From 6262b933e3c2baa31127455d055d098e1acdd29e Mon Sep 17 00:00:00 2001 From: romakarol <32648346+romakarol@users.noreply.github.com> Date: Fri, 22 Oct 2021 13:34:01 +0100 Subject: [PATCH] Add OHS role with remote download (#29) * Initial first pass cleaning and upload. * Add OHS travis tests. * Comment out weblogic dependancy to see how far the test gets * Change order of tasks to make the check * Add download vars * Linter complaining about spaces * Doh missed a bit in the path * Need to add "OHS" to the path to the base installer also * Doh add path element to the right place * Remove unused var * Opatch path incorrrect * Increase swap size for OHS install to pass. * linter * Remove the following comment: # This is an example playbook to execute Ansible tests. * Add Python imports to placate the python linter. * Fox to readme. * Python syntax error * Remove unnecessary lint errors and update galaxy yml version * Reintroduce Weblogic role into OHS. * update by single digit * Review comments * Use consistent dest for OHS installer stuff and Java * Update .travis.yml * Update base_install.yml * Update base_install.yml * Update base_install.yml * Revert "Update base_install.yml" This reverts commit fae756416aa350bb081eaf1b33dbea7e076bcba2. * Revert "Revert "Update base_install.yml"" This reverts commit e40c048ab2fd4c47414268e178247f6e9dba3429. * Revert "Revert "Revert "Update base_install.yml""" This reverts commit 92d2e2b91203ade56ea7e8578a51baeabedd39e8. * disable travis, fix undefined var path for base install, test * remove check and unused var * Update base_install.yml * fix patches filepaths * Update base_install.yml * fix patch paths * Update patch.yml * remove pointless verify * tweak readme and clean comment * uncomment travis file * forgot to remove installer from the 12.1.3 verify as well * fix copy tasks * change repo.zip name to baseInstaller Co-authored-by: martin-cummins Co-authored-by: martinccummins <89464283+martinccummins@users.noreply.github.com> Co-authored-by: salob Co-authored-by: Roman Muntean --- .travis.yml | 11 + galaxy.yml | 2 +- molecule/__ihs-v90/verify.yml | 2 - molecule/__ohs-v12.1.3/converge.yml | 45 +++ molecule/__ohs-v12.1.3/verify.yml | 51 +++ molecule/__ohs-v12.2.1/converge.yml | 44 +++ molecule/__ohs-v12.2.1/verify.yml | 51 +++ molecule/db2111/verify.yml | 2 - molecule/db2115/verify.yml | 2 - molecule/default/verify.yml | 2 - molecule/ohs-v12.1.3-centos-7/molecule.yml | 34 ++ molecule/ohs-v12.2.1-centos-7/molecule.yml | 34 ++ molecule/ohs-v12.2.1-centos-8/molecule.yml | 34 ++ roles/ohs/README.md | 48 +++ roles/ohs/defaults/main.yml | 29 ++ roles/ohs/files/configOHS.py | 69 ++++ roles/ohs/files/custom_staticcontent.conf | 24 ++ roles/ohs/files/plugin.py | 55 ++++ roles/ohs/tasks/base_install.yml | 120 +++++++ roles/ohs/tasks/config.yml | 336 ++++++++++++++++++++ roles/ohs/tasks/main.yml | 47 +++ roles/ohs/tasks/patch.yml | 124 ++++++++ roles/ohs/templates/custom_ohs_perf.conf.j2 | 109 +++++++ roles/ohs/templates/mod_wl_ohs.conf.j2 | 26 ++ roles/ohs/templates/ohsNM.service.j2 | 13 + roles/ohs/templates/ohs_install.rsp.j2 | 39 +++ roles/ohs/vars/v12.1.3.0.200412.yml | 22 ++ roles/ohs/vars/v12.2.1.4.210324.yml | 24 ++ tests/sanity/ignore-2.11.txt | 8 + 29 files changed, 1398 insertions(+), 9 deletions(-) create mode 100644 molecule/__ohs-v12.1.3/converge.yml create mode 100644 molecule/__ohs-v12.1.3/verify.yml create mode 100644 molecule/__ohs-v12.2.1/converge.yml create mode 100644 molecule/__ohs-v12.2.1/verify.yml create mode 100644 molecule/ohs-v12.1.3-centos-7/molecule.yml create mode 100644 molecule/ohs-v12.2.1-centos-7/molecule.yml create mode 100644 molecule/ohs-v12.2.1-centos-8/molecule.yml create mode 100644 roles/ohs/README.md create mode 100644 roles/ohs/defaults/main.yml create mode 100644 roles/ohs/files/configOHS.py create mode 100644 roles/ohs/files/custom_staticcontent.conf create mode 100644 roles/ohs/files/plugin.py create mode 100644 roles/ohs/tasks/base_install.yml create mode 100644 roles/ohs/tasks/config.yml create mode 100644 roles/ohs/tasks/main.yml create mode 100644 roles/ohs/tasks/patch.yml create mode 100644 roles/ohs/templates/custom_ohs_perf.conf.j2 create mode 100644 roles/ohs/templates/mod_wl_ohs.conf.j2 create mode 100644 roles/ohs/templates/ohsNM.service.j2 create mode 100644 roles/ohs/templates/ohs_install.rsp.j2 create mode 100644 roles/ohs/vars/v12.1.3.0.200412.yml create mode 100644 roles/ohs/vars/v12.2.1.4.210324.yml diff --git a/.travis.yml b/.travis.yml index 9d9e7a8..4e7b625 100644 --- a/.travis.yml +++ b/.travis.yml @@ -18,6 +18,14 @@ cache: before_cache: - rm -f $HOME/.cache/pip/log/debug.log +before_install: + - sudo fallocate -l 4G /swapfile + - sudo chmod 600 /swapfile + - sudo mkswap /swapfile + - sudo swapon /swapfile + - sudo sysctl -w vm.swappiness=10 + - sudo sysctl -w net.core.wmem_default=65536 + install: - pip install -r ci-requirements.txt - curl -sLO https://github.com/mikefarah/yq/releases/download/3.4.0/yq_linux_amd64 @@ -41,6 +49,9 @@ env: - SCENARIO=iim-191-centos-8 - SCENARIO=ihs-v90-centos-8 - SCENARIO=ihs-v80-centos-7 + - SCENARIO=ohs-v12.2.1-centos-7 + - SCENARIO=ohs-v12.2.1-centos-8 + - SCENARIO=ohs-v12.1.3-centos-7 - SCENARIO=liberty-centos-7 - SCENARIO=liberty-centos-8 - SCENARIO=weblogic-centos-7 diff --git a/galaxy.yml b/galaxy.yml index 5bf58f2..964d69c 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -10,7 +10,7 @@ namespace: ibm name: spm_middleware # The version of the collection. Must be compatible with semantic versioning -version: 1.1.1 +version: 1.1.2 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: README.md diff --git a/molecule/__ihs-v90/verify.yml b/molecule/__ihs-v90/verify.yml index a480ec8..124b6b9 100644 --- a/molecule/__ihs-v90/verify.yml +++ b/molecule/__ihs-v90/verify.yml @@ -1,6 +1,4 @@ --- -# This is an example playbook to execute Ansible tests. - - name: Verify hosts: all pre_tasks: diff --git a/molecule/__ohs-v12.1.3/converge.yml b/molecule/__ohs-v12.1.3/converge.yml new file mode 100644 index 0000000..06c05b2 --- /dev/null +++ b/molecule/__ohs-v12.1.3/converge.yml @@ -0,0 +1,45 @@ +--- +- name: Converge + hosts: all + + collections: + - ibm.spm_middleware + + tasks: + - name: Install python3 + package: + name: python3 + state: present + + - name: Create symlink for python3 + file: + src: /usr/bin/python3 + dest: /usr/local/bin/python + owner: root + group: root + state: link + + - name: pip self-update + pip: + name: pip + executable: pip3 + state: latest + vars: + ansible_python_interpreter: /usr/bin/python3 + + - name: include weblogic + include_role: + name: weblogic + vars: + ansible_python_interpreter: /usr/bin/python3 + weblogic_version: "12.1.3.0.210720" + + - name: include ohs + include_role: + name: ohs + vars: + ansible_python_interpreter: /usr/bin/python3 + ohs_version: 12.1.3.0.200412 + vars: + download_url: "{{ lookup('env', 'ARTIFACTORY_URL') }}/{{ lookup('env', 'ARTIFACTORY_REPO') }}/SoftwareInstallers" + download_header: { 'X-JFrog-Art-Api': "{{ lookup('env', 'ARTIFACTORY_TOKEN') }}"} diff --git a/molecule/__ohs-v12.1.3/verify.yml b/molecule/__ohs-v12.1.3/verify.yml new file mode 100644 index 0000000..99f1e3f --- /dev/null +++ b/molecule/__ohs-v12.1.3/verify.yml @@ -0,0 +1,51 @@ +--- +- name: Verify + hosts: all + + pre_tasks: + - name: include vars + include_vars: "../../roles/ohs/vars/v12.1.3.0.200412.yml" + + - name: include default + include_vars: "../../roles/ohs/defaults/main.yml" + + - name: Check opatch version + shell: "grep {{ opatch_version }} {{ ohs_home }}/OPatch/version.txt" + ignore_errors: True + register: opatch_version_flag + when: opatch_version is defined + + - name: Check Shell File Exists + stat: + path: "{{ profiled_path }}/ohs.sh" + register: shell + + - name: Check Profile File Exists + stat: + path: /opt/.profile + register: profile + + - name: Check Domain Created + shell: "grep ohs_{{ ansible_hostname }} {{ ohs_home }}/domain-registry.xml" + ignore_errors: True + register: domain_created + when: opatch_version is defined + + tasks: + - name: Check Patch Number Matched + assert: + that: opatch_version_flag.rc == 0 + when: opatch_version is defined + + - name: Check that shell exists + assert: + that: shell.stat.exists + + - name: Check that profile exists + assert: + that: profile.stat.exists + + - name: Check Domain Created + assert: + that: domain_created.rc == 0 + when: opatch_version is defined diff --git a/molecule/__ohs-v12.2.1/converge.yml b/molecule/__ohs-v12.2.1/converge.yml new file mode 100644 index 0000000..7b7c17f --- /dev/null +++ b/molecule/__ohs-v12.2.1/converge.yml @@ -0,0 +1,44 @@ +--- +- name: Converge + hosts: all + + collections: + - ibm.spm_middleware + + tasks: + - name: Install python3 + package: + name: python3 + state: present + + - name: Create symlink for python3 + file: + src: /usr/bin/python3 + dest: /usr/local/bin/python + owner: root + group: root + state: link + + - name: pip self-update + pip: + name: pip + executable: pip3 + state: latest + vars: + ansible_python_interpreter: /usr/bin/python3 + + - name: include weblogic + include_role: + name: weblogic + vars: + ansible_python_interpreter: /usr/bin/python3 + weblogic_version: "12.1.3.0.210720" + + - name: include ohs + include_role: + name: ohs + vars: + ansible_python_interpreter: /usr/bin/python3 + vars: + download_url: "{{ lookup('env', 'ARTIFACTORY_URL') }}/{{ lookup('env', 'ARTIFACTORY_REPO') }}/SoftwareInstallers" + download_header: { 'X-JFrog-Art-Api': "{{ lookup('env', 'ARTIFACTORY_TOKEN') }}"} diff --git a/molecule/__ohs-v12.2.1/verify.yml b/molecule/__ohs-v12.2.1/verify.yml new file mode 100644 index 0000000..fdf0acb --- /dev/null +++ b/molecule/__ohs-v12.2.1/verify.yml @@ -0,0 +1,51 @@ +--- +- name: Verify + hosts: all + + pre_tasks: + - name: include vars + include_vars: "../../roles/ohs/vars/v12.2.1.4.210324.yml" + + - name: include default + include_vars: "../../roles/ohs/defaults/main.yml" + + - name: Check opatch version + shell: "grep {{ opatch_version }} {{ ohs_home }}/OPatch/version.txt" + ignore_errors: True + register: opatch_version_flag + when: opatch_version is defined + + - name: Check Shell File Exists + stat: + path: "{{ profiled_path }}/ohs.sh" + register: shell + + - name: Check Profile File Exists + stat: + path: /opt/.profile + register: profile + + - name: Check Domain Created + shell: "grep ohs_{{ ansible_hostname }} {{ ohs_home }}/domain-registry.xml" + ignore_errors: True + register: domain_created + when: opatch_version is defined + + tasks: + - name: Check Patch Number Matched + assert: + that: opatch_version_flag.rc == 0 + when: opatch_version is defined + + - name: Check that shell exists + assert: + that: shell.stat.exists + + - name: Check that profile exists + assert: + that: profile.stat.exists + + - name: Check Domain Created + assert: + that: domain_created.rc == 0 + when: opatch_version is defined diff --git a/molecule/db2111/verify.yml b/molecule/db2111/verify.yml index 5d733c3..b7b8303 100644 --- a/molecule/db2111/verify.yml +++ b/molecule/db2111/verify.yml @@ -1,6 +1,4 @@ --- -# This is an example playbook to execute Ansible tests. - - name: Verify hosts: all pre_tasks: diff --git a/molecule/db2115/verify.yml b/molecule/db2115/verify.yml index 4fb341f..31a0cfe 100644 --- a/molecule/db2115/verify.yml +++ b/molecule/db2115/verify.yml @@ -1,6 +1,4 @@ --- -# This is an example playbook to execute Ansible tests. - - name: Verify hosts: all pre_tasks: diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 5d733c3..b7b8303 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -1,6 +1,4 @@ --- -# This is an example playbook to execute Ansible tests. - - name: Verify hosts: all pre_tasks: diff --git a/molecule/ohs-v12.1.3-centos-7/molecule.yml b/molecule/ohs-v12.1.3-centos-7/molecule.yml new file mode 100644 index 0000000..d82f6bf --- /dev/null +++ b/molecule/ohs-v12.1.3-centos-7/molecule.yml @@ -0,0 +1,34 @@ +--- +driver: + name: docker + provider: + name: docker + +lint: | + set -e + yamllint . + +platforms: + - name: centos-7 + image: centos:7 + dockerfile: ../_resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker + +provisioner: + name: ansible + log: true + config_options: + defaults: + stderr_callback: debug + stdout_callback: debug + env: + ANSIBLE_FORCE_COLOR: 'true' + playbooks: + converge: ../__ohs-v12.1.3/converge.yml + verify: ../__ohs-v12.1.3/verify.yml diff --git a/molecule/ohs-v12.2.1-centos-7/molecule.yml b/molecule/ohs-v12.2.1-centos-7/molecule.yml new file mode 100644 index 0000000..6ed1548 --- /dev/null +++ b/molecule/ohs-v12.2.1-centos-7/molecule.yml @@ -0,0 +1,34 @@ +--- +driver: + name: docker + provider: + name: docker + +lint: | + set -e + yamllint . + +platforms: + - name: centos-7 + image: centos:7 + dockerfile: ../_resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker + +provisioner: + name: ansible + log: true + config_options: + defaults: + stderr_callback: debug + stdout_callback: debug + env: + ANSIBLE_FORCE_COLOR: 'true' + playbooks: + converge: ../__ohs-v12.2.1/converge.yml + verify: ../__ohs-v12.2.1/verify.yml diff --git a/molecule/ohs-v12.2.1-centos-8/molecule.yml b/molecule/ohs-v12.2.1-centos-8/molecule.yml new file mode 100644 index 0000000..3fd9d02 --- /dev/null +++ b/molecule/ohs-v12.2.1-centos-8/molecule.yml @@ -0,0 +1,34 @@ +--- +driver: + name: docker + provider: + name: docker + +lint: | + set -e + yamllint . + +platforms: + - name: centos-8 + image: centos:8 + dockerfile: ../_resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker + +provisioner: + name: ansible + log: true + config_options: + defaults: + stderr_callback: debug + stdout_callback: debug + env: + ANSIBLE_FORCE_COLOR: 'true' + playbooks: + converge: ../__ohs-v12.2.1/converge.yml + verify: ../__ohs-v12.2.1/verify.yml diff --git a/roles/ohs/README.md b/roles/ohs/README.md new file mode 100644 index 0000000..a1d0e46 --- /dev/null +++ b/roles/ohs/README.md @@ -0,0 +1,48 @@ +# oracle + +The `ohs` role will install and patch Oracle HTTP Server, the Web server component for Oracle Fusion Middleware + +## Requirements + +* `python3` to be installed on the host +* `ansible_python_interpreter` set to `python3` +* `passlib` Python module must be installed. + +## Role Variables + +NOTE: Update these default usernames and passwords after the initial installation. + +| Property Name | Default value | +| ------------------------- | --------------------------------------------------- | +| `ohs_version` | `12.2.1.4.210324` | +| `ohs_user` | `oracle` | +| `ohs_admin_password` | `password1` | +| `ohs_group` | `oinstall` | +| `ohs_base` | `/home/oracle` | +| `ohs_home` | `/home/oracle/Oracle/Middleware/HTTP_Oracle_Home` | +| `ohs_port` | `7002` | +| `keystore_password` | `Passw0rd` +| ------------------------- | --------------------------------------------------- | +| `weblogic_user` | `weblogic` | +| `weblogic_password` | `Password1` | +| ------------------------- | --------------------------------------------------- | +| `download_url` | # set this if license and installer is being downloaded from a http server| +| `download_header` | # Use this in conjunction with `download_url` | +| `profiled_path` | `/opt/profile.d` | +| ------------------------- | --------------------------------------------------- | + +## Dependencies + +Although the role can be used independently, it is expected that Weblogic is already installed on the host and will not function correctly without it. + +## Example Playbook + +``` +- hosts: all + roles: + - role: ibm.spm_middleware.ohs + ohs_version: 12.2.1.4.210324 +``` +## License + +MIT diff --git a/roles/ohs/defaults/main.yml b/roles/ohs/defaults/main.yml new file mode 100644 index 0000000..34941ac --- /dev/null +++ b/roles/ohs/defaults/main.yml @@ -0,0 +1,29 @@ +--- +# OHS config +ohs_version: 12.2.1.4.210324 +ohs_user: oracle +ohs_admin_password: Password1 +ohs_group: oinstall +ohs_base: /home/oracle +ohs_home: "{{ ohs_base }}/Oracle/Middleware/HTTP_Oracle_Home" +ohs_port: 7002 +ohs_inventory: /opt/Oracle/oraInventory +ohs_installer_loc: /tmp/OHSInstaller +ohs_install_type: Standalone HTTP Server (Managed independently of WebLogic server) +ohs_scripts_loc: "{{ ohs_base }}/scripts" +ohs_moduleconf_loc: "{{ ohs_home }}/ohs/templates/conf/moduleconf" + +# Weblogic +weblogic_user: weblogic +weblogic_password: Password1 +wallet_path: "{{ ohs_home }}/user_projects/domains/ohs_{{ ansible_hostname }}/config/fmwconfig/components/OHS/instances/ohs1/keystores" +keystore_password: 'Passw0rd' + +# Common +profiled_path: /opt/profile.d +cert_organization_unit_name: "Watson Health SPM" +cert_organization_name: "FrontCert" + +# Server info for downloading installers / repos directly, leave blank to copy +# download_url: # e.g. https://artifactory/repo +# download_header: # e.g. X-JFrog-Art-Api: "{{ lookup('env', 'MYTOKEN') }}" diff --git a/roles/ohs/files/configOHS.py b/roles/ohs/files/configOHS.py new file mode 100644 index 0000000..2f5f9ed --- /dev/null +++ b/roles/ohs/files/configOHS.py @@ -0,0 +1,69 @@ +# coding=utf-8 +############################################################################### +# Copyright 2020 IBM Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +############################################################################### + +import sys + + +def usage(): + print('Usage:') + print('\twlst.sh -i configOHS.py [OracleHome] [OHSDomain] [FQDN] [AdminUsername] [AdminPassword] [OHSTemplateJar]') + print('\twlst.sh -i configOHS.py $OHS_HOME "ohs_$(hostname -s)" $(hostname -f) weblogic Password1 ohs_standalone_template.jar') + print('') + + +def create_ohs_domain(oracle_home, local_domain, fqdn, admin_username, admin_password, template_jar='ohs_standalone_template.jar'): + readTemplate('%s/wlserver/common/templates/wls/base_standalone.jar' % (oracle_home)) + addTemplate('%s/ohs/common/templates/wls/%s' % (oracle_home, template_jar)) + cd('/') + create(local_domain, 'SecurityConfiguration') + cd('SecurityConfiguration/%s' % (local_domain)) + set('NodeManagerUsername', admin_username) + set('NodeManagerPasswordEncrypted', admin_password) + setOption('NodeManagerType', 'PerDomainNodeManager') + setOption('JavaHome', '%s/oracle_common/jdk' % (oracle_home)) + cd('/Machines/localmachine/NodeManager/localmachine') + cmo.setListenAddress('localhost') + cmo.setListenPort(5556) + cmo.setNMType('SSL') + cd('/OHS/ohs1') + cmo.setListenPort('80') + cmo.setSSLListenPort('443') + cmo.setServerName('http://%s' % (fqdn)) + writeDomain('%s/user_projects/domains/%s' % (oracle_home, local_domain)) + exit() + + +if len(sys.argv) < 6: + usage() + sys.exit(1) + + +oracle_home = str(sys.argv[1]) +local_domain = str(sys.argv[2]) +fqdn = str(sys.argv[3]) +admin_username = str(sys.argv[4]) +admin_password = str(sys.argv[5]) + +print('Oracle Home: %s' % (oracle_home)) +print('Creating Domain "%s" ...' % (local_domain)) + + +if len(sys.argv) == 7: + template_jar = str(sys.argv[6]) + create_ohs_domain(oracle_home, local_domain, fqdn, admin_username, admin_password, template_jar) +else: + create_ohs_domain(oracle_home, local_domain, fqdn, admin_username, admin_password) diff --git a/roles/ohs/files/custom_staticcontent.conf b/roles/ohs/files/custom_staticcontent.conf new file mode 100644 index 0000000..64b6372 --- /dev/null +++ b/roles/ohs/files/custom_staticcontent.conf @@ -0,0 +1,24 @@ +# +# Custom Static Content config file +# + +Alias /CuramStatic/ "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/htdocs/WebContent/" + + Options Indexes MultiViews + AllowOverride None + #Order allow,deny + Require all granted + + + + ExpiresActive On + ExpiresByType text/css "access plus 1 month" + ExpiresByType text/javascript "access plus 1 month" + ExpiresByType text/plain "access plus 1 month" + ExpiresByType image/gif "access plus 1 month" + ExpiresByType image/jpg "access plus 1 month" + ExpiresByType image/png "access plus 1 month" + ExpiresByType application/x-shockwave-flash "access plus 1 month" + ExpiresByType application/x-javascript "access plus 1 month" + Header unset Last-Modified + diff --git a/roles/ohs/files/plugin.py b/roles/ohs/files/plugin.py new file mode 100644 index 0000000..fb2e1f8 --- /dev/null +++ b/roles/ohs/files/plugin.py @@ -0,0 +1,55 @@ +# coding=utf-8 +############################################################################### +# Copyright 2020 IBM Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +############################################################################### + +import sys + + +def usage(): + print('Usage:') + print('\twlst.sh -i plugin.py [AdminUsername] [AdminPassword] [AdminPort] [ServerName]') + print('\twlst.sh -i plugin.py weblogic Password1 7001 CuramServer') + print('') + + +def enable_plugin(admin_username, admin_password, admin_port='7001', server_name='CuramServer'): + connect(admin_username, admin_password, 't3://localhost:%s' % (admin_port)) + edit() + startEdit() + cd('//Servers/%s' % (server_name)) + cmo.setWeblogicPluginEnabled(true) + cd('//Servers/%s/SSL/%s' % (server_name, server_name)) + cmo.setTwoWaySSLEnabled(true) + cmo.setClientCertificateEnforced(false) + save() + activate(block='true') + disconnect() + exit() + + +if len(sys.argv) < 5: + usage() + sys.exit(1) + + +admin_username = str(sys.argv[1]) +admin_password = str(sys.argv[2]) +admin_port = str(sys.argv[3]) +server_name = str(sys.argv[4]) + +print('Enabling plugin on server "%s" via port %s' % (server_name, admin_port)) + +enable_plugin(admin_username, admin_password, admin_port, server_name) diff --git a/roles/ohs/tasks/base_install.yml b/roles/ohs/tasks/base_install.yml new file mode 100644 index 0000000..dda9aed --- /dev/null +++ b/roles/ohs/tasks/base_install.yml @@ -0,0 +1,120 @@ +--- +- name: Install required packages (1) + package: + name: + - binutils + - gcc-c++ + - ksh + - libaio-devel + - libstdc++-devel + - make + - net-tools + - openssl + - psmisc + - shadow-utils + - smartmontools + - sudo + - sysstat + - unzip + - yum-utils + state: present + +- name: Install required packages (2) + package: + name: + - compat-libcap1 + - compat-libstdc++-33.x86_64 + state: present + when: ansible_distribution_major_version | int == 7 + +- name: "Create {{ ohs_group }} group" + group: + name: "{{ ohs_group }}" + gid: 54321 + state: present + +- name: "Create {{ ohs_user }} user" + user: + name: "{{ ohs_user }}" + uid: 54321 + group: "{{ ohs_group }}" + append: yes + password: "{{ ohs_admin_password | password_hash('sha512', 'SaltyCl0ud') }}" # hash with salt + expires: -1 + create_home: yes + state: present + +- name: Create "{{ ohs_installer_loc }}" + file: + path: "{{ ohs_installer_loc }}" + state: directory + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + mode: 0755 + +- name: Check Installer File Exists + stat: + path: "{{ ohs_installer_loc }}/{{ base_installer_path }}" + register: installer + +- name: Download base installer + get_url: + url: "{{ download_url }}/{{ base_installer_path }}" + dest: "{{ ohs_installer_loc }}/baseInstaller" + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + mode: 0755 + force: no + headers: "{{ download_header }}" + when: not installer.stat.exists and download_url is defined + +- name: Copy installer + copy: + src: "{{ base_installer_path }}" + dest: "{{ ohs_installer_loc }}/baseInstaller" + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + mode: 0755 + when: not installer.stat.exists and download_url is not defined + +- name: Check if Inventory Dir exists + stat: + path: "{{ ohs_inventory }}" + register: inventory_dir + +- name: Create "{{ ohs_inventory }}" + file: + path: "{{ ohs_inventory }}" + state: directory + group: "{{ ohs_group }}" + owner: "{{ ohs_user }}" + mode: 0755 + when: not inventory_dir.stat.exists + +- name: Create oraInst.loc + copy: + dest: /etc/oraInst.loc + content: | + inventory_loc={{ ohs_inventory }} + inst_group=oinstall + mode: 0644 + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + +- name: copy response file + template: + src: ohs_install.rsp.j2 + dest: "{{ ohs_installer_loc }}/ohs_install.rsp" + mode: 0644 + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + +- name: Install OHS + become: yes + become_user: "{{ ohs_user }}" + command: "{{ ohs_installer_loc }}/baseInstaller -ignoreSysPrereqs -silent -responseFile {{ ohs_installer_loc }}/ohs_install.rsp" + +- name: Cleanup + file: + path: "{{ ohs_installer_loc }}/baseInstaller" + state: absent diff --git a/roles/ohs/tasks/config.yml b/roles/ohs/tasks/config.yml new file mode 100644 index 0000000..5e70f64 --- /dev/null +++ b/roles/ohs/tasks/config.yml @@ -0,0 +1,336 @@ +--- +- name: "Create {{ profiled_path }}" + file: + path: "{{ profiled_path }}" + mode: 0755 + state: directory + +- name: "Create {{ profiled_path }}/ohs.sh" + copy: + dest: "{{ profiled_path }}/ohs.sh" + content: | + #!/bin/bash + export OHS_HOME={{ ohs_home }} + export OHS_PATH=$OHS_HOME/ohs/bin:$PATH + mode: 0755 + +- name: Create /opt/.profile + copy: + dest: /opt/.profile + content: | + #!/bin/bash + PATH=.:$PATH + if [ -e {{ profiled_path }} ]; then + if [ "$PS1" ]; then + ls -l {{ profiled_path }}/*.sh + fi + for lizard in {{ profiled_path }}/*.sh ; do + . $lizard + done + fi + LANG=en_US.ISO-8859-1 + umask 002 + mode: 0755 + +- name: Create /etc/cap.ora + copy: + dest: /etc/cap.ora + content: "oinstall: bind" + mode: 0644 + owner: root + +# Ignore errors, this file may not exists +- name: Modify launch file + file: + path: "{{ ohs_home }}/ohs/bin/launch" + mode: u=rwxs,g=rx + owner: root + ignore_errors: True + +# Ignore errors, this file may not exists +- name: Modify hasbind file + file: + path: "{{ ohs_home }}/oracle_common/bin/hasbind" + mode: 4750 + owner: root + ignore_errors: True + +- name: Create scripts folder + file: + dest: "{{ ohs_scripts_loc }}" + state: directory + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + + +- name: Copy configOHS.py + copy: + src: configOHS.py + dest: "{{ ohs_scripts_loc }}" + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + +- name: Copy plugin.py + copy: + src: plugin.py + dest: "{{ ohs_scripts_loc }}" + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + +- name: Copy Template custom_ohs_perf.conf + template: + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + src: custom_ohs_perf.conf.j2 + dest: "{{ ohs_moduleconf_loc }}/custom_ohs_perf.conf" + +- name: Copy Template mod_wl_ohs.conf + template: + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + src: mod_wl_ohs.conf.j2 + dest: "{{ ohs_moduleconf_loc }}/mod_wl_ohs.conf" + +- name: Copy Template custom_staticcontent.conf + copy: + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + src: custom_staticcontent.conf + dest: "{{ ohs_moduleconf_loc }}/custom_staticcontent.conf" + +- name: Check Domain Created + shell: "grep ohs_{{ ansible_hostname }} {{ ohs_home }}/domain-registry.xml" + ignore_errors: True + changed_when: False + register: domain_created + +- name: Create Domain + become: yes + become_user: "{{ ohs_user }}" + command: "./wlst.sh -i {{ ohs_scripts_loc }}/configOHS.py {{ ohs_home }} ohs_{{ ansible_hostname }} {{ ansible_fqdn }} {{ weblogic_user }} {{ weblogic_password }} {{ template_jar }}" + args: + chdir: "{{ ohs_home }}/oracle_common/common/bin" + when: domain_created.rc != 0 + +- name: Check if keystore exists before setting up certs + stat: + path: "{{ wallet_path }}/publicEndPoint" + register: keystore + +- name: Generate Certs + block: + # needed for openssl_* modules + - name: Install PYOpenSSL python package + pip: + name: PyOpenSSL + executable: pip3 + + - name: Check if CertGenCA exists + stat: + path: "{{ weblogic_home }}/wlserver/server/lib/CertGenCA.der" + register: certgen + when: weblogic_home is defined + + - name: Execute create_back_wallet + become: yes + become_user: "{{ ohs_user }}" + command: "{{ ohs_home }}/oracle_common/bin/orapki wallet create -wallet {{ wallet_path }}/pluginWallet -auto_login -pwd {{ keystore_password }}" + environment: + ORACLE_HOME: "{{ ohs_home }}" + + - name: Execute trust_wlsca + become: yes + become_user: "{{ ohs_user }}" + command: "./orapki wallet add -wallet {{ wallet_path }}/pluginWallet -trusted_cert -cert {{ weblogic_home }}/wlserver/server/lib/CertGenCA.der -pwd {{ keystore_password }}" + args: + chdir: "{{ ohs_home }}/oracle_common/bin" + environment: + ORACLE_HOME: "{{ ohs_home }}" + when: weblogic_home is defined + + - name: Create ssl folder + file: + state: directory + path: "{{ ohs_base }}/scripts/ssl" + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + + - name: Generate an OpenSSL private key + openssl_privatekey: + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + type: RSA + size: 2048 + path: "{{ ohs_base }}/scripts/ssl/WLSPlugin.key" + + - name: Generate an OpenSSL Certificate Request + openssl_csr: + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + path: "{{ ohs_base }}/scripts/ssl/WLSPlugin.csr" + privatekey_path: "{{ ohs_base }}/scripts/ssl/WLSPlugin.key" + common_name: "{{ ansible_fqdn }}" + organization_name: WLSPlugin + organizational_unit_name: Watson Health SPM + key_usage: + - keyEncipherment + - digitalSignature + key_usage_critical: no + extended_key_usage: + - serverAuth + extended_key_usage_critical: no + subject_alt_name: "DNS:{{ ansible_hostname }},DNS:{{ ansible_fqdn }}" + subject_alt_name_critical: no + + - name: Generate a Self Signed OpenSSL certificate + openssl_certificate: + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + path: "{{ ohs_base }}/scripts/ssl/WLSPlugin.crt" + provider: selfsigned + privatekey_path: "{{ ohs_base }}/scripts/ssl/WLSPlugin.key" + csr_path: "{{ ohs_base }}/scripts/ssl/WLSPlugin.csr" + + - name: Create backend_p12 + become: yes + become_user: "{{ ohs_user }}" + command: "openssl pkcs12 -export -in {{ ohs_base }}/scripts/ssl/WLSPlugin.crt -inkey {{ ohs_base }}/scripts/ssl/WLSPlugin.key -out {{ ohs_base }}/scripts/ssl/WLSPlugin.p12 -name selfsigned -password pass:{{ keystore_password }}" + environment: + ORACLE_HOME: "{{ ohs_home }}" + + - name: Import cert to backend wallet + become: yes + become_user: "{{ ohs_user }}" + command: "./orapki wallet import_pkcs12 -wallet {{ wallet_path }}/pluginWallet -pkcs12file {{ ohs_base }}/scripts/ssl/WLSPlugin.p12 -pkcs12pwd {{ keystore_password }} -pwd {{ keystore_password }}" + args: + chdir: "{{ ohs_home }}/oracle_common/bin" + environment: + ORACLE_HOME: "{{ ohs_home }}" + + - name: Import cert to wls + become: yes + become_user: "{{ ohs_user }}" + command: "./keytool -file {{ ohs_base }}/scripts/ssl/WLSPlugin.crt -importcert -trustcacerts -keystore {{ weblogic_home }}/wlserver/server/lib/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase -noprompt" + args: + chdir: "{{ ohs_home }}/oracle_common/jdk/bin" + environment: + ORACLE_HOME: "{{ ohs_home }}" + when: weblogic_home is defined + + - name: Create front wallet + become: yes + become_user: "{{ ohs_user }}" + command: "./orapki wallet create -wallet {{ wallet_path }}/publicEndPoint -auto_login -pwd {{ keystore_password }}" + args: + chdir: "{{ ohs_home }}/oracle_common/bin" + environment: + ORACLE_HOME: "{{ ohs_home }}" + + - name: Generate an OpenSSL private key + openssl_privatekey: + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + type: RSA + size: 2048 + path: "{{ ohs_base }}/scripts/ssl/FrontCert.key" + + - name: Generate an OpenSSL Certificate Request + openssl_csr: + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + path: "{{ ohs_base }}/scripts/ssl/FrontCert.csr" + privatekey_path: "{{ ohs_base }}/scripts/ssl/FrontCert.key" + common_name: "{{ ansible_fqdn }}" + organization_name: "{{ cert_organization_name }}" + organizational_unit_name: "{{ cert_organization_unit_name }}" + key_usage: + - keyEncipherment + - digitalSignature + key_usage_critical: no + extended_key_usage: + - serverAuth + extended_key_usage_critical: no + subject_alt_name: "DNS:{{ ansible_hostname }},DNS:{{ ansible_fqdn }}" + subject_alt_name_critical: no + + - name: Generate a Self Signed OpenSSL certificate + openssl_certificate: + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + path: "{{ ohs_base }}/scripts/ssl/FrontCert.crt" + provider: selfsigned + privatekey_path: "{{ ohs_base }}/scripts/ssl/FrontCert.key" + csr_path: "{{ ohs_base }}/scripts/ssl/FrontCert.csr" + + - name: Create front end p12 + become: yes + become_user: "{{ ohs_user }}" + command: "openssl pkcs12 -export -in {{ ohs_scripts_loc }}/ssl/FrontCert.crt -inkey {{ ohs_scripts_loc }}/ssl/FrontCert.key -out {{ ohs_scripts_loc }}/ssl/FrontCert.p12 -name selfsigned -password pass:{{ keystore_password }}" + args: + chdir: "{{ ohs_home }}/oracle_common/bin" + environment: + ORACLE_HOME: "{{ ohs_home }}" + + - name: Import cert to front end wallet + become: yes + become_user: "{{ ohs_user }}" + command: "./orapki wallet import_pkcs12 -wallet {{ wallet_path }}/publicEndPoint -pkcs12file {{ ohs_scripts_loc }}/ssl/FrontCert.p12 -pkcs12pwd {{ keystore_password }} -pwd {{ keystore_password }}" + args: + chdir: "{{ ohs_home }}/oracle_common/bin" + environment: + ORACLE_HOME: "{{ ohs_home }}" + + - name: "Update {{ ohs_home }}/user_projects/domains/ohs_{{ ansible_hostname }}/config/fmwconfig/components/OHS/ohs1/ssl.conf" + replace: + path: "{{ ohs_home }}/user_projects/domains/ohs_{{ ansible_hostname }}/config/fmwconfig/components/OHS/ohs1/ssl.conf" + regexp: "(SSLWallet.*)default" + replace: "\\1publicEndPoint" + + - name: "Update {{ ohs_home }}/user_projects/domains/ohs_{{ ansible_hostname }}/config/fmwconfig/components/OHS/ohs1/ssl.conf" + replace: + path: "{{ ohs_home }}/user_projects/domains/ohs_{{ ansible_hostname }}/config/fmwconfig/components/OHS/ohs1/ssl.conf" + regexp: "443>" + replace: "443>\n\tRewriteEngine On\n\tRewriteOptions Inherit\n\t" + + when: not keystore.stat.exists + +# if startComponent.sh successfully, will create /home/oracle/.wlst +- name: Check if .wlst exists + stat: + path: "{{ ohs_base }}/.wlst" + register: wlst + ignore_errors: True + changed_when: False + +- name: Starting and authenticating NM + block: + + - name: Copy ohsNM.service + template: + src: ohsNM.service.j2 + dest: /etc/systemd/system/ohsNM.service + + - name: Start service + systemd: + name: ohsNM.service + enabled: yes + state: started + # Using shell as command did not wait + - name: Start Component + become: yes + become_user: "{{ ohs_user }}" + shell: "echo {{ weblogic_password }} | ./startComponent.sh ohs1 storeUserConfig" + args: + chdir: "{{ ohs_home }}/user_projects/domains/ohs_{{ ansible_hostname }}/bin" + environment: + ORACLE_HOME: "{{ ohs_home }}" + + - name: Stop Component + become: yes + become_user: "{{ ohs_user }}" + shell: "./stopComponent.sh ohs1" + args: + chdir: "{{ ohs_home }}/user_projects/domains/ohs_{{ ansible_hostname }}/bin" + environment: + ORACLE_HOME: "{{ ohs_home }}" + when: not wlst.stat.exists diff --git a/roles/ohs/tasks/main.yml b/roles/ohs/tasks/main.yml new file mode 100644 index 0000000..b73d219 --- /dev/null +++ b/roles/ohs/tasks/main.yml @@ -0,0 +1,47 @@ +--- +- name: Install python3 + package: + name: python3 + state: present + +- name: Create symlink for python3 + file: + src: /usr/bin/python3 + dest: /usr/local/bin/python + owner: root + group: root + state: link + +- name: "Include v{{ ohs_version }}.yml variables" + include_vars: "v{{ ohs_version }}.yml" + +- name: check if OHS already installed + shell: "grep {{ base_version }} {{ ohs_home }}/inventory/registry.xml" + changed_when: False + ignore_errors: True + register: base_installed + +- name: Install Base version + include_tasks: "base_install.yml" + when: base_version is defined and base_installed.rc != 0 + +- name: Check if Patch already applied + become: yes + become_user: "{{ ohs_user }}" + shell: "{{ ohs_home }}/OPatch/opatch lspatches | grep -i {{ item.number }}" + register: ohs_version_status + changed_when: False + ignore_errors: True + loop: "{{ patches }}" + +- name: Print ohs_version_status + debug: + msg: "{{ ohs_version_status }}" + +- name: Patch OHS + include_tasks: "patch.yml" + when: ohs_version_status.results | selectattr('rc','greaterthan',0) | list | count > 0 + +- name: Set up properties file + include_tasks: "config.yml" + when: base_version is defined diff --git a/roles/ohs/tasks/patch.yml b/roles/ohs/tasks/patch.yml new file mode 100644 index 0000000..f3d86b2 --- /dev/null +++ b/roles/ohs/tasks/patch.yml @@ -0,0 +1,124 @@ +--- +- name: "Check OPatch version matches {{ opatch_version }}" + become: yes + become_user: "{{ ohs_user }}" + shell: "grep {{ opatch_version }} {{ ohs_home }}/OPatch/version.txt" + ignore_errors: true + register: opatch_status + changed_when: False + when: opatch_version is defined + +# ==> install java +- name: Check if the Java download exists + stat: + path: "{{ ohs_installer_loc }}/java-repo.zip" + register: stat_result + +- name: Download Java repo + get_url: + url: "{{ download_url }}/{{ java_zip_path }}" + dest: "{{ ohs_installer_loc }}/java-repo.zip" + headers: "{{ download_header }}" + when: download_url is defined + +- name: Copy Java repo + copy: + src: "{{ java_zip_path }}" + dest: "{{ ohs_installer_loc }}/java-repo.zip" + when: download_url is not defined + +- name: Extract Java installer + unarchive: + src: "{{ ohs_installer_loc }}/java-repo.zip" + dest: "{{ jdk_folder }}" + remote_src: yes + extra_opts: [--strip-components=1] + +- name: Create patches folder + file: + state: directory + path: "/tmp/OHS/{{ ohs_version_folder }}" + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + +- name: "Download OPatch tool" + get_url: + url: "{{ download_url }}/{{ opatch_filename_path }}" + dest: "/tmp/patch-repo.zip" + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + headers: "{{ download_header }}" + when: opatch_filename_path is defined and download_url is defined + +- name: "Copy OPatch tool" + copy: + src: "{{ opatch_filename_path }}" + dest: "/tmp/patch-repo.zip" + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + when: opatch_filename_path and download_url is not defined + +- name: "Extract OPatch" + unarchive: + remote_src: yes + src: "/tmp/patch-repo.zip" + dest: "{{ ohs_installer_loc }}" + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + when: opatch_version is defined and opatch_status.rc != 0 + +- name: Patch OPatch tool + command: "{{ ohs_home }}/oracle_common/jdk/bin/java -jar {{ ohs_installer_loc }}/{{ opatch_folder }}/opatch_generic.jar -silent oracle_home={{ ohs_home }}" + become: yes + become_user: "{{ ohs_user }}" + when: opatch_version is defined and opatch_status.rc != 0 + +- name: Create patch directory + file: + path: /tmp/ohsPatches + state: directory + +- name: "Download OHS Patches" + get_url: + url: "{{ download_url }}/{{ item.filename }}" + dest: "/tmp/{{ item.filename }}" + force: no + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + headers: "{{ download_header }}" + loop: "{{ patches }}" + when: download_url is defined + +- name: "Copy OHS Patches" + copy: + src: "{{ item.filename }}" + dest: /tmp/{{ item.filename }} + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + loop: "{{ patches }}" + when: download_url is not defined + +- name: "Extract Patches" + unarchive: + remote_src: yes + src: "/tmp/{{ item.filename }}" + dest: /tmp/ + owner: "{{ ohs_user }}" + group: "{{ ohs_group }}" + loop: "{{ patches }}" + +- name: "Apply Patches" + become: yes + become_user: "{{ ohs_user }}" + command: "{{ ohs_home }}/OPatch/opatch apply -silent" + args: + chdir: "/tmp/{{ item.number }}" + loop: "{{ patches }}" + +- name: Cleanup + file: + path: "{{ item }}" + state: absent + loop: + - /tmp/OHS + - /tmp/repo.zip diff --git a/roles/ohs/templates/custom_ohs_perf.conf.j2 b/roles/ohs/templates/custom_ohs_perf.conf.j2 new file mode 100644 index 0000000..9222400 --- /dev/null +++ b/roles/ohs/templates/custom_ohs_perf.conf.j2 @@ -0,0 +1,109 @@ +# +# Taken from http://www-01.ibm.com/support/docview.wss?uid=swg21685199&aid=1 +# + +KeepAlive On +MaxKeepAliveRequests 1000 +KeepAliveTimeOut 2 + + +User "{{ ohs_user }}" +Group "{{ ohs_group }}" + + +# +# if required, you need to substitute these in the main httpd.conf for Linux +# +# +#ThreadLimit 300 +#MaxClients 300 +#MinSpareThreads 300 +#MaxSpareThreads 300 +#ThreadsPerChild 300 +#StartServers 1 +#ServerLimit 1 +#MaxRequestsPerChild 0 +# +# +# if required, you need to substitue these in the main httpd.conf for Windows +# +# +#ThreadLimit 300 +#ThreadsPerChild 300 +#MaxRequestsPerChild 0 +#MaxMemFree 2048 +# +# +# + +# +# Allow access to /server-status +# +# +# SetHandler server-status +# Order allow,deny +# Allow from all +# + +# +# Custom rule to redirect to HTTPS +# +# +# RedirectPermanent / https://${HOSTNAME}_SSL/ +# + + + LoadModule headers_module "${PRODUCT_HOME}/modules/mod_headers.so" + + + LoadModule expires_module "${PRODUCT_HOME}/modules/mod_expires.so" + +# Enables mod_rewrite for React Router's BrowserRouter directives + + LoadModule rewrite_module "${PRODUCT_HOME}/modules/mod_rewrite.so" + + + RewriteEngine On + RewriteCond %{REQUEST_METHOD} !^(GET|POST|PUT|DELETE|OPTIONS)$ + RewriteRule .* - [PT,F] + +# Below "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/htdocs/universal" is the location +# where the web application is deployed under the DocumentRoot. +# Alternatively you can specify the DocumentRoot "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/htdocs" + + AllowOverride FileInfo Options=MultiViews + ExpiresActive On + ExpiresDefault "access plus 1 month" + Header unset Last-Modified + + +# List of MIME types that can be compressed provided with the out-of-the-box application +# some of them might be already configured in your HTTP server, please edit as required + + AddType image/x-icon .ico + AddType application/javascript .js + AddType application/json json + AddType image/svg+xml svg + AddType text/css css + AddType text/html html + + + + LoadModule filter_module "${PRODUCT_HOME}/modules/mod_filter.so" + + + LoadModule deflate_module "${PRODUCT_HOME}/modules/mod_deflate.so" + + + + AddOutputFilterByType DEFLATE text/html text/plain text/css application/x-javascript application/javascript image/svg+xml application/json image/x-icon image/vnd.microsoft.icon text/xml + # Netscape 4.x has some problems... + BrowserMatch ^Mozilla/4 gzip-only-text/html + # Netscape 4.06-4.08 have some more problems + BrowserMatch ^Mozilla/4\.0[678] no-gzip + # MSIE masquerades as Netscape, but it is fine + BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html + # Make sure proxies don't deliver the wrong content + Header append Vary User-Agent env=!dont-vary + +# diff --git a/roles/ohs/templates/mod_wl_ohs.conf.j2 b/roles/ohs/templates/mod_wl_ohs.conf.j2 new file mode 100644 index 0000000..adb419b --- /dev/null +++ b/roles/ohs/templates/mod_wl_ohs.conf.j2 @@ -0,0 +1,26 @@ +# NOTE : This is a template to configure mod_weblogic. +LoadModule weblogic_module "${PRODUCT_HOME}/modules/mod_wl_ohs.so" +# This empty block is needed to save mod_wl related configuration from EM to this file when changes are made at the Base Virtual Host Level + + # WebLogicHost + # WebLogicPort + # MatchExpression *.jsp + DebugConfigInfo ON + KeepAliveEnabled OFF + KeepAliveSecs 0 + # SSL + SecureProxy ON + WLProxySSL ON + WLSSLWallet "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/keystores/pluginWallet" + WebLogicSSLVersion TLSv1_2 + + WLSRequest on + WebLogicHost {{ ansible_fqdn }} + WebLogicPort {{ ohs_port }} + + +# +# SetHandler weblogic-handler +# PathTrim /weblogic +# ErrorPage http:/WEBLOGIC_HOME:WEBLOGIC_PORT/ +# diff --git a/roles/ohs/templates/ohsNM.service.j2 b/roles/ohs/templates/ohsNM.service.j2 new file mode 100644 index 0000000..83610e0 --- /dev/null +++ b/roles/ohs/templates/ohsNM.service.j2 @@ -0,0 +1,13 @@ +[Unit] +Description=Oracle HTTP Server service + +[Service] +User={{ ohs_user }} +Group={{ ohs_group }} +Environment="ORACLE_HOME={{ ohs_home }}" +ExecStart={{ ohs_home }}/user_projects/domains/ohs_{{ ansible_hostname }}/bin/startNodeManager.sh +ExecStop={{ ohs_home }}/user_projects/domains/ohs_{{ ansible_hostname }}/bin/stopNodeManager.sh +Restart=always + +[Install] +WantedBy=default.target diff --git a/roles/ohs/templates/ohs_install.rsp.j2 b/roles/ohs/templates/ohs_install.rsp.j2 new file mode 100644 index 0000000..7e25c47 --- /dev/null +++ b/roles/ohs/templates/ohs_install.rsp.j2 @@ -0,0 +1,39 @@ +[ENGINE] + +#DO NOT CHANGE THIS. +Response File Version=1.0.0.0.0 + +[GENERIC] + +#The oracle home location. This can be an existing Oracle Home or a new Oracle Home +ORACLE_HOME={{ ohs_home }} + +#Set this variable value to the Installation Type selected as either Standalone HTTP Server (Managed independently of WebLogic server) OR Colocated HTTP Server (Managed through WebLogic server) +INSTALL_TYPE={{ ohs_install_type }} + +#Provide the My Oracle Support Username. If you wish to ignore Oracle Configuration Manager configuration provide empty string for user name. +MYORACLESUPPORT_USERNAME= + +#Provide the My Oracle Support Password +MYORACLESUPPORT_PASSWORD= + +#Set this to true if you wish to decline the security updates. Setting this to true and providing empty string for My Oracle Support username will ignore the Oracle Configuration Manager configuration +DECLINE_SECURITY_UPDATES=true + +#Set this to true if My Oracle Support Password is specified +SECURITY_UPDATES_VIA_MYORACLESUPPORT=false + +#Provide the Proxy Host +PROXY_HOST= + +#Provide the Proxy Port +PROXY_PORT= + +#Provide the Proxy Username +PROXY_USER= + +#Provide the Proxy Password +PROXY_PWD= + +#Type String (URL format) Indicates the OCM Repeater URL which should be of the format [scheme[Http/Https]]://[repeater host]:[repeater port] +COLLECTOR_SUPPORTHUB_URL= diff --git a/roles/ohs/vars/v12.1.3.0.200412.yml b/roles/ohs/vars/v12.1.3.0.200412.yml new file mode 100644 index 0000000..d261964 --- /dev/null +++ b/roles/ohs/vars/v12.1.3.0.200412.yml @@ -0,0 +1,22 @@ +--- +# Base installer values +ohs_version_folder: 12.1.3 +base_version: 12.1.3.0.0 +base_installer: fmw_12.1.3.0.0_ohs_linux64.bin +base_installer_path: "OHS/12.1.3/fmw_12.1.3.0.0_ohs_linux64.bin" +# Patches information +ohs_version: 12.2.1.4.210324 +patches: + - filename: "OHS/{{ ohs_version_folder }}/p31046788_121300_Linux-x86-64.zip" + number: 31046788 +# Add OPatch values when bundled OPatch needs to be upgraded +opatch_filename_path: "OHS/{{ ohs_version_folder }}/p28186730_139426_Generic.zip" +opatch_version: 13.9.4.2.6 +opatch_folder: 6880880 + +# Full jdk is needed to update OPatch +java_zip_path: 'Java/jdk-8u251-linux-x64.tar.gz' +java_version_path: 'jdk1.8.0_251' +jdk_folder: "{{ ohs_home }}/oracle_common/jdk" + +template_jar: "ohs_standalone_template_12.1.3.jar" diff --git a/roles/ohs/vars/v12.2.1.4.210324.yml b/roles/ohs/vars/v12.2.1.4.210324.yml new file mode 100644 index 0000000..bd79e29 --- /dev/null +++ b/roles/ohs/vars/v12.2.1.4.210324.yml @@ -0,0 +1,24 @@ +--- +# Base installer values +ohs_version_folder: 12.2.1 +base_version: 12.2.1.4.0 +base_installer: fmw_12.2.1.4.0_ohs_linux64.bin +base_installer_path: "OHS/12.2.1/fmw_12.2.1.4.0_ohs_linux64.bin" +# Patches information +ohs_version: 12.1.3.0.200412 +patches: + - filename: "OHS/{{ ohs_version_folder }}/p32673423_122140_Linux-x86-64.zip" + number: 32673423 + - filename: "OHS/{{ ohs_version_folder }}/p31101341_122140_Generic.zip" + number: 31101341 +# Add OPatch values when bundled OPatch needs to be upgraded +opatch_filename_path: "OHS/{{ ohs_version_folder }}/p28186730_139426_Generic.zip" +opatch_version: 13.9.4.2.6 +opatch_folder: 6880880 + +# Full jdk is needed to update OPatch +java_zip_path: 'Java/jdk-8u251-linux-x64.tar.gz' +java_version_path: 'jdk1.8.0_251' +jdk_folder: "{{ ohs_home }}/oracle_common/jdk" + +template_jar: "ohs_standalone_template.jar" diff --git a/tests/sanity/ignore-2.11.txt b/tests/sanity/ignore-2.11.txt index 6f98ad7..955d4fa 100644 --- a/tests/sanity/ignore-2.11.txt +++ b/tests/sanity/ignore-2.11.txt @@ -7,3 +7,11 @@ roles/db2/files/databaseUtil.sh shellcheck:SC2039 roles/db2/files/databaseUtil.sh shellcheck:SC2086 roles/db2/files/databaseUtil.sh shellcheck:SC2103 roles/db2/files/databaseUtil.sh shellcheck:SC2166 +roles/ohs/files/configOHS.py pep8!skip +roles/ohs/files/plugin.py pep8!skip +roles/ohs/files/configOHS.py pylint!skip +roles/ohs/files/plugin.py pylint!skip +roles/ohs/files/configOHS.py future-import-boilerplate!skip +roles/ohs/files/plugin.py future-import-boilerplate!skip +roles/ohs/files/configOHS.py metaclass-boilerplate!skip +roles/ohs/files/plugin.py metaclass-boilerplate!skip