Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nomis weblogic secrets #397

Merged
merged 2 commits into from
Nov 16, 2023
Merged

nomis weblogic secrets #397

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8c803ed
nomis weblogic secrets
wullub Nov 15, 2023
88202f4
Commit changes made by code formatters
github-actions[bot] Nov 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions ansible/group_vars/ami_nomis_rhel_6_10_weblogic_appserver_10_3.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,5 @@ ami_roles_list:

# the below vars are defined in multiple groups. Keep the values the same to avoid unexpected behaviour
roles_list: "{{ (ami_roles_list | default([]) | difference(server_type_roles_list | default([]))) + (server_type_roles_list | default([])) }}"

use_ssm_params: true
2 changes: 2 additions & 0 deletions ansible/group_vars/server_type_nomis_web.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,5 @@ collectd_monitored_services_servertype:
shell_cmd: "service chronyd status"
- metric_name: weblogichealthcheck
shell_cmd: "service weblogic-healthcheck status"

use_ssm_params: true
9 changes: 7 additions & 2 deletions ansible/roles/nomis-weblogic/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ weblogic_admin_username: weblogic
weblogic_db_username: oms_owner
weblogic_db_tagsar_username: tagsar
db_config: "{{ db_configs[weblogic_db_name] }}"
rms_ssm_parameter: "/oracle/weblogic/{{ nomis_environment }}/rms"
rms_secret_path: "/oracle/weblogic/{{ nomis_environment }}/rms"

weblogic_additional_form_servers:
- { name: WLS_FORMS1A, port: 9011, properties_src: WLS_FORMS1X }
Expand All @@ -41,13 +41,18 @@ weblogic_other_form_servers:

weblogic_all_form_servers: "{{ weblogic_other_form_servers + weblogic_additional_form_servers }}"

weblogic_ssm_passwords:
use_ssm_params: false
weblogic_secretsmanager_passwords:
weblogic:
parameter: "/oracle/weblogic/{{ nomis_environment }}/passwords"
secret: "/oracle/weblogic/{{ nomis_environment }}/passwords"
users:
- weblogic: auto
db:
parameter: "/oracle/database/{{ db_config.db_name }}/weblogic-passwords"
secret: "/oracle/database/{{ db_config.db_name }}/weblogic-passwords"
users:
- tagsar:
- oms_owner:

weblogic_ssm_passwords: "{{ weblogic_secretsmanager_passwords }}"
44 changes: 33 additions & 11 deletions ansible/roles/nomis-weblogic/tasks/get-facts.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,38 @@
---
- name: Get SSM parameters
import_role:
name: ssm-passwords
vars:
ssm_passwords: "{{ weblogic_ssm_passwords }}"
- name: Get secretsmanager passwords
block:
- name: secretsmanager passwords
import_role:
name: secretsmanager-passwords
vars:
secretsmanager_passwords: "{{ weblogic_secretsmanager_passwords }}"

- name: Get SSM parameters
set_fact:
weblogic_admin_password: "{{ ssm_passwords_dict['weblogic'].passwords[weblogic_admin_username] }}"
weblogic_db_password: "{{ ssm_passwords_dict['db'].passwords[weblogic_db_username] }}"
weblogic_db_tagsar_password: "{{ ssm_passwords_dict['db'].passwords[weblogic_db_tagsar_username] }}"
weblogic_rms: "{{ lookup('aws_ssm', rms_ssm_parameter , region='eu-west-2') }}"
- name: secretsmanager passwords
set_fact:
weblogic_admin_password: "{{ secretsmanager_passwords_dict['weblogic'].passwords['weblogic_admin_username'] }}"
weblogic_db_password: "{{ secretsmanager_passwords_dict['db'].passwords[weblogic_db_username] }}"
weblogic_db_tagsar_password: "{{ secretsmanager_passwords_dict['db'].passwords[weblogic_db_tagsar_username] }}"
weblogic_rms: "{{ lookup('amazon.aws.aws_secret', rms_secret_path, region='eu-west-2') }}" # should retrieve all secrets in the same way

when: not use_ssm_params

- name: Get SSM params
block:
- name: Get SSM parameters
import_role:
name: ssm-passwords
vars:
ssm_passwords: "{{ weblogic_ssm_passwords }}"

- name: Get SSM parameters
set_fact:
weblogic_admin_password: "{{ ssm_passwords_dict['weblogic'].passwords[weblogic_admin_username] }}"
weblogic_db_password: "{{ ssm_passwords_dict['db'].passwords[weblogic_db_username] }}"
weblogic_db_tagsar_password: "{{ ssm_passwords_dict['db'].passwords[weblogic_db_tagsar_username] }}"
weblogic_rms: "{{ lookup('aws_ssm', rms_secret_path , region='eu-west-2') }}" # should retrieve all secrets in the same way
when: ssm_passwords_dict is defined

when: use_ssm_params

# Ensure the secrets are uploaded, e.g.
# aws ssm put-parameter --name '/oracle/weblogic/t3/rms' --type SecureString --data-type text --value '{"hosts": "notimplemented.azure.noms.root", "key": "notimplemented"}' --profile nomis-test --overwrite
Expand Down
Loading