From 89fe632219cfd10fc7dd37ce2ca36071d0daeed0 Mon Sep 17 00:00:00 2001 From: Thorsten Bruhns Date: Sat, 20 Jan 2024 20:28:27 +0000 Subject: [PATCH 1/3] oradb_manage_db: Added support for aliasnames for Oracle Wallet Example: oracle_tnsnames_config: orclpdb: alias: - orclpdb_dbsnmp - orclpdb_checkmk connect: ... tnsnames.ora: ORCLPDB, ORCLPDB_DBSNMP, ORCLPDB_CHECKMK = (DESCRIPTION = --- changelogs/fragments/tnsnames_alias.yml | 3 +++ .../shared_config/inventory/group_vars/all/oracle_db.yml | 2 ++ roles/oradb_manage_db/templates/tnsnames.ora.j2 | 6 +++++- 3 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/tnsnames_alias.yml diff --git a/changelogs/fragments/tnsnames_alias.yml b/changelogs/fragments/tnsnames_alias.yml new file mode 100644 index 000000000..0ec1bcad5 --- /dev/null +++ b/changelogs/fragments/tnsnames_alias.yml @@ -0,0 +1,3 @@ +--- +minor_changes: + - "oradb_manage_db: Added support for aliasnames for Oracle Wallet ()" diff --git a/extensions/molecule/shared_config/inventory/group_vars/all/oracle_db.yml b/extensions/molecule/shared_config/inventory/group_vars/all/oracle_db.yml index 7857591da..bf132979c 100644 --- a/extensions/molecule/shared_config/inventory/group_vars/all/oracle_db.yml +++ b/extensions/molecule/shared_config/inventory/group_vars/all/oracle_db.yml @@ -146,6 +146,8 @@ oracle_pdbs: _tnsnames_config_pdb_helper: - key: "{{ oracle_pdbs[0]['pdb_name'] }}" + alias: + - "{{ oracle_pdbs[0]['pdb_name'] }}_SYSTEM" value: connect: service_name: "{{ oracle_pdbs[0]['pdb_name'] }}" diff --git a/roles/oradb_manage_db/templates/tnsnames.ora.j2 b/roles/oradb_manage_db/templates/tnsnames.ora.j2 index 14c7d6763..26823e674 100644 --- a/roles/oradb_manage_db/templates/tnsnames.ora.j2 +++ b/roles/oradb_manage_db/templates/tnsnames.ora.j2 @@ -16,7 +16,11 @@ SALES= # do not edit the configuration manually. # The execution of ansible-oracle automatically replace all manual changes! -{{ tnsinst.tnsname | upper }} = +{% if oracle_tnsnames_config[tnsinst.tnsname]['alias'] is defined -%} +{{ tnsinst.tnsname | upper }}, {{ oracle_tnsnames_config[tnsinst.tnsname]['alias'] | join(', ') | upper }} +{%- else %} +{{ tnsinst.tnsname | upper }} +{%- endif %} = (DESCRIPTION = (FAILOVER={{ oracle_tnsnames_config[tnsinst.tnsname]['failover'] | default('yes')}}) (CONNECT_TIMEOUT={{ oracle_tnsnames_config[tnsinst.tnsname]['connect_timeout'] | default('5')}}) From f83ed874cd3b4547357cf56f989f94f7c79c7a59 Mon Sep 17 00:00:00 2001 From: Thorsten Bruhns Date: Sun, 21 Jan 2024 08:32:13 +0000 Subject: [PATCH 2/3] oradb_manage_db: allow multiline values for keys in sqlnet_ansible.ora --- changelogs/fragments/sqlnet_ansible.yml | 3 ++ roles/oradb_manage_db/README.md | 2 + roles/oradb_manage_db/tasks/main.yml | 2 + roles/oradb_manage_db/tasks/sqlnet.yml | 52 +++++++++++++++++++++++-- 4 files changed, 55 insertions(+), 4 deletions(-) create mode 100644 changelogs/fragments/sqlnet_ansible.yml diff --git a/changelogs/fragments/sqlnet_ansible.yml b/changelogs/fragments/sqlnet_ansible.yml new file mode 100644 index 000000000..436815000 --- /dev/null +++ b/changelogs/fragments/sqlnet_ansible.yml @@ -0,0 +1,3 @@ +--- +minor_changes: + - "oradb_manage_db: allow multiline values for keys in sqlnet_ansible.ora ()" diff --git a/roles/oradb_manage_db/README.md b/roles/oradb_manage_db/README.md index 0b6549742..c1f7370ae 100644 --- a/roles/oradb_manage_db/README.md +++ b/roles/oradb_manage_db/README.md @@ -100,6 +100,8 @@ oracle_gi_cluster_type: STANDARD **_sql_script_** +**_sqlnet_** + **_sqlnet2_** **_tnsnames_** diff --git a/roles/oradb_manage_db/tasks/main.yml b/roles/oradb_manage_db/tasks/main.yml index 472fba671..549db628f 100644 --- a/roles/oradb_manage_db/tasks/main.yml +++ b/roles/oradb_manage_db/tasks/main.yml @@ -33,6 +33,8 @@ loop_var: sqlnetinst when: sqlnet_installed is defined tags: sqlnet2 + vars: + _sqlnet_ansible_file: "{{ _oradb_manage_db_tns_home }}/network/admin/sqlnet_ansible.ora" - name: manage_db | include listener_details.yml ansible.builtin.include_tasks: listener_details.yml diff --git a/roles/oradb_manage_db/tasks/sqlnet.yml b/roles/oradb_manage_db/tasks/sqlnet.yml index a6c027016..a5eb98b28 100644 --- a/roles/oradb_manage_db/tasks/sqlnet.yml +++ b/roles/oradb_manage_db/tasks/sqlnet.yml @@ -17,11 +17,50 @@ mode: 0644 tags: sqlnet2 +# Important! +# ansible-oracle <= 4.3 used lineinfile instead blockinfile with marker +# => Remove old entries before readding them with blockinfile +- name: Check for existing sqlnet_ansible.ora + ansible.builtin.stat: + path: "{{ _sqlnet_ansible_file }}" + register: _sqlnet_ansible_file_res + tags: + - sqlnet + - sqlnet2 + +- name: Working on sqlnet_ansible.ora + tags: + - sqlnet + - sqlnet2 + when: + - _sqlnet_ansible_file_res.stat.exists + block: + - name: Search for marker in sqlnet_ansible.ora + ansible.builtin.lineinfile: + path: "{{ _sqlnet_ansible_file }}" + regexp: "# BEGIN Ansible managed for .*" + line: "# BEGIN Ansible managed for .*" + state: present + register: old_sqlnet_ansible_res + changed_when: false + check_mode: true + + # Remove existing sqlnet_ansible.ora when no new marker is in place + # => we found an old configuration file created with lineinfile + # this must be changed to blockinfile with marker + - name: Remove existing sqlnet_ansible.ora due to missing new marker items + ansible.builtin.file: + path: "{{ _sqlnet_ansible_file }}" + state: absent + when: "'line added' in old_sqlnet_ansible_res.msg" + - name: sqlnet.ora | create custom configuration in sqlnet_ansible.ora - ansible.builtin.lineinfile: - path: "{{ _oradb_manage_db_tns_home }}/network/admin/sqlnet_ansible.ora" - line: "{{ item.name }}={{ item.value }}" - regexp: "^{{ item.name }}=" + ansible.builtin.blockinfile: + path: "{{ _sqlnet_ansible_file }}" + block: >- + {{ sc_loop.name }} = {{ sc_loop.value }} + marker: "# {mark} Ansible managed for {{ sc_loop.name }}" + insertafter: "EOF" backup: true create: true group: "{{ oracle_group }}" @@ -30,4 +69,9 @@ mode: 0644 with_items: - "{{ sqlnet_config[sqlnetinst.sqlnet] }}" + loop_control: + label: >- + {{ sqlnetinst.sqlnet }} + {{ sc_loop.name }} + loop_var: sc_loop tags: sqlnet2 From a4ba90f0459e1978cf0efbd859567812152c6589 Mon Sep 17 00:00:00 2001 From: Thorsten Bruhns Date: Sun, 21 Jan 2024 08:35:38 +0000 Subject: [PATCH 3/3] oradb_manage_wallet: New role for managing Oracle Wallets --- changelogs/fragments/wallet.yml | 3 + .../inventory/group_vars/all/oracle_db.yml | 29 +++++ .../inventory/group_vars/all/password.yml | 3 + playbooks/manage_db.yml | 1 + playbooks/manage_wallet.yml | 6 + roles/oradb_manage_wallet/.ansibledoctor.yml | 5 + roles/oradb_manage_wallet/README.md | 64 ++++++++++- roles/oradb_manage_wallet/defaults/main.yml | 45 ++++++++ roles/oradb_manage_wallet/meta/main.yml | 40 +++++++ roles/oradb_manage_wallet/tasks/assert.yml | 49 ++++++++ roles/oradb_manage_wallet/tasks/main.yml | 22 ++++ .../tasks/wallet_config.yml | 38 ++++++ .../tasks/wallet_manage_dbcredential.yml | 108 ++++++++++++++++++ roles/oradb_manage_wallet/vars/main.yml | 8 ++ 14 files changed, 419 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/wallet.yml create mode 100644 extensions/molecule/shared_config/inventory/group_vars/all/password.yml create mode 100644 playbooks/manage_wallet.yml create mode 100644 roles/oradb_manage_wallet/.ansibledoctor.yml create mode 100644 roles/oradb_manage_wallet/defaults/main.yml create mode 100644 roles/oradb_manage_wallet/meta/main.yml create mode 100644 roles/oradb_manage_wallet/tasks/assert.yml create mode 100644 roles/oradb_manage_wallet/tasks/main.yml create mode 100644 roles/oradb_manage_wallet/tasks/wallet_config.yml create mode 100644 roles/oradb_manage_wallet/tasks/wallet_manage_dbcredential.yml create mode 100644 roles/oradb_manage_wallet/vars/main.yml diff --git a/changelogs/fragments/wallet.yml b/changelogs/fragments/wallet.yml new file mode 100644 index 000000000..1433982c1 --- /dev/null +++ b/changelogs/fragments/wallet.yml @@ -0,0 +1,3 @@ +--- +minor_changes: + - "oradb_manage_wallet: New role for managing Oracle Wallets ()" diff --git a/extensions/molecule/shared_config/inventory/group_vars/all/oracle_db.yml b/extensions/molecule/shared_config/inventory/group_vars/all/oracle_db.yml index bf132979c..c416df068 100644 --- a/extensions/molecule/shared_config/inventory/group_vars/all/oracle_db.yml +++ b/extensions/molecule/shared_config/inventory/group_vars/all/oracle_db.yml @@ -160,3 +160,32 @@ tnsnames_installed: - tnsname: "{{ oracle_pdbs[0]['pdb_name'] }}" home: db19-si-ee state: present + +sqlnet_config: + sqlnetalias1: + - {name: "ADR_BASE", value: "/u01/app/oracle/"} + - {name: "SQLNET.ALLOWED_LOGON_VERSION_CLIENT", value: 12} + - {name: "SQLNET.WALLET_OVERRIDE", value: 'TRUE'} + - name: WALLET_LOCATION + value: |- + ( + SOURCE = + (METHOD = FILE)(METHOD_DATA = (DIRECTORY=/u01/app/oracle/wallet)) + ) + +sqlnet_installed: + - home: db19-si-ee + sqlnet: sqlnetalias1 + state: present + +oracle_wallet_config: + - name: wallet1 + home: db19-si-ee + path: /u01/app/oracle/wallet + state: present + # mode: g+rx + dbcredentials: + - tns_name: oracle_pdbs[0]['pdb_name'] + db_name: oracle_pdbs[0]['pdb_name'] + db_user: system + state: present diff --git a/extensions/molecule/shared_config/inventory/group_vars/all/password.yml b/extensions/molecule/shared_config/inventory/group_vars/all/password.yml new file mode 100644 index 000000000..4ed182020 --- /dev/null +++ b/extensions/molecule/shared_config/inventory/group_vars/all/password.yml @@ -0,0 +1,3 @@ +--- +oracle_wallet_password: + wallet1: "aA_{{ ansible_machine_id }}" diff --git a/playbooks/manage_db.yml b/playbooks/manage_db.yml index d405bb3d8..517a63f11 100644 --- a/playbooks/manage_db.yml +++ b/playbooks/manage_db.yml @@ -4,6 +4,7 @@ become: true any_errors_fatal: true roles: + - opitzconsulting.ansible_oracle.oradb_manage_wallet - opitzconsulting.ansible_oracle.oradb_manage_db - opitzconsulting.ansible_oracle.oradb_manage_pdb - opitzconsulting.ansible_oracle.oradb_manage_parameters diff --git a/playbooks/manage_wallet.yml b/playbooks/manage_wallet.yml new file mode 100644 index 000000000..d0a532472 --- /dev/null +++ b/playbooks/manage_wallet.yml @@ -0,0 +1,6 @@ +--- +- name: Manage Oracle wallet + hosts: "{{ hostgroup | default('all') }}" + any_errors_fatal: true + roles: + - opitzconsulting.ansible_oracle.oradb_manage_wallet diff --git a/roles/oradb_manage_wallet/.ansibledoctor.yml b/roles/oradb_manage_wallet/.ansibledoctor.yml new file mode 100644 index 000000000..30b441754 --- /dev/null +++ b/roles/oradb_manage_wallet/.ansibledoctor.yml @@ -0,0 +1,5 @@ +--- +logging: + level: warning +template: readme +force_overwrite: true diff --git a/roles/oradb_manage_wallet/README.md b/roles/oradb_manage_wallet/README.md index 0e4c0bb09..f9ab60e57 100644 --- a/roles/oradb_manage_wallet/README.md +++ b/roles/oradb_manage_wallet/README.md @@ -1,8 +1,17 @@ # oradb_manage_wallet +Manage Wallets for Oracle with `mkstore`. + +Multiple wallets with different locations are possivle. +Define a password for the wallet in `oracle_wallet_password`. + ## Table of content - [Requirements](#requirements) +- [Default Variables](#default-variables) + - [oracle_wallet_config](#oracle_wallet_config) + - [oracle_wallet_password](#oracle_wallet_password) +- [Discovered Tags](#discovered-tags) - [Dependencies](#dependencies) - [License](#license) - [Author](#author) @@ -11,11 +20,62 @@ ## Requirements -None. +- Minimum Ansible version: `2.15.0` + +## Default Variables + +### oracle_wallet_config + +#### Default value + +```YAML +oracle_wallet_config: [] +``` + +#### Example usage + +```YAML +oracle_wallet_config: + - name: wallet1 + home: 19300_base + path: /u01/app/oracle/wallet + state: present + dbcredential: + - tns_name: db1 + db_name: db1 + db_user: user1 + state: present +``` + +### oracle_wallet_password +#### Default value +```YAML +oracle_wallet_password: {} +``` + +#### Example usage + +```YAML +oracle_wallet_password: + wallet1: + wallet2: +``` + +## Discovered Tags + +**_always_** ## Dependencies -None. +- orasw_meta + +## License + +license (MIT) + +## Author + +[Thorsten Bruhns] diff --git a/roles/oradb_manage_wallet/defaults/main.yml b/roles/oradb_manage_wallet/defaults/main.yml new file mode 100644 index 000000000..2636fd1d3 --- /dev/null +++ b/roles/oradb_manage_wallet/defaults/main.yml @@ -0,0 +1,45 @@ +--- +# @var oracle_wallet_password:description: > +# @end +oracle_wallet_password: {} +# @var oracle_wallet_password:example: > +# oracle_wallet_password: +# wallet1: +# wallet2: +# @end + +# @var oracle_wallet_config:description: > +oracle_wallet_config: [] + +# See below example for more details. +# oracle_wallet_config: +# - name: +# home: +# path: +# owner: +# group: +# mode: +# state: present/absent +# certificates: +# - type: ca +# cert: +# state: present/absent +# dbcredential: +# - tns_name: +# db_user: +# state: present/absent +# @end +# +# @var oracle_wallet_config:example: > +# oracle_wallet_config: +# - name: wallet1 +# home: 19300_base +# path: /u01/app/oracle/wallet +# state: present +# dbcredential: +# - tns_name: db1 +# db_name: db1 +# db_user: user1 +# state: present +# @end diff --git a/roles/oradb_manage_wallet/meta/main.yml b/roles/oradb_manage_wallet/meta/main.yml new file mode 100644 index 000000000..fc156e9e9 --- /dev/null +++ b/roles/oradb_manage_wallet/meta/main.yml @@ -0,0 +1,40 @@ +--- +# @meta description: > +# Manage Wallets for Oracle with `mkstore`. +# +# Multiple wallets with different locations are possivle. +# Define a password for the wallet in `oracle_wallet_password`. + +# The following credentials could be managed by this role: +# +# `database credentials:` +# +# We need the `db_name` as attribute for finding the password in `dbpasswords`. +# Be aware that `tns_name` could be different to the `db_name`. +# @end +# @meta author: [Thorsten Bruhns] +galaxy_info: + role_name: oradb_manage_wallet + author: Thorsten Bruhns + description: Manage Wallets for Oracle + company: Thorsten Bruhns + + license: license (MIT) + + min_ansible_version: 2.15.0 + + platforms: + - name: EL + versions: + - "6" + - "7" + - "8" + - "9" + + galaxy_tags: + - database + - oracle + - wallet + +dependencies: + - role: orasw_meta diff --git a/roles/oradb_manage_wallet/tasks/assert.yml b/roles/oradb_manage_wallet/tasks/assert.yml new file mode 100644 index 000000000..be5235786 --- /dev/null +++ b/roles/oradb_manage_wallet/tasks/assert.yml @@ -0,0 +1,49 @@ +--- +- name: assert | assert wallet + when: + - oracle_wallet_config is defined + block: + - name: assert | assert oracle_wallet_config + ansible.builtin.assert: + quiet: true + that: + - owc.state is defined + - owc.state in ('present', 'absent') + - owc.name is defined + - owc.path is defined + - owc.home is defined + - db_homes_config[owc.home] is defined + - oracle_wallet_password[owc.name] is defined + with_items: + - "{{ oracle_wallet_config }}" + loop_control: + label: >- + {{ owc.name | default('') }} + {{ owc.path | default('') }} + {{ owc.state | default('') }} + loop_var: owc + + # owc_dbc due to with_subelements instead of dbc_d! + - name: assert | assert dbcredential in oracle_wallet_config + ansible.builtin.assert: + quiet: true + that: + - owc_dbc.1.tns_name is defined + - owc_dbc.1.db_name is defined + - owc_dbc.1.db_user is defined + - owc_dbc.1.state in ('present', 'absent') + fail_msg: attribute missing or duplicate tns_name in wallet + with_subelements: + - "{{ oracle_wallet_config }}" + - dbcredentials + - flags: + skip_missing: true + loop_control: + label: >- + {{ owc_dbc.0.name | default('') }} + {{ owc_dbc.1.tns_name | default('') }} + {{ owc_dbc.1.state | default('') }} + loop_var: owc_dbc + when: + - owc_dbc.0.state == 'present' + - owc_dbc.1 is defined diff --git a/roles/oradb_manage_wallet/tasks/main.yml b/roles/oradb_manage_wallet/tasks/main.yml new file mode 100644 index 000000000..38eaeded3 --- /dev/null +++ b/roles/oradb_manage_wallet/tasks/main.yml @@ -0,0 +1,22 @@ +--- +# tasks file for manage_db +- name: oradb_manage_wallet | assert + ansible.builtin.include_tasks: assert.yml + tags: + always + +- name: oradb_manage_wallet | Loop over oracle_wallet_config + ansible.builtin.include_tasks: wallet_config.yml + with_items: + - "{{ oracle_wallet_config }}" + loop_control: + label: >- + {{ owc.name | default('') }} + {{ owc.path | default('') }} + {{ owc.state | default('present') }} + loop_var: owc + vars: + # set odb loop_var for usage of _oracle_home_db + odb: "{{ owc }}" + tags: + always diff --git a/roles/oradb_manage_wallet/tasks/wallet_config.yml b/roles/oradb_manage_wallet/tasks/wallet_config.yml new file mode 100644 index 000000000..e9dda4cda --- /dev/null +++ b/roles/oradb_manage_wallet/tasks/wallet_config.yml @@ -0,0 +1,38 @@ +--- +- name: wallet_config | Wallet present + when: + - owc.state | default('present') == 'present' + block: + - name: wallet_config | Wallet create + ansible.builtin.shell: + cmd: | + set -eu + set -o pipefail + echo -e "$stdin" | "${ORACLE_HOME}/bin/mkstore" -create -nologo -wrl "${wrl}" + creates: "{{ owc.path }}/ewallet.p12" + become: true + become_user: "{{ osc.owner | default(oracle_user) }}" + environment: + stdin: "{{ _oradb_manage_wallet_password }}\n{{ _oradb_manage_wallet_password }}" + wrl: "{{ owc.path }}" + ORACLE_HOME: "{{ _oracle_home_db }}" + + - name: wallet_config | include wallet_manage_dbcredential.yml + ansible.builtin.include_tasks: wallet_manage_dbcredential.yml + + - name: wallet_config | chmod over wallet directory + ansible.builtin.file: + path: "{{ owc.path }}" + group: "{{ owc.group | default(omit) }}" + mode: "{{ owc.mode | default(omit) }}" + recurse: true + +- name: wallet_config | Remove wallet + when: + - owc.state | default('present') == 'absent' + ansible.builtin.file: + path: "{{ owc.path }}" + state: absent + recurse: true + become: true + become_user: "{{ osc.owner | default(oracle_user) }}" diff --git a/roles/oradb_manage_wallet/tasks/wallet_manage_dbcredential.yml b/roles/oradb_manage_wallet/tasks/wallet_manage_dbcredential.yml new file mode 100644 index 000000000..33ea4fb74 --- /dev/null +++ b/roles/oradb_manage_wallet/tasks/wallet_manage_dbcredential.yml @@ -0,0 +1,108 @@ +--- +- name: wallet_manage_dbcredential | List DB-Credentiaks + ansible.builtin.shell: + cmd: | + set -eu + set -o pipefail + echo -e "$stdin" | "${ORACLE_HOME}/bin/mkstore" -listCredential -nologo -wrl "${wrl}" + removes: "{{ owc.path }}/ewallet.p12" + become: true + become_user: "{{ osc.owner | default(oracle_user) }}" + environment: + stdin: "{{ _oradb_manage_wallet_password }}\n{{ _oradb_manage_wallet_password }}" + wrl: "{{ owc.path }}" + ORACLE_HOME: "{{ _oracle_home_db }}" + register: mkstorelistdbcred + +# - debug: var=mkstorelistdbcred + +- name: wallet_manage_dbcredential | Create DB-Credentiaks # noqa no-changed-when + ansible.builtin.shell: + cmd: | + set -eu + set -o pipefail + echo -e "$stdin" | "${ORACLE_HOME}/bin/mkstore" \ + -nologo -wrl "${wrl}" \ + -createCredential "${tns_name}" "${db_user}" "${password}" + with_items: + "{{ owc.dbcredentials }}" + loop_control: + label: >- + {{ owc_d.tns_name | default('') }} + {{ owc_d.db_user | default('') }} + {{ owc_d.state | default('') }} + loop_var: owc_d + when: + - owc.dbcredentials is defined + - owc_d.state == 'present' + - "((': ' + owc_d.tns_name + ' ' + owc_d.db_user) not in (mkstorelistdbcred.stdout | default('')))" + become: true + become_user: "{{ osc.owner | default(oracle_user) }}" + environment: + stdin: "{{ _oradb_manage_wallet_password }}\n{{ _oradb_manage_wallet_password }}" + wrl: "{{ owc.path }}" + tns_name: "{{ owc_d.tns_name }}" + db_user: "{{ owc_d.db_user }}" + password: "{{ _oradb_manage_wallet_password }}" + ORACLE_HOME: "{{ _oracle_home_db }}" + +# We cannot check for a changed password +# => alwys update credentials when not created before +- name: wallet_manage_dbcredential | Update DB-Credentiaks # noqa no-changed-when + ansible.builtin.shell: + cmd: | + set -eu + set -o pipefail + echo -e "$stdin" | "${ORACLE_HOME}/bin/mkstore" \ + -nologo -wrl "${wrl}" \ + -modifyCredential "${tns_name}" "${db_user}" "${password}" + with_items: + "{{ owc.dbcredentials }}" + loop_control: + label: >- + {{ owc_d.tns_name | default('') }} + {{ owc_d.db_user | default('') }} + {{ owc_d.state | default('') }} + loop_var: owc_d + when: + - owc.dbcredentials is defined + - owc_d.state == 'present' + - "((': ' + owc_d.tns_name + ' ') in (mkstorelistdbcred.stdout | default('')))" + become: true + become_user: "{{ osc.owner | default(oracle_user) }}" + environment: + stdin: "{{ _oradb_manage_wallet_password }}\n{{ _oradb_manage_wallet_password }}" + wrl: "{{ owc.path }}" + tns_name: "{{ owc_d.tns_name }}" + db_user: "{{ owc_d.db_user }}" + password: "{{ _oradb_manage_wallet_password }}" + ORACLE_HOME: "{{ _oracle_home_db }}" + +- name: wallet_manage_dbcredential | Remove DB-Credentiaks # noqa no-changed-when + ansible.builtin.shell: + cmd: | + set -eu + set -o pipefail + echo -e "$stdin" | "${ORACLE_HOME}/bin/mkstore" \ + -nologo -wrl "${wrl}" \ + -removeCredential "${tns_name}" "${db_user}" + with_items: + "{{ owc.dbcredentials }}" + loop_control: + label: >- + {{ owc_d.tns_name | default('') }} + {{ owc_d.db_user | default('') }} + {{ owc_d.state | default('') }} + loop_var: owc_d + when: + - owc.dbcredentials is defined + - owc_d.state == 'absent' + - "((': ' + owc_d.tns_name + ' ' + owc_d.db_user) not in (mkstorelistdbcred.stdout | default('')))" + become: true + become_user: "{{ osc.owner | default(oracle_user) }}" + environment: + stdin: "{{ _oradb_manage_wallet_password }}\n{{ _oradb_manage_wallet_password }}" + wrl: "{{ owc.path }}" + tns_name: "{{ owc_d.tns_name }}" + db_user: "{{ owc_d.db_user }}" + ORACLE_HOME: "{{ _oracle_home_db }}" diff --git a/roles/oradb_manage_wallet/vars/main.yml b/roles/oradb_manage_wallet/vars/main.yml new file mode 100644 index 000000000..098ba3cc5 --- /dev/null +++ b/roles/oradb_manage_wallet/vars/main.yml @@ -0,0 +1,8 @@ +--- +_oradb_manage_wallet_password: a123_pokl131K + +_oradb_manage_wallet_dbpassword_loopvar: >- + {{ owc_dbc.1 | default(owc_d) }} + +_oradb_manage_wallet_dbpassword: >- + {{ dbpasswords[_oradb_manage_wallet_password_loopvar.db_name][_oradb_manage_wallet_password_loopvar.db_user] | default(default_dbpass) }}