Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New role oradb manage wallet for database credentials #400

Merged
merged 3 commits into from
Jan 21, 2024
Merged

New role oradb manage wallet for database credentials #400

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
89fe632
oradb_manage_db: Added support for aliasnames for Oracle Wallet
Rendanic Jan 20, 2024
f83ed87
oradb_manage_db: allow multiline values for keys in sqlnet_ansible.ora
Rendanic Jan 21, 2024
a4ba90f
oradb_manage_wallet: New role for managing Oracle Wallets
Rendanic Jan 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
3 changes: 3 additions & 0 deletions changelogs/fragments/sqlnet_ansible.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
minor_changes:
- "oradb_manage_db: allow multiline values for keys in sqlnet_ansible.ora ()"
3 changes: 3 additions & 0 deletions changelogs/fragments/tnsnames_alias.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
minor_changes:
- "oradb_manage_db: Added support for aliasnames for Oracle Wallet ()"
3 changes: 3 additions & 0 deletions changelogs/fragments/wallet.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
minor_changes:
- "oradb_manage_wallet: New role for managing Oracle Wallets ()"
31 changes: 31 additions & 0 deletions extensions/molecule/shared_config/inventory/group_vars/all/oracle_db.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,8 @@ oracle_pdbs:

_tnsnames_config_pdb_helper:
- key: "{{ oracle_pdbs[0]['pdb_name'] }}"
alias:
- "{{ oracle_pdbs[0]['pdb_name'] }}_SYSTEM"
value:
connect:
service_name: "{{ oracle_pdbs[0]['pdb_name'] }}"
Expand All @@ -158,3 +160,32 @@ tnsnames_installed:
- tnsname: "{{ oracle_pdbs[0]['pdb_name'] }}"
home: db19-si-ee
state: present

sqlnet_config:
sqlnetalias1:
- {name: "ADR_BASE", value: "/u01/app/oracle/"}
- {name: "SQLNET.ALLOWED_LOGON_VERSION_CLIENT", value: 12}
- {name: "SQLNET.WALLET_OVERRIDE", value: 'TRUE'}
- name: WALLET_LOCATION
value: |-
(
SOURCE =
(METHOD = FILE)(METHOD_DATA = (DIRECTORY=/u01/app/oracle/wallet))
)

sqlnet_installed:
- home: db19-si-ee
sqlnet: sqlnetalias1
state: present

oracle_wallet_config:
- name: wallet1
home: db19-si-ee
path: /u01/app/oracle/wallet
state: present
# mode: g+rx
dbcredentials:
- tns_name: oracle_pdbs[0]['pdb_name']
db_name: oracle_pdbs[0]['pdb_name']
db_user: system
state: present
3 changes: 3 additions & 0 deletions extensions/molecule/shared_config/inventory/group_vars/all/password.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
oracle_wallet_password:
wallet1: "aA_{{ ansible_machine_id }}"
1 change: 1 addition & 0 deletions playbooks/manage_db.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
become: true
any_errors_fatal: true
roles:
- opitzconsulting.ansible_oracle.oradb_manage_wallet
- opitzconsulting.ansible_oracle.oradb_manage_db
- opitzconsulting.ansible_oracle.oradb_manage_pdb
- opitzconsulting.ansible_oracle.oradb_manage_parameters
Expand Down
6 changes: 6 additions & 0 deletions playbooks/manage_wallet.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
- name: Manage Oracle wallet
hosts: "{{ hostgroup | default('all') }}"
any_errors_fatal: true
roles:
- opitzconsulting.ansible_oracle.oradb_manage_wallet
2 changes: 2 additions & 0 deletions roles/oradb_manage_db/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,8 @@ oracle_gi_cluster_type: STANDARD

**_sql_script_**

**_sqlnet_**

**_sqlnet2_**

**_tnsnames_**
Expand Down
2 changes: 2 additions & 0 deletions roles/oradb_manage_db/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@
loop_var: sqlnetinst
when: sqlnet_installed is defined
tags: sqlnet2
vars:
_sqlnet_ansible_file: "{{ _oradb_manage_db_tns_home }}/network/admin/sqlnet_ansible.ora"

- name: manage_db | include listener_details.yml
ansible.builtin.include_tasks: listener_details.yml
Expand Down
52 changes: 48 additions & 4 deletions roles/oradb_manage_db/tasks/sqlnet.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,50 @@
mode: 0644
tags: sqlnet2

# Important!
# ansible-oracle <= 4.3 used lineinfile instead blockinfile with marker
# => Remove old entries before readding them with blockinfile
- name: Check for existing sqlnet_ansible.ora
ansible.builtin.stat:
path: "{{ _sqlnet_ansible_file }}"
register: _sqlnet_ansible_file_res
tags:
- sqlnet
- sqlnet2

- name: Working on sqlnet_ansible.ora
tags:
- sqlnet
- sqlnet2
when:
- _sqlnet_ansible_file_res.stat.exists
block:
- name: Search for marker in sqlnet_ansible.ora
ansible.builtin.lineinfile:
path: "{{ _sqlnet_ansible_file }}"
regexp: "# BEGIN Ansible managed for .*"
line: "# BEGIN Ansible managed for .*"
state: present
register: old_sqlnet_ansible_res
changed_when: false
check_mode: true

# Remove existing sqlnet_ansible.ora when no new marker is in place
# => we found an old configuration file created with lineinfile
# this must be changed to blockinfile with marker
- name: Remove existing sqlnet_ansible.ora due to missing new marker items
ansible.builtin.file:
path: "{{ _sqlnet_ansible_file }}"
state: absent
when: "'line added' in old_sqlnet_ansible_res.msg"

- name: sqlnet.ora | create custom configuration in sqlnet_ansible.ora
ansible.builtin.lineinfile:
path: "{{ _oradb_manage_db_tns_home }}/network/admin/sqlnet_ansible.ora"
line: "{{ item.name }}={{ item.value }}"
regexp: "^{{ item.name }}="
ansible.builtin.blockinfile:
path: "{{ _sqlnet_ansible_file }}"
block: >-
{{ sc_loop.name }} = {{ sc_loop.value }}
marker: "# {mark} Ansible managed for {{ sc_loop.name }}"
insertafter: "EOF"
backup: true
create: true
group: "{{ oracle_group }}"
Expand All @@ -30,4 +69,9 @@
mode: 0644
with_items:
- "{{ sqlnet_config[sqlnetinst.sqlnet] }}"
loop_control:
label: >-
{{ sqlnetinst.sqlnet }}
{{ sc_loop.name }}
loop_var: sc_loop
tags: sqlnet2
6 changes: 5 additions & 1 deletion roles/oradb_manage_db/templates/tnsnames.ora.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,11 @@ SALES=

# do not edit the configuration manually.
# The execution of ansible-oracle automatically replace all manual changes!
{{ tnsinst.tnsname | upper }} =
{% if oracle_tnsnames_config[tnsinst.tnsname]['alias'] is defined -%}
{{ tnsinst.tnsname | upper }}, {{ oracle_tnsnames_config[tnsinst.tnsname]['alias'] | join(', ') | upper }}
{%- else %}
{{ tnsinst.tnsname | upper }}
{%- endif %} =
(DESCRIPTION =
(FAILOVER={{ oracle_tnsnames_config[tnsinst.tnsname]['failover'] | default('yes')}})
(CONNECT_TIMEOUT={{ oracle_tnsnames_config[tnsinst.tnsname]['connect_timeout'] | default('5')}})
Expand Down
5 changes: 5 additions & 0 deletions roles/oradb_manage_wallet/.ansibledoctor.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
logging:
level: warning
template: readme
force_overwrite: true
64 changes: 62 additions & 2 deletions roles/oradb_manage_wallet/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,17 @@
# oradb_manage_wallet

Manage Wallets for Oracle with `mkstore`.

Multiple wallets with different locations are possivle.
Define a password for the wallet in `oracle_wallet_password`.

## Table of content

- [Requirements](#requirements)
- [Default Variables](#default-variables)
- [oracle_wallet_config](#oracle_wallet_config)
- [oracle_wallet_password](#oracle_wallet_password)
- [Discovered Tags](#discovered-tags)
- [Dependencies](#dependencies)
- [License](#license)
- [Author](#author)
Expand All @@ -11,11 +20,62 @@

## Requirements

None.
- Minimum Ansible version: `2.15.0`

## Default Variables

### oracle_wallet_config

#### Default value

```YAML
oracle_wallet_config: []
```

#### Example usage

```YAML
oracle_wallet_config:
- name: wallet1
home: 19300_base
path: /u01/app/oracle/wallet
state: present
dbcredential:
- tns_name: db1
db_name: db1
db_user: user1
state: present
```

### oracle_wallet_password

#### Default value

```YAML
oracle_wallet_password: {}
```

#### Example usage

```YAML
oracle_wallet_password:
wallet1: <password>
wallet2: <password>
```

## Discovered Tags

**_always_**


## Dependencies

None.
- orasw_meta

## License

license (MIT)

## Author

[Thorsten Bruhns]
45 changes: 45 additions & 0 deletions roles/oradb_manage_wallet/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
---
# @var oracle_wallet_password:description: >
# @end
oracle_wallet_password: {}
# @var oracle_wallet_password:example: >
# oracle_wallet_password:
# wallet1: <password>
# wallet2: <password>
# @end

# @var oracle_wallet_config:description: >
oracle_wallet_config: []

# See below example for more details.
# oracle_wallet_config:
# - name: <name for password entry>
# home: <dict key from db_homes_config>
# path: <target directory for wallet>
# owner: <OS-Owner - default oracle_owner>
# group: <OS-Group | default(omit)>
# mode: <chmod auf path | default(omit)>
# state: present/absent
# certificates: <optional>
# - type: ca
# cert: <certificate>
# state: present/absent
# dbcredential: <optional>
# - tns_name: <tns-alias from
# db_name: <db_name for dbpasswords[db_name]>
# db_user: <database user>
# state: present/absent
# @end
#
# @var oracle_wallet_config:example: >
# oracle_wallet_config:
# - name: wallet1
# home: 19300_base
# path: /u01/app/oracle/wallet
# state: present
# dbcredential:
# - tns_name: db1
# db_name: db1
# db_user: user1
# state: present
# @end
40 changes: 40 additions & 0 deletions roles/oradb_manage_wallet/meta/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
---
# @meta description: >
# Manage Wallets for Oracle with `mkstore`.
#
# Multiple wallets with different locations are possivle.
# Define a password for the wallet in `oracle_wallet_password`.

# The following credentials could be managed by this role:
#
# `database credentials:`
#
# We need the `db_name` as attribute for finding the password in `dbpasswords`.
# Be aware that `tns_name` could be different to the `db_name`.
# @end
# @meta author: [Thorsten Bruhns]
galaxy_info:
role_name: oradb_manage_wallet
author: Thorsten Bruhns
description: Manage Wallets for Oracle
company: Thorsten Bruhns

license: license (MIT)

min_ansible_version: 2.15.0

platforms:
- name: EL
versions:
- "6"
- "7"
- "8"
- "9"

galaxy_tags:
- database
- oracle
- wallet

dependencies:
- role: orasw_meta
49 changes: 49 additions & 0 deletions roles/oradb_manage_wallet/tasks/assert.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
---
- name: assert | assert wallet
when:
- oracle_wallet_config is defined
block:
- name: assert | assert oracle_wallet_config
ansible.builtin.assert:
quiet: true
that:
- owc.state is defined
- owc.state in ('present', 'absent')
- owc.name is defined
- owc.path is defined
- owc.home is defined
- db_homes_config[owc.home] is defined
- oracle_wallet_password[owc.name] is defined
with_items:
- "{{ oracle_wallet_config }}"
loop_control:
label: >-
{{ owc.name | default('') }}
{{ owc.path | default('') }}
{{ owc.state | default('') }}
loop_var: owc

# owc_dbc due to with_subelements instead of dbc_d!
- name: assert | assert dbcredential in oracle_wallet_config
ansible.builtin.assert:
quiet: true
that:
- owc_dbc.1.tns_name is defined
- owc_dbc.1.db_name is defined
- owc_dbc.1.db_user is defined
- owc_dbc.1.state in ('present', 'absent')
fail_msg: attribute missing or duplicate tns_name in wallet
with_subelements:
- "{{ oracle_wallet_config }}"
- dbcredentials
- flags:
skip_missing: true
loop_control:
label: >-
{{ owc_dbc.0.name | default('') }}
{{ owc_dbc.1.tns_name | default('') }}
{{ owc_dbc.1.state | default('') }}
loop_var: owc_dbc
when:
- owc_dbc.0.state == 'present'
- owc_dbc.1 is defined