-
Notifications
You must be signed in to change notification settings - Fork 244
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
oradb_manage_wallet: New role for managing Oracle Wallets
- Loading branch information
Showing
14 changed files
with
419 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
--- | ||
minor_changes: | ||
- "oradb_manage_wallet: New role for managing Oracle Wallets ()" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3 changes: 3 additions & 0 deletions
3
extensions/molecule/shared_config/inventory/group_vars/all/password.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
--- | ||
oracle_wallet_password: | ||
wallet1: "aA_{{ ansible_machine_id }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
--- | ||
- name: Manage Oracle wallet | ||
hosts: "{{ hostgroup | default('all') }}" | ||
any_errors_fatal: true | ||
roles: | ||
- opitzconsulting.ansible_oracle.oradb_manage_wallet |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
--- | ||
logging: | ||
level: warning | ||
template: readme | ||
force_overwrite: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
--- | ||
# @var oracle_wallet_password:description: > | ||
# @end | ||
oracle_wallet_password: {} | ||
# @var oracle_wallet_password:example: > | ||
# oracle_wallet_password: | ||
# wallet1: <password> | ||
# wallet2: <password> | ||
# @end | ||
|
||
# @var oracle_wallet_config:description: > | ||
oracle_wallet_config: [] | ||
|
||
# See below example for more details. | ||
# oracle_wallet_config: | ||
# - name: <name for password entry> | ||
# home: <dict key from db_homes_config> | ||
# path: <target directory for wallet> | ||
# owner: <OS-Owner - default oracle_owner> | ||
# group: <OS-Group | default(omit)> | ||
# mode: <chmod auf path | default(omit)> | ||
# state: present/absent | ||
# certificates: <optional> | ||
# - type: ca | ||
# cert: <certificate> | ||
# state: present/absent | ||
# dbcredential: <optional> | ||
# - tns_name: <tns-alias from | ||
# db_name: <db_name for dbpasswords[db_name]> | ||
# db_user: <database user> | ||
# state: present/absent | ||
# @end | ||
# | ||
# @var oracle_wallet_config:example: > | ||
# oracle_wallet_config: | ||
# - name: wallet1 | ||
# home: 19300_base | ||
# path: /u01/app/oracle/wallet | ||
# state: present | ||
# dbcredential: | ||
# - tns_name: db1 | ||
# db_name: db1 | ||
# db_user: user1 | ||
# state: present | ||
# @end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
--- | ||
# @meta description: > | ||
# Manage Wallets for Oracle with `mkstore`. | ||
# | ||
# Multiple wallets with different locations are possivle. | ||
# Define a password for the wallet in `oracle_wallet_password`. | ||
|
||
# The following credentials could be managed by this role: | ||
# | ||
# `database credentials:` | ||
# | ||
# We need the `db_name` as attribute for finding the password in `dbpasswords`. | ||
# Be aware that `tns_name` could be different to the `db_name`. | ||
# @end | ||
# @meta author: [Thorsten Bruhns] | ||
galaxy_info: | ||
role_name: oradb_manage_wallet | ||
author: Thorsten Bruhns | ||
description: Manage Wallets for Oracle | ||
company: Thorsten Bruhns | ||
|
||
license: license (MIT) | ||
|
||
min_ansible_version: 2.15.0 | ||
|
||
platforms: | ||
- name: EL | ||
versions: | ||
- "6" | ||
- "7" | ||
- "8" | ||
- "9" | ||
|
||
galaxy_tags: | ||
- database | ||
- oracle | ||
- wallet | ||
|
||
dependencies: | ||
- role: orasw_meta |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
--- | ||
- name: assert | assert wallet | ||
when: | ||
- oracle_wallet_config is defined | ||
block: | ||
- name: assert | assert oracle_wallet_config | ||
ansible.builtin.assert: | ||
quiet: true | ||
that: | ||
- owc.state is defined | ||
- owc.state in ('present', 'absent') | ||
- owc.name is defined | ||
- owc.path is defined | ||
- owc.home is defined | ||
- db_homes_config[owc.home] is defined | ||
- oracle_wallet_password[owc.name] is defined | ||
with_items: | ||
- "{{ oracle_wallet_config }}" | ||
loop_control: | ||
label: >- | ||
{{ owc.name | default('') }} | ||
{{ owc.path | default('') }} | ||
{{ owc.state | default('') }} | ||
loop_var: owc | ||
|
||
# owc_dbc due to with_subelements instead of dbc_d! | ||
- name: assert | assert dbcredential in oracle_wallet_config | ||
ansible.builtin.assert: | ||
quiet: true | ||
that: | ||
- owc_dbc.1.tns_name is defined | ||
- owc_dbc.1.db_name is defined | ||
- owc_dbc.1.db_user is defined | ||
- owc_dbc.1.state in ('present', 'absent') | ||
fail_msg: attribute missing or duplicate tns_name in wallet | ||
with_subelements: | ||
- "{{ oracle_wallet_config }}" | ||
- dbcredentials | ||
- flags: | ||
skip_missing: true | ||
loop_control: | ||
label: >- | ||
{{ owc_dbc.0.name | default('') }} | ||
{{ owc_dbc.1.tns_name | default('') }} | ||
{{ owc_dbc.1.state | default('') }} | ||
loop_var: owc_dbc | ||
when: | ||
- owc_dbc.0.state == 'present' | ||
- owc_dbc.1 is defined |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
--- | ||
# tasks file for manage_db | ||
- name: oradb_manage_wallet | assert | ||
ansible.builtin.include_tasks: assert.yml | ||
tags: | ||
always | ||
|
||
- name: oradb_manage_wallet | Loop over oracle_wallet_config | ||
ansible.builtin.include_tasks: wallet_config.yml | ||
with_items: | ||
- "{{ oracle_wallet_config }}" | ||
loop_control: | ||
label: >- | ||
{{ owc.name | default('') }} | ||
{{ owc.path | default('') }} | ||
{{ owc.state | default('present') }} | ||
loop_var: owc | ||
vars: | ||
# set odb loop_var for usage of _oracle_home_db | ||
odb: "{{ owc }}" | ||
tags: | ||
always |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
--- | ||
- name: wallet_config | Wallet present | ||
when: | ||
- owc.state | default('present') == 'present' | ||
block: | ||
- name: wallet_config | Wallet create | ||
ansible.builtin.shell: | ||
cmd: | | ||
set -eu | ||
set -o pipefail | ||
echo -e "$stdin" | "${ORACLE_HOME}/bin/mkstore" -create -nologo -wrl "${wrl}" | ||
creates: "{{ owc.path }}/ewallet.p12" | ||
become: true | ||
become_user: "{{ osc.owner | default(oracle_user) }}" | ||
environment: | ||
stdin: "{{ _oradb_manage_wallet_password }}\n{{ _oradb_manage_wallet_password }}" | ||
wrl: "{{ owc.path }}" | ||
ORACLE_HOME: "{{ _oracle_home_db }}" | ||
|
||
- name: wallet_config | include wallet_manage_dbcredential.yml | ||
ansible.builtin.include_tasks: wallet_manage_dbcredential.yml | ||
|
||
- name: wallet_config | chmod over wallet directory | ||
ansible.builtin.file: | ||
path: "{{ owc.path }}" | ||
group: "{{ owc.group | default(omit) }}" | ||
mode: "{{ owc.mode | default(omit) }}" | ||
recurse: true | ||
|
||
- name: wallet_config | Remove wallet | ||
when: | ||
- owc.state | default('present') == 'absent' | ||
ansible.builtin.file: | ||
path: "{{ owc.path }}" | ||
state: absent | ||
recurse: true | ||
become: true | ||
become_user: "{{ osc.owner | default(oracle_user) }}" |
Oops, something went wrong.