ministryofjustice · wullub · Sep 26, 2023 · Sep 15, 2023 · Sep 15, 2023 · Sep 15, 2023
@@ -9,3 +9,5 @@ dns_search_domains:
   - hmpps-oem.hmpps-development.modernisation-platform.internal
   - azure.noms.root
 s3_bucket: devtest-oasys-20230411143832198800000001
+
+db_backup_s3_bucket_name: devtest-oasys-db-backup-bucket-20230721145548176300000001
@@ -24,8 +24,10 @@ roles_list:
   - amazon-cli
   # - hugepages has issues
   - disks
+  - azure-cli
   - azcopy
   - oracle-19c
+  # - oracle-db-standby-setup # manually run on a standby
   - oracle-secure-backup
   - oracle-db-backup
 

@@ -30,7 +30,7 @@
 
     - name: Run aws cli installer
       shell: |
-        {{ awscli_installer_dir }}/aws/install --bin-dir /usr/local/bin --install-dir /usr/local/aws-cli --update
+        {{ awscli_installer_dir }}/aws/install --bin-dir /bin --install-dir /usr/local/aws-cli --update
 
     - name: Cleanup installer files
       ansible.builtin.file:

@@ -0,0 +1 @@
+Installs az cli
@@ -0,0 +1,5 @@
+---
+azure_package_name: azure-cli
+yum_repo_description: Microsoft Azure CLI
+repo_key_url: https://packages.microsoft.com/keys/microsoft.asc
+yum_repo_baseurl: https://packages.microsoft.com/yumrepos/azure-cli
@@ -0,0 +1 @@
+---
@@ -0,0 +1,14 @@
+---
+- name: Create the YUM repository
+  yum_repository:
+    name: "{{ azure_package_name }}"
+    description: "{{ yum_repo_description }}"
+    baseurl: "{{ yum_repo_baseurl }}"
+    gpgkey: "{{ repo_key_url }}"
+    gpgcheck: yes
+    enabled: yes
+
+- name: Install the application package (RedHat)
+  package:
+    name: "{{ azure_package_name }}"
+    state: present
@@ -0,0 +1,7 @@
+---
+- import_tasks: install-rhel.yml
+  tags:
+    - amibuild
+    - ec2provision
+    - ec2patch
+  when: ansible_distribution in ['RedHat', 'OracleLinux']
@@ -37,6 +37,14 @@
     msg: "Please define disks_partition variable with oracle_group and oracle_label defined with at least one data disk"
   when: oracle_data_diskgroup|length == 0
 
+- name: Add generate sas token script
+  ansible.builtin.template:
+    src: "update-db-az-sas-token.sh.j2"
+    dest: "/usr/local/bin/update-db-az-sas-token.sh"
+    owner: oracle
+    group: oinstall
+    mode: 0755
+
 - name: Fail when flash disks are not defined
   fail:
     msg: "Please define disks_partition variable with oracle_group and oracle_label defined with at least one flash disk"

@@ -0,0 +1,28 @@
+#!/bin/bash
+set -e
+
+application={{application}}
+environment={{aws_environment}}
+db_name={{ ec2.tags["Name"] }}
+expiry=$(date -d "60 days" +%Y-%m-%d) # default 60 days
+
+if [[ -z $environment || -z $db_name || -z $expiry ]]; then
+  echo "Usage: $0 <aws-environment> <db-name> <token-expiry>"
+  echo
+  echo "e.g. $0 $environment t1-$application-db-a 2023-04-15"
+  echo
+  echo "Prereq: az logged in aws profile creds set"
+  echo "Note: use a short expiry"
+  exit 1
+fi
+
+if [[ $environment == "development" || $environment == "test" ]]; then
+  az_sas_token=$(az storage account generate-sas --subscription "NOMS Dev & Test Environments" --account-name strtcmonsazcopyorabkup --permissions rl --resource-types oc --services b --https-only --expiry "$expiry" | sed 's/"//g')
+elif [[ $environment == "preproduction" || $environment == "production" ]]; then
+  az_sas_token=$(az storage account generate-sas --subscription "NOMS Production 1" --account-name strpdnomsazcopyorabkup --permissions rl --resource-types oc --services b --https-only --expiry "$expiry" | sed 's/"//g')
+else
+  echo "Unexpected environment $environment"
+  exit 1
+fi
+SSM_PATH="/database/$db_name"
+aws ssm put-parameter --name "${SSM_PATH}/az_sas_token" --type "SecureString" --data-type "text" --value "$az_sas_token" --profile "$application-$environment" --overwrite