-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path1_oracle_prep.yaml
199 lines (179 loc) · 6.73 KB
/
1_oracle_prep.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
# Work in Progress!
---
- name: Configure server - Oracle DB install.
hosts: "{{ hosts | default('db_servers') }}"
vars:
v_maj: "{{ oracle_version.split('.') | first | string }}"
v_maj_min: "{{ oracle_version.split('.')[:2] | join('.') | string }}"
pre_tasks:
- name: Create groups.
tags: user_mgmt, groups
ansible.builtin.group:
name: "{{ item.group }}"
gid: "{{ item.gid }}"
loop:
- { group: oinstall, gid: 1000 }
- { group: dba, gid: 1001 }
- { group: oper, gid: 1002 }
- name: Create oracle user and add to groups.
tags: user_mgmt, groups, users
ansible.builtin.user:
name: "{{ oracle_user }}"
password: "{{ oracle_pass | password_hash('sha512') }}"
uid: 1000
group: oinstall
groups: "dba,oper"
append: true
update_password: on_create
roles:
- rngd
# - vnc
post_tasks:
- name: Check transparent_hugepage setting.
tags: grubby
ansible.builtin.command: "cat /sys/kernel/mm/transparent_hugepage/enabled"
register: hugepage
changed_when: false
- name: Set transparent_hugepage to never with grubby.
tags: grubby
ansible.builtin.command: "grubby --update-kernel=ALL --args='transparent_hugepage=never'"
when: "'[never]' not in hugepage.stdout"
- name: Verify changes with zipl.
tags: zipl
ansible.builtin.command: "zipl -V"
register: zipl
changed_when: false
- name: Print zipl output from previous task for debugging and verification.
tags: zipl
debug:
var: zipl.stdout_lines
- name: Set correct hostname.
tags: hostname
ansible.builtin.hostname:
name: "{{ ansible_hostname }}"
- name: Add FQDN to /etc/hosts.
tags: hostname
ansible.builtin.lineinfile:
path: /etc/hosts
line: "{{ ansible_default_ipv4.address }} {{ ansible_fqdn }} {{ ansible_hostname }}"
- name: Create directories.
tags: user_mgmt, users, dir
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: "{{ oracle_user }}"
group: oinstall
mode: '775'
recurse: true
loop:
- "{{ oracle_home }}"
- "{{ oracle_base }}"
- "{{ oracle_inventory }}"
- name: Set oracle inventory.
tags: user_mgmt, users, dir
ansible.builtin.blockinfile:
path: /etc/oraInst.loc
create: true
backup: true
mode: '644'
block: |
inventory_loc={{ oracle_inventory }}
inst_group=oinstall
- name: Add limits to /etc/security/limits.conf for Oracle DB.
tags: limits
ansible.builtin.blockinfile:
path: /etc/security/limits.conf
block: |
oracle soft nproc 2047
oracle hard nproc 16384
oracle soft nofile 1024
oracle hard nofile 65536
oracle soft stack 10240
oracle hard stack 10240
oracle soft memlock unlimited
oracle hard memlock unlimited
- name: Set additional Oracle performance parameters to /etc/sysctl.conf.
tags: sysctl
ansible.builtin.sysctl:
name: "{{ item.key }}"
value: "{{ item.value }}"
reload: "{{ item.reload }}"
sysctl_file: "/etc/sysctl.d/99-oracle-database-server-{{ v_maj }}c-preinstall-sysctl.conf"
loop:
- { key: vm.swappiness, value: 1, reload: no }
- { key: kernel.panic_on_oops, value: 1, reload: no }
- { key: vm.dirty_background_ratio, value: 3, reload: no }
- { key: vm.dirty_ratio, value: 15, reload: no }
- { key: vm.dirty_expire_centisecs, value: 500, reload: no }
- { key: vm.dirty_writeback_centisecs, value: 100, reload: no }
- { key: fs.file-max, value: 6815744, reload: no }
- { key: fs.aio-max-nr, value: 3145728, reload: no }
- { key: kernel.shmmax, value: "{{ kernel_shmmax }}", reload: no }
- { key: kernel.shmall, value: "{{ ( kernel_shmmax / kernel_shmni ) | int }}", reload: no }
- { key: kernel.shmmni, value: "{{ kernel_shmni }}", reload: no }
- { key: kernel.sem, value: 250 32000 100 128, reload: no }
- { key: net.ipv4.ip_local_port_range, value: 9000 65500, reload: no }
- { key: net.core.rmem_default, value: 262144, reload: no }
- { key: net.core.rmem_max, value: 4194304, reload: no }
- { key: net.core.wmem_default, value: 262144, reload: no }
- { key: net.core.wmem_max, value: 1048576, reload: no }
- { key: vm.hugetlb_shm_group, value: 1000, reload: yes }
- name: Add info to oracle user and root .bash_profile.
tags: user_mgmt, users
ansible.builtin.blockinfile:
path: "{{ item.path }}/.bash_profile"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
create: true
block: |
# User specific environment and startup programs
umask 022
ulimit -u 16384
ulimit -n 65536
ulimit -s 10240
#defaults for shell startup for ulimits of {{ oracle_user }} user
export ORACLE_BASE={{ oracle_base }}
export ORACLE_HOME={{ oracle_home }}
{{ 'export PATH=$PATH:' + oracle_home + '/bin:' + oracle_home + '/OPatch' }}{{ ':' + grid_home + '/bin:' + grid_home + '/OPatch' if asm_setup }}
export CV_ASSUME_DISTID=RHEL{{ ansible_distribution_version }}
export ORACLE_SID={{ db_unique_name }}
ORAENV_ASK=NO
#. oraenv
ORAENV_ASK=YES
loop:
- { path: "/home/{{ oracle_user }}", owner: "{{ oracle_user }}", group: oinstall }
- { path: /root, owner: root, group: root }
- name: Ensure NFS directory is properly mounted.
tags: nfs
ansible.posix.mount:
path: "{{ nfs_mount_point }}"
src: "{{ nfs_host }}:{{ nfs_shared_dir }}"
opts: "{{ nfs_opts }}"
state: mounted
fstype: nfs
- name: Install Oracle validation check RPM.
tags: rpm, ora_val
ansible.builtin.dnf:
name: "{{ ora_val }}"
disable_gpg_check: true
when: install_rpms
- name: Ensure oinstall group owns /u01 directory.
tags: dir
ansible.builtin.file:
path: /u01
owner: "{{ oracle_user }}"
group: oinstall
mode: '775'
state: directory
recurse: True
- name: Reboot db servers.
tags: reboot
ansible.builtin.reboot:
- name: Check transparent_hugepage setting.
tags: grubby
ansible.builtin.command: "cat /sys/kernel/mm/transparent_hugepage/enabled"
register: hugepage_validate
changed_when: false
failed_when: "'[never]' not in hugepage_validate.stdout"
handlers:
- include_tasks: handlers/main.yaml