE_HOME/OPatch/datapatch -verbose &
+        fi
+    fi
+done
+wait
+echo "All databases successfully upgraded with latest patch"