Dba 814 tnsname (#480)

* Fix get OEM server name wrap issue and pass OEM secret variable * Adjust jq command for Oem account id
ministryofjustice · Nov 21, 2024 · 9589515 · 9589515
1 parent a239d39
commit 9589515
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 9 deletions.
diff --git a/playbooks/oracle_backup/get_facts.yml b/playbooks/oracle_backup/get_facts.yml
@@ -33,14 +33,15 @@
         - name: Set Emcli Catalog Host Name Command
           set_fact:
             emcli_commands: |
-              {{ emcli }} get_targets -noheader -targets="%:oracle_oms" | awk '{print $NF}' | cut -d: -f1
+              {{ emcli }} get_targets -noheader -targets="%:oracle_oms" | awk '{print $NF}' | cut -d: -f1 | head -1
 
         - name: Get Catalog Host Name
           ansible.builtin.command: >
             /u02/stage/get_facts_script.sh
           environment:
             ACCOUNT_NAME: "{{ account_name }}"
             ASSUME_ROLE_NAME: "{{ assume_role_name }}"
+            OEM_SECRET: "{{ secretsmanager_passwords['emrep'].secret }}"
             EMCLI_COMMANDS: "{{ emcli_commands }}"
           register: getcataloghostname
           changed_when: false
@@ -63,7 +64,7 @@
           environment:
             ACCOUNT_NAME: "{{ account_name }}"
             ASSUME_ROLE_NAME: "{{ assume_role_name }}"
-            CATALOG_SECRET: "{{ secretsmanager_passwords['catalog'].secret }}"
+            OEM_SECRET: "{{ secretsmanager_passwords['emrep'].secret }}"
             EMCLI_COMMANDS: "{{ emcli_commands }}"
           register: getslackchannel
           changed_when: false

diff --git a/playbooks/oracle_backup/templates/get_facts_script.sh.j2 b/playbooks/oracle_backup/templates/get_facts_script.sh.j2
@@ -2,7 +2,7 @@
 
 . ~/.bash_profile
 
-OEM_ACCOUNT_ID=$(aws ssm get-parameters --with-decryption --name account_ids |  jq --arg ACCOUNT_NAME ${ACCOUNT_NAME} -r 'with_entries(if (.key|test($ACCOUNT_NAME)) then ( {key: .key, value: .value}) else empty end)' | jq -r 'to_entries|.[0].value')
+OEM_ACCOUNT_ID=$(aws ssm get-parameters --with-decryption --name account_ids | jq -r .Parameters[].Value | jq --arg ACCOUNT_NAME ${ACCOUNT_NAME} -r 'with_entries(if (.key|test($ACCOUNT_NAME)) then ( {key: .key, value: .value}) else empty end)' | jq -r 'to_entries|.[0].value')
 OEM_SECRET_ARN="arn:aws:secretsmanager:eu-west-2:${OEM_ACCOUNT_ID}:secret:${OEM_SECRET}"
 ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
 OEM_ROLE_ARN="arn:aws:iam::${ACCOUNT_ID}:role/${ASSUME_ROLE_NAME}"
@@ -11,12 +11,13 @@ export AWS_ACCESS_KEY_ID=$(echo "${CREDS}" | tail -1 | cut -f1)
 export AWS_SECRET_ACCESS_KEY=$(echo "${CREDS}" | tail -1 | cut -f2)
 export AWS_SESSION_TOKEN=$(echo "${CREDS}" | tail -1 | cut -f3)
 
-SYSMAN_PASSWORD=$(aws secretsmanager get-secret-value --secret-id "${OEM_SECRET_ARN}" --query SecretString --output text | jq -r .sysman)
-export PATH=$PATH:/u01/app/oracle/product/oem-agent/agent_{{ OEM_AGENT_VERSION }}/oracle_common/jdk/jre/bin
-{{ emcli }} sync 1>/dev/null 2>&1 || ( {{ emcli }} login -username=sysman -password=${SYSMAN_PASSWORD} -force && {{ emcli }} sync ) 1>/dev/null 2>&1
-
-[[ ! -z "${EMCLI_COMMANDS}" ]] && eval ${EMCLI_COMMANDS}
-if [[ "${STEP}" == "CONNECT_CATALOG" ]]
+if [[ ! -z "${EMCLI_COMMANDS}" ]]
+then
+  SYSMAN_PASSWORD=$(aws secretsmanager get-secret-value --secret-id "${OEM_SECRET_ARN}" --query SecretString --output text | jq -r .sysman)
+  export PATH=$PATH:/u01/app/oracle/product/oem-agent/agent_{{ OEM_AGENT_VERSION }}/oracle_common/jdk/jre/bin
+  {{ emcli }} sync 1>/dev/null 2>&1 || ( {{ emcli }} login -username=sysman -password=${SYSMAN_PASSWORD} -force && {{ emcli }} sync ) 1>/dev/null 2>&1
+  eval ${EMCLI_COMMANDS}
+elif [[ "${STEP}" == "CONNECT_CATALOG" ]]
 then
   RCVCATOWNER_PASSWORD=$(aws secretsmanager get-secret-value --secret-id "arn:aws:secretsmanager:eu-west-2:${OEM_ACCOUNT_ID}:secret:${CATALOG_SECRET}" --query SecretString --output text | jq -r .rcvcatowner) 
   sqlplus -s /nolog << EOF