reenable Patching in RAC Setups

.ansible-lint

@@ -14,10 +14,12 @@ exclude_paths:
   - dbhome-conversion
   - docker
   - plugins/modules
+  - execution-environment.yml
   - playbooks/desupported
   - changelogs
   - roles/oraemagent_install  # deprecated role
   - example/*/ansible/playbooks/collections/ansible_collections
+  - example/*/ansible/requirements.yml
   - playbooks/collections/ansible_collections
 
 extra_vars:

.gitignore

@@ -3,9 +3,11 @@
 *.pub
 LINUX.X64_*.zip
 
+context
 # ignore for ansible-navigator
 playbooks/collections/ansible_collections
 example/*/ansible/playbooks/collections/ansible_collections
+example/*/ansible/navigator/replay/*json
+example/*/ansible/context
 ansible-navigator.log
 navigator/replay/*json
-

changelogs/fragments/apply_patches_gi.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - "bugfix: added apply_patches_gi to some tasks with patch_before_rootsh ()"

changelogs/fragments/cluvfy.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - "oracluvfy did not fail when error was detected ()"

changelogs/fragments/oraswdb_manage_patches.yml

@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - "oraswdb_manage_patches: make role compatible with oraswgi_manage_patches ()"

changelogs/fragments/oraswgi_install_refactor.yml

@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - "oraswgi_install: Next refactoring of role for RAC ()"

changelogs/fragments/oraswgi_manage_patches.yml

@@ -0,0 +1,3 @@
+---
+breaking_changes:
+  - "oraswgi_manage_patches: python-module xmltodict needed on ansible-controller ()"

example/rac/ansible/ansible-navigator.yml

@@ -0,0 +1,25 @@
+---
+ansible-navigator:
+  # ansible-runner:
+  #   artifact-dir: navigator
+  #   rotate-artifacts-count: 20
+  execution-environment:
+    enabled: true
+    # Create the local environment with:
+    # ansible-navigator builder build
+    image: ansible-execution-env:latest
+    # image: ghcr.io/ansible/creator-ee:v24.2.0
+    volume-mounts:
+      - src: "/vagrant"
+        dest: "/vagrant"
+        options: "ro"
+    environment-variables:
+      set:
+        ANSIBLE_CONFIG: ansible.cfg
+  logging:
+    level: warning
+  mode: stdout
+  playbook-artifact:
+    enable: true
+    replay: "{playbook_dir}/../navigator/replay/{playbook_name}-{time_stamp}.json"
+    save-as: "{playbook_dir}/../navigator/replay/{playbook_name}-{time_stamp}.json"

example/rac/ansible/ansible.cfg

@@ -0,0 +1,19 @@
+[defaults]
+inventory = inventory/rac
+
+host_key_checking = False
+# display_skipped_hosts = false
+duplicate_dict_key = ignore
+
+nocolor = 1
+retry_files_enabled = False
+
+# callbacks_enabled = timer, profile_roles
+
+[ssh_connection]
+pipelining = True
+
+# needed for devsec ssh-role
+scp_if_ssh = True
+
+ssh_args = -o ControlMaster=auto -o ControlPersist=60s

example/rac/ansible/execution-environment.yml

@@ -0,0 +1 @@
+../../../execution-environment.yml

example/rac/ansible/inventory/rac/group_vars/all/asm.yml

@@ -0,0 +1,25 @@
+---
+
+device_persistence: asmlib
+oracle_asm_disk_string: /dev/oracleasm/disks/*
+oracle_asm_init_dg: data
+
+asm_diskgroups:        # ASM Diskgroups used for DB-storage. Should map to dict asm_storage_layout.
+  - diskgroup: data
+    state: present
+    properties:
+      - {redundancy: external, ausize: 4}
+    attributes:
+      - {name: compatible.rdbms, value: 11.2.0.4.0}
+      - {name: compatible.asm, value: "19.0.0.0.0"}
+    disk:
+      - {device: /dev/sdc, asmlabel: data01}
+  - diskgroup: fra
+    state: present
+    properties:
+      - {redundancy: external, ausize: 4}
+    attributes:
+      - {name: compatible.rdbms, value: 11.2.0.4.0}
+      - {name: compatible.asm, value: "19.0.0.0.0"}
+    disk:
+      - {device: /dev/sdd, asmlabel: fra01}

example/rac/ansible/inventory/rac/group_vars/all/db-homes.yml

@@ -0,0 +1,49 @@
+---
+apply_patches_db: true
+db_homes_config:
+  db1913-gi-ee: &db1913-gi-ee
+    home: db1912-si-ee
+    version: 19.3.0.0
+    oracle_home: /u01/app/oracle/product/19/db1913-si-ee
+    edition: EE
+    opatch_minversion: 12.2.0.1.27
+    opatchauto:
+      - patchid: 33182768
+        patchversion: 19.13.0.0.211019
+        state: present
+        subpatches:
+          - 33208123  # OCW Release Update 19.13.0.0.211019
+          - 32585572  # DBWLM Release Update
+          - 33192793  # Database Release Update 19.13.0.0.211019
+    opatch: []
+    #   # Remove Oracle Database 19c Important Recommended One-off Patches (Doc ID 555.1)
+    #   - {patchid: 29213893, state: absent, excludeUPI: 24384541, stop_processes: true}
+    #   - {patchid: 30978304, state: absent, excludeUPI: 24384338, stop_processes: true}
+    #   # - {patchid: 31602782, state: absent, excludeUPI: 24384398, stop_processes: true}
+    #   - {patchid: 33121934, state: absent, excludeUPI: 24407586, stop_processes: true}
+    #   - {patchid: 32522300, state: absent, stop_processes: true}
+    #   - {patchid: 31143146, state: absent, stop_processes: true}
+    #   - {patchid: 32919937, state: absent, stop_processes: true}
+    #   - {patchid: 33144001, state: absent, stop_processes: true}
+    #   - patchid: 32876380
+    #     # Oracle JavaVM Component Release Update (OJVM RU) 19.13.0.0.211019
+    #     stop_processes: true
+    #     state: present
+    #     path: 19.13.0.0.211019/ojvm/p33192694_190000_Linux-x86-64.zip
+    #     # Oracle Database 19c Important Recommended One-off Patches (Doc ID 555.1)
+    #   - {patchid: 29213893, path: 19.13.0.0.211019/p29213893_1913000DBRU_Generic.zip, state: present, stop_processes: true}
+    #   - {patchid: 30978304, path: 19.13.0.0.211019/p30978304_1913000DBRU_Generic.zip, state: present, stop_processes: true}
+    #   # Contention on "CURSOR: PIN S WAIT ON X" when PQ slave's execution plan does not match with QC
+    #   # conflicts with 33121934 ...
+    #   # - {patchid: 31602782, path: 19.13.0.0.211019/p31602782_1913000DBRU_Linux-x86-64.zip, state: present, stop_processes: true}
+    #   # Library cache lock / load lock / mutex x during connection storm
+    #   - {patchid: 33121934, path: 19.13.0.0.211019/p33121934_1913000DBRU_Linux-x86-64.zip, state: present, stop_processes: true}
+
+  # Current Mapping of ORACLE_HOMEs
+  # use this mapping for fast change between the Release Updates
+  # <<: * => merge values from alias and overwrite oracle_home + home
+  db19-gi-ee:
+    <<: *db1913-gi-ee
+    # imagename: db_home_19.13.zip
+    oracle_home: /u01/app/oracle/product/19/db1
+    home: db19-gi-ee

example/rac/ansible/inventory/rac/group_vars/all/db-profiles.yml

@@ -0,0 +1,15 @@
+---
+# global Defaults for Database-Profiles
+
+oracle_default_profiles:
+  - name: DEFAULT
+    state: present
+    attributes:
+      - {name: password_life_time, value: unlimited}
+  - name: PW_UNLIMIT
+    state: present
+    attributes:
+      - {name: password_life_time, value: "UNLIMITED"}
+      - {name: password_grace_time, value: 7}
+      - {name: password_lock_time, value: 1}
+      - {name: password_verify_function, value: "null"}

example/rac/ansible/inventory/rac/group_vars/all/dev-sec.yml

@@ -0,0 +1,22 @@
+---
+# Oracle gets problems, when root processes are not visible
+hidepid_option: 0
+
+os_security_kernel_enable_module_loading: true
+
+sysctl_overwrite:
+  network_ipv6_enable: false
+  fs.protected_regular: 0  # needed for opatchauto ...
+
+# ssh settings
+ssh_print_last_log: true
+ssh_allow_agent_forwarding: false
+ssh_permit_tunnel: false
+ssh_allow_tcp_forwarding: 'no'
+ssh_max_auth_retries: 3
+
+ssh_allow_users: vagrant ansible
+
+# disable some ansible-oracle options
+disable_selinux: false
+configure_oracle_sudo: false

example/rac/ansible/inventory/rac/group_vars/all/gi-homes.yml

@@ -0,0 +1,34 @@
+---
+# This configuration file is used as a global default
+# The variable gi_patches_config is not part of ansible-oracle. It is
+# referenced from other structures in the Inventory.
+
+gi_patches_config:
+  19.23.0.0.240116:
+    19.3.0.0:  # Base Release
+      opatch_minversion: 12.2.0.1.40
+      opatchauto:
+        - patchid: 36233126
+          patchversion: 19.23.0.0.240416
+          state: present
+          subpatches:
+            - 36240578  # OCW Release Update 19.23.0.0.240416
+            - 36383196  # DBWLM Release Update
+            - 36233343  # ACFS Release Update 19.23.0.0.240416
+            - 36460248  # Tomcat Release Update 19.0.0.0.0
+            - 36233263  # Database Release Update 19.23.0.0.240416
+      opath: []
+  19.22.0.0.240116:
+    19.3.0.0:  # Base Release
+      opatch_minversion: 12.2.0.1.40
+      opatchauto:
+        - patchid: 35940989
+          patchversion: 19.22.0.0.240116
+          state: present
+          subpatches:
+            - 35967489  # OCW Release Update 19.22.0.0.240116
+            - 33575402  # DBWLM Release Update
+            - 35956421  # ACFS Release Update 19.22.0.0.240116
+            - 36115038  # Tomcat Release Update 19.0.0.0.0
+            - 35943157  # Database Release Update 19.22.0.0.240116
+      opath: []

example/rac/ansible/inventory/rac/group_vars/all/gi.yml

@@ -0,0 +1,22 @@
+---
+oracle_install_option_gi: CRS_CONFIG
+oracle_install_version_gi: 19.3.0.0
+oracle_home_gi: /u01/app/gridinfra/19
+# oracle_install_image_gi: grid_home_19.12.zip
+oracle_gi_cluster_type: STANDARD
+oracle_asm_init_dg: data
+
+apply_patches_gi: true
+patch_before_rootsh: true
+
+gi_patches:
+  # "{{ gi_patches_config['19.23.0.0.240116'] }}"
+  "{{ gi_patches_config['19.22.0.0.240116'] }}"
+
+role_separation: true
+configure_ssh: true
+
+oracle_scan: scan-192-168-56-199.nip.io
+oracle_scan_port: 1521
+oracle_gi_nic_pub: eth1
+oracle_gi_nic_priv: eth2

example/rac/ansible/inventory/rac/group_vars/all/host.yml

@@ -0,0 +1,40 @@
+---
+# Set ansible_python_interpreter only when python is executable with that path
+# ansible_python_interpreter: /bin/python3
+
+configure_public_yum_repo: true
+configure_epel_repo: true
+configure_motd: false
+configure_etc_hosts: true
+
+configure_oracle_sudo: true
+disable_ee_options: true  # noqa var-naming
+
+control_management_pack_access: NONE
+
+configure_hugepages_by: memory
+
+# disable hugepages on small systems
+# don't forget to enable use_large_pages in oracle parameter
+# size_in_gb_hugepages: 2
+size_in_gb_hugepages: 0
+
+oracle_stage: /u01/stage
+
+configure_host_disks: true
+
+host_fs_layout:
+  - vgname: oravg
+    state: present
+    filesystem:
+      - {mntp: /u01, lvname: orabaselv, lvsize: 50G, fstype: xfs}
+      - {mntp: swap, lvname: swaplv, lvsize: 16g, fstype: swap}
+    disk:
+      - {device: /dev/sdb, pvname: /dev/sdb1}
+  - vgname: rootvg
+    state: present
+    filesystem:
+      - {mntp: /tmp, lvname: tmplv, lvsize: 1400m, fstype: ext4, owner: root, group: root, mode: "u+rwx,g+rwx,o+rwxt"}
+      - {mntp: /var, lvname: varlv, lvsize: 7g, fstype: ext4, owner: root, group: root, mode: "755"}
+    disk:
+      - {device: /dev/sda, pvname: /dev/sda2}

example/rac/ansible/inventory/rac/group_vars/all/oracle_patches.yml

@@ -0,0 +1,18 @@
+---
+oracle_sw_patches:
+  - filename: p36233126_190000_Linux-x86-64.zip
+    patchid: 36233126
+    version: 19.3.0.0
+    description: GI RELEASE UPDATE 19.23.0.0.0
+  - filename: p35940989_190000_Linux-x86-64.zip
+    patchid: 35940989
+    version: 19.3.0.0
+    description: GI RELEASE UPDATE 19.22.0.0.0
+  - filename: p33182768_190000_Linux-x86-64.zip
+    patchid: 33182768
+    version: 19.3.0.0
+    description: DB RELEASE UPDATE 19.13.0.0.0
+  - filename: cvupack_linux_ol7_x86_64.zip
+    patchid: 30839369
+    version: 21.0.0.0
+    description: Latest cluvfy

example/rac/ansible/inventory/rac/group_vars/all/passwords.yml

@@ -0,0 +1,15 @@
+---
+#
+# IMPORTANT!!!!
+#
+# Do not forget to encrypt this file or entries with ansible-vault.
+#
+default_dbpass: Oracle_123
+default_gipass: Oracle_123
+
+dbpasswords:
+  DB1:
+    sys: Oracle_123
+    system: Oracle_123
+    dbsnmp: Oracle_456
+    pdbadmin: Oracle_456

example/rac/ansible/inventory/rac/group_vars/all/software_src.yml

@@ -0,0 +1,19 @@
+---
+is_sw_source_local: true
+oracle_sw_copy: true
+oracle_sw_unpack: true
+
+# directory for patch download
+oracle_sw_source_local: /vagrant
+
+# Directory for Installation-Media
+oracle_stage_remote: /vagrant
+
+# Directory for response files, extraceted patches etc.
+oracle_stage: /u01/stage
+
+# Example for Remote NFS
+# install_from_nfs: true          # Mount NFS-Share?
+# nfs_server_sw: 192.168.56.99    # NFS-Server
+# nfs_server_sw_path: /sw         # NFS-Share
+# oracle_stage_remote: /u01/se    # local mount point for NFS share