Merge pull request #686 from ministryofjustice/oasys-analytical-platf…

…orm-dms-user-creation Added Analytical platform user creation on ASM
ministryofjustice · Apr 11, 2024 · 9ae1cea · 9ae1cea
2 parents 568abef + e69938d
commit 9ae1cea
Show file tree

Hide file tree

Showing 6 changed files with 86 additions and 0 deletions.
diff --git a/ansible/roles/oasys-ap-dms-setup/README.md b/ansible/roles/oasys-ap-dms-setup/README.md
@@ -0,0 +1,16 @@
+# Overview
+
+Use this role to setup oasys-sns on oasys database server 
+
+# Pre-requisites
+
+Ensure OASYS database is on database server 
+
+
+# Example
+
+1. Setup oasys-sns on database server 
+
+```
+no_proxy="*" ansible-playbook site.yml --limit t1-oasys-db-a  -e force_role=oracle-sns
+```
diff --git a/ansible/roles/oasys-ap-dms-setup/defaults/main.yml b/ansible/roles/oasys-ap-dms-setup/defaults/main.yml
@@ -0,0 +1,3 @@
+stage: /u01/stage
+oracle_home: "{{ database_home }}"
+dms_user: "aws"
diff --git a/ansible/roles/oasys-ap-dms-setup/meta/main.yml b/ansible/roles/oasys-ap-dms-setup/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: get-ec2-facts
diff --git a/ansible/roles/oasys-ap-dms-setup/tasks/main.yml b/ansible/roles/oasys-ap-dms-setup/tasks/main.yml
@@ -0,0 +1,4 @@
+---
+- import_tasks: oasys-dms-user-setup.yml
+  tags:
+    - oasys-asm-dms-user-creation
diff --git a/ansible/roles/oasys-ap-dms-setup/tasks/oasys-dms-user-setup.yml b/ansible/roles/oasys-ap-dms-setup/tasks/oasys-dms-user-setup.yml
@@ -0,0 +1,43 @@
+---
+- name: Get {{ dms_user }} password
+  ansible.builtin.shell: |
+    PATH=$PATH:/usr/local/bin
+    aws secretsmanager get-secret-value --secret-id "/ec2/{{ ec2_name }}/asm-passwords" --query SecretString --output text | jq -r .{{ dms_user }}
+  register: dms_password_output
+
+- name: set  password variable
+  ansible.builtin.set_fact:
+    dms_password: "{{ dms_password_output.stdout }}"
+
+- name: Create {{ dms_user }} if password is not null
+  block:
+    - name: Create stage directories
+      ansible.builtin.file:
+        owner: oracle
+        group: oinstall
+        path: "{{ stage }}"
+        state: directory
+        mode: "0755"
+
+    - name: Copy dms_user_creation.sql script template
+      become_user: "{{ oracle_install_user }}"
+      ansible.builtin.template:
+        src: "dms_user_creation.sql.j2"
+        dest: "{{ stage }}/dms_user_creation.sql"
+        mode: u=rwx,g=,o=
+        owner: "{{ oracle_install_user }}"
+        group: "{{ oracle_install_group }}"
+
+    - name: Create {{ dms_user }} user in ASM
+      become_user: "{{ oracle_install_user }}"
+      ansible.builtin.shell: |
+        set -eo pipefail
+        PATH=$PATH:/usr/local/bin
+        main() {
+          export ORACLE_SID=+ASM
+          . oraenv <<< $ORACLE_SID
+          sqlplus / as sysasm @{{ stage }}/dms_user_creation.sql
+        }
+        main 2>&1 | logger -p local3.info -t ansible-dms-user
+
+  when: dms_password|length > 0
diff --git a/ansible/roles/oasys-ap-dms-setup/templates/dms_user_creation.sql.j2 b/ansible/roles/oasys-ap-dms-setup/templates/dms_user_creation.sql.j2
@@ -0,0 +1,17 @@
+set echo on 
+set serveroutput on
+spool {{ stage }}/dms_user_creation.log
+declare 
+    userexist integer;
+begin
+    select count(*) into userexist from v$pwfile_users where username=upper('{{ dms_user }}');
+    if (userexist = 0) then
+        execute immediate 'create user {{ dms_user }} identified by {{ dms_password }}';
+        execute immediate 'grant sysasm to {{ dms_user }}';
+        dbms_output.put_line('{{ dms_user }} created successfully');
+    else 
+        dbms_output.put_line('{{ dms_user }} already exists.');
+    end if;
+end;
+/
+exit