Merge pull request #272 from ministryofjustice/oasys-bip-build

Oasys bip build first step - weblogic install and psu patch

ansible/group_vars/environment_name_oasys_test.yml

@@ -204,3 +204,22 @@ db_configs:
 
   RCVCAT:
     rcvcat_db_name: TRCVCAT
+
+  T2BIPINF:
+    parameters:
+      - { name: "_allow_insert_with_update_check", value: TRUE, db_restart_required: 0, scope: both }
+      - { name: session_cached_cursors, value: 300, db_restart_required: 0, scope: spfile }
+      - { name: processes, value: 500, db_restart_required: 1, scope: spfile }
+      - { name: pga_aggregate_target, value: 800M, db_restart_required: 0, scope: both }
+      - { name: db_recovery_file_dest_size, value: 40G, db_restart_required: 0, scope: both }
+      - { name: shared_pool_size, value: 300M, db_restart_required: 0, scope: both }
+      - { name: open_cursors, value: 800, db_restart_required: 0, scope: both }
+      - { name: db_files, value: 600, db_restart_required: 0, scope: both }
+      - {
+          name: log_archive_dest_1,
+          value: '"''location=use_db_recovery_file_dest valid_for=(all_logfiles,all_roles) db_unique_name=emrep''"',
+          db_restart_required: 0,
+          scope: both,
+        }
+    service:
+      - { name: BIPINF_TAF, role: PRIMARY }

ansible/roles/oasys-bip/defaults/main.yml

@@ -0,0 +1,59 @@
+---
+# Following tags must be set on the ASG
+# oasys-environment: t2
+# bip-db-name:       T2BIPINF
+# bip-db-hostname:   t2-oasys-db-a
+# oasys-db-name:     T2OASYS
+# oasys-db-hostname: t2-oasys-db-a
+#
+# Following tags must be set on the DB
+# bip-db-name: T2BIPINF
+
+oasys_environment: "{{ ec2.tags['oasys-environment'] }}"
+bip_db_name: "{{ ec2.tags['bip-db-name'] }}"
+bip_db_server: "{{ ec2.tags['bip-db-hostname'] }}"
+oasys_db_name: "{{ ec2.tags['oasys-db-name'] }}"
+oasys_db_server: "{{ ec2.tags['oasys-db-hostname'] }}"
+
+weblogic_domain_hostname: "{{ ansible_facts.hostname }}"
+weblogic_servername: "{{ ansible_facts.hostname }}"
+middleware_home: /u01/app/oracle/Middleware
+wl_home: /u01/app/oracle/Middleware/wlserver_10.3
+stage: /u01/stage
+oracle_install_user: oracle
+oracle_install_group: oinstall
+domain_name: bifoundation_domain
+domain_home: /u01/app/oracle/Middleware/user_projects/domains
+oas_mds_password_file: "{{ stage }}/oas_mds_password.txt"
+oas_biplatform_password_file: "{{ stage }}/oas_biplatform_password.txt"
+weblogic_password_file: "{{ stage }}/weblogic_password.txt"
+admin_password_file: "{{ stage }}/weblogic_password.txt"
+bip_repository_file: bip_repository_12Oct2023.tar
+weblogic_admin_username: weblogic
+managed_server: bi_server1
+scripts_dir: /home/oracle/admin/scripts
+weblogic_servers:
+  - { name: bi_server1 }
+  - { name: AdminServer }
+
+bip_weblogic_secretsmanager_secrets:
+  bipweb:
+    secret: "/oracle/bip/{{ oasys_environment }}/passwords"
+    users:
+      - weblogic:
+  bipdbshared:
+    secret: "/oracle/database/{{ bip_db_name }}/bip-passwords"
+    users:
+      - sys:
+      - mds:
+      - biplatform:
+
+bip_db_secretsmanager_secrets:
+  bipdbshared:
+    secret: "/oracle/database/{{ bip_db_name }}/bip-passwords"
+    users:
+      - sys:
+  bipdb:
+    secret: "/oracle/database/{{ bip_db_name }}/passwords"
+    users:
+      - system:

ansible/roles/oasys-bip/meta/main.yml

@@ -0,0 +1,6 @@
+---
+dependencies:
+  - role: get-ec2-facts
+  # - role: ansible-requirements
+  # - role: disable-ipv6
+  # - role: disable-firewall

ansible/roles/oasys-bip/tasks/cleanup.yml

@@ -0,0 +1,23 @@
+---
+- name: Collect file details for cleanup from {{ stage }}
+  ansible.builtin.find:
+    path: "{{ stage }}"
+    hidden: True
+  register: collected_files
+
+- name: Collect directory details for cleanup from {{ stage }}
+  ansible.builtin.find:
+    paths: "{{ stage }}"
+    hidden: True
+    file_type: directory
+  register: collected_directories
+
+- name: remove collected files and directories
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  with_items: >
+    {{
+      collected_files.files
+      + collected_directories.files
+    }}

ansible/roles/oasys-bip/tasks/clone_bip_software.yml

@@ -0,0 +1,266 @@
+---
+- name: Check Oracle BIP Software installed
+  ansible.builtin.stat:
+    path: ". {{ wl_home }}/server/bin/setWLSEnv.sh"
+  register: BIP_software_installed
+
+- block:
+    - name: Create directories for moveplan and bip repository
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        owner: oracle
+        group: oinstall
+        mode: "0755"
+      loop:
+        - "{{ stage }}"
+        - "{{ stage }}/nm"
+        - "{{ stage }}/bi_config"
+        - "{{ stage }}/logs"
+        - /u01/oracle
+        - /u01/app
+
+    - name: Download software for Oracle BI Publisher cloning for Oasys
+      amazon.aws.aws_s3:
+        bucket: "{{ image_builder_s3_bucket_name }}"
+        object: "oasys-bip/bipclone/{{ item }}"
+        dest: "{{ stage}}/{{ item }}"
+        mode: get
+        overwrite: latest
+      loop:
+        - test_mw_copy.jar
+        - bi_config_copy.jar
+        - cloningclient.jar
+        - nm.jar
+        - pasteBinary.sh
+        - "{{ bip_repository_file}}"
+      when: image_builder_s3_bucket_name is defined
+
+    - name: Change file ownership, group and permissions
+      ansible.builtin.file:
+        path: "{{ item }}"
+        owner: oracle
+        group: oinstall
+        mode: "0700"
+      loop:
+        - "{{ stage }}/pasteBinary.sh"
+        - "{{ stage }}/cloningclient.jar"
+
+    - name: Create a symbolic link
+      ansible.builtin.file:
+        src: /u01/oracle
+        dest: /oracle
+        owner: oracle
+        group: oinstall
+        state: link
+
+    - name: Extract bip_repository
+      ansible.builtin.unarchive:
+        owner: oracle
+        group: oinstall
+        src: "{{ stage }}/{{ bip_repository_file }}"
+        dest: /u01/oracle
+        remote_src: true
+        keep_newer: true
+
+    - name: Copy BIP plans for config and nodemanager
+      ansible.builtin.template:
+        src: "{{ item }}_moveplan.xml"
+        dest: "{{ stage }}/{{ item }}/moveplan.xml"
+        owner: oracle
+        group: oinstall
+        mode: "0700"
+      loop:
+        - nm
+        - bi_config
+
+    - name: Copy script templates to obfuscate password and to add Privileges for Application Roles
+      ansible.builtin.template:
+        src: "{{ item }}.j2"
+        dest: "{{ stage }}/{{ item }}"
+        owner: oracle
+        group: oinstall
+        mode: "0700"
+      loop:
+        - obfuscatePassword.exp
+        - addBIPCodeGrants.py
+        - bip_paste_binary.sh
+        - addApplicationPrivileges.exp
+        - password.txt
+        - boot.properties
+
+    - name: Copy oraInst.loc
+      ansible.builtin.template:
+        src: "oraInst.loc.j2"
+        dest: "/etc/oraInst.loc"
+        owner: root
+        group: root
+        mode: "0755"
+
+    - name: Oracle BI Publisher paste binary from jar file
+      become_user: oracle
+      ansible.builtin.shell: |
+        set -eo pipefail
+        main() {
+           echo "# pasteBinary.sh "
+           {{ stage }}/pasteBinary.sh -javahome /usr/java/jdk1.7.0_80 -archiveLoc {{ stage }}/test_mw_copy.jar -targetMWHomeLoc {{ middleware_home }} -invPtrLoc /etc/oraInst.loc -logDirLoc {{ stage  }}/logs -executeSysPrereqs false
+        }
+        main 2>&1 | logger -p local3.info -t ansible-oracle-bip
+      async: 86400
+      poll: 60
+      when: not ansible_check_mode
+
+    - name: Execute oracleRoot.sh as root
+      ansible.builtin.shell: |
+        set -eo pipefail
+        main() {
+            echo "# oracleRoot.sh "
+            {{ middleware_home }}/Oracle_BI1/oracleRoot.sh
+        }
+        main 2>&1 | logger -p local3.info -t ansible-oracle-bip
+      when: not ansible_check_mode
+
+    - name: Collect file details for cleanup from nodemanager
+      ansible.builtin.find:
+        path: "{{ wl_home }}/common/nodemanager/"
+        hidden: True
+      register: collected_files
+
+    - name: remove collected files from nodemenager directory
+      ansible.builtin.file:
+        path: "{{ item.path }}"
+        state: absent
+      with_items: >
+        {{
+          collected_files.files
+        }}
+
+    - name: Generate obfuscate password files for OMS_MDS
+      become_user: oracle
+      ansible.builtin.shell: |
+        set -eo pipefail
+        main() {
+          export CONFIG_JVM_ARGS="-Xmx2048M -Xms2048M"
+          echo "# Create obfuscated password file for OAS_MDS "
+          {{ stage }}/obfuscatePassword.exp  {{ bipdb_mds_password }} {{ oas_mds_password_file }}
+        }
+        main 2>&1 | logger -p local3.info -t ansible-oracle-bip
+
+    - name: Generate obfuscate password files for OAS_BIPLATFORM
+      become_user: oracle
+      ansible.builtin.shell: |
+        set -eo pipefail
+        main() {
+          export CONFIG_JVM_ARGS="-Xmx2048M -Xms2048M"
+          echo "# Create obfuscated password file for OAS_BIPLATFORM "
+          {{ stage }}/obfuscatePassword.exp  {{ bipdb_biplatform_password }} {{ oas_biplatform_password_file }}
+        }
+        main 2>&1 | logger -p local3.info -t ansible-oracle-bip
+
+    - name: Generate obfuscate password files for weblogic
+      become_user: oracle
+      ansible.builtin.shell: |
+        set -eo pipefail
+        main() {
+          export CONFIG_JVM_ARGS="-Xmx2048M -Xms2048M"
+          echo "# Create obfuscated password file for WEBLOGIC  "
+          {{ stage }}/obfuscatePassword.exp  {{ weblogic_admin_password }} {{ weblogic_password_file }}
+        }
+        main 2>&1 | logger -p local3.info -t ansible-oracle-bip
+
+    - name: Oracle BIP config cloning
+      become_user: oracle
+      ansible.builtin.shell: |
+        set -eo pipefail
+        main() {
+            {{ middleware_home }}/oracle_common/bin/pasteConfig.sh \
+              -javahome /usr/java/jdk1.7.0_80 \
+              -archiveLoc {{ stage }}/bi_config_copy.jar \
+              -targetDomainLoc {{ domain_home }}/{{ domain_name }} \
+              -targetMWHomeLoc {{ middleware_home }} \
+              -domainAdminPasswordFile {{ stage }}/password.txt \
+              -movePlanLoc {{ stage }}/bi_config/moveplan.xml
+        }
+        main 2>&1 | logger -p local3.info -t ansible-oracle-bip
+      async: 86400
+      poll: 60
+      when: not ansible_check_mode
+
+    - name: Collect file details for cleanup for mbase.bin and mbase.lck files
+      ansible.builtin.find:
+        path: "{{ domain_home }}/bifoundation_domain/config/bipublisher/repository/meta/"
+        hidden: True
+      register: collected_files
+
+    - name: remove collected files from nodemenager directory
+      ansible.builtin.file:
+        path: "{{ item.path }}"
+        state: absent
+      with_items: >
+        {{
+          collected_files.files
+        }}
+
+    - name: Collect file details for cleanup for mbase.bin and mbase.lck files
+      ansible.builtin.find:
+        path: "{{ wl_home }}/common/nodemanager/"
+        hidden: True
+      register: collected_files
+
+    - name: remove collected files from nodemenager directory
+      ansible.builtin.file:
+        path: "{{ item.path }}"
+        state: absent
+      with_items: >
+        {{
+          collected_files.files
+        }}
+
+    - name: Pause for 15 minutes to let admin server start properly in few cases even though it was running connecting to it was causing issues for few mins
+      ansible.builtin.pause:
+        minutes: 10
+
+    - name: Oracle BIP NodeManager config cloning
+      become_user: oracle
+      ansible.builtin.shell: |
+        set -eo pipefail
+        main() {
+            {{ middleware_home }}/oracle_common/bin/pasteConfig.sh \
+              -javahome /usr/java/jdk1.7.0_80 \
+              -archiveLoc {{ stage }}/nm.jar \
+              -targetnmhomeloc {{ wl_home }}/common/nodemanager \
+              -targetmwhomeloc {{ middleware_home }} \
+              -movePlanLoc {{ stage }}/nm/moveplan.xml \
+              -silent true
+        }
+        main 2>&1 | logger -p local3.info -t ansible-oracle-bip
+      async: 86400
+      poll: 30
+      when: not ansible_check_mode
+
+    - name: Boot.properties file creation for bi_server1
+      ansible.builtin.copy:
+        src: "{{ domain_home }}/{{ domain_name }}/servers/AdminServer/security/boot.properties"
+        dest: "{{ domain_home }}/{{ domain_name }}/servers/bi_server1/security/boot.properties"
+        owner: oracle
+        group: oinstall
+        mode: "0600"
+        remote_src: true
+
+    - name: Pause for 15 minutes to let admin server start properly in few cases even though it was running connecting to it was causing issues for few mins
+      ansible.builtin.pause:
+        minutes: 10
+
+    - name: Enable Standalone BI Publisher to Add Privileges for Application Roles
+      become_user: oracle
+      ansible.builtin.shell: |
+        set -eo pipefail
+        main() {
+            . {{ wl_home }}/server/bin/setWLSEnv.sh
+            {{ stage }}/addApplicationPrivileges.exp  {{ weblogic_admin_password }}
+        }
+        main 2>&1 | logger -p local3.info -t ansible-oracle-bip
+      when: not ansible_check_mode
+
+  # block
+  when: not BIP_software_installed.stat.exists