Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GOBMCN2-24 Added preflight checks #6

Closed
wants to merge 1 commit into from
Closed

GOBMCN2-24 Added preflight checks #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 2 additions & 46 deletions check-instance.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,49 +24,5 @@
vars:
allow_install_on_vm: false

tasks:

- name: Test connectivity to target instance via ping
ping:
register: pingrc

- name: Abort if ping module fails
assert:
that: "pingrc.ping == 'pong'"
fail_msg: >-
The instance does not have an usable python distribution
success_msg: >-
The instance has an usable python installation, continuing

- name: Collect facts from target
setup:

- name: Platform verification
fail:
msg: "The system may not be provisioned on VM by default. Use the allow_install_on_vm option for VM testing"
when:
- ansible_system_vendor == "Google"
- ansible_virtualization_type == "kvm"
- ansible_virtualization_role == "guest"
- allow_install_on_vm == false

- name: Test privilege escalation on target
raw: sudo -u root whoami
register: rawrc
changed_when: False

- name: Fail if unable to sudo to root on target
assert:
that: "rawrc.stdout_lines[0] == 'root'"
fail_msg: "The account {{ ansible_user }} used to connect does not have sudo privileges to root"
success_msg: "The account {{ ansible_user }} used to connect has sudo root privileges, continuing"

- name: Check for Python installation
raw: test -e /usr/bin/python || test -e /usr/bin/python3
changed_when: false
failed_when: false
register: check_python

- name: Install Python if required
raw: sudo yum -y install python3
when: check_python.rc != 0
roles:
- check-instance
38 changes: 38 additions & 0 deletions roles/check-instance/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
allow_install_on_vm: false
#
ansible_user: ansible
#
required_cpu_cores: 4
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why shouldn't I run on, say, a single-core system?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was the recommendation from the DBA team

required_cpu_arch: x86_64
#
required_mem_mb: 15000
#
supported_distributions_19c:
- { distro: "OracleLinux", version: "7.4", kernel_version: "4.1.12", kernel_build: "124.19.2", kernel_tag: "el7uek" }
- { distro: "OracleLinux", version: "7.4", kernel_version: "4.14.35", kernel_build: "1818.1.6", kernel_tag: "el7uek" }
- { distro: "OracleLinux", version: "7.5", kernel_version: "3.10.0", kernel_build: "862.11.6", kernel_tag: "el7" }
- { distro: "RedHat", version: "7.5", kernel_version: "3.10.0", kernel_build: "862.11.6", kernel_tag: "el7" }
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about, say, Red Hat 7.6? 7.7 beta? 7.3? 7.1? These are all certified as far as I know. It just seems like a huge headache to maintain a list of kernel versions for every quarterly release of every operating system, and repeating it for every Oracle software combination.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the list of supported OS/Kernels for the specific database versions, once new OS versions are out, we can add a new line for 7.6, 7.7 with a kernel version. Anything newer passes.

supported_distributions_18c:
- { distro: "OracleLinux", version "7.5", kernel_version: "4.14.35", kernel_build: "1818.5.3", kernel_tag: "el7uek" }
- { distro: "OracleLinux", version "7.2", kernel_version: "4.1.12", kernel_build: "32.2.3", kernel_tag: "el7uek" }
- { distro: "OracleLinux", version "7", kernel_version: "3.8.13", kernel_build: "35.3.1", kernel_tag: "el7uek" }
- { distro: "OracleLinux", version "7", kernel_version: "3.10.0", kernel_build: "123", kernel_tag: "el7" }
supported_distributions_12_2:
- { distro: "OracleLinux", version "7", kernel_version: "3.8.13", kernel_build: "35.3..1", kernel_tag: "el7uek" }
- { distro: "OracleLinux", version "7.2", kernel_version: "4.1.12", kernel_build: "32.2.3", kernel_tag: "el7uek" }
- { distro: "OracleLinux", version "7", kernel_version: "3.10.0", kernel_build: "123", kernel_tag: "el7" }
- { distro: "RedHat", version "7", kernel_version: "3.10.0", kernel_build: "123", kernel_tag: "el7" }
3 changes: 3 additions & 0 deletions roles/check-instance/meta/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
dependencies:
- { role: common }
145 changes: 145 additions & 0 deletions roles/check-instance/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,145 @@
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Collect facts
setup:

- name: Verify Ansible meets the version requirements
assert:
that: "ansible_version.full is version_compare('2.8', '>=')"
fail_msg: >-
You must update Ansible to at least 2.8 to use these playbooks
success_msg: >-
Ansible version is {{ ansible_version.full }} , continuing

- name: Abort if the instance type requirements are not met
fail:
msg: The system may not be provisioned on VM by default. Change allow_install_on_vm to true to test
when:
- ansible_system_vendor == "Google"
- ansible_virtualization_type == "kvm"
- ansible_virtualization_role == "guest"
- allow_install_on_vm == false

- name: Test that we can connect to the instance
raw: sudo -u root whoami
register: rawrc
changed_when: False

- name: Abort if we cannot sudo to root
assert:
that: "rawrc.stdout_lines[0] == 'root'"
fail_msg: >-
The account {{ ansible_user }} used to connect does not have sudo privileges to root
success_msg: >-
The account {{ ansible_user }} used to connect has sudo root privileges, continuing

- name: Check for Python installation
raw: test -e /usr/bin/python || test -e /usr/bin/python3
changed_when: false
failed_when: false
register: check_python

- name: Install Python via raw if not installed
raw: sudo yum -y install python3
when: check_python.rc != 0

- name: Test that we have an usable python on the instance
ping:
register: pingrc

- name: Abort if ping module fails
assert:
that: "pingrc.ping == 'pong'"
fail_msg: >-
The instance does not have an usable python distribution
success_msg: >-
The instance has an usable python installation, continuing

- set_fact:
supported_19c: False
supported_18c: False
supported_12_2: False
kernel_info: |
{{ ansible_kernel | regex_replace ('^(\d+\.\d+\.\d+)-(\d*)\.([^.]+)\.(x86_64)$', '{"version": "\1", "build": "\2", "tag": "\3", "arch": "\4"}' ) }}

- set_fact:
supported_19c: True
when:
- ansible_distribution == item.distro
- ansible_distribution_major_version is version(item.version, '>=')
- kernel_info.version is version(item.kernel_version, '>=')
- kernel_info.build is version(item.kernel_build, '>=')
with_items: "{{supported_distributions_19c}}"

- set_fact:
supported_18c: True
when:
- ansible_distribution == item.distro
- ansible_distribution_major_version is version(item.version, '>=')
- kernel_info.version is version(item.kernel_version, '>=')
- kernel_info.build is version(item.kernel_build, '>=')
with_items: "{{supported_distributions_18c}}"

- set_fact:
supported_12_2: True
when:
- ansible_distribution == item.distro
- ansible_distribution_major_version is version(item.version, '>=')
- kernel_info.version is version(item.kernel_version, '>=')
- kernel_info.build is version(item.kernel_build, '>=')
with_items: "{{supported_distributions_12_2}}"

- assert:
that: supported_19c or supported_18c or supported_12_2
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about 12.1? 11gR2?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did not find a document for 11 or 12.1 that lists the OS/Kernel combinations.

fail_msg: >-
Current distribution is not supported: {{ansible_distribution}}/{{ansible_distribution_major_version}}, {{kernel_info.version}}/{{kernel_info.build}}
Current distribution supported Oracle versions: Oracle 19c: {{supported_19c}}, Oracle 18c: {{supported_18c}}, Oracle 12.2: {{supported_12_2}}
success_msg: >-
Current distribution is supported: {{ansible_distribution}}/{{ansible_distribution_major_version}}, {{kernel_info.version}}/{{kernel_info.build}}
Current distribution supported Oracle versions: Oracle 19c: {{supported_19c}}, Oracle 18c: {{supported_18c}}, Oracle 12.2: {{supported_12_2}}


- name: Check the CPU architecture and core count
assert:
that:
- ansible_processor_cores >= required_cpu_cores
- ansible_architecture == required_cpu_arch
fail_msg: >-
CPU architecture is not supported (arch {{ansible_architecture}}/{{ansible_processor_cores}} cores, required arch {{required_cpu_arch}}/{{required_cpu_cores}} cores)
success_msg: >-
CPU architecture is supported (arch {{ansible_architecture}}/{{ansible_processor_cores}} cores)

- name: Check instance memory amount
assert:
that: ansible_memtotal_mb > required_mem_mb
fail_msg: >-
Memory reported is less than required (required {{required_mem_mb}} MB, reported {{ansible_memtotal_mb}} MB)
success_msg: >-
Memory reported is more or equal to required memry (required {{required_mem_mb}} MB, reported {{ansible_memtotal_mb}} MB)

- name: Check if UIDs are free for Oracle users
shell: id -un {{ item.uid }}
with_items: "{{ oracle_users }}"
ignore_errors: yes
register: user_check

- name: Abort if the UIDs are already in use
assert:
that: item.rc == 1
fail_msg: >-
User ID {{item.item.uid}} is already in use
success_msg: >-
User ID {{item.item.uid}} is available
with_items: "{{ user_check.results }}"