diff --git a/ansible/roles/oasys-ap-dms-setup/README.md b/ansible/roles/oasys-ap-dms-setup/README.md new file mode 100644 index 000000000..e61143a6a --- /dev/null +++ b/ansible/roles/oasys-ap-dms-setup/README.md @@ -0,0 +1,16 @@ +# Overview + +Use this role to setup oasys-sns on oasys database server + +# Pre-requisites + +Ensure OASYS database is on database server + + +# Example + +1. Setup oasys-sns on database server + +``` +no_proxy="*" ansible-playbook site.yml --limit t1-oasys-db-a -e force_role=oracle-sns +``` diff --git a/ansible/roles/oasys-ap-dms-setup/defaults/main.yml b/ansible/roles/oasys-ap-dms-setup/defaults/main.yml new file mode 100644 index 000000000..cde9c8543 --- /dev/null +++ b/ansible/roles/oasys-ap-dms-setup/defaults/main.yml @@ -0,0 +1,3 @@ +stage: /u01/stage +oracle_home: "{{ database_home }}" +dms_user: "aws" diff --git a/ansible/roles/oasys-ap-dms-setup/meta/main.yml b/ansible/roles/oasys-ap-dms-setup/meta/main.yml new file mode 100644 index 000000000..4ff987c1c --- /dev/null +++ b/ansible/roles/oasys-ap-dms-setup/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: get-ec2-facts diff --git a/ansible/roles/oasys-ap-dms-setup/tasks/main.yml b/ansible/roles/oasys-ap-dms-setup/tasks/main.yml new file mode 100644 index 000000000..7851538d3 --- /dev/null +++ b/ansible/roles/oasys-ap-dms-setup/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- import_tasks: oasys-dms-user-setup.yml + tags: + - oasys-asm-dms-user-creation diff --git a/ansible/roles/oasys-ap-dms-setup/tasks/oasys-dms-user-setup.yml b/ansible/roles/oasys-ap-dms-setup/tasks/oasys-dms-user-setup.yml new file mode 100644 index 000000000..328e4f0cd --- /dev/null +++ b/ansible/roles/oasys-ap-dms-setup/tasks/oasys-dms-user-setup.yml @@ -0,0 +1,43 @@ +--- +- name: Get {{ dms_user }} password + ansible.builtin.shell: | + PATH=$PATH:/usr/local/bin + aws secretsmanager get-secret-value --secret-id "/ec2/{{ ec2_name }}/asm-passwords" --query SecretString --output text | jq -r .{{ dms_user }} + register: dms_password_output + +- name: set password variable + ansible.builtin.set_fact: + dms_password: "{{ dms_password_output.stdout }}" + +- name: Create {{ dms_user }} if password is not null + block: + - name: Create stage directories + ansible.builtin.file: + owner: oracle + group: oinstall + path: "{{ stage }}" + state: directory + mode: "0755" + + - name: Copy dms_user_creation.sql script template + become_user: "{{ oracle_install_user }}" + ansible.builtin.template: + src: "dms_user_creation.sql.j2" + dest: "{{ stage }}/dms_user_creation.sql" + mode: u=rwx,g=,o= + owner: "{{ oracle_install_user }}" + group: "{{ oracle_install_group }}" + + - name: Create {{ dms_user }} user in ASM + become_user: "{{ oracle_install_user }}" + ansible.builtin.shell: | + set -eo pipefail + PATH=$PATH:/usr/local/bin + main() { + export ORACLE_SID=+ASM + . oraenv <<< $ORACLE_SID + sqlplus / as sysasm @{{ stage }}/dms_user_creation.sql + } + main 2>&1 | logger -p local3.info -t ansible-dms-user + + when: dms_password|length > 0 diff --git a/ansible/roles/oasys-ap-dms-setup/templates/dms_user_creation.sql.j2 b/ansible/roles/oasys-ap-dms-setup/templates/dms_user_creation.sql.j2 new file mode 100644 index 000000000..0708de140 --- /dev/null +++ b/ansible/roles/oasys-ap-dms-setup/templates/dms_user_creation.sql.j2 @@ -0,0 +1,17 @@ +set echo on +set serveroutput on +spool {{ stage }}/dms_user_creation.log +declare + userexist integer; +begin + select count(*) into userexist from v$pwfile_users where username=upper('{{ dms_user }}'); + if (userexist = 0) then + execute immediate 'create user {{ dms_user }} identified by {{ dms_password }}'; + execute immediate 'grant sysasm to {{ dms_user }}'; + dbms_output.put_line('{{ dms_user }} created successfully'); + else + dbms_output.put_line('{{ dms_user }} already exists.'); + end if; +end; +/ +exit \ No newline at end of file