Merge pull request #815 from ministryofjustice/onr/dsos-2730/ansible-…

…base

non-installer tasks for onr Tomcat server instance

ansible/group_vars/server_type_onr_web.yml

@@ -1,24 +1,22 @@
 ---
 ansible_python_interpreter: /usr/bin/python3.9
 
-# TODO: Users and Disks roles need checking versus what we're actually deploying
-# FIXME: ncr-tomcat role probably needs to be either made 'generic' or we need an onr-tomcat role
-
-# users_and_groups_system:
-#   - name: oracle
-#     group: oinstall
-#     groups:
-#       - dba
-#       - wheel
-#   - name: bobj
-#     group: binstall
-#     groups:
-#       - dba
-#       - sapsys
+users_and_groups_system:
+  - group: dba
+    gid: "{{ (ec2.tags['environment-name'] == 'oasys-national-reporting-test') | ternary('503', '502') }}"
+  - name: tomcat
+    group: tomcat
+    uid: 91
+  - name: bobj
+    group: binstall
+    uid: 1201
+    groups:
+      - dba
+      - sapsys
 
 server_type_roles_list:
-  #  - sshd-config
-  #  - users-and-groups
+  - sshd-config
+  - users-and-groups
   - sudoers
   - get-ec2-facts
   - set-ec2-hostname
@@ -32,15 +30,17 @@ server_type_roles_list:
   - amazon-cli
   - ansible-script
   - epel
-  #  - disks
-  #  - ncr-tomcat >> change to onr-tomcat, can't entirely re-use this
-  - collectd
-  - amazon-cloudwatch-agent
-  - amazon-cloudwatch-agent-collectd
-  - collectd-service-metrics
+  - disks
+  - onr-web
+  # TODO: comment these back in later
+  # - collectd
+  # - amazon-cloudwatch-agent
+  # - amazon-cloudwatch-agent-collectd
+  # - collectd-service-metrics
 
 roles_list: "{{ (ami_roles_list | default([]) | difference(server_type_roles_list | default([]))) + (server_type_roles_list | default([])) }}"
 
+# TODO: check these packages vs. the onr-boe package list
 packages_yum_install:
   - nano
   - vim
@@ -55,10 +55,8 @@ packages_yum_install:
   - libXext.x86_64
   - expat.i686
   - expat.x86_64
-  - libxcrypt.i686
   - libgcc.i686
   - libgcc.x86_64
-  - libnsl.i686
   - libXcursor.i686
   - libXcursor.x86_64
   - libXrender.i686
@@ -71,13 +69,11 @@ packages_yum_install:
   - libXau.x86_64
   - xz-libs.i686
 
+# TODO: check the disks vs. the onr-web defaults in the terraform
 disks_mount:
   - ebs_device_name: /dev/sdb
     dir: /u01
     fstype: xfs
   - ebs_device_name: /dev/sdc
     dir: /u02
     fstype: xfs
-  - ebs_device_name: /dev/sds
-    dir: swap
-    fstype: swap

ansible/roles/onr-boe/tasks/install-boe-patch.yml

@@ -0,0 +1,5 @@
+---
+# - name: Check that the patch file is available TODO: fix this
+#   ansible.builtin.stat:
+#     path: "{{ stage }}/{{ boe_patch }}"
+#   register: patch_file

ansible/roles/onr-boe/tasks/main.yml

@@ -37,3 +37,8 @@
   tags:
     - amibuild
     - ec2provision
+
+- import_tasks: install-boe-patch.yml
+  tags:
+    - amibuild
+    - ec2provision

ansible/roles/onr-web/defaults/main.yml

@@ -1,33 +1,21 @@
 ---
-bip_bucket_name: nomis-combined-reporting-bip-packages20230612143115114600000001
-sap_bi_platform_unpack_base_directory: /opt/sap/bip
-sap_bi_platform_extraction_directory: /u02/software/BIP_4_3_SP1
-sap_bi_platform_installation_directory: /u01/app/bobj/BIP4
-sap_jvm_unpack_base_directory: /opt/sap/java
+artefacts_s3_bucket_name: mod-platform-image-artefact-bucket20230203091453221500000001
+artefacts_s3_bucket_path: hmpps/onr
+artefact_dir: /u02
+app_dir: /u01/software/BOE_3_1_FP7_4_Linux
+onr_environment: "{{ ec2.tags['oasys-national-reporting-environment'] }}"
 
-ncr_environment: "{{ ec2.tags['nomis-combined-reporting-environment'] }}"
-cms_name: "{{ ncr_environment }}-ncr-cms"
+boe_install_user: bobj
+boe_install_group: binstall
 
-s3:
-  bip_bucket_name: nomis-combined-reporting-bip-packages20230612143115114600000001
-  packages_prefix: BIP/
-  files:
-    sap_bi_platform:
-      - BIPLATS4303P_300-70002683_P1.EXE
-      - BIPLATS4303P_300-70002683_P2.RAR
-    sap_jvm: SAPJVM8_94-80000202.SAR
-    sapcar: SAPCAR_1324-80000935.EXE
-
-ssm_parameters_prefix: "tomcat"
-
-tomcat_post_install_directories:
-  tomcat: /u01/app/bobj/BIP4/sap_bobj/tomcat
-  custom_config: /u01/app/bobj/BIP4/sap_bobj/enterprise_xi40/warfiles/webapps/BOE/WEB-INF/config/custom
-  biprws_config: /u01/app/bobj/BIP4/sap_bobj/enterprise_xi40/warfiles/webapps/biprws/WEB-INF/config/custom
-  webapps_root: /u01/app/bobj/BIP4/sap_bobj/enterprise_xi40/warfiles/webapps/ROOT
+stage: "{{ artefact_dir }}/stage"
+temp: "{{ artefact_dir }}/temp"
 
 tomcat_admin_secretsmanager_passwords:
   tomcat_admin:
-    secret: "/ec2/ncr-tomcat-admin/{{ ncr_environment }}/passwords"
+    secret: "/ec2/onr-web/{{ onr_environment }}/passwords"
     users:
       - tomcat_admin: auto
+# cms_name: "{{ ncr_environment }}-ncr-cms"
+
+# ssm_parameters_prefix: "tomcat"

ansible/roles/onr-web/tasks/assign_permissions.yml

@@ -1,4 +1,5 @@
 ---
+# TODO: check whether we need this and change to assing-permissions.yml and reference correctly in tasks/main.yml
 - name: Assign bobj permissions
   ansible.builtin.file:
     path: "{{ item }}"

ansible/roles/onr-web/tasks/add_groups.yml → ansible/roles/onr-web/tasks/check-groups.yml

@@ -4,17 +4,12 @@
     name: binstall
     state: present
 
-- name: Ensure oinstall group exists
-  ansible.builtin.group:
-    name: oinstall
-    state: present
-
 - name: Ensure dba group exists
   ansible.builtin.group:
     name: dba
     state: present
 
-- name: Ensure sapsys group exists
+- name: Ensure tomcat group exists
   ansible.builtin.group:
-    name: sapsys
+    name: tomcat
     state: present

ansible/roles/onr-web/tasks/get_facts.yml → ansible/roles/onr-web/tasks/get-facts.yml

@@ -7,5 +7,5 @@
 
 - name: Set password facts
   set_fact:
-    cms_admin_password: "{{ secretsmanager_passwords_dict['tomcat_admin'].passwords['cms_admin_password'] }}"
-    product_key: "{{ secretsmanager_passwords_dict['tomcat_admin'].passwords['product_key'] }}"
+    cms_admin_password: "{{ secretsmanager_passwords_dict['tomcat_admin'].passwords['tomcat_admin'] }}"
+    # product_key: "{{ secretsmanager_passwords_dict['tomcat_admin'].passwords['product_key'] }}"

ansible/roles/onr-web/tasks/main.yml

@@ -1,53 +1,38 @@
 ---
-- import_tasks: get_facts.yml
+- import_tasks: get-facts.yml
   tags:
     - amibuild
     - ec2provision
   when: ansible_distribution in ['RedHat']
 
-- import_tasks: install_packages.yml
-  tags:
-    - amibuild
-    - ec2provision
-  when: ansible_distribution in ['RedHat']
-
-- import_tasks: add_groups.yml
-  tags:
-    - amibuild
-    - ec2provision
-  when: ansible_distribution in ['RedHat']
-
-- import_tasks: assign_permissions.yml
-  tags:
-    - amibuild
-    - ec2provision
-  when: ansible_distribution in ['RedHat']
-
-- import_tasks: retrieve_files.yml
-  tags:
-    - amibuild
-    - ec2provision
-  when: ansible_distribution in ['RedHat']
+# NOTE: none of this seems to be needed - packages referenced here are not available in the yum repos
+# - import_tasks: install-packages.yml
+#   tags:
+#     - amibuild
+#     - ec2provision
+#   when: ansible_distribution in ['RedHat']
 
-- import_tasks: extract_files.yml
+- import_tasks: check-groups.yml
   tags:
     - amibuild
     - ec2provision
   when: ansible_distribution in ['RedHat']
 
-- import_tasks: add_response_file.yml
+- import_role:
+    name: onr-get
   tags:
     - amibuild
     - ec2provision
   when: ansible_distribution in ['RedHat']
-# - import_tasks: install_tomcat.yml
+# - import_tasks: add_response_file.yml
 #   tags:
 #     - amibuild
 #     - ec2provision
 #   when: ansible_distribution in ['RedHat']
 
-# - import_tasks: post_installation_config.yml
+# - import_tasks: install_tomcat.yml
 #   tags:
 #     - amibuild
 #     - ec2provision
 #   when: ansible_distribution in ['RedHat']
+