ministryofjustice · keirwilliams · Apr 8, 2024 · Apr 8, 2024
@@ -0,0 +1,33 @@
+---
+bip_bucket_name: nomis-combined-reporting-bip-packages20230612143115114600000001
+sap_bi_platform_unpack_base_directory: /opt/sap/bip
+sap_bi_platform_extraction_directory: /u02/software/BIP_4_3_SP1
+sap_bi_platform_installation_directory: /u01/app/bobj/BIP4
+sap_jvm_unpack_base_directory: /opt/sap/java
+
+ncr_environment: "{{ ec2.tags['nomis-combined-reporting-environment'] }}"
+cms_name: "{{ ncr_environment }}-ncr-cms"
+
+s3:
+  bip_bucket_name: nomis-combined-reporting-bip-packages20230612143115114600000001
+  packages_prefix: BIP/
+  files:
+    sap_bi_platform:
+      - BIPLATS4303P_300-70002683_P1.EXE
+      - BIPLATS4303P_300-70002683_P2.RAR
+    sap_jvm: SAPJVM8_94-80000202.SAR
+    sapcar: SAPCAR_1324-80000935.EXE
+
+ssm_parameters_prefix: "tomcat"
+
+tomcat_post_install_directories:
+  tomcat: /u01/app/bobj/BIP4/sap_bobj/tomcat
+  custom_config: /u01/app/bobj/BIP4/sap_bobj/enterprise_xi40/warfiles/webapps/BOE/WEB-INF/config/custom
+  biprws_config: /u01/app/bobj/BIP4/sap_bobj/enterprise_xi40/warfiles/webapps/biprws/WEB-INF/config/custom
+  webapps_root: /u01/app/bobj/BIP4/sap_bobj/enterprise_xi40/warfiles/webapps/ROOT
+
+tomcat_admin_secretsmanager_passwords:
+  tomcat_admin:
+    secret: "/ec2/ncr-tomcat-admin/{{ ncr_environment }}/passwords"
+    users:
+      - tomcat_admin: auto
@@ -0,0 +1,6 @@
+---
+dependencies:
+  - role: get-ec2-facts
+  - role: ansible-requirements
+  - role: disable-ipv6
+  - role: disable-firewall
@@ -0,0 +1,21 @@
+---
+- name: Ensure binstall group exists
+  ansible.builtin.group:
+    name: binstall
+    gid: 1201
+    state: present
+
+- name: Ensure oinstall group exists
+  ansible.builtin.group:
+    name: oinstall
+    state: present
+
+- name: Ensure dba group exists
+  ansible.builtin.group:
+    name: dba
+    state: present
+
+- name: Ensure sapsys group exists
+  ansible.builtin.group:
+    name: sapsys
+    state: present
@@ -0,0 +1,33 @@
+- name: Copy pre requesites file
+  ansible.builtin.template:
+    src: u02/software/BIP_4_3_SP1/prereq_checks.ini
+    dest: "{{ sap_bi_platform_extraction_directory }}/prereq_checks.ini"
+    owner: bobj
+    group: binstall
+    mode: "0755"
+
+- name: Copy response file
+  ansible.builtin.template:
+    src: u02/software/BIP_4_3_SP1/tomcat_admin_response.ini
+    dest: "{{ sap_bi_platform_extraction_directory }}/tomcat_admin_response.ini"
+    owner: bobj
+    group: binstall
+    mode: "0755"
+
+- name: Ensure product key is set in response file
+  ansible.builtin.lineinfile:
+    path: "{{ sap_bi_platform_extraction_directory }}/tomcat_admin_response.ini"
+    regexp: "^productkey="
+    line: "productkey={{ product_key }}"
+
+- name: Ensure CMS password is set in response file
+  ansible.builtin.lineinfile:
+    path: "{{ sap_bi_platform_extraction_directory }}/tomcat_admin_response.ini"
+    regexp: "^remotecmsadminpassword="
+    line: "remotecmsadminpassword={{ cms_admin_password }}"
+
+- name: Ensure CMS name is set in response file
+  ansible.builtin.lineinfile:
+    path: "{{ sap_bi_platform_extraction_directory }}/tomcat_admin_response.ini"
+    regexp: "^remotecmsname="
+    line: "remotecmsname={{ cms_name }}"
@@ -0,0 +1,30 @@
+---
+- name: Assign bobj permissions
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: bobj
+    group: binstall
+    mode: "0775"
+  loop:
+    - "{{ sap_bi_platform_installation_directory }}"
+    - "{{ sap_bi_platform_extraction_directory }}"
+
+- name: Assign 775 oracle permissions
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: oracle
+    group: oinstall
+    mode: "0775"
+  loop:
+    - /u01/stage/
+    - /u01/app/oracle/
+
+- name: Assign 770 oracle permissions
+  ansible.builtin.file:
+    path: /u01/app/oraInventory/
+    state: directory
+    owner: oracle
+    group: oinstall
+    mode: "0770"
@@ -0,0 +1,29 @@
+---
+# unpack the SAP BIP rar archive
+
+- name: Check if setup.sh file exists
+  stat:
+    path: "{{ sap_bi_platform_extraction_directory }}/setup.sh"
+  register: result
+
+- name: Unpack the install files
+  block:
+    - name: Unpack the rar file
+      shell: /usr/local/bin/unrar x -y BIPLATS4303P_300-70002683_P1.exe
+      args:
+        chdir: "{{ sap_bi_platform_unpack_base_directory }}"
+      when: sap_bi_platform_unpack_base_directory is defined
+
+    - name: Untar the unpacked archive
+      ansible.builtin.unarchive:
+        src: "{{ sap_bi_platform_unpack_base_directory }}/BISERVONE.tgz"
+        dest: "{{ sap_bi_platform_extraction_directory }}"
+        remote_src: yes
+      when: sap_bi_platform_unpack_base_directory is defined
+  when: not result.stat.exists
+  rescue:
+    - name: Remove the unpacked RAR
+      file:
+        path: "{{ sap_bi_platform_unpack_base_directory }}/BISERVONE.tgz"
+        state: absent
+      when: sap_bi_platform_unpack_base_directory is defined
@@ -0,0 +1,11 @@
+---
+- name: Get tomcat secrets
+  import_role:
+    name: secretsmanager-passwords
+  vars:
+    secretsmanager_passwords: "{{ tomcat_admin_secretsmanager_passwords }}"
+
+- name: Set password facts
+  set_fact:
+    cms_admin_password: "{{ secretsmanager_passwords_dict['tomcat_admin'].passwords['cms_admin_password'] }}"
+    product_key: "{{ secretsmanager_passwords_dict['tomcat_admin'].passwords['product_key'] }}"
@@ -0,0 +1,30 @@
+---
+- name: Install packages with yum command as those are not getting installed by ansible yum
+  ansible.builtin.shell: |
+    set -eo pipefail
+    main() {
+      yum -y install {{ item }}
+    }
+    main 2>&1 | logger -p local3.info -t ansible-yum-install
+  loop:
+    - libnsl
+    - libnsl2
+    - libnsl.i686
+    - libnsl2.i686
+
+- name: Get unrar installer
+  ansible.builtin.get_url:
+    url: "https://www.rarlab.com/rar/rarlinux-x64-621.tar.gz"
+    dest: "/tmp/rarlinux-x64-621.tar.gz"
+
+- name: Extract unrar
+  ansible.builtin.unarchive:
+    src: "/tmp/rarlinux-x64-621.tar.gz"
+    dest: "/tmp/"
+    remote_src: yes
+
+- name: Install unrar
+  ansible.builtin.shell:
+    cmd: "make"
+    chdir: "/tmp/rar/"
+    creates: "/usr/local/bin/unrar"
@@ -0,0 +1,37 @@
+---
+- name: Check if product is installed
+  stat:
+    path: /u01/app/bobj/BIP4/sap_bobj
+  register: bip_installed_check
+
+- name: Install Tomcat
+  block:
+    - name: Perform pre-requesite checks
+      become_user: bobj
+      ansible.builtin.shell: /u02/software/BIP_4_3_SP1/setup.sh -InstallDir /u01/app/bobj/BIP4/ -pre_requisite_check /u02/software/BIP_4_3_SP1/prereq_checks.ini /u02/software/BIP_4_3_SP1/failedPrereqs.txt
+      ignore_errors: true
+
+    - name: Run Silent Installation
+      become_user: bobj
+      ansible.builtin.shell: |
+        . ~/.bash_profile 
+        /u02/software/BIP_4_3_SP1/setup.sh -InstallDir /u01/app/bobj/BIP4/ -r /u02/software/BIP_4_3_SP1/tomcat_admin_response.ini
+  when: not bip_installed_check.stat.exists
+
+- name: Check if init has been run
+  stat:
+    path: /etc/init.d/SAPBOBJEnterpriseXI40
+  register: setupinit_folder_check
+
+- name: Run setup
+  block:
+    - name: Copy setupinit file
+      ansible.builtin.template:
+        src: u01/app/bobj/BIP4/sap_bobj/init/setupinit.sh
+        dest: /u01/app/bobj/BIP4/sap_bobj/init/setupinit.sh
+
+    - name: Execute setup script
+      become: true
+      ansible.builtin.shell: /u01/app/bobj/BIP4/sap_bobj/init/setupinit.sh
+  when:
+    - not setupinit_folder_check.stat.exists
@@ -0,0 +1,53 @@
+---
+- import_tasks: get_facts.yml
+  tags:
+    - amibuild
+    - ec2provision
+  when: ansible_distribution in ['RedHat']
+
+- import_tasks: install_packages.yml
+  tags:
+    - amibuild
+    - ec2provision
+  when: ansible_distribution in ['RedHat']
+
+- import_tasks: add_groups.yml
+  tags:
+    - amibuild
+    - ec2provision
+  when: ansible_distribution in ['RedHat']
+
+- import_tasks: assign_permissions.yml
+  tags:
+    - amibuild
+    - ec2provision
+  when: ansible_distribution in ['RedHat']
+
+- import_tasks: retrieve_files.yml
+  tags:
+    - amibuild
+    - ec2provision
+  when: ansible_distribution in ['RedHat']
+
+- import_tasks: extract_files.yml
+  tags:
+    - amibuild
+    - ec2provision
+  when: ansible_distribution in ['RedHat']
+
+- import_tasks: add_response_file.yml
+  tags:
+    - amibuild
+    - ec2provision
+  when: ansible_distribution in ['RedHat']
+# - import_tasks: install_tomcat.yml
+#   tags:
+#     - amibuild
+#     - ec2provision
+#   when: ansible_distribution in ['RedHat']
+
+# - import_tasks: post_installation_config.yml
+#   tags:
+#     - amibuild
+#     - ec2provision
+#   when: ansible_distribution in ['RedHat']
@@ -0,0 +1,69 @@
+### TOMCAT POST INSTALLATION CONFIGURATION
+---
+- name: Add tomcat config files
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ tomcat_post_install_directories.tomcat }}/{{ item.dest }}"
+  loop:
+    - { src: "../templates/server.xml", dest: "conf/server.xml" }
+    - { src: "../templates/context.xml", dest: "conf/context.xml" }
+    - { src: "../templates/setenv.sh", dest: "bin/setenv.sh" }
+
+- name: Modify wdeploy.conf
+  ansible.builtin.lineinfile:
+    path: "{{ sap_bi_platform_installation_directory }}/sap_bobj/enterprise_xi40/wdeploy/conf/wdeploy.conf"
+    regexp: "^disable_InfoView="
+    line: "disable_InfoView=true"
+  become: true
+  become_user: bobj
+
+- name: Add custom properties config files
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ tomcat_post_install_directories.custom_config }}/{{ item.dest }}"
+  loop:
+    - { src: "../templates/properties/BILogon.properties", dest: "BILogon.properties" }
+    - { src: "../templates/properties/CmcApp.properties", dest: "CmcApp.properties" }
+    - { src: "../templates/properties/FioriBI.properties", dest: "FioriBI.properties" }
+    - { src: "../templates/properties/global.properties", dest: "global.properties" }
+    - { src: "../templates/properties/OpenDocument.properties", dest: "OpenDocument.properties" }
+    - { src: "../templates/properties/PlatformServices.properties", dest: "PlatformServices.properties" }
+
+- name: Add biprws custom config file
+  ansible.builtin.template:
+    src: ../templates/properties/biprws.properties
+    dest: "{{ tomcat_post_install_directories.biprws_config }}/biprws.properties"
+
+- name: Rename main root files
+  block:
+    - name: Backup index file
+      ansible.builtin.copy:
+        remote_src: true
+        src: "{{ tomcat_post_install_directories.webapps_root }}/index.jsp"
+        dest: "{{ tomcat_post_install_directories.webapps_root }}/index_main.jsp"
+    - name: Check if BrowserCheck file exists
+      stat:
+        path: "{{ tomcat_post_install_directories.webapps_root }}/BrowserCheck.jsp"
+      register: browsercheck_file
+    - name: Backup BrowserCheck file
+      ansible.builtin.copy:
+        remote_src: true
+        src: "{{ tomcat_post_install_directories.webapps_root }}/BrowserCheck.jsp"
+        dest: "{{ tomcat_post_install_directories.webapps_root }}/BrowserCheck_Main.jsp"
+      when: browsercheck_file.stat.exists
+  become: true
+  become_user: bobj
+
+- name: Add root files
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ tomcat_post_install_directories.webapps_root }}/{{ item.dest }}"
+  loop:
+    - { src: "../templates/root/BIlogoff.jsp", dest: "BIlogoff.jsp" }
+    - { src: "../templates/root/BrowserCheck.jsp", dest: "BrowserCheck.jsp" }
+    - { src: "../templates/root/BrowserCheck_Offline.jsp", dest: "BrowserCheck_Offline.jsp" }
+    - { src: "../templates/root/browsercheck.css", dest: "browsercheck.css" }
+    - { src: "../templates/root/browsercheck.js", dest: "browsercheck.js" }
+    - { src: "../templates/root/index.jsp", dest: "index.jsp" }
+    - { src: "../templates/root/keepalive.htm", dest: "keepalive.htm" }
+    - { src: "../templates/root/Unsupported_Browser.html", dest: "Unsupported_Browser.html" }