diff --git a/ansible/group_vars/server_type_nomis_web12.yml b/ansible/group_vars/server_type_nomis_web12.yml new file mode 100644 index 000000000..e4eac64c3 --- /dev/null +++ b/ansible/group_vars/server_type_nomis_web12.yml @@ -0,0 +1,94 @@ +--- +ansible_python_interpreter: /usr/bin/python3.9 + +server_type_roles_list: + - autoscale-group-hooks + - get-ec2-facts + - selinux-config + - ansible-requirements + - ssh-host-keys + - packages + - time + - users-and-groups + - sudoers + - disable-firewall + - disable-ipv6 + - message-of-the-day + - amazon-ssm-agent + - amazon-cli + - tcp-keepalive + - disks + - swap + - set-ec2-hostname + - domain-search + - ansible-script + - epel + - sshd-config + - nomis-weblogic-12 +# - collectd +# - amazon-cloudwatch-agent +# - amazon-cloudwatch-agent-collectd +# - collectd-service-metrics +# - autoscale-group-hooks-state + +roles_list: "{{ (ami_roles_list | default([]) | difference(server_type_roles_list | default([]))) + (server_type_roles_list | default([])) }}" + +# collectd_monitored_services_servertype: +# - metric_name: service_status_os +# metric_dimension: chronyd +# shell_cmd: "service chronyd status" + +packages_yum_update: [] +packages_yum_install: + - binutils + - libstdc++-devel + - libstdc++ + - sysstat + - gcc + - gcc-c++ + - ksh + - make + - glibc + - libaio + - libaio-devel + - motif + - motif-devel + - libXtst-devel + - redhat-lsb-4.1 + - redhat-lsb-core + - libnsl + - xterm # just for testing X + +disks_mount: + - ebs_device_name: /dev/sdb + dir: /u01 + fstype: xfs + +users_and_groups_system: + - name: oracle + create_xauthority: true + group: oinstall + groups: + - dba + - wheel + +users_and_groups_create_xauthority: true +sshd_config_mode: allow_x11 + +nomis_environment: "{{ ec2.tags['nomis-environment'] }}" + +weblogic_configs: + qa11g: + weblogic_db_repo_hostname: "dev-nomis-db19c-1-a" + weblogic_db_repo_sid: "qa11g" + weblogic_db_repo_username: "sys" + weblogic_db_repo_prefix: "nomis13" + weblogic_domain_template_filename: "template1.jar" + +weblogic_config: "{{ weblogic_configs[nomis_environment] }}" + +weblogic_db_repo_hostname: "{{ weblogic_config.weblogic_db_repo_hostname }}" +weblogic_db_repo_sid: "{{ weblogic_config.weblogic_db_repo_sid }}" +weblogic_db_repo_username: "{{ weblogic_config.weblogic_db_repo_username }}" +weblogic_db_repo_prefix: "{{ weblogic_config.weblogic_db_repo_prefix }}" +weblogic_domain_template_filename: "{{ weblogic_config.weblogic_domain_template_filename }}" diff --git a/ansible/roles/disks/tasks/mount-disk-rhel.yml b/ansible/roles/disks/tasks/mount-disk-rhel.yml index fafd22ad4..47eb6e02f 100644 --- a/ansible/roles/disks/tasks/mount-disk-rhel.yml +++ b/ansible/roles/disks/tasks/mount-disk-rhel.yml @@ -48,7 +48,7 @@ src: "UUID={{ disks_mount_blkid.stdout }}" fstype: "{{ disks_mount_blkid.disk_mount.fstype }}" opts: "{{ disks_mount_blkid.disk_mount.opts | default('defaults,nofail') }}" - state: mounted + state: "{{ disks_mount_blkid.disk_mount.state | default('mounted') }}" loop_control: loop_var: disks_mount_blkid label: "{{ disks_mount_blkid.disk_mount }}" @@ -60,7 +60,7 @@ src: "UUID={{ disks_swap_blkid.stdout }}" fstype: "{{ disks_swap_blkid.disk_mount.fstype }}" opts: "{{ disks_swap_blkid.disk_mount.opts | default('sw') }}" - state: present + state: "{{ disks_swap_blkid.disk_mount.state | default('present') }}" loop_control: loop_var: disks_swap_blkid label: "{{ disks_swap_blkid.disk_mount }}" diff --git a/ansible/roles/nomis-weblogic-12/defaults/main.yml b/ansible/roles/nomis-weblogic-12/defaults/main.yml new file mode 100644 index 000000000..cf7c7e854 --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/defaults/main.yml @@ -0,0 +1,28 @@ +--- +weblogic_admin_username: weblogic +weblogic_domain_template_filename: none # override in group vars once template has been created + +# Set these in appropriate group vars: +# weblogic_db_repo_hostname: +# weblogic_db_repo_sid: +# weblogic_db_repo_prefix: +weblogic_db_repo_username: "sys" + +weblogic_db_repo_password_secret: + - key: "{{ weblogic_db_repo_username }}" + value: + +weblogic_admin_password_secret: + - key: "{{ weblogic_admin_username }}" + value: auto + +weblogic_secretsmanager_passwords: + db_repo: + secret: "/oracle/database/{{ weblogic_db_repo_sid }}/weblogic-passwords" + users: + - "{{ weblogic_db_repo_password_secret | items2dict }}" + - wls_schemas: auto + weblogic: + secret: "/oracle/weblogic/{{ nomis_environment }}/passwords" + users: + - "{{ weblogic_admin_password_secret | items2dict }}" diff --git a/ansible/roles/nomis-weblogic-12/meta/main.yml b/ansible/roles/nomis-weblogic-12/meta/main.yml new file mode 100644 index 000000000..4ff987c1c --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: get-ec2-facts diff --git a/ansible/roles/nomis-weblogic-12/tasks/create-db-repo.yml b/ansible/roles/nomis-weblogic-12/tasks/create-db-repo.yml new file mode 100644 index 000000000..a6f1e8604 --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/tasks/create-db-repo.yml @@ -0,0 +1,38 @@ +--- +- name: Copy repository database config + ansible.builtin.template: + src: "12{{ item }}" + dest: "{{ item }}" + owner: oracle + group: oinstall + mode: '0600' + loop: + - /u01/software/weblogic/rcu.rsp + +- name: Create repository database using rcu + become_user: oracle + ansible.builtin.expect: + command: '/u01/app/oracle/Middleware/oracle_common/bin/rcu -silent -responseFile /u01/software/weblogic/rcu.rsp' + responses: + "Enter the database password": + - "{{ weblogic_db_repo_password }}" + "Enter the schema password": + - "{{ weblogic_db_repo_schema_password }}" + timeout: 180 + failed_when: false + register: create_db_repo + +- name: Debug rcu stdout + ansible.builtin.debug: + var: create_db_repo.stdout_lines + when: create_db_repo.stdout_lines is defined + +- name: Debug rcu stderr + ansible.builtin.debug: + var: create_db_repo.stderr_lines + when: create_db_repo.stderr_lines is defined + +- name: Fail on rcu error + ansible.builtin.fail: + msg: "Could not create repository database with rcu, exit code {{ create_db_repo.rc|default(-1) }}" + when: create_db_repo.rc|default(-1) != 0 diff --git a/ansible/roles/nomis-weblogic-12/tasks/get-facts.yml b/ansible/roles/nomis-weblogic-12/tasks/get-facts.yml new file mode 100644 index 000000000..679fcb6c8 --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/tasks/get-facts.yml @@ -0,0 +1,12 @@ +--- +- name: Get secretsmanager passwords + import_role: + name: secretsmanager-passwords + vars: + secretsmanager_passwords: "{{ weblogic_secretsmanager_passwords }}" + +- name: Set secretsmanager password facts + set_fact: + weblogic_admin_password: "{{ secretsmanager_passwords_dict['weblogic'].passwords[weblogic_admin_username] }}" + weblogic_db_repo_password: "{{ secretsmanager_passwords_dict['db_repo'].passwords[weblogic_db_repo_username] }}" + weblogic_db_repo_schema_password: "{{ secretsmanager_passwords_dict['db_repo'].passwords['wls_schemas'] }}" diff --git a/ansible/roles/nomis-weblogic-12/tasks/install-domain.yml b/ansible/roles/nomis-weblogic-12/tasks/install-domain.yml new file mode 100644 index 000000000..1edc2e3f1 --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/tasks/install-domain.yml @@ -0,0 +1,100 @@ +--- +- name: Check if weblogic domain already installed + ansible.builtin.stat: + path: /u01/app/oracle/Middleware/user_projects/domains/nomis + register: weblogic_domain_installed_check + +- block: + - name: Create weblogic domain directories + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: oracle + group: oinstall + mode: "0755" + loop: + - /u01/software/domain + + # creat a template by first manually installing via config.sh wizard and then run pack: + # /u01/app/oracle/Middleware/oracle_common/common/bin/pack.sh -domain /u01/app/oracle/Middleware/user_projects/domains/nomis -template /u01/software/domain/template1.jar -template_name template1 + # aws s3 cp /u01/software/domain/template1.jar s3://ec2-image-builder-nomis20220314103938567000000001/weblogic-software-12/domain/template1.jar --acl bucket-owner-full-control + - name: Get weblogic domain template from S3 bucket + amazon.aws.aws_s3: + bucket: "{{ image_builder_s3_bucket_name }}" + object: "weblogic-software-12/domain/{{ item }}" + dest: "/u01/software/domain/{{ item }}" + mode: get + overwrite: latest + loop: + - "{{ weblogic_domain_template_filename }}" + + - name: Update ownership of weblogic domain template + ansible.builtin.file: + path: "/u01/software/domain/{{ item }}" + owner: oracle + group: oinstall + loop: + - "{{ weblogic_domain_template_filename }}" + + - name: Unpack weblogic domain template + become_user: oracle + ansible.builtin.shell: | + set -eo pipefail + main() { + echo "# /u01/app/oracle/Middleware/oracle_common/common/bin/unpack.sh -domain /u01/app/oracle/Middleware/user_projects/domains/nomis -template /u01/software/domain/{{ weblogic_domain_template_filename }} -user_name weblogic -password xxxx" + /u01/app/oracle/Middleware/oracle_common/common/bin/unpack.sh -domain /u01/app/oracle/Middleware/user_projects/domains/nomis -template "/u01/software/domain/{{ weblogic_domain_template_filename }}" -user_name weblogic -password "{{ weblogic_admin_password }}" + } + main 2>&1 | logger -p local3.info -t ansible-weblogic + + - name: Create weblogic domain security directories + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: oracle + group: oinstall + mode: "0755" + loop: + - /u01/app/oracle/Middleware/user_projects/domains/nomis/servers/AdminServer/security + - /u01/app/oracle/Middleware/user_projects/domains/nomis/servers/WLS_FORMS/security + - /u01/app/oracle/Middleware/user_projects/domains/nomis/servers/WLS_REPORTS/security + + # the boot.properties file is automatically updated by the weblogic server + - name: Copy weblogic domain security files + ansible.builtin.template: + src: "12/u01/app/oracle/Middleware/user_projects/domains/nomis/servers/AdminServer/security/boot.properties" + dest: "{{ item }}" + owner: oracle + group: oinstall + force: false + loop: + - /u01/app/oracle/Middleware/user_projects/domains/nomis/servers/AdminServer/security/boot.properties + - /u01/app/oracle/Middleware/user_projects/domains/nomis/servers/WLS_FORMS/security/boot.properties + - /u01/app/oracle/Middleware/user_projects/domains/nomis/servers/WLS_REPORTS/security/boot.properties + + # block + when: not weblogic_domain_installed_check.stat.exists + +- name: Copy weblogic init.d scripts + ansible.builtin.template: + src: "12{{ item }}" + dest: "{{ item }}" + mode: "0644" + loop: + - /etc/systemd/system/weblogic-node-manager.service + - /etc/systemd/system/weblogic-server.service + - /etc/systemd/system/weblogic-ohs.service + - /etc/systemd/system/WLS_FORMS.service + - /etc/systemd/system/WLS_REPORTS.service + +- name: Enable weblogic services + ansible.builtin.service: + daemon_reload: true + name: "{{ item }}" + enabled: true + state: started + loop: + - weblogic-node-manager + - weblogic-server + - WLS_FORMS + - WLS_REPORTS + - weblogic-ohs diff --git a/ansible/roles/nomis-weblogic-12/tasks/install-forms.yml b/ansible/roles/nomis-weblogic-12/tasks/install-forms.yml new file mode 100644 index 000000000..8ce9f9560 --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/tasks/install-forms.yml @@ -0,0 +1,59 @@ +--- +- name: Check if weblogic forms already installed + ansible.builtin.stat: + path: /u01/app/oracle/Middleware/forms_home/inventory + register: weblogic_forms_installed_check + +- name: Install weblogic forms software + block: + - name: Create weblogic forms directory + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: oracle + group: oinstall + mode: "0755" + loop: + - /u01/tmp + + - name: Get weblogic forms from S3 bucket + amazon.aws.aws_s3: + bucket: "{{ image_builder_s3_bucket_name }}" + object: "weblogic-software-12/{{ item }}" + dest: "/u01/software/weblogic/{{ item }}" + mode: get + overwrite: latest + loop: + - fmw_12.2.1.19.0_fr_linux64.bin + + - name: Update weblogic forms file permissions + ansible.builtin.file: + path: "/u01/software/weblogic/{{ item }}" + mode: '0755' + loop: + - fmw_12.2.1.19.0_fr_linux64.bin + + - name: Copy weblogic forms config + ansible.builtin.template: + src: "12{{ item }}" + dest: "{{ item }}" + owner: oracle + group: oinstall + loop: + - /u01/software/weblogic/forms.rsp + + - name: Install weblogic forms which takes a couple of minutes + become_user: oracle + ansible.builtin.shell: | + set -eo pipefail + main() { + echo "# installing weblogic forms fmw_12.2.1.19.0_fr_linux64.bin"] + export TMP=/u01/tmp + export TEMPDIR=/u01/tmp + export TEMP=/u01/tmp + /u01/software/weblogic/fmw_12.2.1.19.0_fr_linux64.bin -silent -responseFile /u01/software/weblogic/forms.rsp + } + main 2>&1 | logger -p local3.info -t ansible-weblogic + + # block + when: not weblogic_forms_installed_check.stat.exists diff --git a/ansible/roles/nomis-weblogic-12/tasks/install-rpms.yml b/ansible/roles/nomis-weblogic-12/tasks/install-rpms.yml new file mode 100644 index 000000000..941b5a2c9 --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/tasks/install-rpms.yml @@ -0,0 +1,35 @@ +--- +- name: Check installed packages + ansible.builtin.package_facts: + +- block: + - name: Create rpms directory + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: oracle + group: oinstall + mode: "0755" + loop: + - /u01/software/jdk + + - name: Get rpms from S3 bucket + amazon.aws.aws_s3: + bucket: "{{ image_builder_s3_bucket_name }}" + object: "{{ item }}" + dest: "/u01/software/{{ item }}" + mode: get + overwrite: latest + loop: + - jdk/jdk-8u411-linux-x64.rpm + when: image_builder_s3_bucket_name is defined + + - name: Install rpms + ansible.builtin.yum: + name: "/u01/software/{{ item }}" + state: present + loop: + - jdk/jdk-8u411-linux-x64.rpm + + # block + when: ansible_facts.packages['jdk'] is not defined diff --git a/ansible/roles/nomis-weblogic-12/tasks/install-server.yml b/ansible/roles/nomis-weblogic-12/tasks/install-server.yml new file mode 100644 index 000000000..b14febea6 --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/tasks/install-server.yml @@ -0,0 +1,51 @@ +--- +- name: Check if weblogic software already installed + ansible.builtin.stat: + path: /u01/app/oracle/Middleware/wlserver + register: weblogic_server_installed_check + +- block: + - name: Create weblogic software directory + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: oracle + group: oinstall + mode: "0755" + loop: + - /u01/software/weblogic + - /u01/app/oracle/Middleware + - /u01/app/oracle/oraInventory + + - name: Get weblogic software from S3 bucket + amazon.aws.aws_s3: + bucket: "{{ image_builder_s3_bucket_name }}" + object: "weblogic-software-12/{{ item }}" + dest: "/u01/software/weblogic/{{ item }}" + mode: get + overwrite: latest + loop: + - fmw_12.2.1.4.0_infrastructure.jar + + - name: Copy weblogic software config + ansible.builtin.template: + src: "12{{ item }}" + dest: "{{ item }}" + owner: oracle + group: oinstall + loop: + - /etc/oraInst.loc + - /u01/software/weblogic/fmw12214.rsp + + - name: Install weblogic software which takes a couple of minutes + become_user: oracle + ansible.builtin.shell: | + set -eo pipefail + main() { + echo "# installing weblogic fmw_12.2.1.4.0_infrastructure.jar" + java -jar /u01/software/weblogic/fmw_12.2.1.4.0_infrastructure.jar -silent -responseFile /u01/software/weblogic/fmw12214.rsp + } + main 2>&1 | logger -p local3.info -t ansible-weblogic + + # block + when: not weblogic_server_installed_check.stat.exists diff --git a/ansible/roles/nomis-weblogic-12/tasks/main.yml b/ansible/roles/nomis-weblogic-12/tasks/main.yml new file mode 100644 index 000000000..fb7ae52c5 --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/tasks/main.yml @@ -0,0 +1,49 @@ +--- +- name: Rhel8 + block: + - import_tasks: get-facts.yml + tags: + - ec2provision + - weblogic_get_facts + - weblogic_setup_oracle_user + - weblogic_create_db_repo + - weblogic_install_domain + + - import_tasks: setup-oracle-user.yml + tags: + - ec2provision + - weblogic_setup_oracle_user + + - import_tasks: install-rpms.yml + tags: + - ec2provision + - weblogic_install_jdk + + - import_tasks: update-sysctl.yml + tags: + - ec2provision + - weblogic_update_sysctl + + - import_tasks: install-server.yml + tags: + - ec2provision + - weblogic_install_server + + - import_tasks: install-forms.yml + tags: + - ec2provision + - weblogic_install_forms + + # only needs to be done once per build + - import_tasks: create-db-repo.yml + tags: + - weblogic_create_db_repo + when: weblogic_db_repo_prefix is defined + + - import_tasks: install-domain.yml + tags: + - ec2provision + - weblogic_install_domain + when: weblogic_domain_template_filename != 'none' + + when: ansible_distribution in ['RedHat', 'OracleLinux'] and ansible_distribution_major_version == "8" diff --git a/ansible/roles/nomis-weblogic-12/tasks/setup-oracle-user.yml b/ansible/roles/nomis-weblogic-12/tasks/setup-oracle-user.yml new file mode 100644 index 000000000..32bb50c1e --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/tasks/setup-oracle-user.yml @@ -0,0 +1,42 @@ +--- +- name: Check oracle user already exists + ansible.builtin.getent: + database: passwd + key: oracle + +- name: Create oracle user directories + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: oracle + group: oinstall + mode: "0755" + loop: + - /home/oracle/admin/scripts + +- name: Copy oracle user bash profile + ansible.builtin.template: + src: "12{{ item }}" + dest: "{{ item }}" + owner: oracle + group: oinstall + loop: + - /home/oracle/.bash_profile + +- name: Copy oracle user scripts + ansible.builtin.template: + src: "12{{ item }}" + dest: "{{ item }}" + owner: oracle + group: oinstall + mode: '0755' + loop: + - /home/oracle/admin/scripts/wait_for_entry_in_journal.sh + - /home/oracle/admin/scripts/startWebLogic.sh + - /home/oracle/admin/scripts/startManagedWebLogic.sh + - /home/oracle/admin/scripts/startNodeManager.sh + - /home/oracle/admin/scripts/startOHS.py + - /home/oracle/admin/scripts/stopWebLogic.sh + - /home/oracle/admin/scripts/stopManagedWebLogic.sh + - /home/oracle/admin/scripts/stopNodeManager.sh + - /home/oracle/admin/scripts/stopOHS.py diff --git a/ansible/roles/nomis-weblogic-12/tasks/update-sysctl.yml b/ansible/roles/nomis-weblogic-12/tasks/update-sysctl.yml new file mode 100644 index 000000000..59af201b7 --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/tasks/update-sysctl.yml @@ -0,0 +1,9 @@ +--- +- name: Update sysctl + sysctl: + name: "{{ item.name }}" + value: "{{ item.value }}" + state: present + reload: yes + loop: + - { name: "kernel.shmmax", value: "4294967295" } diff --git a/ansible/roles/nomis-weblogic-12/templates/12/etc/oraInst.loc b/ansible/roles/nomis-weblogic-12/templates/12/etc/oraInst.loc new file mode 100644 index 000000000..ce73da7b8 --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/templates/12/etc/oraInst.loc @@ -0,0 +1,2 @@ +inventory_loc=/u01/app/oracle/oraInventory +inst_group=oinstall diff --git a/ansible/roles/nomis-weblogic-12/templates/12/etc/systemd/system/WLS_FORMS.service b/ansible/roles/nomis-weblogic-12/templates/12/etc/systemd/system/WLS_FORMS.service new file mode 100644 index 000000000..24e953add --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/templates/12/etc/systemd/system/WLS_FORMS.service @@ -0,0 +1,16 @@ +[Unit] +Description=WLS_FORMS +After=weblogic-server.service + +[Service] +ExecStart=/home/oracle/admin/scripts/startManagedWebLogic.sh WLS_FORMS +ExecStop=/home/oracle/admin/scripts/stopManagedWebLogic.sh WLS_FORMS +Group=oinstall +RemainAfterExit=yes +TasksMax=infinity +TimeoutStartSec=180 +Type=oneshot +User=oracle + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/nomis-weblogic-12/templates/12/etc/systemd/system/WLS_REPORTS.service b/ansible/roles/nomis-weblogic-12/templates/12/etc/systemd/system/WLS_REPORTS.service new file mode 100644 index 000000000..86aaa55e4 --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/templates/12/etc/systemd/system/WLS_REPORTS.service @@ -0,0 +1,16 @@ +[Unit] +Description=WLS_REPORTS +After=weblogic-server.service + +[Service] +ExecStart=/home/oracle/admin/scripts/startManagedWebLogic.sh WLS_REPORTS +ExecStop=/home/oracle/admin/scripts/stopManagedWebLogic.sh WLS_REPORTS +Group=oinstall +RemainAfterExit=yes +TasksMax=infinity +TimeoutStartSec=180 +Type=oneshot +User=oracle + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/nomis-weblogic-12/templates/12/etc/systemd/system/weblogic-node-manager.service b/ansible/roles/nomis-weblogic-12/templates/12/etc/systemd/system/weblogic-node-manager.service new file mode 100644 index 000000000..f4cda6f31 --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/templates/12/etc/systemd/system/weblogic-node-manager.service @@ -0,0 +1,15 @@ +[Unit] +Description=weblogic-node-manager +After=network-online.target + +[Service] +ExecStart=/home/oracle/admin/scripts/startNodeManager.sh +ExecStop=/home/oracle/admin/scripts/stopNodeManager.sh +Group=oinstall +RemainAfterExit=yes +TasksMax=infinity +Type=oneshot +User=oracle + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/nomis-weblogic-12/templates/12/etc/systemd/system/weblogic-ohs.service b/ansible/roles/nomis-weblogic-12/templates/12/etc/systemd/system/weblogic-ohs.service new file mode 100644 index 000000000..14a5ac1a7 --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/templates/12/etc/systemd/system/weblogic-ohs.service @@ -0,0 +1,15 @@ +[Unit] +Description=weblogic-ohs +After=weblogic-node-manager.service + +[Service] +ExecStart=/home/oracle/admin/scripts/startOHS.py +ExecStop=/home/oracle/admin/scripts/stopOHS.py +Group=oinstall +RemainAfterExit=yes +TasksMax=infinity +Type=oneshot +User=oracle + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/nomis-weblogic-12/templates/12/etc/systemd/system/weblogic-server.service b/ansible/roles/nomis-weblogic-12/templates/12/etc/systemd/system/weblogic-server.service new file mode 100644 index 000000000..b2d735090 --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/templates/12/etc/systemd/system/weblogic-server.service @@ -0,0 +1,16 @@ +[Unit] +Description=weblogic-server +After=weblogic-node-manager.service + +[Service] +ExecStart=/home/oracle/admin/scripts/startWebLogic.sh +ExecStop=/home/oracle/admin/scripts/stopWebLogic.sh +Group=oinstall +RemainAfterExit=yes +TasksMax=infinity +TimeoutStartSec=180 +Type=oneshot +User=oracle + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/.bash_profile b/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/.bash_profile new file mode 100644 index 000000000..d6b7a7381 --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/.bash_profile @@ -0,0 +1,9 @@ +# Get the aliases and functions +if [ -f ~/.bashrc ]; then + . ~/.bashrc +fi + +# User specific environment and startup programs +if [ -f /u01/app/oracle/Middleware/wlserver/server/bin/setWLSEnv.sh ]; then + . /u01/app/oracle/Middleware/wlserver/server/bin/setWLSEnv.sh > /dev/null +fi diff --git a/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/startManagedWebLogic.sh b/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/startManagedWebLogic.sh new file mode 100644 index 000000000..dedfb2bfc --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/startManagedWebLogic.sh @@ -0,0 +1,6 @@ +#!/bin/bash +set -e +echo "/u01/app/oracle/Middleware/user_projects/domains/nomis/bin/startManagedWebLogic.sh $1" +nohup /u01/app/oracle/Middleware/user_projects/domains/nomis/bin/startManagedWebLogic.sh $1 & +echo "Waiting for RUNNING" +/home/oracle/admin/scripts/wait_for_entry_in_journal.sh $1 RUNNING diff --git a/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/startNodeManager.sh b/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/startNodeManager.sh new file mode 100755 index 000000000..386459349 --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/startNodeManager.sh @@ -0,0 +1,6 @@ +#!/bin/bash +set -e +echo "/u01/app/oracle/Middleware/user_projects/domains/nomis/bin/startNodeManager.sh" +nohup /u01/app/oracle/Middleware/user_projects/domains/nomis/bin/startNodeManager.sh & +echo "Waiting for Secure socket listener started on port 5556" +/home/oracle/admin/scripts/wait_for_entry_in_journal.sh weblogic-node-manager "Secure socket listener started on port 5556" diff --git a/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/startOHS.py b/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/startOHS.py new file mode 100755 index 000000000..6d89822fa --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/startOHS.py @@ -0,0 +1,5 @@ +#!/u01/app/oracle/Middleware/oracle_common/common/bin/wlst.sh +nmConnect('{{ weblogic_admin_username }}','{{ weblogic_admin_password }}','localhost','5556','nomis') +print('Check OHS ServerStatus') +if nmServerStatus(serverName='ohs1',serverType='OHS') != 'RUNNING': + nmStart(serverName='ohs1', serverType='OHS') diff --git a/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/startWebLogic.sh b/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/startWebLogic.sh new file mode 100755 index 000000000..5400979b8 --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/startWebLogic.sh @@ -0,0 +1,6 @@ +#!/bin/bash +set -e +echo "/u01/app/oracle/Middleware/user_projects/domains/nomis/bin/startWebLogic.sh" +nohup /u01/app/oracle/Middleware/user_projects/domains/nomis/bin/startWebLogic.sh & +echo "Waiting for RUNNING" +/home/oracle/admin/scripts/wait_for_entry_in_journal.sh weblogic-server RUNNING diff --git a/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/stopManagedWebLogic.sh b/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/stopManagedWebLogic.sh new file mode 100644 index 000000000..026d93861 --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/stopManagedWebLogic.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +get_process_pids() { + process_pids1=$(pgrep -u oracle -f "startManagedWebLogic.sh $1$" 2> /dev/null) + process_pids2=$(pgrep -u oracle -f "weblogic.Name=$1 " 2> /dev/null) + [[ -z $process_pids1 && -z $process_pids2 ]] && return 1 + ( + for process_pid in $process_pids1 $process_pids2; do + pstree -ap "$process_pid" | grep -v '{' | cut -d, -f2 | cut -d\ -f1 + done + ) | sort -u | tr '\n' ' ' +} + +stop_process() { + if ! get_process_pids $1 > /dev/null; then + return 0 + fi + + echo "/u01/app/oracle/Middleware/user_projects/domains/nomis/bin/stopManagedWebLogic.sh $1" + /u01/app/oracle/Middleware/user_projects/domains/nomis/bin/stopManagedWebLogic.sh $1 + + if ! PIDS=$(get_process_pids $1); then + return 0 + fi + + echo "kill $PIDS" + kill $PIDS + sleep 2 + + if ! get_process_pids $1 > /dev/null; then + return 0 + fi + sleep 5 + if ! PIDS=$(get_process_pids $1); then + return 0 + fi + + echo "kill -9 $PIDS" + kill -9 $PIDS +} + +stop_process $1 diff --git a/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/stopNodeManager.sh b/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/stopNodeManager.sh new file mode 100755 index 000000000..12fad5c7f --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/stopNodeManager.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +get_process_pids() { + process_pids1=$(pgrep -u oracle -f "startNodeManager.sh$" 2> /dev/null) + process_pids2=$(pgrep -u oracle -f "weblogic.NodeManager" 2> /dev/null) + [[ -z $process_pids1 && -z $process_pids2 ]] && return 1 + ( + for process_pid in $process_pids1 $process_pids2; do + pstree -ap "$process_pid" | grep -v '{' | cut -d, -f2 | cut -d\ -f1 + done + ) | sort -u | tr '\n' ' ' +} + +stop_process() { + if ! get_process_pids > /dev/null; then + return 0 + fi + + echo "/u01/app/oracle/Middleware/user_projects/domains/nomis/bin/stopNodeManager.sh $1" + /u01/app/oracle/Middleware/user_projects/domains/nomis/bin/stopNodeManager.sh $1 + + if ! PIDS=$(get_process_pids); then + return 0 + fi + + echo "kill $PIDS" + kill $PIDS + sleep 2 + + if ! get_process_pids > /dev/null; then + return 0 + fi + sleep 5 + if ! PIDS=$(get_process_pids); then + return 0 + fi + + echo "kill -9 $PIDS" + kill -9 $PIDS +} + +stop_process diff --git a/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/stopOHS.py b/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/stopOHS.py new file mode 100755 index 000000000..eec8a2716 --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/stopOHS.py @@ -0,0 +1,5 @@ +#!/u01/app/oracle/Middleware/oracle_common/common/bin/wlst.sh +nmConnect('{{ weblogic_admin_username }}','{{ weblogic_admin_password }}','localhost','5556','nomis') +print('Check OHS ServerStatus') +if nmServerStatus(serverName='ohs1',serverType='OHS') == 'RUNNING': + nmKill(serverName='ohs1', serverType='OHS') diff --git a/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/stopWebLogic.sh b/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/stopWebLogic.sh new file mode 100755 index 000000000..a31715dad --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/stopWebLogic.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +get_process_pids() { + process_pids1=$(pgrep -u oracle -f "startWebLogic.sh$" 2> /dev/null) + process_pids2=$(pgrep -u oracle -f "weblogic.Name=AdminServer" 2> /dev/null) + [[ -z $process_pids1 && -z $process_pids2 ]] && return 1 + ( + for process_pid in $process_pids1 $process_pids2; do + pstree -ap "$process_pid" | grep -v '{' | cut -d, -f2 | cut -d\ -f1 + done + ) | sort -u | tr '\n' ' ' +} + +stop_process() { + if ! get_process_pids > /dev/null; then + return 0 + fi + + echo "/u01/app/oracle/Middleware/user_projects/domains/nomis/bin/stopWebLogic.sh $1" + /u01/app/oracle/Middleware/user_projects/domains/nomis/bin/stopWebLogic.sh $1 + + if ! PIDS=$(get_process_pids); then + return 0 + fi + + echo "kill $PIDS" + kill $PIDS + sleep 2 + + if ! get_process_pids > /dev/null; then + return 0 + fi + sleep 5 + if ! PIDS=$(get_process_pids); then + return 0 + fi + + echo "kill -9 $PIDS" + kill -9 $PIDS +} + +stop_process diff --git a/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/wait_for_entry_in_journal.sh b/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/wait_for_entry_in_journal.sh new file mode 100755 index 000000000..336959639 --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/templates/12/home/oracle/admin/scripts/wait_for_entry_in_journal.sh @@ -0,0 +1,18 @@ +#!/bin/bash +service=$1 +match_pattern=$2 +if [[ -z $match_pattern ]]; then + echo "Usage $0 " >&2 + exit 1 +fi +if [[ ! -e "/etc/systemd/system/$service.service" ]]; then + echo "$service not found" >&2 + exit 1 +fi +# wait until a matching line found in the log file +# only way I could get this to work was to spawn tail in a subshell +( journalctl -f -n0 -u "$service" & ) | grep -qE "${match_pattern}" +# kill the tail subshell. It's not so easy to find the pid +pid=$(ps -o pid= -o cmd --forest -g $(ps -o sid= -p $$) | grep -F "journalctl -f -n0 -u $service" | grep -v grep | cut -d\ -f1) +[[ -n $pid ]] && kill $pid 2> /dev/null +exit 0 diff --git a/ansible/roles/nomis-weblogic-12/templates/12/u01/app/oracle/Middleware/user_projects/domains/nomis/servers/AdminServer/security/boot.properties b/ansible/roles/nomis-weblogic-12/templates/12/u01/app/oracle/Middleware/user_projects/domains/nomis/servers/AdminServer/security/boot.properties new file mode 100644 index 000000000..9d172dfc2 --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/templates/12/u01/app/oracle/Middleware/user_projects/domains/nomis/servers/AdminServer/security/boot.properties @@ -0,0 +1,3 @@ +# these credentials are encrypted once the weblogic server is started +username={{ weblogic_admin_username }} +password={{ weblogic_admin_password }} diff --git a/ansible/roles/nomis-weblogic-12/templates/12/u01/software/weblogic/fmw12214.rsp b/ansible/roles/nomis-weblogic-12/templates/12/u01/software/weblogic/fmw12214.rsp new file mode 100644 index 000000000..86c8d735f --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/templates/12/u01/software/weblogic/fmw12214.rsp @@ -0,0 +1,29 @@ +[ENGINE] +#DO NOT CHANGE THIS. +Response File Version=1.0.0.0.0 +[GENERIC] +#Set this to true if you wish to skip software updates +DECLINE_AUTO_UPDATES=true +#My Oracle Support User Name +MOS_USERNAME= +#My Oracle Support Password +MOS_PASSWORD= +#If the Software updates are already downloaded and available on your local system, +#then specify the path to the directory where these patches are available and +#set SPECIFY_DOWNLOAD_LOCATION to true +AUTO_UPDATES_LOCATION= +#Proxy Server Name to connect to My Oracle Support +SOFTWARE_UPDATES_PROXY_SERVER= +#Proxy Server Port +SOFTWARE_UPDATES_PROXY_PORT= +#Proxy Server Username +SOFTWARE_UPDATES_PROXY_USER= +#Proxy Server Password +SOFTWARE_UPDATES_PROXY_PASSWORD= + +#The oracle home location. This can be an existing Oracle Home or a new Oracle Home +ORACLE_HOME=/u01/app/oracle/Middleware + +#Set this variable value to the Installation Type selected. +#e.g. Fusion Middleware Infrastructure, Fusion Middleware Infrastructure With Examples. +INSTALL_TYPE=Fusion Middleware Infrastructure diff --git a/ansible/roles/nomis-weblogic-12/templates/12/u01/software/weblogic/forms.rsp b/ansible/roles/nomis-weblogic-12/templates/12/u01/software/weblogic/forms.rsp new file mode 100644 index 000000000..817e1aedc --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/templates/12/u01/software/weblogic/forms.rsp @@ -0,0 +1,37 @@ +[ENGINE] + +#DO NOT CHANGE THIS. +Response File Version=1.0.0.0.0 + +[GENERIC] + +#Set this to true if you wish to skip software updates +DECLINE_AUTO_UPDATES=true + +# +MOS_USERNAME= + +# +MOS_PASSWORD= + +#If the Software updates are already downloaded and available on your local system, then specify the path to the directory where these patches are available and set SPECIFY_DOWNLOAD_LOCATION to true +AUTO_UPDATES_LOCATION= + +# +SOFTWARE_UPDATES_PROXY_SERVER= + +# +SOFTWARE_UPDATES_PROXY_PORT= + +# +SOFTWARE_UPDATES_PROXY_USER= + +# +SOFTWARE_UPDATES_PROXY_PASSWORD= + +#The oracle home location. This can be an existing Oracle Home or a new Oracle Home +ORACLE_HOME=/u01/app/oracle/Middleware +#MW_HOME=/u01/app/oracle/Middleware/ + +#Set this variable value to the Installation Type selected as either Standalone HTTP Server (Managed independently of WebLogic server) OR Colocated HTTP Server (Managed through WebLogic server) +INSTALL_TYPE=Forms and Reports Deployment diff --git a/ansible/roles/nomis-weblogic-12/templates/12/u01/software/weblogic/rcu.rsp b/ansible/roles/nomis-weblogic-12/templates/12/u01/software/weblogic/rcu.rsp new file mode 100644 index 000000000..ffb4af543 --- /dev/null +++ b/ansible/roles/nomis-weblogic-12/templates/12/u01/software/weblogic/rcu.rsp @@ -0,0 +1,56 @@ +#RCU Operation - createRepository, generateScript, dataLoad, dropRepository, consolidate, generateConsolidateScript, consolidateSyn, dropConsolidatedSchema, reconsolidate +operation=createRepository + +#Enter the database connection details in the supported format. Database Connect String. This can be specified in the following format - For Oracle Database: host:port:SID OR host:port/service , For SQLServer, IBM DB2, MySQL and JavaDB Database: Server name/host:port:databaseName. For RAC database, specify VIP name or one of the Node name as Host name.For SCAN enabled RAC database, specify SCAN host as Host name. +connectString={{ weblogic_db_repo_hostname }}:1521:{{ weblogic_db_repo_sid }} + +#Database Type - [ORACLE|SQLSERVER|IBMDB2|EBR|MYSQL] - default is ORACLE +databaseType=ORACLE + +#Database User +dbUser={{ weblogic_db_repo_username }} + +#Database Role - sysdba or Normal +dbRole=SYSDBA + +#This is applicable only for database type - EBR +#edition= + +#Prefix to be used for the schema. This is optional for non-prefixable components. +schemaPrefix={{ weblogic_db_repo_prefix }} + +#List of components separated by comma. Remove the components which are not needed. +componentList=STB,OPSS,IAU,IAU_APPEND,IAU_VIEWER + +#Specify whether dependent components of the given componentList have to be selected. true | false - default is false +#selectDependentsForComponents=false + +#If below property is set to true, then all the schemas specified will be set to the same password. +useSamePasswordForAllSchemaUsers=true + +#This allows user to skip cleanup on failure. yes | no. Default is no. +#skipCleanupOnFailure=no + +#Yes | No - default is Yes. This is applicable only for database type - SQLSERVER. +#unicodeSupport=no + +#Location of ComponentInfo xml file - optional. +#compInfoXMLLocation= + +#Location of Storage xml file - optional +#storageXMLLocation= + +#Tablespace name for the component. Tablespace should already exist if this option is used. +#tablespace= + +#Temp tablespace name for the component. Temp Tablespace should already exist if this option is used. +#tempTablespace= + +#Absolute path of Wallet directory. If wallet is not provided, passwords will be prompted. +#walletDir= + +#true | false - default is false. RCU will create encrypted tablespace if TDE is enabled in the database. +#encryptTablespace=false + +#true | false - default is false. RCU will create datafiles using Oracle-Managed Files (OMF) naming format if value set to true. +#honorOMF=false diff --git a/ansible/roles/sshd-config/defaults/main.yml b/ansible/roles/sshd-config/defaults/main.yml index e4a4d5680..1a21733fa 100644 --- a/ansible/roles/sshd-config/defaults/main.yml +++ b/ansible/roles/sshd-config/defaults/main.yml @@ -8,6 +8,14 @@ sshd_config_settings: PasswordAuthentication: "yes" PubkeyAuthentication: "no" UsePAM: "yes" + allow_x11: + X11Forwarding: "yes" + X11DisplayOffset: "10" + X11UseLocalhost: "yes" + PermitRootLogin: "no" + PasswordAuthentication: "no" + PubkeyAuthentication: "yes" + UsePAM: "no" default: X11Forwarding: "no" PermitRootLogin: "no" diff --git a/ansible/roles/swap/README.md b/ansible/roles/swap/README.md new file mode 100644 index 000000000..06354a4ee --- /dev/null +++ b/ansible/roles/swap/README.md @@ -0,0 +1,14 @@ +# Role for creating SWAP as file on existing disk + +To use a dedicated EBS volume for SWAP, please use the `disks` role. + +This role will create a swapfile and mount it - so it persists reboot. +It will add additional swap if required. +It won't remove any existing swap. + +The swap filename will get a numeric postfix added, e.g. + +``` +/swapfile.0 +/swapfile.1 +``` diff --git a/ansible/roles/swap/defaults/main.yml b/ansible/roles/swap/defaults/main.yml new file mode 100644 index 000000000..9f3ebbd6a --- /dev/null +++ b/ansible/roles/swap/defaults/main.yml @@ -0,0 +1,3 @@ +--- +swap_mb: 4096 +swap_file: /swapfile diff --git a/ansible/roles/swap/tasks/add_swap.yml b/ansible/roles/swap/tasks/add_swap.yml new file mode 100644 index 000000000..1a8037ba2 --- /dev/null +++ b/ansible/roles/swap/tasks/add_swap.yml @@ -0,0 +1,19 @@ +--- +- name: Creating swapfile + ansible.builtin.shell: | + set -eo pipefail + main() { + echo "creating swapfile {{ swap_to_create_filename }} {{ swap_to_create_mb }}MB" + dd if=/dev/zero of="{{ swap_to_create_filename }}" bs=1048576 count={{ swap_to_create_mb }} + chmod 600 "{{ swap_to_create_filename }}" + mkswap "{{ swap_to_create_filename }}" + swapon "{{ swap_to_create_filename }}" + } + main 2>&1 | logger -p local3.info -t ansible-swap + +- name: Mount swapfile + ansible.posix.mount: + src: "{{ swap_to_create_filename }}" + path: "{{ swap_to_create_filename }}" + fstype: swap + state: present diff --git a/ansible/roles/swap/tasks/get_facts.yml b/ansible/roles/swap/tasks/get_facts.yml new file mode 100644 index 000000000..7f6e4e5fe --- /dev/null +++ b/ansible/roles/swap/tasks/get_facts.yml @@ -0,0 +1,22 @@ +--- +- ansible.builtin.shell: | + set -eo pipefail + for ((i=0; i<100; i++)); do + swap_file="{{ swap_file }}.$i" + if [[ ! -e "$swap_file" ]]; then + echo "$swap_file" + exit 0 + fi + done + echo "Could not find swap file" + exit 1 + changed_when: false + check_mode: false + register: swap_to_create_filename_shell + +- ansible.builtin.set_fact: + swap_to_create_mb: "{{ 0 if 1+ansible_facts['memory_mb']['swap']['total'] >= swap_mb else swap_mb - ansible_facts['memory_mb']['swap']['total'] }}" + swap_to_create_filename: "{{ swap_to_create_filename_shell.stdout }}" + +- ansible.builtin.debug: + msg: "existing_swap={{ ansible_facts['memory_mb']['swap']['total'] }} swap_to_create_mb={{ swap_to_create_mb }}; swap_to_create_filename={{ swap_to_create_filename }}" diff --git a/ansible/roles/swap/tasks/main.yml b/ansible/roles/swap/tasks/main.yml new file mode 100644 index 000000000..48665249f --- /dev/null +++ b/ansible/roles/swap/tasks/main.yml @@ -0,0 +1,16 @@ +--- +- import_tasks: get_facts.yml + tags: + - amibuild + - ec2provision + - ec2patch + when: ansible_distribution in ['RedHat', 'OracleLinux'] + +- import_tasks: add_swap.yml + tags: + - amibuild + - ec2provision + - ec2patch + when: + - ansible_distribution in ['RedHat', 'OracleLinux'] + - swap_to_create_mb|int > 0 diff --git a/ansible/roles/users-and-groups/README.md b/ansible/roles/users-and-groups/README.md index ee6d0f04b..71597be59 100644 --- a/ansible/roles/users-and-groups/README.md +++ b/ansible/roles/users-and-groups/README.md @@ -87,3 +87,25 @@ regular_groups_members: - Sandhya1874 - KarenMoss1510 ``` + +## XAuthority + +You can optionally create blank .Xauthority files for all regular users by setting +following variable: + +``` +users_and_groups_create_xauthority: true +``` + +You can add this for system users (e.g. if you need to run an X tool as a particular +user) by adding `create_xauthority` to the `users_and_groups_system` variable: + +``` +users_and_groups_system: + - name: oracle + create_xauthority: true + group: oinstall + groups: + - dba + - wheel +``` diff --git a/ansible/roles/users-and-groups/defaults/main.yml b/ansible/roles/users-and-groups/defaults/main.yml index 5453a3c43..3241ef413 100644 --- a/ansible/roles/users-and-groups/defaults/main.yml +++ b/ansible/roles/users-and-groups/defaults/main.yml @@ -21,6 +21,7 @@ regular_gids: {} # group -> gid regular_users_authorized_keys: {} # username -> key (multi-line string) regular_groups_additional_groups: {} # username -> groups regular_groups_members: {} # group -> list of usernames +users_and_groups_create_xauthority: false # Define which files to read in from /vars users_and_groups_system_vars_prefixes: diff --git a/ansible/roles/users-and-groups/tasks/add-regular.yml b/ansible/roles/users-and-groups/tasks/add-regular.yml index 9522da5ca..1d2a38334 100644 --- a/ansible/roles/users-and-groups/tasks/add-regular.yml +++ b/ansible/roles/users-and-groups/tasks/add-regular.yml @@ -105,3 +105,13 @@ label: "{{ item.name }}" loop: "{{ users_regular | rejectattr('state', 'equalto', 'absent') | selectattr('authorized_keys', 'defined') }}" when: not ansible_check_mode + +- name: Touch regular users .xAuthority + ansible.builtin.file: + path: "/home/{{ item.name }}/.Xauthority" + state: touch + mode: u+rw,g-rwx,o-rwx + modification_time: preserve + access_time: preserve + loop: "{{ users_regular | rejectattr('state', 'equalto', 'absent') | selectattr('authorized_keys', 'defined') }}" + when: users_and_groups_create_xauthority diff --git a/ansible/roles/users-and-groups/tasks/add-system.yml b/ansible/roles/users-and-groups/tasks/add-system.yml index 8e1f0d663..0f3d8c41e 100644 --- a/ansible/roles/users-and-groups/tasks/add-system.yml +++ b/ansible/roles/users-and-groups/tasks/add-system.yml @@ -36,3 +36,12 @@ home: "{{ item.home | default('/home/' + item.name) }}" system: yes loop: "{{ users_and_groups_system | selectattr('name', 'defined') }}" + +- name: Touch system users .xAuthority + ansible.builtin.file: + path: "/home/{{ item.name }}/.Xauthority" + state: touch + mode: u+rw,g-rwx,o-rwx + modification_time: preserve + access_time: preserve + loop: "{{ users_and_groups_system | selectattr('name', 'defined') | selectattr('create_xauthority', 'defined') | selectattr('create_xauthority', 'equalto', true) }}"