From c22db8bac8ee9279f9943f0388416c84af31cd5a Mon Sep 17 00:00:00 2001 From: Dominic Robinson <65237317+drobinson-moj@users.noreply.github.com> Date: Tue, 17 Dec 2024 11:45:04 +0000 Subject: [PATCH] TM-783: nomis reporting support software patching (#1174) * allow different sap_bip_rar_base per environment * add patching code * check mode fix * fix * Commit changes made by code formatters --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- ...nomis_combined_reporting_preproduction.yml | 2 + ...ent_name_nomis_combined_reporting_test.yml | 1 + .../group_vars/server_type_ncr_bip_app.yml | 1 + .../group_vars/server_type_ncr_bip_cms.yml | 1 + ansible/group_vars/server_type_ncr_web.yml | 1 + .../group_vars/server_type_ncr_webadmin.yml | 1 + ansible/roles/ncr-bip/defaults/main.yml | 2 +- .../roles/ncr-bip/tasks/add_response_file.yml | 22 --- ansible/roles/ncr-bip/tasks/install_bip.yml | 167 +++++++++++++++--- .../ncr-bip/tasks/install_systemd_service.yml | 20 +++ ansible/roles/ncr-bip/tasks/main.yml | 13 +- .../ncr-bip/tasks/redact_response_file.yml | 22 --- .../roles/ncr-bip/tasks/retrieve_files.yml | 4 +- .../roles/ncr-bip/tasks/undeploy_tomcat.yml | 1 + .../ncr-bip/templates/ResponseFiles/patch.ini | 17 ++ 15 files changed, 193 insertions(+), 82 deletions(-) delete mode 100644 ansible/roles/ncr-bip/tasks/add_response_file.yml create mode 100644 ansible/roles/ncr-bip/tasks/install_systemd_service.yml delete mode 100644 ansible/roles/ncr-bip/tasks/redact_response_file.yml create mode 100644 ansible/roles/ncr-bip/templates/ResponseFiles/patch.ini diff --git a/ansible/group_vars/environment_name_nomis_combined_reporting_preproduction.yml b/ansible/group_vars/environment_name_nomis_combined_reporting_preproduction.yml index aeaa2e326..be8f20900 100644 --- a/ansible/group_vars/environment_name_nomis_combined_reporting_preproduction.yml +++ b/ansible/group_vars/environment_name_nomis_combined_reporting_preproduction.yml @@ -108,6 +108,7 @@ sap_bip_confs: sap_web_java_mem: "4096" sap_webadmin_java_mem: "4096" sap_web_has_dedicated_admin: false + sap_bip_rar_base: "BIPLATS4301P_1200-70002683" sap_bip_sso_url: "https://lsast.reporting.nomis.service.justice.gov.uk/BrowserCheck.jsp?t=" sap_bip_rws_url: "https://lsast.reporting.nomis.service.justice.gov.uk/biprws" sap_provisioning_database_hostname: "lsnomis.preproduction.nomis.service.justice.gov.uk" @@ -115,6 +116,7 @@ sap_bip_confs: sap_web_java_mem: "22528" sap_webadmin_java_mem: "8192" sap_web_has_dedicated_admin: true + sap_bip_rar_base: "BIPLATS4301P_1200-70002683" sap_bip_sso_url: "https://preproduction.reporting.nomis.service.justice.gov.uk/BrowserCheck.jsp?t=" sap_bip_rws_url: "https://admin.preproduction.reporting.nomis.service.justice.gov.uk/biprws" sap_provisioning_database_hostname: "ppnomis.preproduction.nomis.service.justice.gov.uk" diff --git a/ansible/group_vars/environment_name_nomis_combined_reporting_test.yml b/ansible/group_vars/environment_name_nomis_combined_reporting_test.yml index b53aed662..86d6bd54c 100644 --- a/ansible/group_vars/environment_name_nomis_combined_reporting_test.yml +++ b/ansible/group_vars/environment_name_nomis_combined_reporting_test.yml @@ -120,6 +120,7 @@ sap_bip_db_conf: "{{ sap_bip_db_confs[ncr_environment] }}" sap_bip_confs: t1: + sap_bip_rar_base: "BIPLATS4304P_500-70002683" sap_web_java_mem: "4096" sap_webadmin_java_mem: "4096" sap_web_has_dedicated_admin: false diff --git a/ansible/group_vars/server_type_ncr_bip_app.yml b/ansible/group_vars/server_type_ncr_bip_app.yml index 989508e29..786fb1c99 100644 --- a/ansible/group_vars/server_type_ncr_bip_app.yml +++ b/ansible/group_vars/server_type_ncr_bip_app.yml @@ -102,5 +102,6 @@ disks_mount: filesystems_mount: "{{ bip_filesystems_mount|default([]) }}" oracle_client_conf: "{{ sap_bip_oracle_client_conf }}" +sap_bip_rar_base: "{{ sap_bip_conf.sap_bip_rar_base }}" sap_bip_responsefile: response.app.ini sap_provisioning_database_hostname: "{{ sap_bip_conf.sap_provisioning_database_hostname }}" diff --git a/ansible/group_vars/server_type_ncr_bip_cms.yml b/ansible/group_vars/server_type_ncr_bip_cms.yml index beb46c3ee..53857daf0 100644 --- a/ansible/group_vars/server_type_ncr_bip_cms.yml +++ b/ansible/group_vars/server_type_ncr_bip_cms.yml @@ -103,4 +103,5 @@ disks_mount: filesystems_mount: "{{ bip_filesystems_mount|default([]) }}" oracle_client_conf: "{{ sap_bip_oracle_client_conf }}" sap_bip_is_cms: true +sap_bip_rar_base: "{{ sap_bip_conf.sap_bip_rar_base }}" sap_provisioning_database_hostname: "{{ sap_bip_conf.sap_provisioning_database_hostname }}" diff --git a/ansible/group_vars/server_type_ncr_web.yml b/ansible/group_vars/server_type_ncr_web.yml index 121e6346f..9de7b3238 100644 --- a/ansible/group_vars/server_type_ncr_web.yml +++ b/ansible/group_vars/server_type_ncr_web.yml @@ -98,6 +98,7 @@ disks_mount: dir: swap fstype: swap +sap_bip_rar_base: "{{ sap_bip_conf.sap_bip_rar_base }}" sap_bip_responsefile: response.web.ini sap_web_server_type: web sap_web_disable_infoview: "false" diff --git a/ansible/group_vars/server_type_ncr_webadmin.yml b/ansible/group_vars/server_type_ncr_webadmin.yml index 0d503fe8c..afb06bdad 100644 --- a/ansible/group_vars/server_type_ncr_webadmin.yml +++ b/ansible/group_vars/server_type_ncr_webadmin.yml @@ -98,6 +98,7 @@ disks_mount: dir: swap fstype: swap +sap_bip_rar_base: "{{ sap_bip_conf.sap_bip_rar_base }}" sap_bip_responsefile: response.webadmin.ini sap_web_server_type: webadmin # sap_web_disable_infoview: "true" diff --git a/ansible/roles/ncr-bip/defaults/main.yml b/ansible/roles/ncr-bip/defaults/main.yml index a787b47db..640c725b6 100644 --- a/ansible/roles/ncr-bip/defaults/main.yml +++ b/ansible/roles/ncr-bip/defaults/main.yml @@ -13,7 +13,7 @@ sap_bip_installation_directory: /u01/app/bobj/BIP4 sap_bip_archived_logs_directory: /u02/Archived_Logs sap_promotion_management_directory: /u02/tmpAJS -sap_bip_rar_base: BIPLATS4301P_1200-70002683 # without _P1.EXE and _P2.RAR extension +# sap_bip_rar_base: BIPLATS4301P_1200-70002683 # without _P1.EXE and _P2.RAR extension. Define in group_vars sap_host_agent_sar_base: SAPHOSTAGENT56_56-80004822 # without .SAR extension sap_host_agent_exe: SAPCAR_1115-70006178.EXE diff --git a/ansible/roles/ncr-bip/tasks/add_response_file.yml b/ansible/roles/ncr-bip/tasks/add_response_file.yml deleted file mode 100644 index 14a2b7dd5..000000000 --- a/ansible/roles/ncr-bip/tasks/add_response_file.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -- name: Create directories - ansible.builtin.file: - path: "{{ item }}" - state: directory - owner: bobj - group: binstall - mode: 0775 - with_items: - - "{{ sap_bip_responsefiles_directory }}" - - "{{ sap_bip_installation_directory }}" - -- name: Copy ResponseFiles - ansible.builtin.template: - src: "ResponseFiles/{{ item }}" - dest: "{{ sap_bip_responsefiles_directory }}/{{ item }}" - owner: bobj - group: binstall - mode: "0640" - with_items: - - prereq_checks.ini - - "{{ sap_bip_responsefile }}" diff --git a/ansible/roles/ncr-bip/tasks/install_bip.yml b/ansible/roles/ncr-bip/tasks/install_bip.yml index d86b1aeb8..90f7c4773 100644 --- a/ansible/roles/ncr-bip/tasks/install_bip.yml +++ b/ansible/roles/ncr-bip/tasks/install_bip.yml @@ -1,8 +1,56 @@ --- -- name: Check if product is installed - ansible.builtin.stat: - path: /u01/app/bobj/BIP4/sap_bobj - register: bip_installed_check +- name: Get currently installed version + ansible.builtin.shell: | + if [[ -e "{{ sap_bip_installation_directory }}/sap_bobj/enterprise_xi40/linux_x64/version/version.txt" ]]; then + VERSION=$(grep -Eo [0-9]+.[0-9]+.[0-9]+.[0-9]+ "{{ sap_bip_installation_directory }}/sap_bobj/enterprise_xi40/linux_x64/version/version.txt" | head -1) + if [[ -z $VERSION ]]; then + echo "Could not extract current software version from {{ sap_bip_installation_directory }}/sap_bobj/enterprise_xi40/linux_x64/version/version.txt" >&2 + exit 1 + fi + echo $VERSION + fi + check_mode: false + changed_when: false + register: bip_installed_version_cmd + +- name: Get target software version + ansible.builtin.shell: | + if [[ -e "{{ sap_bip_extraction_directory }}/ProductId.txt" ]]; then + grep -Eo BuildVersion=[0-9]+.[0-9]+.[0-9]+.[0-9]+ "{{ sap_bip_extraction_directory }}/ProductId.txt" | cut -d= -f2 | head -1 + fi + check_mode: false + changed_when: false + register: bip_target_version_cmd + +- name: Set version facts + ansible.builtin.set_fact: + bip_installed_version: "{{ bip_installed_version_cmd.stdout }}" + bip_target_version: "{{ bip_target_version_cmd.stdout }}" + +- name: Fail if no target BIP software version found + ansible.builtin.fail: + msg: "Could not extract target software version from {{ sap_bip_extraction_directory }}/ProductId.txt" + when: bip_target_version|length == 0 + +- name: Already installed debug + ansible.builtin.debug: + msg: "BIP {{ bip_target_version }} already installed" + when: + - bip_installed_version == bip_target_version + +- name: New install debug + ansible.builtin.debug: + msg: "Installing BIP {{ bip_target_version }}" + when: + - bip_installed_version != bip_target_version + - bip_installed_version|length == 0 + +- name: Patch install debug + ansible.builtin.debug: + msg: "Patching BIP {{ bip_installed_version }} -> {{ bip_target_version }}" + when: + - bip_installed_version != bip_target_version + - bip_installed_version|length != 0 - name: Create bobj owned directories ansible.builtin.file: @@ -14,8 +62,19 @@ with_items: - "{{ sap_bip_installation_directory }}" - "{{ sap_bip_archived_logs_directory }}" + - "{{ sap_bip_responsefiles_directory }}" - block: + - name: Copy PreReq ResponseFiles + ansible.builtin.template: + src: "ResponseFiles/{{ item }}" + dest: "{{ sap_bip_responsefiles_directory }}/{{ item }}" + owner: bobj + group: binstall + mode: "0640" + with_items: + - prereq_checks.ini + - name: Perform pre-requesite checks become_user: bobj ansible.builtin.shell: | @@ -33,6 +92,20 @@ args: chdir: "{{ sap_bip_extraction_directory }}" + # block + when: bip_installed_version != bip_target_version + +- block: + - name: Copy Install ResponseFile + ansible.builtin.template: + src: "ResponseFiles/{{ item }}" + dest: "{{ sap_bip_responsefiles_directory }}/{{ item }}" + owner: bobj + group: binstall + mode: "0640" + with_items: + - "{{ sap_bip_responsefile }}" + - name: Run Silent Installation become_user: bobj ansible.builtin.shell: | @@ -40,32 +113,74 @@ . ~/.bash_profile ./setup.sh -InstallDir "{{ sap_bip_installation_directory }}" -r "{{ sap_bip_responsefiles_directory }}/{{ sap_bip_responsefile }}" | logger -p local3.info -t ansible-ncr-bip exitcode=$? - cat {{ sap_bip_installation_directory }}/InstallData/logs/*/ErrorsAndWarnings.log | logger -p local3.info -t ansible-ncr-bip + DIR=$(ls -1 {{ sap_bip_installation_directory }}/InstallData/logs/ | tail -1) + if [[ -e {{ sap_bip_installation_directory }}/InstallData/logs/$DIR/ErrorsAndWarnings.log ]]; then + cat {{ sap_bip_installation_directory }}/InstallData/logs/*/ErrorsAndWarnings.log | logger -p local3.info -t ansible-ncr-bip + fi + exit $exitcode + args: + chdir: "{{ sap_bip_extraction_directory }}" + async: 7200 + poll: 60 + when: not ansible_check_mode + + - name: Redact passwords in install response file + become_user: bobj + ansible.builtin.lineinfile: + path: "{{ sap_bip_responsefiles_directory }}/{{ sap_bip_responsefile }}" + regexp: "^{{ item }}=" + line: "{{ item }}=******" + loop: + - cmspassword + - remotecmsadminpassword + - existingauditingdbpassword + - existingcmsdbpassword + + # block + when: + - bip_installed_version != bip_target_version + - bip_installed_version|length == 0 + +- block: + - name: Copy Patch ResponseFile + ansible.builtin.template: + src: "ResponseFiles/{{ item }}" + dest: "{{ sap_bip_responsefiles_directory }}/{{ item }}" + owner: bobj + group: binstall + mode: "0640" + with_items: + - "patch.ini" + + - name: Run Silent Patch Installation + become_user: bobj + ansible.builtin.shell: | + set -o pipefail + . ~/.bash_profile + ./setup.sh -InstallDir "{{ sap_bip_installation_directory }}" -r "{{ sap_bip_responsefiles_directory }}/patch.ini" | logger -p local3.info -t ansible-ncr-bip + exitcode=$? + DIR=$(ls -1 {{ sap_bip_installation_directory }}/InstallData/logs/ | tail -1) + if [[ -e {{ sap_bip_installation_directory }}/InstallData/logs/$DIR/ErrorsAndWarnings.log ]]; then + cat {{ sap_bip_installation_directory }}/InstallData/logs/*/ErrorsAndWarnings.log | logger -p local3.info -t ansible-ncr-bip + fi exit $exitcode args: chdir: "{{ sap_bip_extraction_directory }}" async: 7200 poll: 60 + when: not ansible_check_mode + + - name: Redact passwords in patch response file + become_user: bobj + ansible.builtin.lineinfile: + path: "{{ sap_bip_responsefiles_directory }}/patch.ini" + regexp: "^{{ item }}=" + line: "{{ item }}=******" + loop: + - remotecmsadminpassword + when: not ansible_check_mode # block - when: not bip_installed_check.stat.exists - -- name: Copy SAPBOBJEnterpriseXI40 scripts - ansible.builtin.template: - src: "{{ item }}" - dest: "/{{ item }}" - mode: 0755 - loop: - - usr/local/bin/SAPBOBJEnterpriseXI40 - -- name: Copy systemd scripts instead of calling setupinit.sh - ansible.builtin.template: - src: "{{ item }}" - dest: "/{{ item }}" - loop: - - etc/systemd/system/sapbobj.service - -- name: Enable SAP BOBJ services - ansible.builtin.service: - name: sapbobj - enabled: true + when: + - bip_installed_version != bip_target_version + - bip_installed_version|length != 0 diff --git a/ansible/roles/ncr-bip/tasks/install_systemd_service.yml b/ansible/roles/ncr-bip/tasks/install_systemd_service.yml new file mode 100644 index 000000000..5cdc51cd7 --- /dev/null +++ b/ansible/roles/ncr-bip/tasks/install_systemd_service.yml @@ -0,0 +1,20 @@ +--- +- name: Copy SAPBOBJEnterpriseXI40 scripts + ansible.builtin.template: + src: "{{ item }}" + dest: "/{{ item }}" + mode: 0755 + loop: + - usr/local/bin/SAPBOBJEnterpriseXI40 + +- name: Copy systemd scripts instead of calling setupinit.sh + ansible.builtin.template: + src: "{{ item }}" + dest: "/{{ item }}" + loop: + - etc/systemd/system/sapbobj.service + +- name: Enable SAP BOBJ services + ansible.builtin.service: + name: sapbobj + enabled: true diff --git a/ansible/roles/ncr-bip/tasks/main.yml b/ansible/roles/ncr-bip/tasks/main.yml index bc1af8be1..40946c903 100644 --- a/ansible/roles/ncr-bip/tasks/main.yml +++ b/ansible/roles/ncr-bip/tasks/main.yml @@ -41,27 +41,22 @@ tags: - ec2provision - ncr_bip_get_secrets - - ncr_bip_add_response_file - - ncr_bip_redact_response_file + - ncr_bip_install_bip - ncr_bip_update_secrets - ncr_bip_setup_cluster_name - ncr_bip_setup_tomcat - ncr_bip_setup_provisioning - - - import_tasks: add_response_file.yml - tags: - - ec2provision - - ncr_bip_add_response_file + - ncr_bip_redeploy_tomcat - import_tasks: install_bip.yml tags: - ec2provision - ncr_bip_install_bip - - import_tasks: redact_response_file.yml + - import_tasks: install_systemd_service.yml tags: - ec2provision - - ncr_bip_redact_response_file + - ncr_bip_install_systemd_service - import_tasks: update_secrets.yml tags: diff --git a/ansible/roles/ncr-bip/tasks/redact_response_file.yml b/ansible/roles/ncr-bip/tasks/redact_response_file.yml deleted file mode 100644 index 54380f79d..000000000 --- a/ansible/roles/ncr-bip/tasks/redact_response_file.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -- name: Check if response file exists - ansible.builtin.stat: - path: "{{ sap_bip_responsefiles_directory }}/{{ sap_bip_responsefile }}" - register: bip_responsefile_check - when: - - sap_bip_responsefile is defined - -- name: Redact passwords in response file - become_user: bobj - ansible.builtin.lineinfile: - path: "{{ sap_bip_responsefiles_directory }}/{{ sap_bip_responsefile }}" - regexp: "^{{ item }}=" - line: "{{ item }}=******" - loop: - - cmspassword - - remotecmsadminpassword - - existingauditingdbpassword - - existingcmsdbpassword - when: - - sap_bip_responsefile is defined - - bip_responsefile_check.stat.exists diff --git a/ansible/roles/ncr-bip/tasks/retrieve_files.yml b/ansible/roles/ncr-bip/tasks/retrieve_files.yml index ccaba7926..cf07c198d 100644 --- a/ansible/roles/ncr-bip/tasks/retrieve_files.yml +++ b/ansible/roles/ncr-bip/tasks/retrieve_files.yml @@ -49,7 +49,7 @@ remote_src: true owner: bobj group: binstall - when: not bip_download_check.stat.exists and biservone.stat.exists + when: not bip_download_check.stat.exists and not ansible_check_mode and biservone.stat.exists - name: Cleanup rar archives ansible.builtin.file: @@ -66,4 +66,4 @@ state: absent with_items: - "{{ sap_bip_unpack_base_directory }}/BISERVONE.tgz" - when: not bip_download_check.stat.exists and biservone.stat.exists + when: not bip_download_check.stat.exists and not ansible_check_mode and biservone.stat.exists diff --git a/ansible/roles/ncr-bip/tasks/undeploy_tomcat.yml b/ansible/roles/ncr-bip/tasks/undeploy_tomcat.yml index a259ae729..0c603a864 100644 --- a/ansible/roles/ncr-bip/tasks/undeploy_tomcat.yml +++ b/ansible/roles/ncr-bip/tasks/undeploy_tomcat.yml @@ -21,6 +21,7 @@ ansible.builtin.file: path: "{{ sap_bip_installation_directory }}/{{ item }}" state: absent + failed_when: false # don't stop installation if this fails loop: - sap_bobj/tomcat/work/Catalina diff --git a/ansible/roles/ncr-bip/templates/ResponseFiles/patch.ini b/ansible/roles/ncr-bip/templates/ResponseFiles/patch.ini new file mode 100644 index 000000000..5fbfe79db --- /dev/null +++ b/ansible/roles/ncr-bip/templates/ResponseFiles/patch.ini @@ -0,0 +1,17 @@ +### Installation Directory +installdir={{ sap_bip_installation_directory }} + +### Remote CMS Administrator Name +remotecmsadminname=Administrator + +### Remote CMS Administrator Password +remotecmsadminpassword={{ sap_bip_cms_admin_password }} + +### Remote CMS Name +remotecmsname={{ sap_bip_cms_primary_hostname }} + +### Remote CMS Port +remotecmsport=6400 + +### Language Packs Selected to Install +selectedlanguagepacks=en