From 98564bfd0b4fa36887942c6c9df3d08f4286399b Mon Sep 17 00:00:00 2001 From: Bill Buchan Date: Thu, 14 Dec 2023 17:57:05 +0000 Subject: [PATCH 1/5] Enable Encryption --- .../environment_name_delius_core_development_dev_all.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ansible/group_vars/environment_name_delius_core_development_dev_all.yml b/ansible/group_vars/environment_name_delius_core_development_dev_all.yml index 33bd1ef5f..7b2c5a4f9 100644 --- a/ansible/group_vars/environment_name_delius_core_development_dev_all.yml +++ b/ansible/group_vars/environment_name_delius_core_development_dev_all.yml @@ -40,3 +40,10 @@ high_availability_count: # Establish the vars here as a temporary measure spg_document_rest_service_admin_url: "https://alfresco.mis-dev.delius.probation.hmpps.dsd.io/alfresco/service/admin-spg" spg_document_rest_service_public_url: "https://alfresco.mis-dev.delius.probation.hmpps.dsd.io/alfresco/service/noms-spg" +# Enable Oracle Native Network Encryption (ignored for TCPS connections) +sqlnet_parameters: + database: + SQLNET.ENCRYPTION_SERVER: REQUIRED + SQLNET.ENCRYPTION_TYPES_SERVER: (AES256) + SQLNET.ALLOW_WEAK_CRYPTO: FALSE + IGNORE_ANO_ENCRYPTION_FOR_TCPS: TRUE \ No newline at end of file From d7d664703bb12d5656af3f4de8297719aa13a952 Mon Sep 17 00:00:00 2001 From: Bill Buchan Date: Thu, 14 Dec 2023 17:57:47 +0000 Subject: [PATCH 2/5] Add comment --- .../environment_name_delius_core_development_dev_all.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/group_vars/environment_name_delius_core_development_dev_all.yml b/ansible/group_vars/environment_name_delius_core_development_dev_all.yml index 7b2c5a4f9..a26afb80c 100644 --- a/ansible/group_vars/environment_name_delius_core_development_dev_all.yml +++ b/ansible/group_vars/environment_name_delius_core_development_dev_all.yml @@ -41,6 +41,7 @@ high_availability_count: spg_document_rest_service_admin_url: "https://alfresco.mis-dev.delius.probation.hmpps.dsd.io/alfresco/service/admin-spg" spg_document_rest_service_public_url: "https://alfresco.mis-dev.delius.probation.hmpps.dsd.io/alfresco/service/noms-spg" # Enable Oracle Native Network Encryption (ignored for TCPS connections) +# Note that these parameters must be set in the database sqlnet.ora file, not the grid one sqlnet_parameters: database: SQLNET.ENCRYPTION_SERVER: REQUIRED From b8f43d0eada12d12a7b9f8b1ef5a5ccc55e06b38 Mon Sep 17 00:00:00 2001 From: Bill Buchan Date: Thu, 14 Dec 2023 18:03:29 +0000 Subject: [PATCH 3/5] Handle parameters as strings rather than booleans --- .../environment_name_delius_core_development_dev_all.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/group_vars/environment_name_delius_core_development_dev_all.yml b/ansible/group_vars/environment_name_delius_core_development_dev_all.yml index a26afb80c..451c6ed84 100644 --- a/ansible/group_vars/environment_name_delius_core_development_dev_all.yml +++ b/ansible/group_vars/environment_name_delius_core_development_dev_all.yml @@ -46,5 +46,5 @@ sqlnet_parameters: database: SQLNET.ENCRYPTION_SERVER: REQUIRED SQLNET.ENCRYPTION_TYPES_SERVER: (AES256) - SQLNET.ALLOW_WEAK_CRYPTO: FALSE - IGNORE_ANO_ENCRYPTION_FOR_TCPS: TRUE \ No newline at end of file + SQLNET.ALLOW_WEAK_CRYPTO: "FALSE" + IGNORE_ANO_ENCRYPTION_FOR_TCPS: "TRUE" \ No newline at end of file From a32e973bb37d2ee1d3d14b016d5c9ef8d79bf436 Mon Sep 17 00:00:00 2001 From: Bill Buchan Date: Thu, 14 Dec 2023 18:29:08 +0000 Subject: [PATCH 4/5] Also enable encryption for test --- .../environment_name_delius_core_development_test_all.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ansible/group_vars/environment_name_delius_core_development_test_all.yml b/ansible/group_vars/environment_name_delius_core_development_test_all.yml index b2d1d3e4c..bc7c2a7d4 100644 --- a/ansible/group_vars/environment_name_delius_core_development_test_all.yml +++ b/ansible/group_vars/environment_name_delius_core_development_test_all.yml @@ -42,3 +42,11 @@ high_availability_count: # Establish the vars here as a temporary measure spg_document_rest_service_admin_url: "https://alfresco.test.delius.probation.hmpps.dsd.io/alfresco/service/admin-spg" spg_document_rest_service_public_url: "https://alfresco.test.delius.probation.hmpps.dsd.io/alfresco/service/admin-spg" +# Enable Oracle Native Network Encryption (ignored for TCPS connections) +# Note that these parameters must be set in the database sqlnet.ora file, not the grid one +sqlnet_parameters: + database: + SQLNET.ENCRYPTION_SERVER: REQUIRED + SQLNET.ENCRYPTION_TYPES_SERVER: (AES256) + SQLNET.ALLOW_WEAK_CRYPTO: "FALSE" + IGNORE_ANO_ENCRYPTION_FOR_TCPS: "TRUE" \ No newline at end of file From 93ae91dc182a25ef7eb3c36dcf3f05a1e4dc9754 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 15 Dec 2023 09:23:11 +0000 Subject: [PATCH 5/5] Commit changes made by code formatters --- ...nvironment_name_delius_core_development_dev_all.yml | 10 +++++----- ...vironment_name_delius_core_development_test_all.yml | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/ansible/group_vars/environment_name_delius_core_development_dev_all.yml b/ansible/group_vars/environment_name_delius_core_development_dev_all.yml index 451c6ed84..fadd8826d 100644 --- a/ansible/group_vars/environment_name_delius_core_development_dev_all.yml +++ b/ansible/group_vars/environment_name_delius_core_development_dev_all.yml @@ -43,8 +43,8 @@ spg_document_rest_service_public_url: "https://alfresco.mis-dev.delius.probation # Enable Oracle Native Network Encryption (ignored for TCPS connections) # Note that these parameters must be set in the database sqlnet.ora file, not the grid one sqlnet_parameters: - database: - SQLNET.ENCRYPTION_SERVER: REQUIRED - SQLNET.ENCRYPTION_TYPES_SERVER: (AES256) - SQLNET.ALLOW_WEAK_CRYPTO: "FALSE" - IGNORE_ANO_ENCRYPTION_FOR_TCPS: "TRUE" \ No newline at end of file + database: + SQLNET.ENCRYPTION_SERVER: REQUIRED + SQLNET.ENCRYPTION_TYPES_SERVER: (AES256) + SQLNET.ALLOW_WEAK_CRYPTO: "FALSE" + IGNORE_ANO_ENCRYPTION_FOR_TCPS: "TRUE" diff --git a/ansible/group_vars/environment_name_delius_core_development_test_all.yml b/ansible/group_vars/environment_name_delius_core_development_test_all.yml index bc7c2a7d4..f8d948106 100644 --- a/ansible/group_vars/environment_name_delius_core_development_test_all.yml +++ b/ansible/group_vars/environment_name_delius_core_development_test_all.yml @@ -45,8 +45,8 @@ spg_document_rest_service_public_url: "https://alfresco.test.delius.probation.hm # Enable Oracle Native Network Encryption (ignored for TCPS connections) # Note that these parameters must be set in the database sqlnet.ora file, not the grid one sqlnet_parameters: - database: - SQLNET.ENCRYPTION_SERVER: REQUIRED - SQLNET.ENCRYPTION_TYPES_SERVER: (AES256) - SQLNET.ALLOW_WEAK_CRYPTO: "FALSE" - IGNORE_ANO_ENCRYPTION_FOR_TCPS: "TRUE" \ No newline at end of file + database: + SQLNET.ENCRYPTION_SERVER: REQUIRED + SQLNET.ENCRYPTION_TYPES_SERVER: (AES256) + SQLNET.ALLOW_WEAK_CRYPTO: "FALSE" + IGNORE_ANO_ENCRYPTION_FOR_TCPS: "TRUE"