diff --git a/.travis.yml b/.travis.yml
index 9d9e7a8..4e7b625 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -18,6 +18,14 @@ cache:
before_cache:
- rm -f $HOME/.cache/pip/log/debug.log
+before_install:
+ - sudo fallocate -l 4G /swapfile
+ - sudo chmod 600 /swapfile
+ - sudo mkswap /swapfile
+ - sudo swapon /swapfile
+ - sudo sysctl -w vm.swappiness=10
+ - sudo sysctl -w net.core.wmem_default=65536
+
install:
- pip install -r ci-requirements.txt
- curl -sLO https://github.com/mikefarah/yq/releases/download/3.4.0/yq_linux_amd64
@@ -41,6 +49,9 @@ env:
- SCENARIO=iim-191-centos-8
- SCENARIO=ihs-v90-centos-8
- SCENARIO=ihs-v80-centos-7
+ - SCENARIO=ohs-v12.2.1-centos-7
+ - SCENARIO=ohs-v12.2.1-centos-8
+ - SCENARIO=ohs-v12.1.3-centos-7
- SCENARIO=liberty-centos-7
- SCENARIO=liberty-centos-8
- SCENARIO=weblogic-centos-7
diff --git a/galaxy.yml b/galaxy.yml
index 5bf58f2..964d69c 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -10,7 +10,7 @@ namespace: ibm
name: spm_middleware
# The version of the collection. Must be compatible with semantic versioning
-version: 1.1.1
+version: 1.1.2
# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
readme: README.md
diff --git a/molecule/__ihs-v90/verify.yml b/molecule/__ihs-v90/verify.yml
index a480ec8..124b6b9 100644
--- a/molecule/__ihs-v90/verify.yml
+++ b/molecule/__ihs-v90/verify.yml
@@ -1,6 +1,4 @@
---
-# This is an example playbook to execute Ansible tests.
-
- name: Verify
hosts: all
pre_tasks:
diff --git a/molecule/__ohs-v12.1.3/converge.yml b/molecule/__ohs-v12.1.3/converge.yml
new file mode 100644
index 0000000..06c05b2
--- /dev/null
+++ b/molecule/__ohs-v12.1.3/converge.yml
@@ -0,0 +1,45 @@
+---
+- name: Converge
+ hosts: all
+
+ collections:
+ - ibm.spm_middleware
+
+ tasks:
+ - name: Install python3
+ package:
+ name: python3
+ state: present
+
+ - name: Create symlink for python3
+ file:
+ src: /usr/bin/python3
+ dest: /usr/local/bin/python
+ owner: root
+ group: root
+ state: link
+
+ - name: pip self-update
+ pip:
+ name: pip
+ executable: pip3
+ state: latest
+ vars:
+ ansible_python_interpreter: /usr/bin/python3
+
+ - name: include weblogic
+ include_role:
+ name: weblogic
+ vars:
+ ansible_python_interpreter: /usr/bin/python3
+ weblogic_version: "12.1.3.0.210720"
+
+ - name: include ohs
+ include_role:
+ name: ohs
+ vars:
+ ansible_python_interpreter: /usr/bin/python3
+ ohs_version: 12.1.3.0.200412
+ vars:
+ download_url: "{{ lookup('env', 'ARTIFACTORY_URL') }}/{{ lookup('env', 'ARTIFACTORY_REPO') }}/SoftwareInstallers"
+ download_header: { 'X-JFrog-Art-Api': "{{ lookup('env', 'ARTIFACTORY_TOKEN') }}"}
diff --git a/molecule/__ohs-v12.1.3/verify.yml b/molecule/__ohs-v12.1.3/verify.yml
new file mode 100644
index 0000000..99f1e3f
--- /dev/null
+++ b/molecule/__ohs-v12.1.3/verify.yml
@@ -0,0 +1,51 @@
+---
+- name: Verify
+ hosts: all
+
+ pre_tasks:
+ - name: include vars
+ include_vars: "../../roles/ohs/vars/v12.1.3.0.200412.yml"
+
+ - name: include default
+ include_vars: "../../roles/ohs/defaults/main.yml"
+
+ - name: Check opatch version
+ shell: "grep {{ opatch_version }} {{ ohs_home }}/OPatch/version.txt"
+ ignore_errors: True
+ register: opatch_version_flag
+ when: opatch_version is defined
+
+ - name: Check Shell File Exists
+ stat:
+ path: "{{ profiled_path }}/ohs.sh"
+ register: shell
+
+ - name: Check Profile File Exists
+ stat:
+ path: /opt/.profile
+ register: profile
+
+ - name: Check Domain Created
+ shell: "grep ohs_{{ ansible_hostname }} {{ ohs_home }}/domain-registry.xml"
+ ignore_errors: True
+ register: domain_created
+ when: opatch_version is defined
+
+ tasks:
+ - name: Check Patch Number Matched
+ assert:
+ that: opatch_version_flag.rc == 0
+ when: opatch_version is defined
+
+ - name: Check that shell exists
+ assert:
+ that: shell.stat.exists
+
+ - name: Check that profile exists
+ assert:
+ that: profile.stat.exists
+
+ - name: Check Domain Created
+ assert:
+ that: domain_created.rc == 0
+ when: opatch_version is defined
diff --git a/molecule/__ohs-v12.2.1/converge.yml b/molecule/__ohs-v12.2.1/converge.yml
new file mode 100644
index 0000000..7b7c17f
--- /dev/null
+++ b/molecule/__ohs-v12.2.1/converge.yml
@@ -0,0 +1,44 @@
+---
+- name: Converge
+ hosts: all
+
+ collections:
+ - ibm.spm_middleware
+
+ tasks:
+ - name: Install python3
+ package:
+ name: python3
+ state: present
+
+ - name: Create symlink for python3
+ file:
+ src: /usr/bin/python3
+ dest: /usr/local/bin/python
+ owner: root
+ group: root
+ state: link
+
+ - name: pip self-update
+ pip:
+ name: pip
+ executable: pip3
+ state: latest
+ vars:
+ ansible_python_interpreter: /usr/bin/python3
+
+ - name: include weblogic
+ include_role:
+ name: weblogic
+ vars:
+ ansible_python_interpreter: /usr/bin/python3
+ weblogic_version: "12.1.3.0.210720"
+
+ - name: include ohs
+ include_role:
+ name: ohs
+ vars:
+ ansible_python_interpreter: /usr/bin/python3
+ vars:
+ download_url: "{{ lookup('env', 'ARTIFACTORY_URL') }}/{{ lookup('env', 'ARTIFACTORY_REPO') }}/SoftwareInstallers"
+ download_header: { 'X-JFrog-Art-Api': "{{ lookup('env', 'ARTIFACTORY_TOKEN') }}"}
diff --git a/molecule/__ohs-v12.2.1/verify.yml b/molecule/__ohs-v12.2.1/verify.yml
new file mode 100644
index 0000000..fdf0acb
--- /dev/null
+++ b/molecule/__ohs-v12.2.1/verify.yml
@@ -0,0 +1,51 @@
+---
+- name: Verify
+ hosts: all
+
+ pre_tasks:
+ - name: include vars
+ include_vars: "../../roles/ohs/vars/v12.2.1.4.210324.yml"
+
+ - name: include default
+ include_vars: "../../roles/ohs/defaults/main.yml"
+
+ - name: Check opatch version
+ shell: "grep {{ opatch_version }} {{ ohs_home }}/OPatch/version.txt"
+ ignore_errors: True
+ register: opatch_version_flag
+ when: opatch_version is defined
+
+ - name: Check Shell File Exists
+ stat:
+ path: "{{ profiled_path }}/ohs.sh"
+ register: shell
+
+ - name: Check Profile File Exists
+ stat:
+ path: /opt/.profile
+ register: profile
+
+ - name: Check Domain Created
+ shell: "grep ohs_{{ ansible_hostname }} {{ ohs_home }}/domain-registry.xml"
+ ignore_errors: True
+ register: domain_created
+ when: opatch_version is defined
+
+ tasks:
+ - name: Check Patch Number Matched
+ assert:
+ that: opatch_version_flag.rc == 0
+ when: opatch_version is defined
+
+ - name: Check that shell exists
+ assert:
+ that: shell.stat.exists
+
+ - name: Check that profile exists
+ assert:
+ that: profile.stat.exists
+
+ - name: Check Domain Created
+ assert:
+ that: domain_created.rc == 0
+ when: opatch_version is defined
diff --git a/molecule/db2111/verify.yml b/molecule/db2111/verify.yml
index 5d733c3..b7b8303 100644
--- a/molecule/db2111/verify.yml
+++ b/molecule/db2111/verify.yml
@@ -1,6 +1,4 @@
---
-# This is an example playbook to execute Ansible tests.
-
- name: Verify
hosts: all
pre_tasks:
diff --git a/molecule/db2115/verify.yml b/molecule/db2115/verify.yml
index 4fb341f..31a0cfe 100644
--- a/molecule/db2115/verify.yml
+++ b/molecule/db2115/verify.yml
@@ -1,6 +1,4 @@
---
-# This is an example playbook to execute Ansible tests.
-
- name: Verify
hosts: all
pre_tasks:
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
index 5d733c3..b7b8303 100644
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@@ -1,6 +1,4 @@
---
-# This is an example playbook to execute Ansible tests.
-
- name: Verify
hosts: all
pre_tasks:
diff --git a/molecule/ohs-v12.1.3-centos-7/molecule.yml b/molecule/ohs-v12.1.3-centos-7/molecule.yml
new file mode 100644
index 0000000..d82f6bf
--- /dev/null
+++ b/molecule/ohs-v12.1.3-centos-7/molecule.yml
@@ -0,0 +1,34 @@
+---
+driver:
+ name: docker
+ provider:
+ name: docker
+
+lint: |
+ set -e
+ yamllint .
+
+platforms:
+ - name: centos-7
+ image: centos:7
+ dockerfile: ../_resources/Dockerfile.j2
+ pre_build_image: False
+ privileged: True
+ volume_mounts:
+ - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+ command: "/usr/sbin/init"
+ environment:
+ container: docker
+
+provisioner:
+ name: ansible
+ log: true
+ config_options:
+ defaults:
+ stderr_callback: debug
+ stdout_callback: debug
+ env:
+ ANSIBLE_FORCE_COLOR: 'true'
+ playbooks:
+ converge: ../__ohs-v12.1.3/converge.yml
+ verify: ../__ohs-v12.1.3/verify.yml
diff --git a/molecule/ohs-v12.2.1-centos-7/molecule.yml b/molecule/ohs-v12.2.1-centos-7/molecule.yml
new file mode 100644
index 0000000..6ed1548
--- /dev/null
+++ b/molecule/ohs-v12.2.1-centos-7/molecule.yml
@@ -0,0 +1,34 @@
+---
+driver:
+ name: docker
+ provider:
+ name: docker
+
+lint: |
+ set -e
+ yamllint .
+
+platforms:
+ - name: centos-7
+ image: centos:7
+ dockerfile: ../_resources/Dockerfile.j2
+ pre_build_image: False
+ privileged: True
+ volume_mounts:
+ - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+ command: "/usr/sbin/init"
+ environment:
+ container: docker
+
+provisioner:
+ name: ansible
+ log: true
+ config_options:
+ defaults:
+ stderr_callback: debug
+ stdout_callback: debug
+ env:
+ ANSIBLE_FORCE_COLOR: 'true'
+ playbooks:
+ converge: ../__ohs-v12.2.1/converge.yml
+ verify: ../__ohs-v12.2.1/verify.yml
diff --git a/molecule/ohs-v12.2.1-centos-8/molecule.yml b/molecule/ohs-v12.2.1-centos-8/molecule.yml
new file mode 100644
index 0000000..3fd9d02
--- /dev/null
+++ b/molecule/ohs-v12.2.1-centos-8/molecule.yml
@@ -0,0 +1,34 @@
+---
+driver:
+ name: docker
+ provider:
+ name: docker
+
+lint: |
+ set -e
+ yamllint .
+
+platforms:
+ - name: centos-8
+ image: centos:8
+ dockerfile: ../_resources/Dockerfile.j2
+ pre_build_image: False
+ privileged: True
+ volume_mounts:
+ - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+ command: "/usr/sbin/init"
+ environment:
+ container: docker
+
+provisioner:
+ name: ansible
+ log: true
+ config_options:
+ defaults:
+ stderr_callback: debug
+ stdout_callback: debug
+ env:
+ ANSIBLE_FORCE_COLOR: 'true'
+ playbooks:
+ converge: ../__ohs-v12.2.1/converge.yml
+ verify: ../__ohs-v12.2.1/verify.yml
diff --git a/roles/ohs/README.md b/roles/ohs/README.md
new file mode 100644
index 0000000..a1d0e46
--- /dev/null
+++ b/roles/ohs/README.md
@@ -0,0 +1,48 @@
+# oracle
+
+The `ohs` role will install and patch Oracle HTTP Server, the Web server component for Oracle Fusion Middleware
+
+## Requirements
+
+* `python3` to be installed on the host
+* `ansible_python_interpreter` set to `python3`
+* `passlib` Python module must be installed.
+
+## Role Variables
+
+NOTE: Update these default usernames and passwords after the initial installation.
+
+| Property Name | Default value |
+| ------------------------- | --------------------------------------------------- |
+| `ohs_version` | `12.2.1.4.210324` |
+| `ohs_user` | `oracle` |
+| `ohs_admin_password` | `password1` |
+| `ohs_group` | `oinstall` |
+| `ohs_base` | `/home/oracle` |
+| `ohs_home` | `/home/oracle/Oracle/Middleware/HTTP_Oracle_Home` |
+| `ohs_port` | `7002` |
+| `keystore_password` | `Passw0rd`
+| ------------------------- | --------------------------------------------------- |
+| `weblogic_user` | `weblogic` |
+| `weblogic_password` | `Password1` |
+| ------------------------- | --------------------------------------------------- |
+| `download_url` | # set this if license and installer is being downloaded from a http server|
+| `download_header` | # Use this in conjunction with `download_url` |
+| `profiled_path` | `/opt/profile.d` |
+| ------------------------- | --------------------------------------------------- |
+
+## Dependencies
+
+Although the role can be used independently, it is expected that Weblogic is already installed on the host and will not function correctly without it.
+
+## Example Playbook
+
+```
+- hosts: all
+ roles:
+ - role: ibm.spm_middleware.ohs
+ ohs_version: 12.2.1.4.210324
+```
+## License
+
+MIT
diff --git a/roles/ohs/defaults/main.yml b/roles/ohs/defaults/main.yml
new file mode 100644
index 0000000..34941ac
--- /dev/null
+++ b/roles/ohs/defaults/main.yml
@@ -0,0 +1,29 @@
+---
+# OHS config
+ohs_version: 12.2.1.4.210324
+ohs_user: oracle
+ohs_admin_password: Password1
+ohs_group: oinstall
+ohs_base: /home/oracle
+ohs_home: "{{ ohs_base }}/Oracle/Middleware/HTTP_Oracle_Home"
+ohs_port: 7002
+ohs_inventory: /opt/Oracle/oraInventory
+ohs_installer_loc: /tmp/OHSInstaller
+ohs_install_type: Standalone HTTP Server (Managed independently of WebLogic server)
+ohs_scripts_loc: "{{ ohs_base }}/scripts"
+ohs_moduleconf_loc: "{{ ohs_home }}/ohs/templates/conf/moduleconf"
+
+# Weblogic
+weblogic_user: weblogic
+weblogic_password: Password1
+wallet_path: "{{ ohs_home }}/user_projects/domains/ohs_{{ ansible_hostname }}/config/fmwconfig/components/OHS/instances/ohs1/keystores"
+keystore_password: 'Passw0rd'
+
+# Common
+profiled_path: /opt/profile.d
+cert_organization_unit_name: "Watson Health SPM"
+cert_organization_name: "FrontCert"
+
+# Server info for downloading installers / repos directly, leave blank to copy
+# download_url: # e.g. https://artifactory/repo
+# download_header: # e.g. X-JFrog-Art-Api: "{{ lookup('env', 'MYTOKEN') }}"
diff --git a/roles/ohs/files/configOHS.py b/roles/ohs/files/configOHS.py
new file mode 100644
index 0000000..2f5f9ed
--- /dev/null
+++ b/roles/ohs/files/configOHS.py
@@ -0,0 +1,69 @@
+# coding=utf-8
+###############################################################################
+# Copyright 2020 IBM Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+###############################################################################
+
+import sys
+
+
+def usage():
+ print('Usage:')
+ print('\twlst.sh -i configOHS.py [OracleHome] [OHSDomain] [FQDN] [AdminUsername] [AdminPassword] [OHSTemplateJar]')
+ print('\twlst.sh -i configOHS.py $OHS_HOME "ohs_$(hostname -s)" $(hostname -f) weblogic Password1 ohs_standalone_template.jar')
+ print('')
+
+
+def create_ohs_domain(oracle_home, local_domain, fqdn, admin_username, admin_password, template_jar='ohs_standalone_template.jar'):
+ readTemplate('%s/wlserver/common/templates/wls/base_standalone.jar' % (oracle_home))
+ addTemplate('%s/ohs/common/templates/wls/%s' % (oracle_home, template_jar))
+ cd('/')
+ create(local_domain, 'SecurityConfiguration')
+ cd('SecurityConfiguration/%s' % (local_domain))
+ set('NodeManagerUsername', admin_username)
+ set('NodeManagerPasswordEncrypted', admin_password)
+ setOption('NodeManagerType', 'PerDomainNodeManager')
+ setOption('JavaHome', '%s/oracle_common/jdk' % (oracle_home))
+ cd('/Machines/localmachine/NodeManager/localmachine')
+ cmo.setListenAddress('localhost')
+ cmo.setListenPort(5556)
+ cmo.setNMType('SSL')
+ cd('/OHS/ohs1')
+ cmo.setListenPort('80')
+ cmo.setSSLListenPort('443')
+ cmo.setServerName('http://%s' % (fqdn))
+ writeDomain('%s/user_projects/domains/%s' % (oracle_home, local_domain))
+ exit()
+
+
+if len(sys.argv) < 6:
+ usage()
+ sys.exit(1)
+
+
+oracle_home = str(sys.argv[1])
+local_domain = str(sys.argv[2])
+fqdn = str(sys.argv[3])
+admin_username = str(sys.argv[4])
+admin_password = str(sys.argv[5])
+
+print('Oracle Home: %s' % (oracle_home))
+print('Creating Domain "%s" ...' % (local_domain))
+
+
+if len(sys.argv) == 7:
+ template_jar = str(sys.argv[6])
+ create_ohs_domain(oracle_home, local_domain, fqdn, admin_username, admin_password, template_jar)
+else:
+ create_ohs_domain(oracle_home, local_domain, fqdn, admin_username, admin_password)
diff --git a/roles/ohs/files/custom_staticcontent.conf b/roles/ohs/files/custom_staticcontent.conf
new file mode 100644
index 0000000..64b6372
--- /dev/null
+++ b/roles/ohs/files/custom_staticcontent.conf
@@ -0,0 +1,24 @@
+#
+# Custom Static Content config file
+#
+
+Alias /CuramStatic/ "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/htdocs/WebContent/"
+
+ Options Indexes MultiViews
+ AllowOverride None
+ #Order allow,deny
+ Require all granted
+
+
+
+ ExpiresActive On
+ ExpiresByType text/css "access plus 1 month"
+ ExpiresByType text/javascript "access plus 1 month"
+ ExpiresByType text/plain "access plus 1 month"
+ ExpiresByType image/gif "access plus 1 month"
+ ExpiresByType image/jpg "access plus 1 month"
+ ExpiresByType image/png "access plus 1 month"
+ ExpiresByType application/x-shockwave-flash "access plus 1 month"
+ ExpiresByType application/x-javascript "access plus 1 month"
+ Header unset Last-Modified
+
diff --git a/roles/ohs/files/plugin.py b/roles/ohs/files/plugin.py
new file mode 100644
index 0000000..fb2e1f8
--- /dev/null
+++ b/roles/ohs/files/plugin.py
@@ -0,0 +1,55 @@
+# coding=utf-8
+###############################################################################
+# Copyright 2020 IBM Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+###############################################################################
+
+import sys
+
+
+def usage():
+ print('Usage:')
+ print('\twlst.sh -i plugin.py [AdminUsername] [AdminPassword] [AdminPort] [ServerName]')
+ print('\twlst.sh -i plugin.py weblogic Password1 7001 CuramServer')
+ print('')
+
+
+def enable_plugin(admin_username, admin_password, admin_port='7001', server_name='CuramServer'):
+ connect(admin_username, admin_password, 't3://localhost:%s' % (admin_port))
+ edit()
+ startEdit()
+ cd('//Servers/%s' % (server_name))
+ cmo.setWeblogicPluginEnabled(true)
+ cd('//Servers/%s/SSL/%s' % (server_name, server_name))
+ cmo.setTwoWaySSLEnabled(true)
+ cmo.setClientCertificateEnforced(false)
+ save()
+ activate(block='true')
+ disconnect()
+ exit()
+
+
+if len(sys.argv) < 5:
+ usage()
+ sys.exit(1)
+
+
+admin_username = str(sys.argv[1])
+admin_password = str(sys.argv[2])
+admin_port = str(sys.argv[3])
+server_name = str(sys.argv[4])
+
+print('Enabling plugin on server "%s" via port %s' % (server_name, admin_port))
+
+enable_plugin(admin_username, admin_password, admin_port, server_name)
diff --git a/roles/ohs/tasks/base_install.yml b/roles/ohs/tasks/base_install.yml
new file mode 100644
index 0000000..dda9aed
--- /dev/null
+++ b/roles/ohs/tasks/base_install.yml
@@ -0,0 +1,120 @@
+---
+- name: Install required packages (1)
+ package:
+ name:
+ - binutils
+ - gcc-c++
+ - ksh
+ - libaio-devel
+ - libstdc++-devel
+ - make
+ - net-tools
+ - openssl
+ - psmisc
+ - shadow-utils
+ - smartmontools
+ - sudo
+ - sysstat
+ - unzip
+ - yum-utils
+ state: present
+
+- name: Install required packages (2)
+ package:
+ name:
+ - compat-libcap1
+ - compat-libstdc++-33.x86_64
+ state: present
+ when: ansible_distribution_major_version | int == 7
+
+- name: "Create {{ ohs_group }} group"
+ group:
+ name: "{{ ohs_group }}"
+ gid: 54321
+ state: present
+
+- name: "Create {{ ohs_user }} user"
+ user:
+ name: "{{ ohs_user }}"
+ uid: 54321
+ group: "{{ ohs_group }}"
+ append: yes
+ password: "{{ ohs_admin_password | password_hash('sha512', 'SaltyCl0ud') }}" # hash with salt
+ expires: -1
+ create_home: yes
+ state: present
+
+- name: Create "{{ ohs_installer_loc }}"
+ file:
+ path: "{{ ohs_installer_loc }}"
+ state: directory
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+ mode: 0755
+
+- name: Check Installer File Exists
+ stat:
+ path: "{{ ohs_installer_loc }}/{{ base_installer_path }}"
+ register: installer
+
+- name: Download base installer
+ get_url:
+ url: "{{ download_url }}/{{ base_installer_path }}"
+ dest: "{{ ohs_installer_loc }}/baseInstaller"
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+ mode: 0755
+ force: no
+ headers: "{{ download_header }}"
+ when: not installer.stat.exists and download_url is defined
+
+- name: Copy installer
+ copy:
+ src: "{{ base_installer_path }}"
+ dest: "{{ ohs_installer_loc }}/baseInstaller"
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+ mode: 0755
+ when: not installer.stat.exists and download_url is not defined
+
+- name: Check if Inventory Dir exists
+ stat:
+ path: "{{ ohs_inventory }}"
+ register: inventory_dir
+
+- name: Create "{{ ohs_inventory }}"
+ file:
+ path: "{{ ohs_inventory }}"
+ state: directory
+ group: "{{ ohs_group }}"
+ owner: "{{ ohs_user }}"
+ mode: 0755
+ when: not inventory_dir.stat.exists
+
+- name: Create oraInst.loc
+ copy:
+ dest: /etc/oraInst.loc
+ content: |
+ inventory_loc={{ ohs_inventory }}
+ inst_group=oinstall
+ mode: 0644
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+
+- name: copy response file
+ template:
+ src: ohs_install.rsp.j2
+ dest: "{{ ohs_installer_loc }}/ohs_install.rsp"
+ mode: 0644
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+
+- name: Install OHS
+ become: yes
+ become_user: "{{ ohs_user }}"
+ command: "{{ ohs_installer_loc }}/baseInstaller -ignoreSysPrereqs -silent -responseFile {{ ohs_installer_loc }}/ohs_install.rsp"
+
+- name: Cleanup
+ file:
+ path: "{{ ohs_installer_loc }}/baseInstaller"
+ state: absent
diff --git a/roles/ohs/tasks/config.yml b/roles/ohs/tasks/config.yml
new file mode 100644
index 0000000..5e70f64
--- /dev/null
+++ b/roles/ohs/tasks/config.yml
@@ -0,0 +1,336 @@
+---
+- name: "Create {{ profiled_path }}"
+ file:
+ path: "{{ profiled_path }}"
+ mode: 0755
+ state: directory
+
+- name: "Create {{ profiled_path }}/ohs.sh"
+ copy:
+ dest: "{{ profiled_path }}/ohs.sh"
+ content: |
+ #!/bin/bash
+ export OHS_HOME={{ ohs_home }}
+ export OHS_PATH=$OHS_HOME/ohs/bin:$PATH
+ mode: 0755
+
+- name: Create /opt/.profile
+ copy:
+ dest: /opt/.profile
+ content: |
+ #!/bin/bash
+ PATH=.:$PATH
+ if [ -e {{ profiled_path }} ]; then
+ if [ "$PS1" ]; then
+ ls -l {{ profiled_path }}/*.sh
+ fi
+ for lizard in {{ profiled_path }}/*.sh ; do
+ . $lizard
+ done
+ fi
+ LANG=en_US.ISO-8859-1
+ umask 002
+ mode: 0755
+
+- name: Create /etc/cap.ora
+ copy:
+ dest: /etc/cap.ora
+ content: "oinstall: bind"
+ mode: 0644
+ owner: root
+
+# Ignore errors, this file may not exists
+- name: Modify launch file
+ file:
+ path: "{{ ohs_home }}/ohs/bin/launch"
+ mode: u=rwxs,g=rx
+ owner: root
+ ignore_errors: True
+
+# Ignore errors, this file may not exists
+- name: Modify hasbind file
+ file:
+ path: "{{ ohs_home }}/oracle_common/bin/hasbind"
+ mode: 4750
+ owner: root
+ ignore_errors: True
+
+- name: Create scripts folder
+ file:
+ dest: "{{ ohs_scripts_loc }}"
+ state: directory
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+
+
+- name: Copy configOHS.py
+ copy:
+ src: configOHS.py
+ dest: "{{ ohs_scripts_loc }}"
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+
+- name: Copy plugin.py
+ copy:
+ src: plugin.py
+ dest: "{{ ohs_scripts_loc }}"
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+
+- name: Copy Template custom_ohs_perf.conf
+ template:
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+ src: custom_ohs_perf.conf.j2
+ dest: "{{ ohs_moduleconf_loc }}/custom_ohs_perf.conf"
+
+- name: Copy Template mod_wl_ohs.conf
+ template:
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+ src: mod_wl_ohs.conf.j2
+ dest: "{{ ohs_moduleconf_loc }}/mod_wl_ohs.conf"
+
+- name: Copy Template custom_staticcontent.conf
+ copy:
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+ src: custom_staticcontent.conf
+ dest: "{{ ohs_moduleconf_loc }}/custom_staticcontent.conf"
+
+- name: Check Domain Created
+ shell: "grep ohs_{{ ansible_hostname }} {{ ohs_home }}/domain-registry.xml"
+ ignore_errors: True
+ changed_when: False
+ register: domain_created
+
+- name: Create Domain
+ become: yes
+ become_user: "{{ ohs_user }}"
+ command: "./wlst.sh -i {{ ohs_scripts_loc }}/configOHS.py {{ ohs_home }} ohs_{{ ansible_hostname }} {{ ansible_fqdn }} {{ weblogic_user }} {{ weblogic_password }} {{ template_jar }}"
+ args:
+ chdir: "{{ ohs_home }}/oracle_common/common/bin"
+ when: domain_created.rc != 0
+
+- name: Check if keystore exists before setting up certs
+ stat:
+ path: "{{ wallet_path }}/publicEndPoint"
+ register: keystore
+
+- name: Generate Certs
+ block:
+ # needed for openssl_* modules
+ - name: Install PYOpenSSL python package
+ pip:
+ name: PyOpenSSL
+ executable: pip3
+
+ - name: Check if CertGenCA exists
+ stat:
+ path: "{{ weblogic_home }}/wlserver/server/lib/CertGenCA.der"
+ register: certgen
+ when: weblogic_home is defined
+
+ - name: Execute create_back_wallet
+ become: yes
+ become_user: "{{ ohs_user }}"
+ command: "{{ ohs_home }}/oracle_common/bin/orapki wallet create -wallet {{ wallet_path }}/pluginWallet -auto_login -pwd {{ keystore_password }}"
+ environment:
+ ORACLE_HOME: "{{ ohs_home }}"
+
+ - name: Execute trust_wlsca
+ become: yes
+ become_user: "{{ ohs_user }}"
+ command: "./orapki wallet add -wallet {{ wallet_path }}/pluginWallet -trusted_cert -cert {{ weblogic_home }}/wlserver/server/lib/CertGenCA.der -pwd {{ keystore_password }}"
+ args:
+ chdir: "{{ ohs_home }}/oracle_common/bin"
+ environment:
+ ORACLE_HOME: "{{ ohs_home }}"
+ when: weblogic_home is defined
+
+ - name: Create ssl folder
+ file:
+ state: directory
+ path: "{{ ohs_base }}/scripts/ssl"
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+
+ - name: Generate an OpenSSL private key
+ openssl_privatekey:
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+ type: RSA
+ size: 2048
+ path: "{{ ohs_base }}/scripts/ssl/WLSPlugin.key"
+
+ - name: Generate an OpenSSL Certificate Request
+ openssl_csr:
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+ path: "{{ ohs_base }}/scripts/ssl/WLSPlugin.csr"
+ privatekey_path: "{{ ohs_base }}/scripts/ssl/WLSPlugin.key"
+ common_name: "{{ ansible_fqdn }}"
+ organization_name: WLSPlugin
+ organizational_unit_name: Watson Health SPM
+ key_usage:
+ - keyEncipherment
+ - digitalSignature
+ key_usage_critical: no
+ extended_key_usage:
+ - serverAuth
+ extended_key_usage_critical: no
+ subject_alt_name: "DNS:{{ ansible_hostname }},DNS:{{ ansible_fqdn }}"
+ subject_alt_name_critical: no
+
+ - name: Generate a Self Signed OpenSSL certificate
+ openssl_certificate:
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+ path: "{{ ohs_base }}/scripts/ssl/WLSPlugin.crt"
+ provider: selfsigned
+ privatekey_path: "{{ ohs_base }}/scripts/ssl/WLSPlugin.key"
+ csr_path: "{{ ohs_base }}/scripts/ssl/WLSPlugin.csr"
+
+ - name: Create backend_p12
+ become: yes
+ become_user: "{{ ohs_user }}"
+ command: "openssl pkcs12 -export -in {{ ohs_base }}/scripts/ssl/WLSPlugin.crt -inkey {{ ohs_base }}/scripts/ssl/WLSPlugin.key -out {{ ohs_base }}/scripts/ssl/WLSPlugin.p12 -name selfsigned -password pass:{{ keystore_password }}"
+ environment:
+ ORACLE_HOME: "{{ ohs_home }}"
+
+ - name: Import cert to backend wallet
+ become: yes
+ become_user: "{{ ohs_user }}"
+ command: "./orapki wallet import_pkcs12 -wallet {{ wallet_path }}/pluginWallet -pkcs12file {{ ohs_base }}/scripts/ssl/WLSPlugin.p12 -pkcs12pwd {{ keystore_password }} -pwd {{ keystore_password }}"
+ args:
+ chdir: "{{ ohs_home }}/oracle_common/bin"
+ environment:
+ ORACLE_HOME: "{{ ohs_home }}"
+
+ - name: Import cert to wls
+ become: yes
+ become_user: "{{ ohs_user }}"
+ command: "./keytool -file {{ ohs_base }}/scripts/ssl/WLSPlugin.crt -importcert -trustcacerts -keystore {{ weblogic_home }}/wlserver/server/lib/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase -noprompt"
+ args:
+ chdir: "{{ ohs_home }}/oracle_common/jdk/bin"
+ environment:
+ ORACLE_HOME: "{{ ohs_home }}"
+ when: weblogic_home is defined
+
+ - name: Create front wallet
+ become: yes
+ become_user: "{{ ohs_user }}"
+ command: "./orapki wallet create -wallet {{ wallet_path }}/publicEndPoint -auto_login -pwd {{ keystore_password }}"
+ args:
+ chdir: "{{ ohs_home }}/oracle_common/bin"
+ environment:
+ ORACLE_HOME: "{{ ohs_home }}"
+
+ - name: Generate an OpenSSL private key
+ openssl_privatekey:
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+ type: RSA
+ size: 2048
+ path: "{{ ohs_base }}/scripts/ssl/FrontCert.key"
+
+ - name: Generate an OpenSSL Certificate Request
+ openssl_csr:
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+ path: "{{ ohs_base }}/scripts/ssl/FrontCert.csr"
+ privatekey_path: "{{ ohs_base }}/scripts/ssl/FrontCert.key"
+ common_name: "{{ ansible_fqdn }}"
+ organization_name: "{{ cert_organization_name }}"
+ organizational_unit_name: "{{ cert_organization_unit_name }}"
+ key_usage:
+ - keyEncipherment
+ - digitalSignature
+ key_usage_critical: no
+ extended_key_usage:
+ - serverAuth
+ extended_key_usage_critical: no
+ subject_alt_name: "DNS:{{ ansible_hostname }},DNS:{{ ansible_fqdn }}"
+ subject_alt_name_critical: no
+
+ - name: Generate a Self Signed OpenSSL certificate
+ openssl_certificate:
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+ path: "{{ ohs_base }}/scripts/ssl/FrontCert.crt"
+ provider: selfsigned
+ privatekey_path: "{{ ohs_base }}/scripts/ssl/FrontCert.key"
+ csr_path: "{{ ohs_base }}/scripts/ssl/FrontCert.csr"
+
+ - name: Create front end p12
+ become: yes
+ become_user: "{{ ohs_user }}"
+ command: "openssl pkcs12 -export -in {{ ohs_scripts_loc }}/ssl/FrontCert.crt -inkey {{ ohs_scripts_loc }}/ssl/FrontCert.key -out {{ ohs_scripts_loc }}/ssl/FrontCert.p12 -name selfsigned -password pass:{{ keystore_password }}"
+ args:
+ chdir: "{{ ohs_home }}/oracle_common/bin"
+ environment:
+ ORACLE_HOME: "{{ ohs_home }}"
+
+ - name: Import cert to front end wallet
+ become: yes
+ become_user: "{{ ohs_user }}"
+ command: "./orapki wallet import_pkcs12 -wallet {{ wallet_path }}/publicEndPoint -pkcs12file {{ ohs_scripts_loc }}/ssl/FrontCert.p12 -pkcs12pwd {{ keystore_password }} -pwd {{ keystore_password }}"
+ args:
+ chdir: "{{ ohs_home }}/oracle_common/bin"
+ environment:
+ ORACLE_HOME: "{{ ohs_home }}"
+
+ - name: "Update {{ ohs_home }}/user_projects/domains/ohs_{{ ansible_hostname }}/config/fmwconfig/components/OHS/ohs1/ssl.conf"
+ replace:
+ path: "{{ ohs_home }}/user_projects/domains/ohs_{{ ansible_hostname }}/config/fmwconfig/components/OHS/ohs1/ssl.conf"
+ regexp: "(SSLWallet.*)default"
+ replace: "\\1publicEndPoint"
+
+ - name: "Update {{ ohs_home }}/user_projects/domains/ohs_{{ ansible_hostname }}/config/fmwconfig/components/OHS/ohs1/ssl.conf"
+ replace:
+ path: "{{ ohs_home }}/user_projects/domains/ohs_{{ ansible_hostname }}/config/fmwconfig/components/OHS/ohs1/ssl.conf"
+ regexp: "443>"
+ replace: "443>\n\tRewriteEngine On\n\tRewriteOptions Inherit\n\t"
+
+ when: not keystore.stat.exists
+
+# if startComponent.sh successfully, will create /home/oracle/.wlst
+- name: Check if .wlst exists
+ stat:
+ path: "{{ ohs_base }}/.wlst"
+ register: wlst
+ ignore_errors: True
+ changed_when: False
+
+- name: Starting and authenticating NM
+ block:
+
+ - name: Copy ohsNM.service
+ template:
+ src: ohsNM.service.j2
+ dest: /etc/systemd/system/ohsNM.service
+
+ - name: Start service
+ systemd:
+ name: ohsNM.service
+ enabled: yes
+ state: started
+ # Using shell as command did not wait
+ - name: Start Component
+ become: yes
+ become_user: "{{ ohs_user }}"
+ shell: "echo {{ weblogic_password }} | ./startComponent.sh ohs1 storeUserConfig"
+ args:
+ chdir: "{{ ohs_home }}/user_projects/domains/ohs_{{ ansible_hostname }}/bin"
+ environment:
+ ORACLE_HOME: "{{ ohs_home }}"
+
+ - name: Stop Component
+ become: yes
+ become_user: "{{ ohs_user }}"
+ shell: "./stopComponent.sh ohs1"
+ args:
+ chdir: "{{ ohs_home }}/user_projects/domains/ohs_{{ ansible_hostname }}/bin"
+ environment:
+ ORACLE_HOME: "{{ ohs_home }}"
+ when: not wlst.stat.exists
diff --git a/roles/ohs/tasks/main.yml b/roles/ohs/tasks/main.yml
new file mode 100644
index 0000000..b73d219
--- /dev/null
+++ b/roles/ohs/tasks/main.yml
@@ -0,0 +1,47 @@
+---
+- name: Install python3
+ package:
+ name: python3
+ state: present
+
+- name: Create symlink for python3
+ file:
+ src: /usr/bin/python3
+ dest: /usr/local/bin/python
+ owner: root
+ group: root
+ state: link
+
+- name: "Include v{{ ohs_version }}.yml variables"
+ include_vars: "v{{ ohs_version }}.yml"
+
+- name: check if OHS already installed
+ shell: "grep {{ base_version }} {{ ohs_home }}/inventory/registry.xml"
+ changed_when: False
+ ignore_errors: True
+ register: base_installed
+
+- name: Install Base version
+ include_tasks: "base_install.yml"
+ when: base_version is defined and base_installed.rc != 0
+
+- name: Check if Patch already applied
+ become: yes
+ become_user: "{{ ohs_user }}"
+ shell: "{{ ohs_home }}/OPatch/opatch lspatches | grep -i {{ item.number }}"
+ register: ohs_version_status
+ changed_when: False
+ ignore_errors: True
+ loop: "{{ patches }}"
+
+- name: Print ohs_version_status
+ debug:
+ msg: "{{ ohs_version_status }}"
+
+- name: Patch OHS
+ include_tasks: "patch.yml"
+ when: ohs_version_status.results | selectattr('rc','greaterthan',0) | list | count > 0
+
+- name: Set up properties file
+ include_tasks: "config.yml"
+ when: base_version is defined
diff --git a/roles/ohs/tasks/patch.yml b/roles/ohs/tasks/patch.yml
new file mode 100644
index 0000000..f3d86b2
--- /dev/null
+++ b/roles/ohs/tasks/patch.yml
@@ -0,0 +1,124 @@
+---
+- name: "Check OPatch version matches {{ opatch_version }}"
+ become: yes
+ become_user: "{{ ohs_user }}"
+ shell: "grep {{ opatch_version }} {{ ohs_home }}/OPatch/version.txt"
+ ignore_errors: true
+ register: opatch_status
+ changed_when: False
+ when: opatch_version is defined
+
+# ==> install java
+- name: Check if the Java download exists
+ stat:
+ path: "{{ ohs_installer_loc }}/java-repo.zip"
+ register: stat_result
+
+- name: Download Java repo
+ get_url:
+ url: "{{ download_url }}/{{ java_zip_path }}"
+ dest: "{{ ohs_installer_loc }}/java-repo.zip"
+ headers: "{{ download_header }}"
+ when: download_url is defined
+
+- name: Copy Java repo
+ copy:
+ src: "{{ java_zip_path }}"
+ dest: "{{ ohs_installer_loc }}/java-repo.zip"
+ when: download_url is not defined
+
+- name: Extract Java installer
+ unarchive:
+ src: "{{ ohs_installer_loc }}/java-repo.zip"
+ dest: "{{ jdk_folder }}"
+ remote_src: yes
+ extra_opts: [--strip-components=1]
+
+- name: Create patches folder
+ file:
+ state: directory
+ path: "/tmp/OHS/{{ ohs_version_folder }}"
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+
+- name: "Download OPatch tool"
+ get_url:
+ url: "{{ download_url }}/{{ opatch_filename_path }}"
+ dest: "/tmp/patch-repo.zip"
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+ headers: "{{ download_header }}"
+ when: opatch_filename_path is defined and download_url is defined
+
+- name: "Copy OPatch tool"
+ copy:
+ src: "{{ opatch_filename_path }}"
+ dest: "/tmp/patch-repo.zip"
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+ when: opatch_filename_path and download_url is not defined
+
+- name: "Extract OPatch"
+ unarchive:
+ remote_src: yes
+ src: "/tmp/patch-repo.zip"
+ dest: "{{ ohs_installer_loc }}"
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+ when: opatch_version is defined and opatch_status.rc != 0
+
+- name: Patch OPatch tool
+ command: "{{ ohs_home }}/oracle_common/jdk/bin/java -jar {{ ohs_installer_loc }}/{{ opatch_folder }}/opatch_generic.jar -silent oracle_home={{ ohs_home }}"
+ become: yes
+ become_user: "{{ ohs_user }}"
+ when: opatch_version is defined and opatch_status.rc != 0
+
+- name: Create patch directory
+ file:
+ path: /tmp/ohsPatches
+ state: directory
+
+- name: "Download OHS Patches"
+ get_url:
+ url: "{{ download_url }}/{{ item.filename }}"
+ dest: "/tmp/{{ item.filename }}"
+ force: no
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+ headers: "{{ download_header }}"
+ loop: "{{ patches }}"
+ when: download_url is defined
+
+- name: "Copy OHS Patches"
+ copy:
+ src: "{{ item.filename }}"
+ dest: /tmp/{{ item.filename }}
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+ loop: "{{ patches }}"
+ when: download_url is not defined
+
+- name: "Extract Patches"
+ unarchive:
+ remote_src: yes
+ src: "/tmp/{{ item.filename }}"
+ dest: /tmp/
+ owner: "{{ ohs_user }}"
+ group: "{{ ohs_group }}"
+ loop: "{{ patches }}"
+
+- name: "Apply Patches"
+ become: yes
+ become_user: "{{ ohs_user }}"
+ command: "{{ ohs_home }}/OPatch/opatch apply -silent"
+ args:
+ chdir: "/tmp/{{ item.number }}"
+ loop: "{{ patches }}"
+
+- name: Cleanup
+ file:
+ path: "{{ item }}"
+ state: absent
+ loop:
+ - /tmp/OHS
+ - /tmp/repo.zip
diff --git a/roles/ohs/templates/custom_ohs_perf.conf.j2 b/roles/ohs/templates/custom_ohs_perf.conf.j2
new file mode 100644
index 0000000..9222400
--- /dev/null
+++ b/roles/ohs/templates/custom_ohs_perf.conf.j2
@@ -0,0 +1,109 @@
+#
+# Taken from http://www-01.ibm.com/support/docview.wss?uid=swg21685199&aid=1
+#
+
+KeepAlive On
+MaxKeepAliveRequests 1000
+KeepAliveTimeOut 2
+
+
+User "{{ ohs_user }}"
+Group "{{ ohs_group }}"
+
+
+#
+# if required, you need to substitute these in the main httpd.conf for Linux
+#
+#
+#ThreadLimit 300
+#MaxClients 300
+#MinSpareThreads 300
+#MaxSpareThreads 300
+#ThreadsPerChild 300
+#StartServers 1
+#ServerLimit 1
+#MaxRequestsPerChild 0
+#
+#
+# if required, you need to substitue these in the main httpd.conf for Windows
+#
+#
+#ThreadLimit 300
+#ThreadsPerChild 300
+#MaxRequestsPerChild 0
+#MaxMemFree 2048
+#
+#
+#
+
+#
+# Allow access to /server-status
+#
+#
+# SetHandler server-status
+# Order allow,deny
+# Allow from all
+#
+
+#
+# Custom rule to redirect to HTTPS
+#
+#
+# RedirectPermanent / https://${HOSTNAME}_SSL/
+#
+
+
+ LoadModule headers_module "${PRODUCT_HOME}/modules/mod_headers.so"
+
+
+ LoadModule expires_module "${PRODUCT_HOME}/modules/mod_expires.so"
+
+# Enables mod_rewrite for React Router's BrowserRouter directives
+
+ LoadModule rewrite_module "${PRODUCT_HOME}/modules/mod_rewrite.so"
+
+
+ RewriteEngine On
+ RewriteCond %{REQUEST_METHOD} !^(GET|POST|PUT|DELETE|OPTIONS)$
+ RewriteRule .* - [PT,F]
+
+# Below "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/htdocs/universal" is the location
+# where the web application is deployed under the DocumentRoot.
+# Alternatively you can specify the DocumentRoot "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/htdocs"
+
+ AllowOverride FileInfo Options=MultiViews
+ ExpiresActive On
+ ExpiresDefault "access plus 1 month"
+ Header unset Last-Modified
+
+
+# List of MIME types that can be compressed provided with the out-of-the-box application
+# some of them might be already configured in your HTTP server, please edit as required
+
+ AddType image/x-icon .ico
+ AddType application/javascript .js
+ AddType application/json json
+ AddType image/svg+xml svg
+ AddType text/css css
+ AddType text/html html
+
+
+
+ LoadModule filter_module "${PRODUCT_HOME}/modules/mod_filter.so"
+
+
+ LoadModule deflate_module "${PRODUCT_HOME}/modules/mod_deflate.so"
+
+
+
+ AddOutputFilterByType DEFLATE text/html text/plain text/css application/x-javascript application/javascript image/svg+xml application/json image/x-icon image/vnd.microsoft.icon text/xml
+ # Netscape 4.x has some problems...
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+ # Netscape 4.06-4.08 have some more problems
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+ # MSIE masquerades as Netscape, but it is fine
+ BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
+ # Make sure proxies don't deliver the wrong content
+ Header append Vary User-Agent env=!dont-vary
+
+#
diff --git a/roles/ohs/templates/mod_wl_ohs.conf.j2 b/roles/ohs/templates/mod_wl_ohs.conf.j2
new file mode 100644
index 0000000..adb419b
--- /dev/null
+++ b/roles/ohs/templates/mod_wl_ohs.conf.j2
@@ -0,0 +1,26 @@
+# NOTE : This is a template to configure mod_weblogic.
+LoadModule weblogic_module "${PRODUCT_HOME}/modules/mod_wl_ohs.so"
+# This empty block is needed to save mod_wl related configuration from EM to this file when changes are made at the Base Virtual Host Level
+
+ # WebLogicHost
+ # WebLogicPort
+ # MatchExpression *.jsp
+ DebugConfigInfo ON
+ KeepAliveEnabled OFF
+ KeepAliveSecs 0
+ # SSL
+ SecureProxy ON
+ WLProxySSL ON
+ WLSSLWallet "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/keystores/pluginWallet"
+ WebLogicSSLVersion TLSv1_2
+
+ WLSRequest on
+ WebLogicHost {{ ansible_fqdn }}
+ WebLogicPort {{ ohs_port }}
+
+
+#
+# SetHandler weblogic-handler
+# PathTrim /weblogic
+# ErrorPage http:/WEBLOGIC_HOME:WEBLOGIC_PORT/
+#
diff --git a/roles/ohs/templates/ohsNM.service.j2 b/roles/ohs/templates/ohsNM.service.j2
new file mode 100644
index 0000000..83610e0
--- /dev/null
+++ b/roles/ohs/templates/ohsNM.service.j2
@@ -0,0 +1,13 @@
+[Unit]
+Description=Oracle HTTP Server service
+
+[Service]
+User={{ ohs_user }}
+Group={{ ohs_group }}
+Environment="ORACLE_HOME={{ ohs_home }}"
+ExecStart={{ ohs_home }}/user_projects/domains/ohs_{{ ansible_hostname }}/bin/startNodeManager.sh
+ExecStop={{ ohs_home }}/user_projects/domains/ohs_{{ ansible_hostname }}/bin/stopNodeManager.sh
+Restart=always
+
+[Install]
+WantedBy=default.target
diff --git a/roles/ohs/templates/ohs_install.rsp.j2 b/roles/ohs/templates/ohs_install.rsp.j2
new file mode 100644
index 0000000..7e25c47
--- /dev/null
+++ b/roles/ohs/templates/ohs_install.rsp.j2
@@ -0,0 +1,39 @@
+[ENGINE]
+
+#DO NOT CHANGE THIS.
+Response File Version=1.0.0.0.0
+
+[GENERIC]
+
+#The oracle home location. This can be an existing Oracle Home or a new Oracle Home
+ORACLE_HOME={{ ohs_home }}
+
+#Set this variable value to the Installation Type selected as either Standalone HTTP Server (Managed independently of WebLogic server) OR Colocated HTTP Server (Managed through WebLogic server)
+INSTALL_TYPE={{ ohs_install_type }}
+
+#Provide the My Oracle Support Username. If you wish to ignore Oracle Configuration Manager configuration provide empty string for user name.
+MYORACLESUPPORT_USERNAME=
+
+#Provide the My Oracle Support Password
+MYORACLESUPPORT_PASSWORD=
+
+#Set this to true if you wish to decline the security updates. Setting this to true and providing empty string for My Oracle Support username will ignore the Oracle Configuration Manager configuration
+DECLINE_SECURITY_UPDATES=true
+
+#Set this to true if My Oracle Support Password is specified
+SECURITY_UPDATES_VIA_MYORACLESUPPORT=false
+
+#Provide the Proxy Host
+PROXY_HOST=
+
+#Provide the Proxy Port
+PROXY_PORT=
+
+#Provide the Proxy Username
+PROXY_USER=
+
+#Provide the Proxy Password
+PROXY_PWD=
+
+#Type String (URL format) Indicates the OCM Repeater URL which should be of the format [scheme[Http/Https]]://[repeater host]:[repeater port]
+COLLECTOR_SUPPORTHUB_URL=
diff --git a/roles/ohs/vars/v12.1.3.0.200412.yml b/roles/ohs/vars/v12.1.3.0.200412.yml
new file mode 100644
index 0000000..d261964
--- /dev/null
+++ b/roles/ohs/vars/v12.1.3.0.200412.yml
@@ -0,0 +1,22 @@
+---
+# Base installer values
+ohs_version_folder: 12.1.3
+base_version: 12.1.3.0.0
+base_installer: fmw_12.1.3.0.0_ohs_linux64.bin
+base_installer_path: "OHS/12.1.3/fmw_12.1.3.0.0_ohs_linux64.bin"
+# Patches information
+ohs_version: 12.2.1.4.210324
+patches:
+ - filename: "OHS/{{ ohs_version_folder }}/p31046788_121300_Linux-x86-64.zip"
+ number: 31046788
+# Add OPatch values when bundled OPatch needs to be upgraded
+opatch_filename_path: "OHS/{{ ohs_version_folder }}/p28186730_139426_Generic.zip"
+opatch_version: 13.9.4.2.6
+opatch_folder: 6880880
+
+# Full jdk is needed to update OPatch
+java_zip_path: 'Java/jdk-8u251-linux-x64.tar.gz'
+java_version_path: 'jdk1.8.0_251'
+jdk_folder: "{{ ohs_home }}/oracle_common/jdk"
+
+template_jar: "ohs_standalone_template_12.1.3.jar"
diff --git a/roles/ohs/vars/v12.2.1.4.210324.yml b/roles/ohs/vars/v12.2.1.4.210324.yml
new file mode 100644
index 0000000..bd79e29
--- /dev/null
+++ b/roles/ohs/vars/v12.2.1.4.210324.yml
@@ -0,0 +1,24 @@
+---
+# Base installer values
+ohs_version_folder: 12.2.1
+base_version: 12.2.1.4.0
+base_installer: fmw_12.2.1.4.0_ohs_linux64.bin
+base_installer_path: "OHS/12.2.1/fmw_12.2.1.4.0_ohs_linux64.bin"
+# Patches information
+ohs_version: 12.1.3.0.200412
+patches:
+ - filename: "OHS/{{ ohs_version_folder }}/p32673423_122140_Linux-x86-64.zip"
+ number: 32673423
+ - filename: "OHS/{{ ohs_version_folder }}/p31101341_122140_Generic.zip"
+ number: 31101341
+# Add OPatch values when bundled OPatch needs to be upgraded
+opatch_filename_path: "OHS/{{ ohs_version_folder }}/p28186730_139426_Generic.zip"
+opatch_version: 13.9.4.2.6
+opatch_folder: 6880880
+
+# Full jdk is needed to update OPatch
+java_zip_path: 'Java/jdk-8u251-linux-x64.tar.gz'
+java_version_path: 'jdk1.8.0_251'
+jdk_folder: "{{ ohs_home }}/oracle_common/jdk"
+
+template_jar: "ohs_standalone_template.jar"
diff --git a/tests/sanity/ignore-2.11.txt b/tests/sanity/ignore-2.11.txt
index 6f98ad7..955d4fa 100644
--- a/tests/sanity/ignore-2.11.txt
+++ b/tests/sanity/ignore-2.11.txt
@@ -7,3 +7,11 @@ roles/db2/files/databaseUtil.sh shellcheck:SC2039
roles/db2/files/databaseUtil.sh shellcheck:SC2086
roles/db2/files/databaseUtil.sh shellcheck:SC2103
roles/db2/files/databaseUtil.sh shellcheck:SC2166
+roles/ohs/files/configOHS.py pep8!skip
+roles/ohs/files/plugin.py pep8!skip
+roles/ohs/files/configOHS.py pylint!skip
+roles/ohs/files/plugin.py pylint!skip
+roles/ohs/files/configOHS.py future-import-boilerplate!skip
+roles/ohs/files/plugin.py future-import-boilerplate!skip
+roles/ohs/files/configOHS.py metaclass-boilerplate!skip
+roles/ohs/files/plugin.py metaclass-boilerplate!skip