DSOS-2358: allow additional oracle secure backup config (#404)

* DSOS-2358: allow additional oracle secure backup config for refresh from prod * Commit changes made by code formatters --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
ministryofjustice · Nov 20, 2023 · 674f6a9 · 674f6a9
1 parent ea3787b
commit 674f6a9
Show file tree

Hide file tree

Showing 9 changed files with 61 additions and 15 deletions.
diff --git a/ansible/group_vars/environment_name_corporate_staff_rostering_preproduction.yml b/ansible/group_vars/environment_name_corporate_staff_rostering_preproduction.yml
@@ -13,6 +13,10 @@ db_env:
   ORACLE_HOME: "{{ database_home }}"
   PATH: "{{ database_home }}/bin:{{ oracle_path }}"
 
+osbws_additional_configs:
+  - name: osbws_prod
+    s3_bucket_name: csr-db-backup-bucket20230822131807238100000001
+
 # rman details
 rman_backup_script: rman_backup.sh
 recovery_catalog: 1

diff --git a/ansible/group_vars/environment_name_nomis_combined_reporting_preproduction.yml b/ansible/group_vars/environment_name_nomis_combined_reporting_preproduction.yml
@@ -1,7 +1,12 @@
 ---
 ansible_aws_ssm_bucket_name: s3-bucket20230301111337484000000001
 image_builder_s3_bucket_name: nomis-combined-reporting-software20230330140932343400000001
+db_backup_s3_bucket_name: ncr-db-backup-bucket20230823123524544100000001
 dns_zone_internal: nomis-combined-reporting.hmpps-preproduction.modernisation-platform.internal
 dns_search_domains:
   - hmpps-oem.hmpps-preproduction.modernisation-platform.internal
   - azure.hmpp.root
+
+osbws_additional_configs:
+  - name: osbws_prod
+    s3_bucket_name: ncr-db-backup-bucket20230823123102902900000001
diff --git a/ansible/group_vars/environment_name_nomis_preproduction.yml b/ansible/group_vars/environment_name_nomis_preproduction.yml
@@ -14,3 +14,7 @@ db_configs:
     db_name: PPCNOM
   RCVCAT:
     rcvcat_db_name: PPRCVCAT
+
+osbws_additional_configs:
+  - name: osbws_prod
+    s3_bucket_name: nomis-db-backup-bucket20220427111226918600000001
diff --git a/ansible/group_vars/environment_name_oasys_preproduction.yml b/ansible/group_vars/environment_name_oasys_preproduction.yml
@@ -23,6 +23,10 @@ ords_trusted_origins:
 # OMS_SERVER: preproduction-oem-a.hmpps-oem.hmpps-preproduction.modernisation-platform.internal doesn't exist yet
 # OEM_AGENT_VERSION: 13.5.0.0.0
 
+osbws_additional_configs:
+  - name: osbws_prod
+    s3_bucket_name: prod-oasys-db-backup-bucket-20230721150536339200000001
+
 # rman details
 rman_backup_script: rman_backup.sh
 recovery_catalog: 1

diff --git a/ansible/roles/oracle-secure-backup/defaults/main.yml b/ansible/roles/oracle-secure-backup/defaults/main.yml
@@ -3,4 +3,10 @@ osw_temp_dir: /u02/temp/osbws
 osw_stage_dir: /u02/stage/osbws
 artefacts_s3_bucket_name: mod-platform-image-artefact-bucket20230203091453221500000001
 artefacts_s3_bucket_path: hmpps/oracle-secure-backup
-# db_backup_s3_bucket_name: # define this elsewhere, e.g. in group_vars
+
+osbws_configs:
+  - name: osbws
+    s3_bucket_name: "{{ db_backup_s3_bucket_name }}"
+    run_sbttest: true
+
+osbws_additional_configs: []
diff --git a/ansible/roles/oracle-secure-backup/tasks/install-software.yml b/ansible/roles/oracle-secure-backup/tasks/install-software.yml
@@ -1,13 +1,13 @@
 ---
 - name: Fail if variables not defined
   fail:
-    msg: "Please run get-ec2-facts role to collect facts, and ensure db_backup_s3_bucket_name is defined"
-  when: ansible_ec2_iam_instance_profile_role is not defined or db_backup_s3_bucket_name is not defined
+    msg: "Please run get-ec2-facts role to collect facts, and ensure osbws_config.s3_bucket_name is defined"
+  when: ansible_ec2_iam_instance_profile_role is not defined or osbws_config.s3_bucket_name is not defined
 
 - name: Configure osbws_argfile
   ansible.builtin.template:
     src: osbws_argfile
-    dest: "{{ osw_stage_dir }}/osbws_argfile"
+    dest: "{{ osw_stage_dir }}/{{ osbws_config.name }}_argfile"
     mode: 0644
     owner: oracle
     group: oinstall
@@ -16,7 +16,7 @@
 - name: Copy install script
   ansible.builtin.template:
     src: install.sh
-    dest: "{{ osw_stage_dir }}/install.sh"
+    dest: "{{ osw_stage_dir }}/{{ osbws_config.name }}_install.sh"
     mode: 0755
     owner: oracle
     group: oinstall
@@ -26,16 +26,16 @@
   become: true
   become_user: oracle
   shell: |
-    {{ osw_stage_dir }}/install.sh
+    {{ osw_stage_dir }}/{{ osbws_config.name }}_install.sh
   when: osbws_argfile.changed or osbws_install_script.changed
 
 - name: Update osbws config
   become: true
   become_user: oracle
   ansible.builtin.lineinfile:
-    path: "{{ database_home }}/dbs/osbws.ora"
+    path: "{{ database_home }}/dbs/{{ osbws_config.name }}.ora"
     regexp: "^OSB_WS_BUCKET="
-    line: "OSB_WS_BUCKET={{ db_backup_s3_bucket_name }}"
+    line: "OSB_WS_BUCKET={{ osbws_config.s3_bucket_name }}"
     create: yes
 
 - name: Set OSB_WS_CHUNK_SIZE
@@ -47,9 +47,24 @@
     line: "OSB_WS_CHUNK_SIZE={{ oracle_osbws_chunk_size }}"
   when: oracle_osbws_chunk_size is defined
 
-- name: Run test
+- name: Run sbttest
   become: true
   become_user: oracle
   shell: |
-    export OSB_WS_PFILE={{ database_home }}/dbs/osbws.ora
+    export OSB_WS_PFILE={{ database_home }}/dbs/{{ osbws_config.name }}.ora
     {{ database_home }}/bin/sbttest /tmp/foo -libname {{ database_home }}/lib/libosbws.so
+  check_mode: false
+  changed_when: false
+  when: osbws_config.run_sbttest is defined and osbws_config.run_sbttest
+
+- name: Check GetBucketLocation permission
+  shell: |
+    aws s3api get-bucket-location --bucket {{ osbws_config.s3_bucket_name }}
+  check_mode: false
+  changed_when: false
+
+- name: Check GetObject permission
+  shell: |
+    file=$(aws s3api get-object --bucket {{ osbws_config.s3_bucket_name }} --key blah /dev/null 2>&1 | grep "NoSuchKey")
+  check_mode: false
+  changed_when: false
diff --git a/ansible/roles/oracle-secure-backup/tasks/main.yml b/ansible/roles/oracle-secure-backup/tasks/main.yml
@@ -5,7 +5,15 @@
     - amibuild
     - ec2provision
 
-- import_tasks: install-software.yml
+- include_tasks:
+    file: install-software.yml
+    apply:
+      tags:
+        - ec2provision
+        - osw-install-software
   tags:
-    - osw-install-software
     - ec2provision
+    - osw-install-software
+  loop_control:
+    loop_var: osbws_config
+  loop: "{{ osbws_configs + osbws_additional_configs }}"
diff --git a/ansible/roles/oracle-secure-backup/templates/install.sh b/ansible/roles/oracle-secure-backup/templates/install.sh
@@ -1,3 +1,3 @@
 #!/bin/bash
 export PATH=$PATH:"{{ osw_stage_dir }}/jdk1.7.0_80/bin"
-java -jar "{{ osw_stage_dir }}/osbws_install.jar" -ARGFILE "{{ osw_stage_dir }}/osbws_argfile" -IAMRole "{{ ansible_ec2_iam_instance_profile_role }}" -useHttps | logger -p local3.info -t java
+java -jar "{{ osw_stage_dir }}/osbws_install.jar" -ARGFILE "{{ osw_stage_dir }}/{{ osbws_config.name }}_argfile" -IAMRole "{{ ansible_ec2_iam_instance_profile_role }}" -useHttps | logger -p local3.info -t java
diff --git a/ansible/roles/oracle-secure-backup/templates/osbws_argfile b/ansible/roles/oracle-secure-backup/templates/osbws_argfile
@@ -1,5 +1,5 @@
--walletDir {{ database_home }}/dbs/osbws_wallet
+-walletDir {{ database_home }}/dbs/{{ osbws_config.name }}_wallet
 -libDir {{ database_home }}/lib
 -location {{ ansible_ec2_placement_region }}
 -awsEndPoint s3-{{ ansible_ec2_placement_region }}.amazonaws.com
--configFile {{ database_home }}/dbs/osbws.ora
+-configFile {{ database_home }}/dbs/{{ osbws_config.name }}.ora