host provision config tasks that follow initial connection setup

group_vars/all.yml

@@ -135,4 +135,6 @@ disable_firewall: false
 ## host provision variables
 instance_ssh_user: "{{ lookup('env','INSTANCE_SSH_USER')|lower|default('ansible',true) }}"
 firsttime_connect_user: "customeradmin"
-control_node_key_file: "~/.ssh/id_rsa_bms_toolkit"
+control_node_key_file: "~/.ssh/id_rsa_bms_toolkit"
+proxy_setup: "{{ lookup('env','ORA_PROXY_SETUP')|lower|default('false',true) }}"
+u01_lun: "{{ lookup('env','ORA_U01_LUN')|lower|default('',true) }}"

host-provision.sh

@@ -28,7 +28,7 @@ if [ $? != 4 ]; then
 fi
 
 GETOPT_MANDATORY="instance-ip-addr:"
-GETOPT_OPTIONAL="instance-ssh-user:,help"
+GETOPT_OPTIONAL="instance-ssh-user:,proxy-setup:,u01-lun:,help"
 GETOPT_LONG="${GETOPT_MANDATORY},${GETOPT_OPTIONAL}"
 GETOPT_SHORT="h"
 
@@ -47,6 +47,14 @@ eval set -- "$options"
 
 while true; do
     case "$1" in
+    --u01-lun)
+        ORA_U01_LUN="$2"
+        shift;
+        ;;
+    --proxy-setup)
+        ORA_PROXY_SETUP="$2"
+        shift;
+        ;;
     --instance-ssh-user)
         INSTANCE_SSH_USER="$2"
         shift;
@@ -72,6 +80,8 @@ done
 
 export INSTANCE_SSH_USER
 export ORA_CS_HOSTS
+export ORA_PROXY_SETUP
+export ORA_U01_LUN
 export INVENTORY_FILE="$ORA_CS_HOSTS,"
 
 echo -e "Running with parameters from command line or environment variables:\n"

host-provision.yml

@@ -69,3 +69,36 @@
       tasks_from: config-tasks.yml
   remote_user: "{{ instance_ssh_user }}"
   tags: host-provision
+
+# Not clubbing this play inside the main play that performs all config tasks
+# Reason: need to first connect as a non-sudo user (become: no) to get to the fact ansible_env['SSH_CLIENT']
+- name: Proxy setup [optional]
+  hosts: all
+  vars:
+    ansible_ssh_private_key_file: "{{ control_node_key_file }}"
+    #ansible_ssh_extra_args can be input as a command line or the following reasonable default may be used:    
+    ansible_ssh_extra_args: '-o IdentityAgent=no'
+  become: no
+  tasks:
+  - include_role:
+      name: host-provision
+      tasks_from: proxy.yml
+    when: proxy_setup|bool
+  remote_user: "{{ instance_ssh_user }}"
+  tags: host-provision
+
+- name: Perform RHEL-specific config tasks (subscription-manager, etc)
+  hosts: all
+  vars:
+    ansible_ssh_private_key_file: "{{ control_node_key_file }}"
+    #ansible_ssh_extra_args can be input as a command line or the following reasonable default may be used:    
+    ansible_ssh_extra_args: '-o IdentityAgent=no'
+  become: yes
+  tasks:
+  - include_role:
+      name: host-provision
+      tasks_from: rhel-config-tasks.yml
+    when:
+      - ansible_distribution == 'RedHat'
+  remote_user: "{{ instance_ssh_user }}"
+  tags: host-provision

roles/host-provision/tasks/config-tasks.yml

@@ -13,14 +13,28 @@
 # limitations under the License.
 
 
-- name: Validate ssh equivalence (passwordless connection) and sudo escalation for new user
+- name: config-tasks | Validate ssh equivalence (passwordless connection) and sudo escalation for new user
   ping:
   tags: host-provision
 
-# Placeholder for the core config tasks to be executed by the host-provision.sh utility
-# - name: config-tasks | Create LVM layer
-# ...
+# LVM creation
+# The net result will be that `/dev/mapper/db-sw` can be input into `install-oracle.sh` for local u01 storage
+- name: config-tasks | Create LVM layer - vgcreate
+  # added vgremove for idempotency of the script
+  # vgremove -y <VG>
+  # vgcreate -y <VG> <block device WWID>
+  shell: |
+    vgremove -y db 
+    vgcreate -y db {{ u01_lun }}
+  when:
+    - u01_lun | length > 0
+  ignore_errors: yes #to ignore when vgremove tries to remove non-existent vg the very first time this is run
+  tags: host-provision
 
+- name: config-tasks | Create LVM layer - lvcreate
+  # lvcreate -l 100%FREE -n <LV> <VG>
+  shell: lvcreate -l 100%FREE -n sw db
+  when:
+    - u01_lun | length > 0    
+  tags: host-provision
 
-# - name: config-tasks | For RHEL, subscription manager
-# ...

roles/host-provision/tasks/proxy.yml

@@ -0,0 +1,64 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# The tasks in this file are dependent on the fact that the control-node
+# has a HTTP proxy server like Squid installed and can act as the gateway
+# For more background, please refer:
+# https://cloud.google.com/vpc/docs/special-configurations#proxyvm
+
+- name: proxy | Get control node IP
+  set_fact:
+    proxy_ip: "{{ ansible_env['SSH_CLIENT'].split() | first }}"
+  # debug:
+  #   var: proxy_ip
+  tags: host-provision
+
+- name: proxy | Validate proxy connectivity via control node
+  uri:
+    url: https://www.google.com
+    status_code: 200
+  environment:
+    https_proxy: "http://{{ proxy_ip }}:3128"
+  tags: host-provision
+
+- name: proxy | Add control node as gateway-instance to /etc/hosts
+  become: true
+  lineinfile:
+    dest: /etc/hosts
+    regexp: '.*gateway-instance.*'
+    line: "{{ proxy_ip }} gateway-instance gateway-instance."
+    backup: yes    
+  tags: host-provision
+
+- name: proxy | Add client side proxy environment variables to /etc/profile.d
+  become: true
+  copy:
+    dest: /etc/profile.d/proxy.sh
+    content: |
+            export http_proxy="http://gateway-instance:3128"
+            export https_proxy="http://gateway-instance:3128"
+            export ftp_proxy="http://gateway-instance:3128"
+    backup: yes
+  tags: host-provision
+
+- name: proxy | Update proxy in sudoers
+  become: true
+  lineinfile:
+    dest: /etc/sudoers
+    regexp: ".*env_keep.*proxy.*"
+    line: 'Defaults env_keep += "ftp_proxy http_proxy https_proxy no_proxy"'
+    validate: 'visudo -cf %s'
+    backup: yes
+  tags: host-provision
+

roles/host-provision/tasks/rhel-config-tasks.yml

@@ -0,0 +1,59 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: config-tasks | Validate internet connectivity via control node
+  uri:
+    url: https://www.google.com
+    status_code: 200
+  tags: host-provision
+
+- name: config-tasks | Get current registration status
+  become: true
+  shell: |
+    /sbin/subscription-manager list |grep Status: |awk '{print $2}'
+  register: rhsm_status
+  tags: host-provision
+
+- name: config-tasks | Print current RHSM status
+  debug:
+    var: rhsm_status.stdout
+  tags: host-provision    
+
+- name: config-tasks | Get RHEL username
+  pause:
+    prompt: Enter username for RHEL support
+  register: rhel_username
+  when:
+    - rhsm_status.stdout !='Subscribed'
+  tags: host-provision
+
+- name: config-tasks | Get RHEL password
+  pause:
+    prompt: Enter password for RHEL support
+    echo: no
+  register: rhel_password
+  when:
+    - rhsm_status.stdout !='Subscribed'  
+  tags: host-provision
+
+- name: config-tasks | Register host
+  become: true
+  redhat_subscription:
+    state: present
+    username: "{{ rhel_username.user_input }}"
+    password: "{{ rhel_password.user_input }}"
+    auto_attach: true
+  when:
+    - rhsm_status.stdout !='Subscribed'  
+  tags: host-provision

roles/host-provision/tasks/ssh-keygen.yml

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-- name: Creates .ssh directory in control node if it does not exist
+- name: ssh-keygen | Creates .ssh directory in control node if it does not exist
   file:
     path: ~/.ssh
     state: directory