From b069f973e0e9bc4e6d6a04f9b0bf12e3d18ba53b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergejs=20Gra=C4=8Dovs?= Date: Tue, 4 Jun 2024 12:17:55 +0300 Subject: [PATCH] Initial commit --- .gitignore | 18 ++ .vscode/settings.json | 13 ++ LICENSE | 21 +++ README.md | 155 ++++++++++++++++++ addons/readme.txt | 1 + ansible.cfg | 21 +++ docs/requirements.md | 109 ++++++++++++ .../default/group_vars/all/all-vault.yml | 3 + inventory/default/group_vars/all/all.yml | 64 ++++++++ inventory/default/group_vars/all/paths.yml | 12 ++ inventory/default/inventory.ini | 25 +++ playbooks/check.yml | 10 ++ playbooks/reset.yml | 7 + playbooks/setup.yml | 23 +++ playbooks/update.yml | 7 + requirements.txt | 1 + roles/cluster/tasks/main.yml | 14 ++ roles/cluster/templates/create-cluster.j2 | 23 +++ roles/cluster/templates/create-cluster.py | 20 +++ roles/domain/tasks/main.yml | 43 +++++ roles/domain/templates/adminserver.service | 17 ++ roles/domain/templates/boot.properties | 2 + roles/domain/templates/create-domain.py | 25 +++ roles/domain/templates/update-domain.py | 47 ++++++ roles/fmw/files/fmw_12.2.1.4.0_wls.jar.sample | 1 + roles/fmw/tasks/main.yml | 15 ++ roles/fmw/templates/install.rsp | 39 +++++ roles/fmw/templates/oraInst.loc | 2 + .../files/jdk-8u271-linux-x64.tar.gz.sample | 1 + roles/jdk/tasks/main.yml | 41 +++++ roles/managed/files/demo_keystore.jks.sample | 0 roles/managed/tasks/main.yml | 38 +++++ roles/managed/templates/create-ms.j2 | 95 +++++++++++ roles/node-manager/tasks/main.yml | 48 ++++++ roles/node-manager/templates/create-nm.py | 23 +++ roles/node-manager/templates/create-nm.sh | 7 + .../templates/nodemanager.properties | 25 +++ .../templates/nodemanager.service | 17 ++ roles/reset/tasks/main.yml | 71 ++++++++ .../update/ssl/files/demo_keystore.jks.sample | 0 roles/update/ssl/tasks/main.yml | 32 ++++ roles/update/ssl/templates/update-ssl.j2 | 56 +++++++ roles/wl-auth/tasks/main.yml | 25 +++ roles/wl-auth/templates/genKeyNConfig.py | 12 ++ roles/wls-prep/tasks/main.yml | 27 +++ 45 files changed, 1256 insertions(+) create mode 100644 .gitignore create mode 100644 .vscode/settings.json create mode 100644 LICENSE create mode 100644 README.md create mode 100644 addons/readme.txt create mode 100644 ansible.cfg create mode 100644 docs/requirements.md create mode 100644 inventory/default/group_vars/all/all-vault.yml create mode 100644 inventory/default/group_vars/all/all.yml create mode 100644 inventory/default/group_vars/all/paths.yml create mode 100644 inventory/default/inventory.ini create mode 100644 playbooks/check.yml create mode 100644 playbooks/reset.yml create mode 100644 playbooks/setup.yml create mode 100644 playbooks/update.yml create mode 100644 requirements.txt create mode 100644 roles/cluster/tasks/main.yml create mode 100644 roles/cluster/templates/create-cluster.j2 create mode 100644 roles/cluster/templates/create-cluster.py create mode 100644 roles/domain/tasks/main.yml create mode 100644 roles/domain/templates/adminserver.service create mode 100644 roles/domain/templates/boot.properties create mode 100644 roles/domain/templates/create-domain.py create mode 100644 roles/domain/templates/update-domain.py create mode 100644 roles/fmw/files/fmw_12.2.1.4.0_wls.jar.sample create mode 100644 roles/fmw/tasks/main.yml create mode 100644 roles/fmw/templates/install.rsp create mode 100644 roles/fmw/templates/oraInst.loc create mode 100644 roles/jdk/files/jdk-8u271-linux-x64.tar.gz.sample create mode 100644 roles/jdk/tasks/main.yml create mode 100644 roles/managed/files/demo_keystore.jks.sample create mode 100644 roles/managed/tasks/main.yml create mode 100644 roles/managed/templates/create-ms.j2 create mode 100644 roles/node-manager/tasks/main.yml create mode 100644 roles/node-manager/templates/create-nm.py create mode 100644 roles/node-manager/templates/create-nm.sh create mode 100644 roles/node-manager/templates/nodemanager.properties create mode 100644 roles/node-manager/templates/nodemanager.service create mode 100644 roles/reset/tasks/main.yml create mode 100644 roles/update/ssl/files/demo_keystore.jks.sample create mode 100644 roles/update/ssl/tasks/main.yml create mode 100644 roles/update/ssl/templates/update-ssl.j2 create mode 100644 roles/wl-auth/tasks/main.yml create mode 100644 roles/wl-auth/templates/genKeyNConfig.py create mode 100644 roles/wls-prep/tasks/main.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..772a689 --- /dev/null +++ b/.gitignore @@ -0,0 +1,18 @@ +.DS_Store +*.log + +# Inventory +inventory/* +!inventory/default + +# Addons +addons/* +!addons/readme.txt + +# Roles and more.. +roles/fmw/files/*.jar +roles/jdk/files/*.tar.gz +roles/managed/files/*.jks +roles/update/ssl/files/*.jks +roles/deploy/files/*.war +roles/deploy/files/*.ear \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..42df1cf --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,13 @@ +{ + "editor.defaultFormatter": "vscode.git", + "[markdown]": { + "editor.defaultFormatter": "yzhang.markdown-all-in-one" + }, + "[yaml]": { + "editor.insertSpaces": true, + "editor.tabSize": 2, + "editor.autoIndent": "none" + }, + "markdown.extension.toc.slugifyMode": "gitea", + "markdown.extension.tableFormatter.normalizeIndentation": true, +} \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..c8d9012 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2023 Sergejs Gračovs (zippo294@icloud.com) + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..c03536b --- /dev/null +++ b/README.md @@ -0,0 +1,155 @@ +# Weblogic Cluster provisioning + +Repository contains everything to provision a Weblogic Cluster on any RedHat 7+ based system.. + +- [1. Requirements](#1-requirements) + - [1.1. Proxy requirements](#1-1-proxy-requirements) +- [2. Configuration](#2-configuration) + - [2.1 Installers configuration](#2-1-installers-configuration) +- [3. Testing configuration](#3-testing-configuration) +- [4. Installation](#4-installation) +- [5. Uninstall](#5-uninstall) +- [6. Cluster maintanace tasks](#6-cluster-maintanace-tasks) + +
+ +## 1. Requirements + +**System requirements**: +- 1 VM with minimums of 2 cpus and 4GB RAM (HDD size is on your preference) for AdminServer +- 1 - ∞ VMs with minimum of 2 cpus and 8GB RAM each (HDD size is on your preference) for Managed Servers +- static IPs on all VMs +- supported linux OS: RedHat/CentOS 7/8, Oracle Linux 7/8, Rocky 8, AlmaLinux 8 + +**Workstation requirements**: +- [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) + +**Additional requirements**: +- NFS share for shared domain on all hosts, mounted on: `/u01/oracle` +- [VMs and Workstation requirements](docs/requirements.md) + +### 1.1. Proxy requirements + +Access to following external resources are required: + +- Access to OS repository (yum/apt) +- Access to Python packages (*.python.org, *.pypi.org, *.pythonhosted.org) +- Access to Oracle Java and Middleware installer download (*.oracle.com) + +
+ +## 2. Configuration + +- Create copy of `inventory/default` directory and name it after your environment, example: `inventory/`. +- Edit your environment `inventory.ini` file by filling out environment servers configuration values. +- Edit your environment `all.yml` file by filling out environment specific configuration values (also see [2.1 Installers](#21-installers)). +- Edit your environment `all-vault.yml` file by filling out environment specific secrets. + +> NOTE: Encrypt the `all-vault.yaml` file using `ansible-vault encrypt inventory//group_vars/all/all-vault.yml` and providing secure password. + +### 2.1 Installers configuration + +> NOTE: Instructions for downloading and configuring installers. + +Download [Linux x64 Compressed Archive](https://www.oracle.com/java/technologies/javase/javase-jdk8-downloads.html) and place `tar.gz` archive to: + +``` +./roles/jdk/files/jdk-8u371-linux-x64.tar.gz +``` + +Also set archive name (ex. `jdk-8u371-linux-x64.tar.gz`) as value for variable in your environments [all.yml](inventory/default/group_vars/all/all.yml#L2) file. + +```yml +jdk_installer_archive: 'jdk-8u371-linux-x64.tar.gz' +``` + +Download [Generic Installer for Oracle WebLogic Server 12.2.1.4](https://www.oracle.com/middleware/technologies/weblogic-server-installers-downloads.html), extract archive and place generic `jar` installer to: + +``` +./roles/wls/files/fmw_12.2.1.4.0_wls_lite_generic.jar +``` + +Also set installer name (ex. `fmw_12.2.1.4.0_wls_lite_generic.jar`) as value for variable in your environments [all.yml](inventory/default/group_vars/all/all.yml#L5) file. + +```yml +fmw_installer: 'fmw_12.2.1.4.0_wls_lite_generic.jar' +``` + +
+ +## 3. Testing configuration + +Before installation you can test connection to your VMs using [check.yml](playbooks/check.yml) playbook. + +Simply run: + +```shell +ansible-playbook -i inventory//inventory.ini playbooks/check.yml --ask-vault-pass +``` + +Output should look like this: + +> NOTE: If playbook ran with no errors, then you are ready to begin installation. + +```shell +... +TASK [debug] ********************************************************************** +ok: [wl-admin] => + msg: + - 'os_family: RedHat' + - 'distribution: AlmaLinux' + - 'major_version: 8' +ok: [wl-node-01] => + msg: + - 'os_family: RedHat' + - 'distribution: AlmaLinux' + - 'major_version: 8' +ok: [wl-node-02] => + msg: + - 'os_family: RedHat' + - 'distribution: AlmaLinux' + - 'major_version: 8' +... +``` + +
+ +## 4. Installation + +Playbook to install and configure Weblogic cluster. + +```shell +ansible-playbook -i inventory//inventory.ini playbooks/setup.yml --ask-vault-pass +``` + +Will configure the cluster based on provided configuration in inventory files. + +:exclamation: Weblogic console URL after installation: http://:{{ admin_server_port }}/console + +
+ +## 5. Uninstall + +Playbook to uninstall Weblogic cluster. + +```shell +ansible-playbook -i inventory//inventory.ini playbooks/reset.yml +``` + +Will uninstall the Weblogic cluster and reboot the machines. + +## 6. Cluster maintanace tasks + +Playbook to update some parts of Cluster or Domain configuration + +```shell +ansible-playbook -i inventory//inventory.ini playbooks/update.yml -t +``` + +Will update specific part of configuration. + +Currently available tags: + +| Category | File Path | Tag | Description | +|----------|-----------|-----|-------------| +| Update | [playbooks/update.yml](playbooks/update.yml) | `ssl` | Will update Managed server SSL certificate and do SSL reset. | \ No newline at end of file diff --git a/addons/readme.txt b/addons/readme.txt new file mode 100644 index 0000000..2d156c3 --- /dev/null +++ b/addons/readme.txt @@ -0,0 +1 @@ +Folder should contain additions (playbooks, roles, etc.) to provision default cluster configuration with new, specific features or configuration. \ No newline at end of file diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..0666625 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,21 @@ +[defaults] +nocows = True +roles_path = ./roles +stdout_callback = yaml + +remote_tmp = $HOME/.ansible/tmp +local_tmp = $HOME/.ansible/tmp +timeout = 60 +host_key_checking = False +deprecation_warnings = False +log_path = ./ansible.log + +[privilege_escalation] +become = True + +[ssh_connection] +scp_if_ssh = smart +retries = 3 +ssh_args = -o StrictHostKeyChecking=no -o ControlMaster=auto -o ControlPersist=30m -o Compression=yes -o ServerAliveInterval=15s +pipelining = True +control_path = %(directory)s/%%h-%%r \ No newline at end of file diff --git a/docs/requirements.md b/docs/requirements.md new file mode 100644 index 0000000..a0ef2ee --- /dev/null +++ b/docs/requirements.md @@ -0,0 +1,109 @@ +# VMs and Workstation requirements + +> Requirements for all cluster VMs and administrator workstation. + +
+ +- [1. On VMs](#1-on-vms) + - [1.1 OS user](#1-1-os-user) + - [1.2 Sudoers file](#1-2-sudoers-file) +- [2. On ansible workstation (admin node)](#2-on-ansible-workstation-admin-node) + - [2.1 Generate SSH keys](#2-1-generate-ssh-keys) + - [2.2 SSH folder and file permissions](#2-2-ssh-folder-and-file-permissions) + - [2.3 Setup passwordless SSH](#2-3-setup-passwordless-ssh) + +
+ +## 1. On VMs + +### 1.1 OS user + +Create new OS user for a ansible tasks on all cluster VMs: + +Debian/Ubuntu + +```shell +sudo adduser ansible +``` + +RedHat/Rocky + +```shell +sudo useradd ansible +``` + +```shell +sudo passwd ansible +``` + +
+ +### 1.2 Sudoers file + +Add newly created user to sudoers file (for passwordless sudo): + +```shell +sudo su - +``` + +```shell +echo -e "\n# Allow without a password\nansible ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers +``` + +```shell +exit +``` + +
+ +## 2. On ansible workstation (admin node) + +### 2.1 Generate SSH keys + +Create required directory + +```shell +mkdir -p ~/.ssh/ +``` + +Generate new SSH key: + +```shell +ssh-keygen -f ~/.ssh/id_rsa -N "" +``` + +
+ +### 2.2 SSH folder and file permissions + +```shell +chmod 700 ~/.ssh +``` + +```shell +chmod 644 ~/.ssh/id_rsa.pub +``` + +```shell +chmod 600 ~/.ssh/id_rsa +``` + +```shell +chmod 600 ~/.ssh/authorized_keys +``` + +### 2.3 Setup passwordless SSH + +Distribute the SSH public key to all servers: + +- use newly created user for ansible tasks: + +```shell +ssh-copy-id ansible@127.0.0.11 +``` + +SSH without password + +```shell +ssh ansible@127.0.0.11 +``` \ No newline at end of file diff --git a/inventory/default/group_vars/all/all-vault.yml b/inventory/default/group_vars/all/all-vault.yml new file mode 100644 index 0000000..1abee7b --- /dev/null +++ b/inventory/default/group_vars/all/all-vault.yml @@ -0,0 +1,3 @@ +# WebLogic secrets +weblogic_admin: 'weblogic' +weblogic_admin_pass: 'welcome1' \ No newline at end of file diff --git a/inventory/default/group_vars/all/all.yml b/inventory/default/group_vars/all/all.yml new file mode 100644 index 0000000..a46d3dc --- /dev/null +++ b/inventory/default/group_vars/all/all.yml @@ -0,0 +1,64 @@ +# JDK archive name +jdk_installer_archive: 'jdk-8u371-linux-x64.tar.gz' + +# FMW generic installer name +fmw_installer: 'fmw_12.2.1.4.0_wls_lite_generic.jar' + +# Software and configuration main path +oracle_base: '/u01/oracle' + +# Oracle OS user and group +oracle_user: 'oracle' +oracle_user_id: 1100 +oracle_group: 'oinstall' +oracle_group_id: 1100 + +# Memory limits for FMW installer +jvm_xms: '256m' +jvm_xmx: '512m' + +# Disable file locking on shared file systems for WLS server +disable_file_locking: true + +# Domain configuration +domain_name: 'demo_domain' +start_mode: 'prod' +jta_timeout_sec: 3600 # JTA transaction timeout seconds + +# WebLogic AdminServer +admin_server_name: 'AdminServer' +admin_server_port: 7001 + +# WebLogic Managed Server Cluster +ms_cluster: true # true (create) or false (do not create) +ms_cluster_name: 'demoCluster' +ms_cluster_address: 'https://demo.example.com/' +# Additional Cluster settings +ms_cluster_msg_mode: 'unicast' # Messaging Mode +ms_cluster_load_algorithm: 'round-robin' +ms_cluster_wl_plugin: true # WebLogic Plug-In Enabled for a Cluster + +# WebLogic Node Manager +nm_secure_listener: false +nm_listen_port: 5556 + +# WebLogic Managed Server +ms_port: 7002 +ms_ssl: true # true (use ssl) or false (do not use) +ms_ssl_port: 7012 +ms_ssl_keystore: true # true (use custom identity) or false (use demo identity) +ms_ssl_keystore_file: 'demo_ssl_keystore.jks' # roles/managed/files +ms_ssl_keystore_pass: 'qwaszx' +ms_ssl_keystore_alias: 'wildcard' +ms_ssl_trust_pass: 'changeit' # Java cacerts default password + +# WebLogic Managed Server settings +startup_args: true # true (set arguments) or false (do not set) +startup_args_set: '-Xrs -Xms256M -Xmx512M -Dweblogic.security.SSL.protocolVersion=TLS1 -Dweblogic.wsee.workarea.skipWorkAreaHeader=true' +ms_wl_plugin: true # WebLogic Plug-In Enabled +ms_log: true # true (modify) or false (leave default) +ms_log_size: 50000 # kilobytes +ms_log_rotate_on_startup: true +ms_log_file_buffer: 0 +ms_log_extended: true # true (extended) or false (default) +ms_log_extended_fields: 'c-ip date time cs-method cs-uri sc-status bytes time-taken' \ No newline at end of file diff --git a/inventory/default/group_vars/all/paths.yml b/inventory/default/group_vars/all/paths.yml new file mode 100644 index 0000000..572b917 --- /dev/null +++ b/inventory/default/group_vars/all/paths.yml @@ -0,0 +1,12 @@ +# Common paths and names +oracle_home: '{{ oracle_base }}/middleware/oracle_home' +domain_home: '{{ oracle_base }}/projects/domains/{{ domain_name }}' +java_home: '{{ oracle_base }}/java/jdk' +nm_home: '{{ oracle_base }}/projects/nodemanager' + +# Temp directory +tmp_dir: '/tmp/wls' + +# For WLST +oracle_common: '{{ oracle_home }}/oracle_common' +wls_bin: '{{ oracle_common }}/common/bin' \ No newline at end of file diff --git a/inventory/default/inventory.ini b/inventory/default/inventory.ini new file mode 100644 index 0000000..8b65009 --- /dev/null +++ b/inventory/default/inventory.ini @@ -0,0 +1,25 @@ +# Server hostnames -- +[all] +wl-admin ansible_ssh_host=127.0.0.11 +wl-node-01 ansible_ssh_host=127.0.0.12 +wl-node-02 ansible_ssh_host=127.0.0.13 + +# Common variables for all hosts +[all:vars] +# User for ssh connections +ansible_user= +# Users private key for passwordless connection +ansible_ssh_private_key_file=~/.ssh/id_rsa +# Become method +ansible_become_method=sudo + +[wl_admin] +wl-admin + +[wl_node] +wl-node-01 +wl-node-02 + +[cluster:children] +wl_admin +wl_node \ No newline at end of file diff --git a/playbooks/check.yml b/playbooks/check.yml new file mode 100644 index 0000000..12543dd --- /dev/null +++ b/playbooks/check.yml @@ -0,0 +1,10 @@ +--- +- name: OS check + hosts: all + become: true + tasks: + - debug: + msg: + - "os_family: {{ ansible_os_family }}" + - "distribution: {{ ansible_distribution }}" + - "major_version: {{ ansible_distribution_major_version }}" \ No newline at end of file diff --git a/playbooks/reset.yml b/playbooks/reset.yml new file mode 100644 index 0000000..81e0fb4 --- /dev/null +++ b/playbooks/reset.yml @@ -0,0 +1,7 @@ +--- +- name: Reset Weblogic Cluster + hosts: cluster + gather_facts: true + become: true + roles: + - { role: reset, tags: reset } \ No newline at end of file diff --git a/playbooks/setup.yml b/playbooks/setup.yml new file mode 100644 index 0000000..0547dc8 --- /dev/null +++ b/playbooks/setup.yml @@ -0,0 +1,23 @@ +--- +- name: Preparing servers for WebLogic + hosts: cluster + become: true + gather_facts: true + roles: + - { role: wls-prep, tags: prereq } + - { role: jdk, tags: jdk } + +- name: Installing WebLogic and creating a domain + hosts: wl_admin + become: true + roles: + - { role: fmw, tags: fmw } + - { role: domain, tags: domain } + - { role: cluster, tags: cluster, when: ms_cluster is sameas true } + +- name: Creating Node Manager and Managed Server + hosts: wl_node + become: true + roles: + - {role: node-manager, tags: node-manager } + - {role: managed, tags: managed } diff --git a/playbooks/update.yml b/playbooks/update.yml new file mode 100644 index 0000000..c64c18c --- /dev/null +++ b/playbooks/update.yml @@ -0,0 +1,7 @@ +--- +- name: Update Weblogic Cluster + hosts: wl_admin + gather_facts: true + become: true + roles: + - { role: update/ssl, tags: ['never', 'ssl'] } \ No newline at end of file diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..30b5843 --- /dev/null +++ b/requirements.txt @@ -0,0 +1 @@ +ansible>=2.10.8 \ No newline at end of file diff --git a/roles/cluster/tasks/main.yml b/roles/cluster/tasks/main.yml new file mode 100644 index 0000000..d200971 --- /dev/null +++ b/roles/cluster/tasks/main.yml @@ -0,0 +1,14 @@ +# ==> Copy scripts +- name: Copy cluster creation script + # template: src=create-cluster.py dest={{ tmp_dir }} owner={{ oracle_user }} group={{ oracle_group }} + template: + src: create-cluster.j2 + dest: "{{ tmp_dir }}/create-cluster.py" + owner: "{{ oracle_user }}" + group: "{{ oracle_group }}" + +# ==> Create cluster +- name: Execute cluster creation script + become: true + become_user: '{{ oracle_user }}' + shell: "{{ wls_bin }}/wlst.sh -skipWLSModuleScanning {{ tmp_dir }}/create-cluster.py" \ No newline at end of file diff --git a/roles/cluster/templates/create-cluster.j2 b/roles/cluster/templates/create-cluster.j2 new file mode 100644 index 0000000..90cd607 --- /dev/null +++ b/roles/cluster/templates/create-cluster.j2 @@ -0,0 +1,23 @@ +# Connect to WebLogic admin server +connect('{{ weblogic_admin }}', '{{ weblogic_admin_pass}}', '{{ hostvars[groups['wl_admin'][0]]['ansible_ssh_host'] }}:{{ admin_server_port }}') + +edit() +startEdit() + +# Create cluster. +cd('/') +cmo.createCluster('{{ ms_cluster_name }}') + +cd('/Clusters/{{ ms_cluster_name }}') +cmo.setClusterMessagingMode('{{ ms_cluster_msg_mode | default('unicast') }}') +cmo.setClusterBroadcastChannel('') +cmo.setClusterAddress('{{ ms_cluster_address }}') +cmo.setNumberOfServersInClusterAddress({{ groups['wl_node'] | length }}) +cmo.setDefaultLoadAlgorithm('{{ ms_cluster_load_algorithm | default('round-robin') }}') +cmo.setWeblogicPluginEnabled({{ ms_cluster_wl_plugin | default(true)|bool }}) + +save() +activate() + +disconnect() +exit() \ No newline at end of file diff --git a/roles/cluster/templates/create-cluster.py b/roles/cluster/templates/create-cluster.py new file mode 100644 index 0000000..1577476 --- /dev/null +++ b/roles/cluster/templates/create-cluster.py @@ -0,0 +1,20 @@ +# Connect to WebLogic admin server +connect('{{ weblogic_admin }}', '{{ weblogic_admin_pass}}', '{{ hostvars[groups['wl_admin'][0]]['ansible_ssh_host'] }}:{{ admin_server_port }}') + +edit() +startEdit() + +# Create cluster. +cd('/') +cmo.createCluster('{{ ms_cluster_name }}') + +cd('/Clusters/{{ ms_cluster_name }}') +cmo.setClusterMessagingMode('unicast') +cmo.setClusterBroadcastChannel('') +cmo.setClusterAddress('{{ ms_cluster_address }}') + +save() +activate() + +disconnect() +exit() \ No newline at end of file diff --git a/roles/domain/tasks/main.yml b/roles/domain/tasks/main.yml new file mode 100644 index 0000000..06d1e05 --- /dev/null +++ b/roles/domain/tasks/main.yml @@ -0,0 +1,43 @@ +# ==> Copy scripts +- name: Copy domain creation script + template: src=create-domain.py dest={{ tmp_dir }} owner={{ oracle_user }} group={{ oracle_group }} + +# ==> Create domain +- name: Execute domain creation script + become: true + become_user: '{{ oracle_user }}' + shell: "{{ wls_bin }}/wlst.sh -skipWLSModuleScanning {{ tmp_dir }}/create-domain.py" + +# ==> Create admin server security directory +- name: Create security folder for admin server + file: state=directory path={{ domain_home }}/servers/{{ admin_server_name }}/security owner={{ oracle_user }} group={{ oracle_group }} + +# ==> Create admin server boot.properties +- name: Create boot.properties file + template: src=boot.properties dest={{ domain_home }}/servers/{{ admin_server_name }}/security owner={{ oracle_user }} group={{ oracle_group }} + +# ==> Create firewall rule for admin server +- name: Create firewall rule for admin server + firewalld: zone=public port='{{ admin_server_port }}/tcp' permanent=true immediate=true state=enabled + +# ==> Create admin server service +- name: Create admin server systemd service + template: src=adminserver.service dest=/etc/systemd/system/ owner=root group=root mode=0644 + +# ==> Start admin server +- name: Start admin server service + systemd: name=adminserver state=started enabled=true + +# ==> Wait to start +- name: Wait for admin server to start + wait_for: port={{ admin_server_port }} delay=2 timeout=120 + +# ==> Copy scripts +- name: Copy domain update script + template: src=update-domain.py dest={{ tmp_dir }} owner={{ oracle_user }} group={{ oracle_group }} + +# ==> Update domain +- name: Execute domain update script + become: true + become_user: '{{ oracle_user }}' + shell: "{{ wls_bin }}/wlst.sh -skipWLSModuleScanning {{ tmp_dir }}/update-domain.py" \ No newline at end of file diff --git a/roles/domain/templates/adminserver.service b/roles/domain/templates/adminserver.service new file mode 100644 index 0000000..b8231c3 --- /dev/null +++ b/roles/domain/templates/adminserver.service @@ -0,0 +1,17 @@ +[Unit] +Description=Controls Admin Server Lifecycle +After=network.target sshd.service + +[Service] +User={{ oracle_user }} +Group={{ oracle_group }} +WorkingDirectory={{ domain_home }} +ExecStart=/bin/bash {{ domain_home }}/bin/startWebLogic.sh +ExecStop=/bin/bash {{ domain_home }}/bin/stopWebLogic.sh +Type=simple +KillMode=process +Restart=on-failure +RestartSec=5s + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/roles/domain/templates/boot.properties b/roles/domain/templates/boot.properties new file mode 100644 index 0000000..bb2cafe --- /dev/null +++ b/roles/domain/templates/boot.properties @@ -0,0 +1,2 @@ +username={{ weblogic_admin }} +password={{ weblogic_admin_pass }} \ No newline at end of file diff --git a/roles/domain/templates/create-domain.py b/roles/domain/templates/create-domain.py new file mode 100644 index 0000000..0b62f40 --- /dev/null +++ b/roles/domain/templates/create-domain.py @@ -0,0 +1,25 @@ +import os + +# Open basic domain template +readTemplate(os.environ['WL_HOME']+'/common/templates/wls/wls.jar') + +# Set base options +setOption('DomainName', '{{ domain_name }}') +setOption('JavaHome', '{{ java_home }}') +setOption('ServerStartMode', '{{ start_mode }}') + +# Configure the Administration Server port +cd('/Server/{{ admin_server_name }}') +cmo.setListenPort(int('{{ admin_server_port}}')) + +# Define the default user password. +cd('/Security/base_domain/User/weblogic') +cmo.setName('{{ weblogic_admin }}') +cmo.setPassword('{{ weblogic_admin_pass }}') + +# Save the domain +writeDomain('{{ domain_home }}') + +# Close the current domain template +closeTemplate() +exit() \ No newline at end of file diff --git a/roles/domain/templates/update-domain.py b/roles/domain/templates/update-domain.py new file mode 100644 index 0000000..cc24a10 --- /dev/null +++ b/roles/domain/templates/update-domain.py @@ -0,0 +1,47 @@ +# Connect to WebLogic admin server +connect('{{ weblogic_admin }}', '{{ weblogic_admin_pass}}', '{{ hostvars[groups['wl_admin'][0]]['ansible_ssh_host'] }}:{{ admin_server_port }}') + +edit() +startEdit() + +# Setting domain JTA transaction timeout seconds +cd('/JTA/{{ domain_name }}') +# Maximum time, an active transaction is allowed to be in the first phase of a transaction +cmo.setTimeoutSeconds({{ jta_timeout_sec }}) + +# The maximum number of simultaneous in-progress transactions allowed +# cmo.setMaxTransactions(20000) +# The time a transaction manager waits for transactions involving the resource to complete +# cmo.setUnregisterResourceGracePeriod(25) +# maximum time a transaction manager persists in attempting to complete the second phase +# cmo.setAbandonTimeoutSeconds(80000) +# Indicates that XA calls are executed in parallel if there are available threads +# cmo.setParallelXAEnabled(true) +# automatically performs an XA Resource forget for heuristic transaction completions +# cmo.setForgetHeuristics(true) +# the two-phase commit protocol is used +# cmo.setTwoPhaseEnabled(true) +# maximum cycles that the transaction manager performs the beforeCompletion synchronization +# cmo.setBeforeCompletionIterationLimit(20) +# interval the transaction manager creates a new transaction log +# cmo.setCheckpointIntervalSeconds(200) +# Specifies transport security mode required by WebService Transaction endpoints +# cmo.setSecurityInteropMode('default') +# XA calls are executed in parallel if there are available threads +# cmo.setParallelXAEnabled(false) +# Maximum number of concurrent requests to resources allowed for each server +# cmo.setMaxResourceRequestsOnServer(60) +# transport security mode required by WebService Transaction endpoints +# cmo.setWSATTransportSecurityMode('SSLNotRequired') +# Maximum allowed time duration, in milliseconds, for XA calls to resources +# cmo.setMaxXACallMillis(100000) +# maximum time, in seconds, a transaction manager waits for all resource managers to respond +# cmo.setCompletionTimeoutSeconds(0) +# Maximum duration time, in milliseconds, that a resource is declared dead +# cmo.setMaxResourceUnavailableMillis(1500000) + +save() +activate() + +disconnect() +exit() \ No newline at end of file diff --git a/roles/fmw/files/fmw_12.2.1.4.0_wls.jar.sample b/roles/fmw/files/fmw_12.2.1.4.0_wls.jar.sample new file mode 100644 index 0000000..17579ce --- /dev/null +++ b/roles/fmw/files/fmw_12.2.1.4.0_wls.jar.sample @@ -0,0 +1 @@ +https://www.oracle.com/middleware/technologies/weblogic-server-installers-downloads.html \ No newline at end of file diff --git a/roles/fmw/tasks/main.yml b/roles/fmw/tasks/main.yml new file mode 100644 index 0000000..e918954 --- /dev/null +++ b/roles/fmw/tasks/main.yml @@ -0,0 +1,15 @@ +# ==> Copy weblogic installer +- name: Copy Middleware Installer + copy: src={{ fmw_installer }} dest={{ tmp_dir }} owner={{ oracle_user }} group={{ oracle_group }} + +- name: Copy file for silent installation + template: src=install.rsp dest={{ tmp_dir }} owner={{ oracle_user }} group={{ oracle_group }} + +- name: Copy OraInst.loc + template: src=oraInst.loc dest={{ tmp_dir }} owner={{ oracle_user }} group={{ oracle_group }} + +# ==> Run weblogic installer +- name: Execute Weblogic installer + command: "{{ java_home }}/bin/java -Xms{{ jvm_xms }} -Xmx{{ jvm_xmx }} -jar {{ tmp_dir }}/{{ fmw_installer }} -silent -responseFile {{ tmp_dir }}/install.rsp -invPtrLoc {{ tmp_dir }}/oraInst.loc" + become: true + become_user: '{{ oracle_user }}' \ No newline at end of file diff --git a/roles/fmw/templates/install.rsp b/roles/fmw/templates/install.rsp new file mode 100644 index 0000000..3bcd2ea --- /dev/null +++ b/roles/fmw/templates/install.rsp @@ -0,0 +1,39 @@ +[ENGINE] + +#DO NOT CHANGE THIS. +Response File Version=1.0.0.0.0 + +[GENERIC] + +#Set this to true if you wish to skip software updates +DECLINE_AUTO_UPDATES=true + +#My Oracle Support User Name +MOS_USERNAME= + +#My Oracle Support Password +MOS_PASSWORD= + +#If the Software updates are already downloaded and available on your local system, then specify the path to the directory where these patches are available and set SPECIFY_DOWNLOAD_LOCATION to true +AUTO_UPDATES_LOCATION= + +#Proxy Server Name to connect to My Oracle Support +SOFTWARE_UPDATES_PROXY_SERVER= + +#Proxy Server Port +SOFTWARE_UPDATES_PROXY_PORT= + +#Proxy Server Username +SOFTWARE_UPDATES_PROXY_USER= + +#Proxy Server Password +SOFTWARE_UPDATES_PROXY_PASSWORD= + +#The oracle home location. This can be an existing Oracle Home or a new Oracle Home +ORACLE_HOME={{ oracle_home }} + +#The federated oracle home locations. This should be an existing Oracle Home. Multiple values can be provided as comma seperated values +FEDERATED_ORACLE_HOMES= + +#Set this variable value to the Installation Type selected. e.g. WebLogic Server, Coherence, Complete with Examples. +INSTALL_TYPE=WebLogic Server \ No newline at end of file diff --git a/roles/fmw/templates/oraInst.loc b/roles/fmw/templates/oraInst.loc new file mode 100644 index 0000000..255057c --- /dev/null +++ b/roles/fmw/templates/oraInst.loc @@ -0,0 +1,2 @@ +inventory_loc={{ oracle_base }}/oraInventory +inst_group={{ oracle_group }} \ No newline at end of file diff --git a/roles/jdk/files/jdk-8u271-linux-x64.tar.gz.sample b/roles/jdk/files/jdk-8u271-linux-x64.tar.gz.sample new file mode 100644 index 0000000..bdce5fa --- /dev/null +++ b/roles/jdk/files/jdk-8u271-linux-x64.tar.gz.sample @@ -0,0 +1 @@ +https://www.oracle.com/java/technologies/javase/javase-jdk8-downloads.html \ No newline at end of file diff --git a/roles/jdk/tasks/main.yml b/roles/jdk/tasks/main.yml new file mode 100644 index 0000000..1eaa6fd --- /dev/null +++ b/roles/jdk/tasks/main.yml @@ -0,0 +1,41 @@ +# ==> Create JDK directories +- name: Create tmp directory + file: state=directory path='{{ tmp_dir }}' owner={{ oracle_user }} group={{ oracle_group }} + +- name: Create java home directory + delegate_to: "{{ hostvars[groups['wl_admin'][0]]['ansible_ssh_host'] }}" + file: state=directory path={{ java_home }} owner={{ oracle_user }} group={{ oracle_group }} + +# ==> Copy JDK archive +- name: Copy jdk archive + copy: src={{ jdk_installer_archive }} dest={{ tmp_dir }}/{{ jdk_installer_archive }} + args: + force: no + when: inventory_hostname in groups['wl_admin'] + +# ==> Extract JDK archive +- name: Extract jdk archive + unarchive: + src: '{{ tmp_dir }}/{{ jdk_installer_archive }}' + dest: '{{ java_home }}' + remote_src: yes + owner: '{{ oracle_user }}' + group: '{{ oracle_group }}' + extra_opts: + - --strip-components=1 + when: inventory_hostname in groups['wl_admin'] + +# ==> JVM delay fix +- name: Set securerandom.source to '/dev/urandom' + replace: + path: '{{ java_home }}/jre/lib/security/java.security' + regexp: '^securerandom.source=file:/dev/random' + replace: 'securerandom.source=file:/dev/urandom' + when: inventory_hostname in groups['wl_admin'] + +# ==> Java environment variables +- name: Add JAVA_HOME environment variariables in .bashrc + lineinfile: dest='/home/{{ oracle_user }}/.bashrc' line='export JAVA_HOME={{ java_home }}' + +- name: Add JAVA_HOME to PATH in .bashrc + lineinfile: dest='/home/{{ oracle_user }}/.bashrc' line='export PATH=$PATH:$JAVA_HOME/bin' \ No newline at end of file diff --git a/roles/managed/files/demo_keystore.jks.sample b/roles/managed/files/demo_keystore.jks.sample new file mode 100644 index 0000000..e69de29 diff --git a/roles/managed/tasks/main.yml b/roles/managed/tasks/main.yml new file mode 100644 index 0000000..bc3e325 --- /dev/null +++ b/roles/managed/tasks/main.yml @@ -0,0 +1,38 @@ +# ==> Copy scripts +- name: Copy managed server creation script + template: src=create-ms.j2 dest={{ tmp_dir }}/create-ms.py owner={{ oracle_user }} group={{ oracle_group }} + +# ==> Create managed server +- name: Execute managed server creation script + become: true + become_user: '{{ oracle_user }}' + shell: "{{ wls_bin }}/wlst.sh -skipWLSModuleScanning {{ tmp_dir }}/create-ms.py" + throttle: 1 + +# ==> Create shared cert dir in domain home +- name: Create shared keystore folder in domain home + file: state=directory path='{{ domain_home }}/certs' owner={{ oracle_user }} group={{ oracle_group }} + when: ms_ssl is sameas true and + ms_ssl_keystore is sameas true and + ms_ssl_keystore_file|length > 0 + +# ==> Copy keystore +- name: Copy keystore to shared keystore folder + copy: src={{ ms_ssl_keystore_file }} dest='{{ domain_home }}/certs' owner={{ oracle_user }} group={{ oracle_group }} + args: + force: no + when: ms_ssl is sameas true and + ms_ssl_keystore is sameas true and + ms_ssl_keystore_file|length > 0 + +# ==> Create firewall rule for managed server +- name: Create firewall rule for managed server + firewalld: zone=public port='{{ ms_port }}/tcp' permanent=true immediate=true state=enabled + when: ms_ssl is sameas false + +- name: Create firewall rule for managed server + firewalld: zone=public port="{{ item }}/tcp" permanent=true immediate=true state=enabled + with_items: + - "{{ ms_port }}" + - "{{ ms_ssl_port }}" + when: ms_ssl is sameas true \ No newline at end of file diff --git a/roles/managed/templates/create-ms.j2 b/roles/managed/templates/create-ms.j2 new file mode 100644 index 0000000..3105865 --- /dev/null +++ b/roles/managed/templates/create-ms.j2 @@ -0,0 +1,95 @@ +# Connect to WebLogic admin server +connect('{{ weblogic_admin }}', '{{ weblogic_admin_pass}}', '{{ hostvars[groups['wl_admin'][0]]['ansible_ssh_host'] }}:{{ admin_server_port }}') + +edit() +startEdit() + +# Create the managed Server. +cd('/') +cmo.createServer('{{ inventory_hostname }}') + +# Set listen address and port +cd('/Servers/{{ inventory_hostname }}') +cmo.setListenAddress('{{ ansible_ssh_host }}') +cmo.setListenPort(int('{{ ms_port }}')) + +# Associated with a node manager +cd('/Servers/{{ inventory_hostname }}') +cmo.setMachine(getMBean('/Machines/{{ inventory_hostname }}')) + +{% if ms_cluster is sameas true %} +# Associate with a cluster +cd('/Servers/{{ inventory_hostname }}') +cmo.setCluster(getMBean('/Clusters/{{ ms_cluster_name }}')) +{% endif %} + +{% if ms_wl_plugin is sameas true %} +cd('/Servers/{{ inventory_hostname }}') +cmo.setWeblogicPluginEnabled({{ ms_wl_plugin }}) +{% endif %} + +{% if disable_file_locking is sameas true %} +# (Doc ID 2370584.1) +cd('/Servers/{{ inventory_hostname }}/DefaultFileStore/{{ inventory_hostname }}') +cmo.setFileLockingEnabled(false) +cmo.setSynchronousWritePolicy('Cache-Flush') +{% endif %} + +{% if ms_ssl is sameas true %} +# Enable SSL and set SSL port +cd('/Servers/{{ inventory_hostname }}/SSL/{{ inventory_hostname }}') +cmo.setEnabled(true) +cmo.setListenPort(int('{{ ms_ssl_port}}')) +{% endif %} + +{% if ms_ssl_keystore is sameas true %} +# Attach keystores Identity and Trust +cd('/Servers/{{ inventory_hostname }}') +cmo.setKeyStores('CustomIdentityAndJavaStandardTrust') +save() +cmo.setCustomIdentityKeyStoreFileName('certs/{{ ms_ssl_keystore_file }}') +cmo.setCustomIdentityKeyStoreType('JKS') +cmo.setCustomIdentityKeyStorePassPhrase('{{ ms_ssl_keystore_pass }}') +cmo.setJavaStandardTrustKeyStorePassPhrase('{{ ms_ssl_trust_pass }}') + +# Attach SSL Identity +cd('/Servers/{{ inventory_hostname }}/SSL/{{ inventory_hostname }}') +cmo.setServerPrivateKeyAlias('{{ ms_ssl_keystore_alias}}') +cmo.setServerPrivateKeyPassPhrase('{{ ms_ssl_keystore_pass }}') +cmo.setHostnameVerificationIgnored(true) +{% endif %} + +{% if startup_args is sameas true %} +# Set server startup arguments +cd('/Servers/{{ inventory_hostname }}/ServerStart/{{ inventory_hostname }}') +cmo.setArguments('{{ startup_args_set}}') +{% endif %} + +{% if ms_log is sameas true %} +# Manage logging.General +cd('/Servers/{{ inventory_hostname }}/Log/{{ inventory_hostname }}') +cmo.setRotationType('bySize') +cmo.setFileMinSize({{ ms_log_size }}) +cmo.setNumberOfFilesLimited(false) +cmo.setRotateLogOnStartup({{ ms_log_rotate_on_startup }}) +cmo.setBufferSizeKB({{ ms_log_file_buffer }}) + +# Manage logging.HTTP +cd('/Servers/{{ inventory_hostname }}/WebServer/{{ inventory_hostname }}/WebServerLog/{{ inventory_hostname }}') +cmo.setRotationType('bySize') +cmo.setFileMinSize({{ ms_log_size }}) +cmo.setNumberOfFilesLimited(false) +cmo.setRotateLogOnStartup({{ ms_log_rotate_on_startup }}) +cmo.setBufferSizeKB({{ ms_log_file_buffer }}) +{% if ms_log_extended is sameas true %} +cmo.setLogFileFormat('extended') +save() +cmo.setELFFields('{{ ms_log_extended_fields }}') +{% endif %} +{% endif %} + +save() +activate() + +disconnect() +exit() \ No newline at end of file diff --git a/roles/node-manager/tasks/main.yml b/roles/node-manager/tasks/main.yml new file mode 100644 index 0000000..b0028fd --- /dev/null +++ b/roles/node-manager/tasks/main.yml @@ -0,0 +1,48 @@ +# ==> Create directory for node managers +- name: Create directoy for node managers + file: state=directory path={{ nm_home }} owner={{ oracle_user }} group={{ oracle_group }} + +# ==> Create node manager home directory +- name: Create node manager home + file: state=directory path={{ nm_home }}/{{ inventory_hostname }} owner={{ oracle_user }} group={{ oracle_group }} + +# ==> Copy nodemanager.properties file +- name: Copy 'nodemanager.properties' file + template: src=nodemanager.properties dest={{ nm_home }}/{{ inventory_hostname }}/ owner={{ oracle_user }} group={{ oracle_group }} + +# ==> Copy create scripts +- name: Copy node manager creation script + template: src=create-nm.py dest={{ tmp_dir }} owner={{ oracle_user }} group={{ oracle_group }} + +# ==> Copy setup scripts +- name: Copy node manager setup script + template: src=create-nm.sh dest={{ tmp_dir }} owner={{ oracle_user }} group={{ oracle_group }} mode=0755 + +# ==> Execute node manager script +- name: Execute node manager creation script + become: true + become_user: '{{ oracle_user }}' + shell: "{{ wls_bin }}/wlst.sh {{ tmp_dir }}/create-nm.py" + throttle: 1 + +# ==> Execute node manager script +- name: Execute node manager setup script + become: true + become_user: '{{ oracle_user }}' + shell: "{{ tmp_dir }}/create-nm.sh" + +# ==> Create firewall rule for Node Mnager +- name: Create firewall rule for node manager + firewalld: zone=public port='{{ nm_listen_port }}/tcp' permanent=true immediate=true state=enabled + +# ==> Create node manager service +- name: Create node manager systemd service + template: src=nodemanager.service dest=/etc/systemd/system/ owner=root group=root mode=0644 + +# ==> Start node manager +- name: Start node manager service + systemd: name=nodemanager state=started enabled=true + +# ==> Wait to start +- name: Wait for node manager to start + wait_for: port={{ nm_listen_port }} host={{ ansible_ssh_host }} delay=2 timeout=120 \ No newline at end of file diff --git a/roles/node-manager/templates/create-nm.py b/roles/node-manager/templates/create-nm.py new file mode 100644 index 0000000..6e58fa9 --- /dev/null +++ b/roles/node-manager/templates/create-nm.py @@ -0,0 +1,23 @@ +# Connect to WebLogic admin server +connect('{{ weblogic_admin }}', '{{ weblogic_admin_pass}}', '{{ hostvars[groups['wl_admin'][0]]['ansible_ssh_host'] }}:{{ admin_server_port }}') + +nmEnroll('{{ domain_home }}', '{{ nm_home }}/{{ inventory_hostname }}') + +edit() +startEdit() + +# Create the node manager reference. +cd('/') +cmo.createUnixMachine('{{ inventory_hostname }}') +cd('/Machines/{{ inventory_hostname }}//NodeManager/{{ inventory_hostname }}') +cmo.setListenAddress('{{ ansible_ssh_host }}') +cmo.setListenPort(int('{{ nm_listen_port }}')) +cmo.setNMType('Plain') +cmo.setName('{{ inventory_hostname }}') +cmo.setNodeManagerHome('{{ nm_home }}/{{ inventory_hostname }}') + +save() +activate() + +disconnect() +exit() \ No newline at end of file diff --git a/roles/node-manager/templates/create-nm.sh b/roles/node-manager/templates/create-nm.sh new file mode 100644 index 0000000..965d30a --- /dev/null +++ b/roles/node-manager/templates/create-nm.sh @@ -0,0 +1,7 @@ +#!/bin/sh +domainHome="{{ domain_home }}" +nmHome="{{ nm_home }}/{{ inventory_hostname }}" + +cp -R ${domainHome}/bin/*NodeManager.sh ${nmHome} +sed -i -e "s|NODEMGR_HOME=\"${domainHome}/nodemanager\"|NODEMGR_HOME=\"${nmHome}\"|g" ${nmHome}/startNodeManager.sh +sed -i -e "s|NODEMGR_HOME=\"${domainHome}/nodemanager\"|NODEMGR_HOME=\"${nmHome}\"|g" ${nmHome}/stopNodeManager.sh \ No newline at end of file diff --git a/roles/node-manager/templates/nodemanager.properties b/roles/node-manager/templates/nodemanager.properties new file mode 100644 index 0000000..3e02752 --- /dev/null +++ b/roles/node-manager/templates/nodemanager.properties @@ -0,0 +1,25 @@ +#Node manager properties +DomainsFile={{ domain_home }}/nodemanager/nodemanager.domains +LogLimit=0 +PropertiesVersion=12.2.1 +AuthenticationEnabled=true +NodeManagerHome={{ nm_home }}/{{ inventory_hostname }} +JavaHome={{ java_home }} +LogLevel=INFO +DomainsFileEnabled=true +ListenAddress={{ ansible_ssh_host }} +NativeVersionEnabled=true +ListenPort={{ nm_listen_port }} +LogToStderr=true +weblogic.StartScriptName= +SecureListener={{ nm_secure_listener }} +LogCount=1 +QuitEnabled=false +LogAppend=true +weblogic.StopScriptEnabled=false +StateCheckInterval=500 +CrashRecoveryEnabled=false +weblogic.StartScriptEnabled=true +LogFile={{ nm_home }}/{{ inventory_hostname }}/nodemanager.log +LogFormatter=weblogic.nodemanager.server.LogFormatter +ListenBacklog=50 \ No newline at end of file diff --git a/roles/node-manager/templates/nodemanager.service b/roles/node-manager/templates/nodemanager.service new file mode 100644 index 0000000..a1bc854 --- /dev/null +++ b/roles/node-manager/templates/nodemanager.service @@ -0,0 +1,17 @@ +[Unit] +Description=Controls Node Manager Lifecycle +After=network.target sshd.service + +[Service] +User={{ oracle_user }} +Group={{ oracle_group }} +WorkingDirectory={{ nm_home }}/{{ inventory_hostname }} +ExecStart=/bin/bash {{ nm_home }}/{{ inventory_hostname }}/startNodeManager.sh +ExecStop=/bin/bash {{ nm_home }}/{{ inventory_hostname }}/stopNodeManager.sh +Type=simple +KillMode=process +Restart=on-failure +RestartSec=5s + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml new file mode 100644 index 0000000..ba1736c --- /dev/null +++ b/roles/reset/tasks/main.yml @@ -0,0 +1,71 @@ +--- +- name: Stop managed servers + shell: "{{ wls_bin }}/wlst.sh -skipWLSModuleScanning {{ domain_home }}/bin/stop-ms.py" + when: inventory_hostname in groups['wl_admin'] + ignore_errors: true + +- name: Stop admin server service + systemd: name=adminserver state=stopped enabled=no + when: inventory_hostname in groups['wl_admin'] + ignore_errors: true + +- name: Wait for admin server fully stopped + wait_for: port={{ admin_server_port }} delay=2 state=drained timeout=60 + when: inventory_hostname in groups['wl_admin'] + ignore_errors: true + +- name: Remove admin server systemd service file + file: path=/etc/systemd/system/adminserver.service state=absent + when: inventory_hostname in groups['wl_admin'] + ignore_errors: true + +- name: Remove firewall rule for admin server + firewalld: zone=public port='{{ admin_server_port }}/tcp' permanent=true immediate=true state=disabled + when: inventory_hostname in groups['wl_admin'] + +- name: Stop node manager service + systemd: name=nodemanager state=stopped enabled=no + when: inventory_hostname in groups['wl_node'] + ignore_errors: true + +- name: Wait for node manager fully stopped + wait_for: port={{ nm_listen_port }} host={{ ansible_ssh_host }} delay=2 state=drained timeout=60 + when: inventory_hostname in groups['wl_node'] + ignore_errors: true + +- name: Remove node manager systemd service file + file: path=/etc/systemd/system/nodemanager.service state=absent + when: inventory_hostname in groups['wl_node'] + ignore_errors: true + +- name: Remove firewall rule for node manager + firewalld: zone=public port='{{ nm_listen_port }}/tcp' permanent=true immediate=true state=disabled + when: inventory_hostname in groups['wl_node'] + +- name: Remove firewall rule for managed server + firewalld: zone=public port='{{ ms_port }}/tcp' permanent=true immediate=true state=disabled + when: ms_ssl is sameas false and inventory_hostname in groups['wl_node'] + +- name: Remove firewall rule for managed server + firewalld: zone=public port="{{ item }}/tcp" permanent=true immediate=true state=disabled + with_items: + - "{{ ms_port }}" + - "{{ ms_ssl_port }}" + when: ms_ssl is sameas true and inventory_hostname in groups['wl_node'] + +- name: Remove 'oracle' user + user: name={{ oracle_user }} state=absent remove=true + +- name: Remove 'oinstall' group + group: name={{ oracle_group }} state=absent + +- name: Remove WebLogic related directories + file: path={{ oracle_base }} state=absent + when: inventory_hostname in groups['wl_admin'] + ignore_errors: true + +- name: Remove '/tmp' directory + file: path={{ tmp_dir }} state=absent + +- name: Reboot machine after uninstall + reboot: reboot_timeout=300 \ No newline at end of file diff --git a/roles/update/ssl/files/demo_keystore.jks.sample b/roles/update/ssl/files/demo_keystore.jks.sample new file mode 100644 index 0000000..e69de29 diff --git a/roles/update/ssl/tasks/main.yml b/roles/update/ssl/tasks/main.yml new file mode 100644 index 0000000..bda2755 --- /dev/null +++ b/roles/update/ssl/tasks/main.yml @@ -0,0 +1,32 @@ +--- +# ==> Copy keystore +- name: Copy new keystore to shared keystore folder + copy: src={{ ms_ssl_keystore_file }} dest='{{ domain_home }}/certs' owner={{ oracle_user }} group={{ oracle_group }} + args: + force: no + when: ms_ssl is sameas true + and ms_ssl_keystore is sameas true + and ms_ssl_keystore_file|length > 0 + +# ==> Create tmp directory +- name: Create tmp directory + file: + state: directory + path: "{{ tmp_dir }}" + owner: "{{ oracle_user }}" + group: "{{ oracle_group }}" + +# ==> Copy scripts +- name: Copy keystore update script + template: + src: update-ssl.j2 + dest: "{{ tmp_dir }}/update-ssl.py" + owner: "{{ oracle_user }}" + group: "{{ oracle_group }}" + +# ==> Execute script +- name: Execute keystore update script + become: true + become_user: "{{ oracle_user }}" + shell: "{{ wls_bin }}/wlst.sh -skipWLSModuleScanning {{ tmp_dir }}/update-ssl.py" + throttle: 1 \ No newline at end of file diff --git a/roles/update/ssl/templates/update-ssl.j2 b/roles/update/ssl/templates/update-ssl.j2 new file mode 100644 index 0000000..5f13b47 --- /dev/null +++ b/roles/update/ssl/templates/update-ssl.j2 @@ -0,0 +1,56 @@ +# -*- coding: utf-8 -*- +# WebLogic Server Version: 12.2.1.3.0, Jython 2.2.1.final.0 +import sys + +# redirect wlst's own output to null, print lines in the script itself +redirect('/dev/null', 'false') + +# Connect to WebLogic admin server +connect('{{ weblogic_admin }}', '{{ weblogic_admin_pass}}', '{{ hostvars[groups['wl_admin'][0]]['ansible_ssh_host'] }}:{{ admin_server_port }}') + +# Check if the connection is established. +if connected == "false": + print("Failed to connect to admin server") + sys.exit(1) + +# All managed servers +servers = cmo.getServers() + +{% if ms_ssl_keystore is sameas true %} +edit() +startEdit() + +for server in servers: + ms = server.getName() + if ms != 'AdminServer': + # Attach SSL Keystore + cd('/Servers/' + ms) + cmo.setCustomIdentityKeyStoreFileName('certs/{{ ms_ssl_keystore_file }}') + cmo.setCustomIdentityKeyStorePassPhrase('{{ ms_ssl_keystore_pass }}') + + # Attach SSL Identity + cd('/Servers/' + ms + '/SSL/'+ ms) + cmo.setServerPrivateKeyAlias('{{ ms_ssl_keystore_alias}}') + cmo.setServerPrivateKeyPassPhrase('{{ ms_ssl_keystore_pass }}') + +save() +activate() + +# Switch runtime to domainRuntime +domainRuntime() + +for server in servers: + ms = server.getName() + if ms != 'AdminServer': + # Restarting SSL... + cd('/ServerLifeCycleRuntimes/' + ms) + serverState = get('State') + if (serverState != "SHUTDOWN"): + print('Restarting SSL for: ' + ms) + cd('/ServerRuntimes/' + ms) + cmo.restartSSLChannels() + +{% endif %} + +disconnect() +exit() \ No newline at end of file diff --git a/roles/wl-auth/tasks/main.yml b/roles/wl-auth/tasks/main.yml new file mode 100644 index 0000000..26873d8 --- /dev/null +++ b/roles/wl-auth/tasks/main.yml @@ -0,0 +1,25 @@ +# ==> Copy scripts +- name: Copy key and config creation script + template: src=genKeyNConfig.py dest={{ tmp_dir }} owner={{ oracle_user }} group={{ oracle_group }} + when: inventory_hostname in groups['wl_admin'] + +# ==> Generate files +- name: Execute key and config file creation script + become: true + become_user: '{{ oracle_user }}' + shell: "{{ wls_bin }}/wlst.sh -skipWLSModuleScanning {{ tmp_dir }}/genKeyNConfig.py" + when: inventory_hostname in groups['wl_admin'] + +# ==> Set permissions +- name: Change permissions for config file. + file: path={{ domain_home }}/config/{{ oracle_user }}-WebLogicConfig.properties owner={{ oracle_user }} group={{ oracle_group }} mode=0400 + +- name: Change permissions for key file. + file: path={{ domain_home }}/config/{{ oracle_user }}-WebLogicKey.properties owner={{ oracle_user }} group={{ oracle_group }} mode=0400 + +# ==> Set environment variables +- name: Add 'userConfigFile' environment variariables in .bashrc + lineinfile: dest='/home/{{ oracle_user }}/.bashrc' line='export userConfigFile={{ domain_home }}/config/{{ oracle_user }}-WebLogicConfig.properties' + +- name: Add 'userKeyFile' environment variariables in .bashrc + lineinfile: dest='/home/{{ oracle_user }}/.bashrc' line='export userKeyFile={{ domain_home }}/config/{{ oracle_user }}-WebLogicKey.properties' \ No newline at end of file diff --git a/roles/wl-auth/templates/genKeyNConfig.py b/roles/wl-auth/templates/genKeyNConfig.py new file mode 100644 index 0000000..0932780 --- /dev/null +++ b/roles/wl-auth/templates/genKeyNConfig.py @@ -0,0 +1,12 @@ +# Connect to WebLogic admin server +connect('{{ weblogic_admin }}', '{{ weblogic_admin_pass}}', '{{ hostvars[groups['wl_admin'][0]]['ansible_ssh_host'] }}:{{ admin_server_port }}') + +# Creates a user configuration file and an associated key file +# https://docs.oracle.com/middleware/1213/wls/WLSTC/reference.htm#GUID-54FB0DCB-62F4-4BA7-8D34-4E2BEE698EF7 +storeUserConfig('{{ domain_home }}/config/{{ oracle_user }}-WebLogicConfig.properties', '{{ domain_home }}/config/{{ oracle_user }}-WebLogicKey.properties') + +# ==> Usage +# connect("userConfigFile='', userKeyFile='','t3://:7001') + +disconnect() +exit() \ No newline at end of file diff --git a/roles/wls-prep/tasks/main.yml b/roles/wls-prep/tasks/main.yml new file mode 100644 index 0000000..dc249ef --- /dev/null +++ b/roles/wls-prep/tasks/main.yml @@ -0,0 +1,27 @@ +# ==> Set hostname +- name: Setting hostnames + hostname: name={{ inventory_hostname }} + +# ==> Create user and groups +- name: Create group 'oinstall' with specific gid + group: name={{ oracle_group }} gid={{ oracle_group_id }} + +- name: Create user 'oracle' with specific uid and a primary group of 'oinstall' + user: name={{ oracle_user }} uid={{ oracle_user_id }} group={{ oracle_group }} + +# ==> Create Base Directories +- name: Create weblogic base directory + delegate_to: "{{ hostvars[groups['wl_admin'][0]]['ansible_ssh_host'] }}" + file: state=directory path={{ oracle_base }} owner={{ oracle_user }} group={{ oracle_group }} + +- name: Create oracle home directory + delegate_to: "{{ hostvars[groups['wl_admin'][0]]['ansible_ssh_host'] }}" + file: state=directory path={{ oracle_home }} owner={{ oracle_user }} group={{ oracle_group }} + +- name: Create domain home directory + delegate_to: "{{ hostvars[groups['wl_admin'][0]]['ansible_ssh_host'] }}" + file: state=directory path={{ domain_home }} owner={{ oracle_user }} group={{ oracle_group }} + +# ==> Create tmp directories +# - name: Create tmp directory +# file: state=directory path='{{ tmp_dir }}' owner={{ oracle_user }} group={{ oracle_group }} \ No newline at end of file