TM-626: nomis: weblogic 12 code (#1169)

* add server type

* add swap

* add nomis-weblogic-12 role

* -

* allow x sshd config

* -

* add init script

* update

* -

* -

* fix

* -

* -

* add xauthority

ansible/group_vars/server_type_nomis_web12.yml

@@ -0,0 +1,94 @@
+---
+ansible_python_interpreter: /usr/bin/python3.9
+
+server_type_roles_list:
+  - autoscale-group-hooks
+  - get-ec2-facts
+  - selinux-config
+  - ansible-requirements
+  - ssh-host-keys
+  - packages
+  - time
+  - users-and-groups
+  - sudoers
+  - disable-firewall
+  - disable-ipv6
+  - message-of-the-day
+  - amazon-ssm-agent
+  - amazon-cli
+  - tcp-keepalive
+  - disks
+  - swap
+  - set-ec2-hostname
+  - domain-search
+  - ansible-script
+  - epel
+  - sshd-config
+  - nomis-weblogic-12
+#  - collectd
+#  - amazon-cloudwatch-agent
+#  - amazon-cloudwatch-agent-collectd
+#  - collectd-service-metrics
+#  - autoscale-group-hooks-state
+
+roles_list: "{{ (ami_roles_list | default([]) | difference(server_type_roles_list | default([]))) + (server_type_roles_list | default([])) }}"
+
+# collectd_monitored_services_servertype:
+#  - metric_name: service_status_os
+#    metric_dimension: chronyd
+#    shell_cmd: "service chronyd status"
+
+packages_yum_update: []
+packages_yum_install:
+  - binutils
+  - libstdc++-devel
+  - libstdc++
+  - sysstat
+  - gcc
+  - gcc-c++
+  - ksh
+  - make
+  - glibc
+  - libaio
+  - libaio-devel
+  - motif
+  - motif-devel
+  - libXtst-devel
+  - redhat-lsb-4.1
+  - redhat-lsb-core
+  - libnsl
+  - xterm # just for testing X
+
+disks_mount:
+  - ebs_device_name: /dev/sdb
+    dir: /u01
+    fstype: xfs
+
+users_and_groups_system:
+  - name: oracle
+    create_xauthority: true
+    group: oinstall
+    groups:
+      - dba
+      - wheel
+
+users_and_groups_create_xauthority: true
+sshd_config_mode: allow_x11
+
+nomis_environment: "{{ ec2.tags['nomis-environment'] }}"
+
+weblogic_configs:
+  qa11g:
+    weblogic_db_repo_hostname: "dev-nomis-db19c-1-a"
+    weblogic_db_repo_sid: "qa11g"
+    weblogic_db_repo_username: "sys"
+    weblogic_db_repo_prefix: "nomis13"
+    weblogic_domain_template_filename: "template1.jar"
+
+weblogic_config: "{{ weblogic_configs[nomis_environment] }}"
+
+weblogic_db_repo_hostname: "{{ weblogic_config.weblogic_db_repo_hostname }}"
+weblogic_db_repo_sid: "{{ weblogic_config.weblogic_db_repo_sid }}"
+weblogic_db_repo_username: "{{ weblogic_config.weblogic_db_repo_username }}"
+weblogic_db_repo_prefix: "{{ weblogic_config.weblogic_db_repo_prefix }}"
+weblogic_domain_template_filename: "{{ weblogic_config.weblogic_domain_template_filename }}"

ansible/roles/disks/tasks/mount-disk-rhel.yml

@@ -48,7 +48,7 @@
     src: "UUID={{ disks_mount_blkid.stdout }}"
     fstype: "{{ disks_mount_blkid.disk_mount.fstype }}"
     opts: "{{ disks_mount_blkid.disk_mount.opts | default('defaults,nofail') }}"
-    state: mounted
+    state: "{{ disks_mount_blkid.disk_mount.state | default('mounted') }}"
   loop_control:
     loop_var: disks_mount_blkid
     label: "{{ disks_mount_blkid.disk_mount }}"
@@ -60,7 +60,7 @@
     src: "UUID={{ disks_swap_blkid.stdout }}"
     fstype: "{{ disks_swap_blkid.disk_mount.fstype }}"
     opts: "{{ disks_swap_blkid.disk_mount.opts | default('sw') }}"
-    state: present
+    state: "{{ disks_swap_blkid.disk_mount.state | default('present') }}"
   loop_control:
     loop_var: disks_swap_blkid
     label: "{{ disks_swap_blkid.disk_mount }}"

ansible/roles/nomis-weblogic-12/defaults/main.yml

@@ -0,0 +1,28 @@
+---
+weblogic_admin_username: weblogic
+weblogic_domain_template_filename: none  # override in group vars once template has been created
+
+# Set these in appropriate group vars:
+# weblogic_db_repo_hostname:
+# weblogic_db_repo_sid:
+# weblogic_db_repo_prefix:
+weblogic_db_repo_username: "sys"
+
+weblogic_db_repo_password_secret:
+  - key: "{{ weblogic_db_repo_username }}"
+    value:
+
+weblogic_admin_password_secret:
+  - key: "{{ weblogic_admin_username }}"
+    value: auto
+
+weblogic_secretsmanager_passwords:
+  db_repo:
+    secret: "/oracle/database/{{ weblogic_db_repo_sid }}/weblogic-passwords"
+    users:
+      - "{{ weblogic_db_repo_password_secret | items2dict }}"
+      - wls_schemas: auto
+  weblogic:
+    secret: "/oracle/weblogic/{{ nomis_environment }}/passwords"
+    users:
+      - "{{ weblogic_admin_password_secret | items2dict }}"

ansible/roles/nomis-weblogic-12/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: get-ec2-facts

ansible/roles/nomis-weblogic-12/tasks/create-db-repo.yml

@@ -0,0 +1,38 @@
+---
+- name: Copy repository database config
+  ansible.builtin.template:
+    src: "12{{ item }}"
+    dest: "{{ item }}"
+    owner: oracle
+    group: oinstall
+    mode: '0600'
+  loop:
+    - /u01/software/weblogic/rcu.rsp
+
+- name: Create repository database using rcu
+  become_user: oracle
+  ansible.builtin.expect:
+    command: '/u01/app/oracle/Middleware/oracle_common/bin/rcu -silent -responseFile /u01/software/weblogic/rcu.rsp'
+    responses:
+      "Enter the database password":
+        - "{{ weblogic_db_repo_password }}"
+      "Enter the schema password":
+        - "{{ weblogic_db_repo_schema_password }}"
+    timeout: 180
+  failed_when: false
+  register: create_db_repo
+
+- name: Debug rcu stdout
+  ansible.builtin.debug:
+    var: create_db_repo.stdout_lines
+  when: create_db_repo.stdout_lines is defined
+
+- name: Debug rcu stderr
+  ansible.builtin.debug:
+    var: create_db_repo.stderr_lines
+  when: create_db_repo.stderr_lines is defined
+
+- name: Fail on rcu error
+  ansible.builtin.fail:
+    msg: "Could not create repository database with rcu, exit code {{ create_db_repo.rc|default(-1) }}"
+  when: create_db_repo.rc|default(-1) != 0

ansible/roles/nomis-weblogic-12/tasks/get-facts.yml

@@ -0,0 +1,12 @@
+---
+- name: Get secretsmanager passwords
+  import_role:
+    name: secretsmanager-passwords
+  vars:
+    secretsmanager_passwords: "{{ weblogic_secretsmanager_passwords }}"
+
+- name: Set secretsmanager password facts
+  set_fact:
+    weblogic_admin_password: "{{ secretsmanager_passwords_dict['weblogic'].passwords[weblogic_admin_username] }}"
+    weblogic_db_repo_password: "{{ secretsmanager_passwords_dict['db_repo'].passwords[weblogic_db_repo_username] }}"
+    weblogic_db_repo_schema_password: "{{ secretsmanager_passwords_dict['db_repo'].passwords['wls_schemas'] }}"

ansible/roles/nomis-weblogic-12/tasks/install-domain.yml

@@ -0,0 +1,100 @@
+---
+- name: Check if weblogic domain already installed
+  ansible.builtin.stat:
+    path: /u01/app/oracle/Middleware/user_projects/domains/nomis
+  register: weblogic_domain_installed_check
+
+- block:
+    - name: Create weblogic domain directories
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        owner: oracle
+        group: oinstall
+        mode: "0755"
+      loop:
+        - /u01/software/domain
+
+    # creat a template by first manually installing via config.sh wizard and then run pack:
+    # /u01/app/oracle/Middleware/oracle_common/common/bin/pack.sh -domain /u01/app/oracle/Middleware/user_projects/domains/nomis -template /u01/software/domain/template1.jar -template_name template1
+    # aws s3 cp /u01/software/domain/template1.jar s3://ec2-image-builder-nomis20220314103938567000000001/weblogic-software-12/domain/template1.jar --acl bucket-owner-full-control
+    - name: Get weblogic domain template from S3 bucket
+      amazon.aws.aws_s3:
+        bucket: "{{ image_builder_s3_bucket_name }}"
+        object: "weblogic-software-12/domain/{{ item }}"
+        dest: "/u01/software/domain/{{ item }}"
+        mode: get
+        overwrite: latest
+      loop:
+        - "{{ weblogic_domain_template_filename }}"
+
+    - name: Update ownership of weblogic domain template
+      ansible.builtin.file:
+        path: "/u01/software/domain/{{ item }}"
+        owner: oracle
+        group: oinstall
+      loop:
+        - "{{ weblogic_domain_template_filename }}"
+
+    - name: Unpack weblogic domain template
+      become_user: oracle
+      ansible.builtin.shell: |
+        set -eo pipefail
+        main() {
+          echo "# /u01/app/oracle/Middleware/oracle_common/common/bin/unpack.sh -domain /u01/app/oracle/Middleware/user_projects/domains/nomis -template /u01/software/domain/{{ weblogic_domain_template_filename }} -user_name weblogic -password xxxx"
+          /u01/app/oracle/Middleware/oracle_common/common/bin/unpack.sh -domain /u01/app/oracle/Middleware/user_projects/domains/nomis -template "/u01/software/domain/{{ weblogic_domain_template_filename }}" -user_name weblogic -password "{{ weblogic_admin_password }}"
+        }
+        main 2>&1 | logger -p local3.info -t ansible-weblogic
+
+    - name: Create weblogic domain security directories
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        owner: oracle
+        group: oinstall
+        mode: "0755"
+      loop:
+        - /u01/app/oracle/Middleware/user_projects/domains/nomis/servers/AdminServer/security
+        - /u01/app/oracle/Middleware/user_projects/domains/nomis/servers/WLS_FORMS/security
+        - /u01/app/oracle/Middleware/user_projects/domains/nomis/servers/WLS_REPORTS/security
+
+    # the boot.properties file is automatically updated by the weblogic server
+    - name: Copy weblogic domain security files
+      ansible.builtin.template:
+        src: "12/u01/app/oracle/Middleware/user_projects/domains/nomis/servers/AdminServer/security/boot.properties"
+        dest: "{{ item }}"
+        owner: oracle
+        group: oinstall
+        force: false
+      loop:
+        - /u01/app/oracle/Middleware/user_projects/domains/nomis/servers/AdminServer/security/boot.properties
+        - /u01/app/oracle/Middleware/user_projects/domains/nomis/servers/WLS_FORMS/security/boot.properties
+        - /u01/app/oracle/Middleware/user_projects/domains/nomis/servers/WLS_REPORTS/security/boot.properties
+
+  # block
+  when: not weblogic_domain_installed_check.stat.exists
+
+- name: Copy weblogic init.d scripts
+  ansible.builtin.template:
+    src: "12{{ item }}"
+    dest: "{{ item }}"
+    mode: "0644"
+  loop:
+    - /etc/systemd/system/weblogic-node-manager.service
+    - /etc/systemd/system/weblogic-server.service
+    - /etc/systemd/system/weblogic-ohs.service
+    - /etc/systemd/system/WLS_FORMS.service
+    - /etc/systemd/system/WLS_REPORTS.service
+
+- name: Enable weblogic services
+  ansible.builtin.service:
+    daemon_reload: true
+    name: "{{ item }}"
+    enabled: true
+    state: started
+  loop:
+    - weblogic-node-manager
+    - weblogic-server
+    - WLS_FORMS
+    - WLS_REPORTS
+    - weblogic-ohs

ansible/roles/nomis-weblogic-12/tasks/install-forms.yml

@@ -0,0 +1,59 @@
+---
+- name: Check if weblogic forms already installed
+  ansible.builtin.stat:
+    path: /u01/app/oracle/Middleware/forms_home/inventory
+  register: weblogic_forms_installed_check
+
+- name: Install weblogic forms software
+  block:
+    - name: Create weblogic forms directory
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        owner: oracle
+        group: oinstall
+        mode: "0755"
+      loop:      
+        - /u01/tmp
+
+    - name: Get weblogic forms from S3 bucket    
+      amazon.aws.aws_s3:
+        bucket: "{{ image_builder_s3_bucket_name }}"        
+        object: "weblogic-software-12/{{ item }}"
+        dest: "/u01/software/weblogic/{{ item }}"
+        mode: get
+        overwrite: latest
+      loop:
+        - fmw_12.2.1.19.0_fr_linux64.bin
+
+    - name: Update weblogic forms file permissions
+      ansible.builtin.file:
+        path: "/u01/software/weblogic/{{ item }}"        
+        mode: '0755'
+      loop:
+        - fmw_12.2.1.19.0_fr_linux64.bin
+
+    - name: Copy weblogic forms config
+      ansible.builtin.template:
+        src: "12{{ item }}"
+        dest: "{{ item }}"
+        owner: oracle
+        group: oinstall
+      loop:
+        - /u01/software/weblogic/forms.rsp
+
+    - name: Install weblogic forms which takes a couple of minutes
+      become_user: oracle
+      ansible.builtin.shell: |
+        set -eo pipefail
+        main() {        
+          echo "# installing weblogic forms fmw_12.2.1.19.0_fr_linux64.bin"]
+          export TMP=/u01/tmp
+          export TEMPDIR=/u01/tmp
+          export TEMP=/u01/tmp          
+          /u01/software/weblogic/fmw_12.2.1.19.0_fr_linux64.bin -silent -responseFile /u01/software/weblogic/forms.rsp
+        }
+        main 2>&1 | logger -p local3.info -t ansible-weblogic
+
+  # block
+  when: not weblogic_forms_installed_check.stat.exists

ansible/roles/nomis-weblogic-12/tasks/install-rpms.yml

@@ -0,0 +1,35 @@
+---
+- name: Check installed packages
+  ansible.builtin.package_facts:
+
+- block:
+    - name: Create rpms directory
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        owner: oracle
+        group: oinstall
+        mode: "0755"
+      loop:
+        - /u01/software/jdk
+
+    - name: Get rpms from S3 bucket
+      amazon.aws.aws_s3:
+        bucket: "{{ image_builder_s3_bucket_name }}"
+        object: "{{ item }}"
+        dest: "/u01/software/{{ item }}"
+        mode: get
+        overwrite: latest
+      loop:
+        - jdk/jdk-8u411-linux-x64.rpm
+      when: image_builder_s3_bucket_name is defined
+
+    - name: Install rpms
+      ansible.builtin.yum:
+        name: "/u01/software/{{ item }}"
+        state: present
+      loop:
+        - jdk/jdk-8u411-linux-x64.rpm
+
+  # block
+  when: ansible_facts.packages['jdk'] is not defined