secretsmanagersecrets for oracle19c

secretsmanagersecrets for oracle19c

ansible/group_vars/ami_delius_core_ol_8_5_oracle_db_19c.yml

@@ -71,3 +71,5 @@ disks_mount:
   - ebs_device_name: /dev/sds
     dir: swap
     fstype: swap
+
+use_ssm_params: true

ansible/group_vars/ami_hmpps_ol_8_5_oracledb_19c.yml

@@ -58,3 +58,5 @@ ami_roles_list:
 
 # the below vars are defined in multiple groups.  Keep the values the same to avoid unexpected behaviour
 roles_list: "{{ (ami_roles_list | default([]) | difference(server_type_roles_list | default([]))) + (server_type_roles_list | default([])) }}"
+
+use_ssm_params: true

ansible/group_vars/server_type_csr_db.yml

@@ -63,3 +63,5 @@ oracle_install_group: oinstall
 oracle_inventory: /u01/app/oraInventory
 database_home: /u01/app/oracle/product/19c/db_1
 grid_home: /u01/app/oracle/product/19c/gridhome_1
+
+use_ssm_params: true

ansible/group_vars/server_type_delius_core_db.yml

@@ -69,3 +69,5 @@ disks_mount:
   - ebs_device_name: /dev/sds
     dir: swap
     fstype: swap
+
+use_ssm_params: true

ansible/group_vars/server_type_hmpps_oem.yml

@@ -68,3 +68,5 @@ collectd_monitored_services_servertype:
 
 # the below vars are defined in multiple groups.  Keep the values the same to avoid unexpected behaviour
 roles_list: "{{ (ami_roles_list | default([]) | difference(server_type_roles_list | default([]))) + (server_type_roles_list | default([])) }}"
+
+use_ssm_params: true

ansible/group_vars/server_type_ncr_bip.yml

@@ -110,3 +110,5 @@ tns_entries:
       host_list:
         - t1-ncr-db-1-a.nomis-combined-reporting.hmpps-test.modernisation-platform.internal
       service_name: T1BIPAUD
+
+use_ssm_params: true

ansible/group_vars/server_type_ncr_bip_cmc.yml

@@ -113,3 +113,5 @@ tns_entries:
       host_list:
         - t1-ncr-db-1-a.nomis-combined-reporting.hmpps-test.modernisation-platform.internal
       service_name: BIPAUD_TAF
+
+use_ssm_params: true

ansible/group_vars/server_type_ncr_db.yml

@@ -74,3 +74,5 @@ oracle_inventory: /u01/app/oraInventory
 database_home: /u01/app/oracle/product/19c/db_1
 oracle_home: "{{ database_home }}"
 grid_home: /u01/app/oracle/product/19c/gridhome_1
+
+use_ssm_params: true

ansible/roles/oracle-19c/defaults/main.yml

@@ -35,13 +35,16 @@ grid_install_script: grid_install.sh
 
 password_response_file: grid_pw.rsp
 
-db_ssm_passwords:
+use_ssm_params: false
+db_secretsmanager_passwords:
   asm:
     parameter: "/ec2/{{ ec2_name }}/asm-passwords"
     users:
       - ASMSNMP: auto
       - ASMSYS: auto
 
+db_ssm_passwords: "{{ db_secretsmanager_passwords }}"
+
 grid_env:
   ORACLE_HOME: "{{ grid_home }}"
   PATH: "{{ grid_home }}/bin:{{ oracle_path }}"

ansible/roles/oracle-19c/tasks/get_facts.yml

@@ -1,11 +1,31 @@
 ---
-- name: Get SSM parameters
-  import_role:
-    name: ssm-passwords
-  vars:
-    ssm_passwords: "{{ db_ssm_passwords }}"
-
-- name: Get SSM parameters
-  set_fact:
-    asmpassword: "{{ ssm_passwords_dict['asm'].passwords['ASMSYS'] }}"
-    asmmonitorpassword: "{{ ssm_passwords_dict['asm'].passwords['ASMSNMP'] }}"
+
+- name: Get secretsmanager passwords
+  block:
+    - name: secretsmanager passwords
+      import_role:
+        name: secretsmanager-passwords
+      vars:
+        secretsmanager_passwords: "{{ db_secretsmanager_passwords }}"
+
+    - name: secretsmanager passwords
+      set_fact:
+        asmpassword: "{{ secretsmanager_passwords_dict['asm'].passwords['ASMSYS'] }}"
+        asmmonitorpassword: "{{ secretsmanager_passwords_dict['asm'].passwords['ASMSNMP'] }}"
+
+  when: not use_ssm_params
+
+- name: Get SSM params
+  block:
+    - name: Get SSM parameters
+      import_role:
+        name: ssm-passwords
+      vars:
+        ssm_passwords: "{{ db_ssm_passwords }}"
+
+    - name: Get SSM parameters
+      set_fact:
+        asmpassword: "{{ ssm_passwords_dict['asm'].passwords['ASMSYS'] }}"
+        asmmonitorpassword: "{{ ssm_passwords_dict['asm'].passwords['ASMSNMP'] }}"
+
+  when: use_ssm_params