2018-03-02 Ansible Playbook for Oracle User

Overview

Following the successful creation of AUBURN as an Ansible server, I wanted to create a playbook for the installation of Grid Infrastructure (GI) 12.1.0.2 that could be used as I experimented with GI.

The previous procedure created an Ansible playbook that created the Oracle directories. In this procedure, I want to complete the set-up of the Oracle user.

References

• Ansible Documentation
  • Module Index
    • System Modules
      • group - Add or remove groups
      • user - Manage user accounts
  • User Guide
    • ansible-playbook
    • Working With Plugins
      • Lookup Plugins
        • items - list of items
• Oracle^® 12.1 Grid Infrastructure Installation Guide
  • 6 Configuring Users, Groups and Environments for Oracle Grid Infrastructure and Oracle RAC
    • 6.1 Creating Groups, Users and Paths for Oracle Grid Infrastructure
      • 6.1.8 Descriptions of Job Role Separation Groups and Users

Procedure

Select Groups

Based on the suggestions in 6.1.8 Descriptions of Job Role Separation Groups and Users, I propose to modify the oracle user to have extra groups in order to manage ASM:

Create Playbook

On AUBURN, I created an Ansible playbook (user_groups.yml) with the following contents:

--- - name: Prepare REDFERN Cluster for Oracle GI 12.1 installation (Oracle Groups) hosts: redfern1.yaocm.id.au become: true tasks: - name: Add Oracle and Grid groups group: name: "{{ item.name }}" gid: "{{ item.gid }}" state: present system: no with_items: - { name: "oper" , gid: 54323 } - { name: "asmdba" , gid: 54327 } - { name: "asmoper" , gid: 54328 } - { name: "asmadmin" , gid: 54329 } - name: Set groups and password for Oracle user user: name: oracle comment: "Oracle sotware owner" password: "************************************************" group: oinstall groups: oinstall,dba,oper,asmdba,asmoper,asmadmin

Note: The password value was copied out of /etc/shadow. The password is obscured because tools exists to decrypt such values.

Modify User Settings for the Oracle User

On AUBURN, I executed an Ansible playbook (user_groups.yml) as follows:

ansible-playbook -K user_groups.yml

The output was:

SUDO password: PLAY [Prepare REDFERN Cluster for Oracle GI 12.1 installation (Oracle Groups)] *** TASK [Gathering Facts] ********************************************************* ok: [redfern1.yaocm.id.au] TASK [Add Oracle and Grid groups] ********************************************** changed: [redfern1.yaocm.id.au] => (item={u'gid': 54323, u'name': u'oper'}) changed: [redfern1.yaocm.id.au] => (item={u'gid': 54327, u'name': u'asmdba'}) changed: [redfern1.yaocm.id.au] => (item={u'gid': 54328, u'name': u'asmoper'}) changed: [redfern1.yaocm.id.au] => (item={u'gid': 54329, u'name': u'asmadmin'}) TASK [Set groups and password for Oracle user] ********************************* changed: [redfern1.yaocm.id.au] PLAY RECAP ********************************************************************* redfern1.yaocm.id.au : ok=3 changed=2 unreachable=0 failed=0

Verification

Used the following command (on REDFERN1) to verify that the correct groups are set:

id oracle

The output was:

uid=54321(oracle) gid=54321(oinstall) groups=54321(oinstall),54322(dba),54323(oper),54327(asmdba),54328(asmoper),54329(asmadmin)

Expand Playbook to Include All Groups

The above playbook only adds the extra groups that were not created through the Oracle Pre-installation RPM.

For completeness, the RPM-supplied groups are added to the playbook (user_groups.yml) as follows (changes are in bold:

--- - name: Prepare REDFERN Cluster for Oracle GI 12.1 installation (Oracle Groups) hosts: redfern1.yaocm.id.au become: true tasks: - name: Add Oracle and Grid groups group: name: "{{ item.name }}" gid: "{{ item.gid }}" state: present system: no with_items: - { name: "oinstall", gid: 54321 } - { name: "dba", gid: 54322 } - { name: "oper" , gid: 54323 } - { name: "asmdba" , gid: 54327 } - { name: "asmoper" , gid: 54328 } - { name: "asmadmin" , gid: 54329 } - name: Set groups and password for Oracle user user: name: oracle comment: "Oracle sotware owner" password: "************************************************" group: oinstall groups: oinstall,dba,oper,asmdba,asmoper,asmadmin

Note: The password value was copied out of /etc/shadow. The password is obscured because tools exists to decrypt such values.

Confirm User Settings for the Oracle User

On AUBURN, I executed the Ansible playbook (user_groups.yml) to confirm the correct settings for the oracle user:

ansible-playbook -K user_groups.yml

The output was:

SUDO password: PLAY [Prepare REDFERN Cluster for Oracle GI 12.1 installation (Oracle Groups)] *** TASK [Gathering Facts] ********************************************************* ok: [redfern1.yaocm.id.au] TASK [Add Oracle and Grid groups] ********************************************** ok: [redfern1.yaocm.id.au] => (item={u'gid': 54321, u'name': u'oinstall'}) ok: [redfern1.yaocm.id.au] => (item={u'gid': 54322, u'name': u'dba'}) ok: [redfern1.yaocm.id.au] => (item={u'gid': 54323, u'name': u'oper'}) ok: [redfern1.yaocm.id.au] => (item={u'gid': 54327, u'name': u'asmdba'}) ok: [redfern1.yaocm.id.au] => (item={u'gid': 54328, u'name': u'asmoper'}) ok: [redfern1.yaocm.id.au] => (item={u'gid': 54329, u'name': u'asmadmin'}) TASK [Set groups and password for Oracle user] ********************************* ok: [redfern1.yaocm.id.au] PLAY RECAP ********************************************************************* redfern1.yaocm.id.au : ok=3 changed=0 unreachable=0 failed=0

The settings for the oracle user are now documented in the playbook.