Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

secretsmanagersecrets for oracle19c #371

Merged
merged 7 commits into from
Nov 8, 2023
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions ansible/group_vars/ami_delius_core_ol_8_5_oracle_db_19c.yml
Original file line number Diff line number Diff line change
Expand Up @@ -71,3 +71,5 @@ disks_mount:
- ebs_device_name: /dev/sds
dir: swap
fstype: swap

use_ssm_params: true
2 changes: 2 additions & 0 deletions ansible/group_vars/ami_hmpps_ol_8_5_oracledb_19c.yml
Original file line number Diff line number Diff line change
Expand Up @@ -58,3 +58,5 @@ ami_roles_list:

# the below vars are defined in multiple groups. Keep the values the same to avoid unexpected behaviour
roles_list: "{{ (ami_roles_list | default([]) | difference(server_type_roles_list | default([]))) + (server_type_roles_list | default([])) }}"

use_ssm_params: true
2 changes: 2 additions & 0 deletions ansible/group_vars/server_type_csr_db.yml
Original file line number Diff line number Diff line change
Expand Up @@ -63,3 +63,5 @@ oracle_install_group: oinstall
oracle_inventory: /u01/app/oraInventory
database_home: /u01/app/oracle/product/19c/db_1
grid_home: /u01/app/oracle/product/19c/gridhome_1

use_ssm_params: true
2 changes: 2 additions & 0 deletions ansible/group_vars/server_type_delius_core_db.yml
Original file line number Diff line number Diff line change
Expand Up @@ -69,3 +69,5 @@ disks_mount:
- ebs_device_name: /dev/sds
dir: swap
fstype: swap

use_ssm_params: true
2 changes: 2 additions & 0 deletions ansible/group_vars/server_type_hmpps_oem.yml
Original file line number Diff line number Diff line change
Expand Up @@ -68,3 +68,5 @@ collectd_monitored_services_servertype:

# the below vars are defined in multiple groups. Keep the values the same to avoid unexpected behaviour
roles_list: "{{ (ami_roles_list | default([]) | difference(server_type_roles_list | default([]))) + (server_type_roles_list | default([])) }}"

use_ssm_params: true
2 changes: 2 additions & 0 deletions ansible/group_vars/server_type_ncr_bip.yml
Original file line number Diff line number Diff line change
Expand Up @@ -110,3 +110,5 @@ tns_entries:
host_list:
- t1-ncr-db-1-a.nomis-combined-reporting.hmpps-test.modernisation-platform.internal
service_name: T1BIPAUD

use_ssm_params: true
2 changes: 2 additions & 0 deletions ansible/group_vars/server_type_ncr_bip_cmc.yml
Original file line number Diff line number Diff line change
Expand Up @@ -113,3 +113,5 @@ tns_entries:
host_list:
- t1-ncr-db-1-a.nomis-combined-reporting.hmpps-test.modernisation-platform.internal
service_name: BIPAUD_TAF

use_ssm_params: true
2 changes: 2 additions & 0 deletions ansible/group_vars/server_type_ncr_db.yml
Original file line number Diff line number Diff line change
Expand Up @@ -74,3 +74,5 @@ oracle_inventory: /u01/app/oraInventory
database_home: /u01/app/oracle/product/19c/db_1
oracle_home: "{{ database_home }}"
grid_home: /u01/app/oracle/product/19c/gridhome_1

use_ssm_params: true
5 changes: 4 additions & 1 deletion ansible/roles/oracle-19c/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,13 +35,16 @@ grid_install_script: grid_install.sh

password_response_file: grid_pw.rsp

db_ssm_passwords:
use_ssm_params: false
db_secretsmanager_passwords:
asm:
parameter: "/ec2/{{ ec2_name }}/asm-passwords"
wullub marked this conversation as resolved.
Show resolved Hide resolved
users:
- ASMSNMP: auto
- ASMSYS: auto

db_ssm_passwords: "{{ db_secretsmanager_passwords }}"

grid_env:
ORACLE_HOME: "{{ grid_home }}"
PATH: "{{ grid_home }}/bin:{{ oracle_path }}"
Expand Down
39 changes: 29 additions & 10 deletions ansible/roles/oracle-19c/tasks/get_facts.yml
Original file line number Diff line number Diff line change
@@ -1,11 +1,30 @@
---
- name: Get SSM parameters
import_role:
name: ssm-passwords
vars:
ssm_passwords: "{{ db_ssm_passwords }}"

- name: Get SSM parameters
set_fact:
asmpassword: "{{ ssm_passwords_dict['asm'].passwords['ASMSYS'] }}"
asmmonitorpassword: "{{ ssm_passwords_dict['asm'].passwords['ASMSNMP'] }}"
- name: Get secretsmanager passwords
block:
- name: secretsmanager passwords
import_role:
name: secretsmanager-passwords
vars:
secretsmanager_passwords: "{{ db_secretsmanager_passwords }}"

- name: secretsmanager passwords
set_fact:
asmpassword: "{{ secretsmanager_passwords_dict['asm'].passwords['ASMSYS'] }}"
asmmonitorpassword: "{{ secretsmanager_passwords_dict['asm'].passwords['ASMSNMP'] }}"

when: not use_ssm_params

- name: Get SSM params
block:
- name: Get SSM parameters
import_role:
name: ssm-passwords
vars:
ssm_passwords: "{{ db_ssm_passwords }}"

- name: Get SSM parameters
set_fact:
asmpassword: "{{ ssm_passwords_dict['asm'].passwords['ASMSYS'] }}"
asmmonitorpassword: "{{ ssm_passwords_dict['asm'].passwords['ASMSNMP'] }}"

when: use_ssm_params
Loading