TM-783: nomis reporting support software patching (#1174)

* allow different sap_bip_rar_base per environment * add patching code * check mode fix * fix * Commit changes made by code formatters --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
ministryofjustice · Dec 17, 2024 · c22db8b · c22db8b
1 parent 2fb5e42
commit c22db8b
Show file tree

Hide file tree

Showing 15 changed files with 193 additions and 82 deletions.
diff --git a/ansible/group_vars/environment_name_nomis_combined_reporting_preproduction.yml b/ansible/group_vars/environment_name_nomis_combined_reporting_preproduction.yml
@@ -108,13 +108,15 @@ sap_bip_confs:
     sap_web_java_mem: "4096"
     sap_webadmin_java_mem: "4096"
     sap_web_has_dedicated_admin: false
+    sap_bip_rar_base: "BIPLATS4301P_1200-70002683"
     sap_bip_sso_url: "https://lsast.reporting.nomis.service.justice.gov.uk/BrowserCheck.jsp?t="
     sap_bip_rws_url: "https://lsast.reporting.nomis.service.justice.gov.uk/biprws"
     sap_provisioning_database_hostname: "lsnomis.preproduction.nomis.service.justice.gov.uk"
   pp:
     sap_web_java_mem: "22528"
     sap_webadmin_java_mem: "8192"
     sap_web_has_dedicated_admin: true
+    sap_bip_rar_base: "BIPLATS4301P_1200-70002683"
     sap_bip_sso_url: "https://preproduction.reporting.nomis.service.justice.gov.uk/BrowserCheck.jsp?t="
     sap_bip_rws_url: "https://admin.preproduction.reporting.nomis.service.justice.gov.uk/biprws"
     sap_provisioning_database_hostname: "ppnomis.preproduction.nomis.service.justice.gov.uk"

diff --git a/ansible/group_vars/environment_name_nomis_combined_reporting_test.yml b/ansible/group_vars/environment_name_nomis_combined_reporting_test.yml
@@ -120,6 +120,7 @@ sap_bip_db_conf: "{{ sap_bip_db_confs[ncr_environment] }}"
 
 sap_bip_confs:
   t1:
+    sap_bip_rar_base: "BIPLATS4304P_500-70002683"
     sap_web_java_mem: "4096"
     sap_webadmin_java_mem: "4096"
     sap_web_has_dedicated_admin: false

diff --git a/ansible/group_vars/server_type_ncr_bip_app.yml b/ansible/group_vars/server_type_ncr_bip_app.yml
@@ -102,5 +102,6 @@ disks_mount:
 
 filesystems_mount: "{{ bip_filesystems_mount|default([]) }}"
 oracle_client_conf: "{{ sap_bip_oracle_client_conf }}"
+sap_bip_rar_base: "{{ sap_bip_conf.sap_bip_rar_base }}"
 sap_bip_responsefile: response.app.ini
 sap_provisioning_database_hostname: "{{ sap_bip_conf.sap_provisioning_database_hostname }}"
diff --git a/ansible/group_vars/server_type_ncr_bip_cms.yml b/ansible/group_vars/server_type_ncr_bip_cms.yml
@@ -103,4 +103,5 @@ disks_mount:
 filesystems_mount: "{{ bip_filesystems_mount|default([]) }}"
 oracle_client_conf: "{{ sap_bip_oracle_client_conf }}"
 sap_bip_is_cms: true
+sap_bip_rar_base: "{{ sap_bip_conf.sap_bip_rar_base }}"
 sap_provisioning_database_hostname: "{{ sap_bip_conf.sap_provisioning_database_hostname }}"
diff --git a/ansible/group_vars/server_type_ncr_web.yml b/ansible/group_vars/server_type_ncr_web.yml
@@ -98,6 +98,7 @@ disks_mount:
     dir: swap
     fstype: swap
 
+sap_bip_rar_base: "{{ sap_bip_conf.sap_bip_rar_base }}"
 sap_bip_responsefile: response.web.ini
 sap_web_server_type: web
 sap_web_disable_infoview: "false"

diff --git a/ansible/group_vars/server_type_ncr_webadmin.yml b/ansible/group_vars/server_type_ncr_webadmin.yml
@@ -98,6 +98,7 @@ disks_mount:
     dir: swap
     fstype: swap
 
+sap_bip_rar_base: "{{ sap_bip_conf.sap_bip_rar_base }}"
 sap_bip_responsefile: response.webadmin.ini
 sap_web_server_type: webadmin
 # sap_web_disable_infoview: "true"

diff --git a/ansible/roles/ncr-bip/defaults/main.yml b/ansible/roles/ncr-bip/defaults/main.yml
@@ -13,7 +13,7 @@ sap_bip_installation_directory: /u01/app/bobj/BIP4
 sap_bip_archived_logs_directory: /u02/Archived_Logs
 sap_promotion_management_directory: /u02/tmpAJS
 
-sap_bip_rar_base: BIPLATS4301P_1200-70002683 # without _P1.EXE and _P2.RAR extension
+# sap_bip_rar_base: BIPLATS4301P_1200-70002683 # without _P1.EXE and _P2.RAR extension. Define in group_vars
 sap_host_agent_sar_base: SAPHOSTAGENT56_56-80004822 # without .SAR extension
 sap_host_agent_exe: SAPCAR_1115-70006178.EXE
 

diff --git a/ansible/roles/ncr-bip/tasks/add_response_file.yml b/ansible/roles/ncr-bip/tasks/add_response_file.yml
diff --git a/ansible/roles/ncr-bip/tasks/install_bip.yml b/ansible/roles/ncr-bip/tasks/install_bip.yml
@@ -1,8 +1,56 @@
 ---
-- name: Check if product is installed
-  ansible.builtin.stat:
-    path: /u01/app/bobj/BIP4/sap_bobj
-  register: bip_installed_check
+- name: Get currently installed version
+  ansible.builtin.shell: |
+    if [[ -e "{{ sap_bip_installation_directory }}/sap_bobj/enterprise_xi40/linux_x64/version/version.txt" ]]; then
+      VERSION=$(grep -Eo [0-9]+.[0-9]+.[0-9]+.[0-9]+ "{{ sap_bip_installation_directory }}/sap_bobj/enterprise_xi40/linux_x64/version/version.txt" | head -1)
+      if [[ -z $VERSION ]]; then
+        echo "Could not extract current software version from {{ sap_bip_installation_directory }}/sap_bobj/enterprise_xi40/linux_x64/version/version.txt" >&2
+        exit 1
+      fi
+      echo $VERSION
+    fi
+  check_mode: false
+  changed_when: false
+  register: bip_installed_version_cmd
+
+- name: Get target software version
+  ansible.builtin.shell: |
+    if [[ -e "{{ sap_bip_extraction_directory }}/ProductId.txt" ]]; then
+      grep -Eo BuildVersion=[0-9]+.[0-9]+.[0-9]+.[0-9]+ "{{ sap_bip_extraction_directory }}/ProductId.txt" | cut -d= -f2 | head -1
+    fi
+  check_mode: false
+  changed_when: false
+  register: bip_target_version_cmd
+
+- name: Set version facts
+  ansible.builtin.set_fact:
+    bip_installed_version: "{{ bip_installed_version_cmd.stdout }}"
+    bip_target_version: "{{ bip_target_version_cmd.stdout }}"
+
+- name: Fail if no target BIP software version found
+  ansible.builtin.fail:
+    msg: "Could not extract target software version from {{ sap_bip_extraction_directory }}/ProductId.txt"
+  when: bip_target_version|length == 0
+
+- name: Already installed debug
+  ansible.builtin.debug:
+    msg: "BIP {{ bip_target_version }} already installed"
+  when:
+    - bip_installed_version == bip_target_version
+
+- name: New install debug
+  ansible.builtin.debug:
+    msg: "Installing BIP {{ bip_target_version }}"
+  when:
+    - bip_installed_version != bip_target_version
+    - bip_installed_version|length == 0
+
+- name: Patch install debug
+  ansible.builtin.debug:
+    msg: "Patching BIP {{ bip_installed_version }} -> {{ bip_target_version }}"
+  when:
+    - bip_installed_version != bip_target_version
+    - bip_installed_version|length != 0
 
 - name: Create bobj owned directories
   ansible.builtin.file:
@@ -14,8 +62,19 @@
   with_items:
     - "{{ sap_bip_installation_directory }}"
     - "{{ sap_bip_archived_logs_directory }}"
+    - "{{ sap_bip_responsefiles_directory }}"
 
 - block:
+    - name: Copy PreReq ResponseFiles
+      ansible.builtin.template:
+        src: "ResponseFiles/{{ item }}"
+        dest: "{{ sap_bip_responsefiles_directory }}/{{ item }}"
+        owner: bobj
+        group: binstall
+        mode: "0640"
+      with_items:
+        - prereq_checks.ini
+
     - name: Perform pre-requesite checks
       become_user: bobj
       ansible.builtin.shell: |
@@ -33,39 +92,95 @@
       args:
         chdir: "{{ sap_bip_extraction_directory }}"
 
+  # block
+  when: bip_installed_version != bip_target_version
+
+- block:
+    - name: Copy Install ResponseFile
+      ansible.builtin.template:
+        src: "ResponseFiles/{{ item }}"
+        dest: "{{ sap_bip_responsefiles_directory }}/{{ item }}"
+        owner: bobj
+        group: binstall
+        mode: "0640"
+      with_items:
+        - "{{ sap_bip_responsefile }}"
+
     - name: Run Silent Installation
       become_user: bobj
       ansible.builtin.shell: |
         set -o pipefail
         . ~/.bash_profile
         ./setup.sh -InstallDir "{{ sap_bip_installation_directory }}" -r "{{ sap_bip_responsefiles_directory }}/{{ sap_bip_responsefile }}" | logger -p local3.info -t ansible-ncr-bip
         exitcode=$?
-        cat {{ sap_bip_installation_directory }}/InstallData/logs/*/ErrorsAndWarnings.log | logger -p local3.info -t ansible-ncr-bip
+        DIR=$(ls -1 {{ sap_bip_installation_directory }}/InstallData/logs/ | tail -1)
+        if [[ -e {{ sap_bip_installation_directory }}/InstallData/logs/$DIR/ErrorsAndWarnings.log ]]; then
+          cat {{ sap_bip_installation_directory }}/InstallData/logs/*/ErrorsAndWarnings.log | logger -p local3.info -t ansible-ncr-bip
+        fi
+        exit $exitcode
+      args:
+        chdir: "{{ sap_bip_extraction_directory }}"
+      async: 7200
+      poll: 60
+      when: not ansible_check_mode
+
+    - name: Redact passwords in install response file
+      become_user: bobj
+      ansible.builtin.lineinfile:
+        path: "{{ sap_bip_responsefiles_directory }}/{{ sap_bip_responsefile }}"
+        regexp: "^{{ item }}="
+        line: "{{ item }}=******"
+      loop:
+        - cmspassword
+        - remotecmsadminpassword
+        - existingauditingdbpassword
+        - existingcmsdbpassword
+
+  # block
+  when:
+    - bip_installed_version != bip_target_version
+    - bip_installed_version|length == 0
+
+- block:
+    - name: Copy Patch ResponseFile
+      ansible.builtin.template:
+        src: "ResponseFiles/{{ item }}"
+        dest: "{{ sap_bip_responsefiles_directory }}/{{ item }}"
+        owner: bobj
+        group: binstall
+        mode: "0640"
+      with_items:
+        - "patch.ini"
+
+    - name: Run Silent Patch Installation
+      become_user: bobj
+      ansible.builtin.shell: |
+        set -o pipefail
+        . ~/.bash_profile
+        ./setup.sh -InstallDir "{{ sap_bip_installation_directory }}" -r "{{ sap_bip_responsefiles_directory }}/patch.ini" | logger -p local3.info -t ansible-ncr-bip
+        exitcode=$?
+        DIR=$(ls -1 {{ sap_bip_installation_directory }}/InstallData/logs/ | tail -1)
+        if [[ -e {{ sap_bip_installation_directory }}/InstallData/logs/$DIR/ErrorsAndWarnings.log ]]; then
+          cat {{ sap_bip_installation_directory }}/InstallData/logs/*/ErrorsAndWarnings.log | logger -p local3.info -t ansible-ncr-bip
+        fi
         exit $exitcode
       args:
         chdir: "{{ sap_bip_extraction_directory }}"
       async: 7200
       poll: 60
+      when: not ansible_check_mode
+
+    - name: Redact passwords in patch response file
+      become_user: bobj
+      ansible.builtin.lineinfile:
+        path: "{{ sap_bip_responsefiles_directory }}/patch.ini"
+        regexp: "^{{ item }}="
+        line: "{{ item }}=******"
+      loop:
+        - remotecmsadminpassword
+      when: not ansible_check_mode
 
   # block
-  when: not bip_installed_check.stat.exists
-
-- name: Copy SAPBOBJEnterpriseXI40 scripts
-  ansible.builtin.template:
-    src: "{{ item }}"
-    dest: "/{{ item }}"
-    mode: 0755
-  loop:
-    - usr/local/bin/SAPBOBJEnterpriseXI40
-
-- name: Copy systemd scripts instead of calling setupinit.sh
-  ansible.builtin.template:
-    src: "{{ item }}"
-    dest: "/{{ item }}"
-  loop:
-    - etc/systemd/system/sapbobj.service
-
-- name: Enable SAP BOBJ services
-  ansible.builtin.service:
-    name: sapbobj
-    enabled: true
+  when:
+    - bip_installed_version != bip_target_version
+    - bip_installed_version|length != 0
diff --git a/ansible/roles/ncr-bip/tasks/install_systemd_service.yml b/ansible/roles/ncr-bip/tasks/install_systemd_service.yml
@@ -0,0 +1,20 @@
+---
+- name: Copy SAPBOBJEnterpriseXI40 scripts
+  ansible.builtin.template:
+    src: "{{ item }}"
+    dest: "/{{ item }}"
+    mode: 0755
+  loop:
+    - usr/local/bin/SAPBOBJEnterpriseXI40
+
+- name: Copy systemd scripts instead of calling setupinit.sh
+  ansible.builtin.template:
+    src: "{{ item }}"
+    dest: "/{{ item }}"
+  loop:
+    - etc/systemd/system/sapbobj.service
+
+- name: Enable SAP BOBJ services
+  ansible.builtin.service:
+    name: sapbobj
+    enabled: true
diff --git a/ansible/roles/ncr-bip/tasks/main.yml b/ansible/roles/ncr-bip/tasks/main.yml
@@ -41,27 +41,22 @@
       tags:
         - ec2provision
         - ncr_bip_get_secrets
-        - ncr_bip_add_response_file
-        - ncr_bip_redact_response_file
+        - ncr_bip_install_bip
         - ncr_bip_update_secrets
         - ncr_bip_setup_cluster_name
         - ncr_bip_setup_tomcat
         - ncr_bip_setup_provisioning
-
-    - import_tasks: add_response_file.yml
-      tags:
-        - ec2provision
-        - ncr_bip_add_response_file
+        - ncr_bip_redeploy_tomcat
 
     - import_tasks: install_bip.yml
       tags:
         - ec2provision
         - ncr_bip_install_bip
 
-    - import_tasks: redact_response_file.yml
+    - import_tasks: install_systemd_service.yml
       tags:
         - ec2provision
-        - ncr_bip_redact_response_file
+        - ncr_bip_install_systemd_service
 
     - import_tasks: update_secrets.yml
       tags:

diff --git a/ansible/roles/ncr-bip/tasks/redact_response_file.yml b/ansible/roles/ncr-bip/tasks/redact_response_file.yml
diff --git a/ansible/roles/ncr-bip/tasks/retrieve_files.yml b/ansible/roles/ncr-bip/tasks/retrieve_files.yml
@@ -49,7 +49,7 @@
     remote_src: true
     owner: bobj
     group: binstall
-  when: not bip_download_check.stat.exists and biservone.stat.exists
+  when: not bip_download_check.stat.exists and not ansible_check_mode and biservone.stat.exists
 
 - name: Cleanup rar archives
   ansible.builtin.file:
@@ -66,4 +66,4 @@
     state: absent
   with_items:
     - "{{ sap_bip_unpack_base_directory }}/BISERVONE.tgz"
-  when: not bip_download_check.stat.exists and biservone.stat.exists
+  when: not bip_download_check.stat.exists and not ansible_check_mode and biservone.stat.exists
diff --git a/ansible/roles/ncr-bip/tasks/undeploy_tomcat.yml b/ansible/roles/ncr-bip/tasks/undeploy_tomcat.yml
@@ -21,6 +21,7 @@
       ansible.builtin.file:
         path: "{{ sap_bip_installation_directory }}/{{ item }}"
         state: absent
+      failed_when: false # don't stop installation if this fails
       loop:
         - sap_bobj/tomcat/work/Catalina