2018-03-24 Ansible Rearrange Variables

Overview

Following the successful installation of the Oracle 12.1.0.2 Grid Infrastructure (GI) software on REDFERN1, I am now ready to configure the REDFERN as a single-node cluster. REDFERN2 will be added later on.

However, the cluster verification failed with SSH connectivity issues. I needed to resolve these first before proceeding.

I took the opportunity to rearrange the variables in the various Ansible files.

References

Ansible Documentation

• Ansible Documentation
  • Playbooks
    • Variables
    • Templating (Jinja2)
      • Filters
        • JSON Query Filter
  • Module Index
    • Commands Modules
      • command - Executes a command on a remote node
    • System Modules
      • group - Add or remove groups
      • user - Manage user accounts
    • Utilities Modules
      • include_vars - Load variables from files, dynamically within a task.
  • User Guide
    • Working With Plugins
      • Lookup Plugins
        • dict - returns key/value pair items from dictionaries

Linux Documentation

• Ubuntu 16.04 Man Pages
  • sudo

Procedure

Check Readiness for Cluster Installation

Following the procedure in 8.2.1 Installing the Software Binaries, I ran the following command on REDFERN1:

sudo -u oracle /opt/share/Software/grid/linuxamd64_12102/grid/runcluvfy.sh stage -pre crsinst -n redfern1

The output was:

Performing pre-checks for cluster services setup Checking node reachability... Node reachability check passed from node "redfern1" Checking user equivalence... PRVG-2019 : Check for equivalence of user "oracle" from node "redfern1" to node "redfern1" failed PRKC-1044 : Failed to check remote command execution setup for node redfern1 using shells /usr/bin/ssh and /usr/bin/rsh File "/usr/bin/rsh" does not exist on node "redfern1" No ECDSA host key is known for redfern1 and you have requested strict checking.Host key verification failed. ERROR: User equivalence unavailable on all the specified nodes Verification cannot proceed Pre-check for cluster services setup was unsuccessful on all the nodes.

Looks like I failed to establish SSH keys and SSH equivalency on REDFERN1.

Update: 2018-04-03: This is addressed through Issue #6 on GitHub.

Update ORACLE_USER Role Variables File

The ORACLE_USER role variable file, /etc/ansible/roles/oracle_user/vars/main.yml, was changed on AUBURN to:

--- # vars file for oracle_user # ------------------------------------------------------------------------------ # Attributes for the ORACLE user on Linux # ------------------------------------------------------------------------------ "oracle_user": # ------------------- Installation Linux Groups "install_group": "name": "oinstall" "gid": 54321 # ------------------- ASM Linux Groups "asm_groups": "OSDBA": "name": "asmdba" "gid": 54327 "OSOPER": "name": "asmoper" "gid": 54328 "OSASM": "name": "asmadmin" "gid": 54329 # ------------------- Database Linux Groups "db_groups": "DBA_GROUP": "name": "dba" "gid": 54322 "OPER_GROUP": "name": "oper" "gid": 54323 ...

Here, I divided the Linux groups for the oracle into three (3) dictionaries:

1. Installation group
2. ASM groups
3. Database groups

The last two (2) dictionaries are keyed by the names used the installation response file template (/etc/ansible/roles/oracle_gi/templates/grid_install.rsp).

Update ORACLE_GI Role Variables File

The ORACLE_GI role variable file, /etc/ansible/roles/oracle_gi/vars/main.yml, was changed on AUBURN to:

--- # vars file for oracle_gi "oracle_gi": "inventory_location": "/opt/app/oraInventory" "oracle_base": "/opt/app/grid" "oracle_home": "/opt/app/12.1.0/grid" ...

Here the variables are reduced to those needed for GI installation.

Update GI Response File

The Grid Infrastructure (GI) response file, /etc/ansible/roles/oracle_gi/templates/grid_install.rsp, was updated on AUBURN with the following lines:

#------------------------------------------------------------------------------- # The DBA_GROUP is the OS group which is to be granted OSDBA privileges. #------------------------------------------------------------------------------- oracle.install.asm.OSDBA={{ oracle_user.asm_groups.OSDBA.name }} #------------------------------------------------------------------------------- # The OPER_GROUP is the OS group which is to be granted OSOPER privileges. # The value to be specified for OSOPER group is optional. # Value should not be provided if configuring Client Cluster - i.e. storageOption=CLIENT_ASM_STORAGE. #------------------------------------------------------------------------------- oracle.install.asm.OSOPER={{ oracle_user.asm_groups.OSOPER.name }} #------------------------------------------------------------------------------- # The OSASM_GROUP is the OS group which is to be granted OSASM privileges. This # must be different than the previous two. #------------------------------------------------------------------------------- oracle.install.asm.OSASM={{ oracle_user.asm_groups.OSASM.name }}

The names matched those in /etc/ansible/roles/oracle_user/vars/main.yml which describe the groups attached to the oracle user.

Update Oracle User Creation Tasks

The task file to create the Oracle user, /etc/ansible/roles/oracle_user/tasks/user_groups.yml, was changed on AUBURN to:

# --------------------- Add Linux Groups - name: "Add Oracle Installation Group" group: name: "{{ oracle_user.install_group.name }}" gid: "{{ oracle_user.install_group.gid }}" state: present system: no - name: "Create ASM Linux Groups" group: name: "{{ item.name }}" gid: "{{ item.gid }}" state: present system: no with_dict: "{{ oracle_user.asm_groups }}" - name: "Create Database Linux Groups" group: name: "{{ item.name }}" gid: "{{ item.gid }}" state: present system: no with_dict: "{{ oracle_user.db_groups }}" # --------------------- Create Oracle User - name: "Load Oracle User Password" include_vars: file: oracle_pw.yml name: oracle_user_pw - name: "Set default group and password for Oracle user" user: name: oracle append: yes comment: "Oracle software owner" password: "{{ oracle_user_pw.password }}" group: "{{ oracle_user.install_group.name }}" generate_ssh_key: yes groups: "{{ oracle_user.install_group.name }}" - name: "Add ASM Linux Groups to Oracle User" user: name: oracle append: yes groups: "{{ item.name }}" with_dict: "{{ oracle_user.asm_groups }}" - name: "Add Database Linux Groups to Oracle User" user: name: oracle append: yes groups: "{{ item.name }}" with_dict: "{{ oracle_user.db_groups }}" ...

Note:

I tried used a JSON query to construct a list of group names, But the query failed with the following message appears:

fatal: [redfern1.yaocm.id.au]: FAILED! => {"msg": "You need to install \"jmespath\" prior to running json_query filter"}

Unfortunately, there is an open bug report on this issue: AnsibleError: You need to install \"jmespath\" prior to running json_query filter" #749