orahost: Refactoring, splitting role for RHEL and SuSE

Author: Rendanic

roles/orahost/README.md

@@ -747,6 +747,8 @@ transparent_hugepage_disable:
 
 ## Discovered Tags
 
+**_always_**
+
 **_asmlibconfig_**
 
 **_etchosts_**
@@ -757,10 +759,16 @@ transparent_hugepage_disable:
 
 **_hostfs_**
 
+**_hugepages_**
+
 **_iptables,firewalld_**
 
+**_molecule-idempotence-notest_**
+
 **_nozeroconf_**
 
+**_orahost_assert_**
+
 **_os_packages, oscheck_**
 
 **_os_packages, oscheck, asm1_**
@@ -783,12 +791,16 @@ transparent_hugepage_disable:
 
 **_sysctl,hugepages_**
 
-**_thpnuma_**
+**_sysctl,hugepages,molecule-idempotence-notest_**
+
+**_sysctl,molecule-idempotence-notest_**
 
 **_timezone_**
 
 **_tphnuma_**
 
+**_tphnuma,molecule-idempotence-notest_**
+
 **_user_**
 
 ## Open Tasks

roles/orahost/tasks/RedHat-6.yml

@@ -1,40 +1,10 @@
 ---
-
-- name: Count number of kernel lines that needs to be changed (numa=off transparent_hugepage=never)
-  ansible.builtin.shell: cat /etc/grub.conf | grep title |wc -l
-  # noqa risky-shell-pipe no-changed-when
-  register: count
-  tags: thpnuma
-
-- name: Disable Transparent Hugepages (in grub.conf)
-  ansible.builtin.lineinfile:
-    dest: /boot/grub/grub.conf
-    backup: true
-    backrefs: true
-    state: present
-    regexp: '(^\s+kernel(\s+(?!transparent_hugepage=never)[\w=/\-\.]+)*)\s*$'
-    line: '\1 transparent_hugepage=never'
-  with_sequence: start=0 end={{ count.stdout }}
-  tags: thpnuma
-
-- name: Disable Numa (in grub.conf)
-  ansible.builtin.lineinfile:
-    dest: /boot/grub/grub.conf
-    backup: true
-    backrefs: true
-    state: present
-    regexp: '(^\s+kernel(\s+(?!numa=off)[\w=/\-\.]+)*)\s*$'
-    line: '\1 numa=off'
-  with_sequence: start=0 end={{ count.stdout }}
-  tags: thpnuma
-  when: disable_numa_boot
-
 - name: Disable Transparent Hugepages (runtime)
   ansible.builtin.shell: if test -f {{ item.path }}; then {{ item.disable }} {{ item.path }}; fi;
   # noqa no-changed-when
   with_items:
     - "{{ transparent_hugepage_disable }}"
-  tags: tphnuma
+  tags: tphnuma,molecule-idempotence-notest
 
 - name: Disable Transparent Hugepages (permanently)
   ansible.builtin.lineinfile:
@@ -43,7 +13,7 @@
     state: present
   with_items:
     - "{{ transparent_hugepage_disable }}"
-  tags: tphnuma
+  tags: tphnuma,molecule-idempotence-notest
 
 - name: Fix permissions on /etc/rc.d/rc.local
   ansible.builtin.file:

roles/orahost/tasks/RedHat-7.yml

@@ -0,0 +1,108 @@
+---
+# OL8/RHEL8 has all needed RPMs in orahost role!
+- name: Install packages required by Oracle on OL/RHEL version 6 and 7
+  ansible.builtin.yum:
+    name: "{{ oracle_packages }}"
+    state: installed
+    enablerepo: "{{ extrarepos_enabled | default(omit, True) }}"
+    disablerepo: "{{ extrarepos_disabled | default(omit, True) }}"
+  when:
+    - install_os_packages
+    - ansible_distribution_major_version is version('7', '<=')
+  tags: os_packages, oscheck
+
+- name: Install packages required by Oracle for ASMlib on OL/RHEL
+  ansible.builtin.yum:
+    name: "{{ oracle_asm_packages }}"
+    state: installed
+    enablerepo: "{{ extrarepos_enabled | default(omit, True) }}"
+    disablerepo: "{{ extrarepos_disabled | default(omit, True) }}"
+  when:
+    - install_os_packages | bool
+    - device_persistence == 'asmlib'
+    - asm_diskgroups is defined
+  tags: os_packages, oscheck
+
+- name: Disable Firewall
+  when:
+    - disable_firewall
+  block:
+    - name: Check if firewall is installed
+      ansible.builtin.yum:
+        list: "{{ firewall_service }}"
+        disablerepo: "*"
+      tags: iptables,firewalld
+      register: firewall
+
+    - name: Disable firewall
+      ansible.builtin.service:
+        name: "{{ firewall_service }}"
+        state: stopped
+        enabled: false
+      when:
+        - firewall.results
+      tags: iptables,firewalld
+      register: iptables
+
+- name: Disable selinux
+  when:
+    - disable_selinux
+  tags: selinux
+  block:
+    - name: Disable selinux (permanently)
+      ansible.posix.selinux:
+        state: disabled
+      register: selinux
+
+    - name: Disable selinux (runtime)  # noqa command-instead-of-shell
+      ansible.builtin.shell: setenforce 0
+      changed_when: disable_selinux_runtime.rc == 0
+      failed_when: disable_selinux_runtime.rc > 0 and "SELinux is disabled" not in disable_selinux_runtime.stderr
+      register: disable_selinux_runtime
+
+- name: Oracle-recommended security limits
+  ansible.builtin.template:
+    src: oracle-seclimits.conf.j2
+    dest: /etc/security/limits.d/99-oracle-limits.conf
+    backup: true
+    mode: "0644"
+  when:
+    - configure_limits
+  tags: seclimit
+
+# RHEL/OL6 use a different way to disable transparent hugepages
+# => RHEL/OL6 is end of life. no more changes and development in ansible-oracle for it.
+# Keep old code...
+- name: Execute Distribution tasks for RHEL/OL6
+  ansible.builtin.include_tasks: "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
+  when:
+    - ansible_os_family == 'RedHat'
+    - ansible_distribution_major_version is version('6', '=')
+
+- name: Transparent Hugepages for RHLE/OL7+
+  when:
+    - ansible_distribution_major_version is version('7', '>=')
+  block:
+    - name: Disable Transparent Hugepages (runtime)
+      ansible.builtin.shell: if test -f {{ item.path }}; then {{ item.disable }} {{ item.path }}; fi;
+      # noqa no-changed-when
+      with_items:
+        - "{{ transparent_hugepage_disable }}"
+      tags: tphnuma,molecule-idempotence-notest
+
+    - name: Disable Transparent Hugepages (permanently)
+      ansible.builtin.lineinfile:
+        dest: "{{ item.rclocal }}"
+        line: "{{ item.disable }} {{ item.path }}"
+        state: present
+      with_items:
+        - "{{ transparent_hugepage_disable }}"
+      tags: tphnuma,molecule-idempotence-notest
+
+    - name: Fix permissions on /etc/rc.d/rc.local
+      ansible.builtin.file:
+        path: "{{ item.rclocal }}"
+        mode: "0755"
+      with_items:
+        - "{{ transparent_hugepage_disable }}"
+      tags: tphnuma

roles/orahost/tasks/RedHat-8.yml

@@ -0,0 +1,53 @@
+---
+- name: Install custom packages required by Oracle on SLES (oracle_packages_sles)
+  community.general.zypper:
+    name: "{{ oracle_packages_sles }}"
+    state: installed
+  when:
+    - oracle_packages_sles is defined
+    - install_os_packages
+    - ansible_os_family == 'Suse'
+  tags: os_packages, oscheck
+
+- name: Install default packages required by Oracle on SLES (version dependant)
+  community.general.zypper:
+    name: "{{ item.packages }}"
+    state: installed
+  with_items:
+    - "{{ oracle_packages_sles_multi }}"
+  loop_control:
+    label: "{{ item.name | default('') }}"
+  when:
+    - not oracle_packages_sles is defined
+    - install_os_packages
+    - ansible_os_family == 'Suse'
+    - item.condition | default(false)
+  tags: os_packages, oscheck
+
+- name: Install packages required by Oracle for ASMlib on SLES
+  community.general.zypper:
+    name: "{{ oracle_asm_packages_sles }}"
+    state: installed
+  when:
+    - install_os_packages
+    - device_persistence == 'asmlib'
+    - asm_diskgroups is defined
+  tags: os_packages, oscheck, asm1
+
+- name: Disable Transparent Hugepages (runtime)
+  ansible.builtin.shell: |
+    [ -f /sys/kernel/mm/transparent_hugepage/enabled ] && echo never > /sys/kernel/mm/transparent_hugepage/enabled && echo changed
+    [ -f /sys/kernel/mm/transparent_hugepage/defrag ] && echo never > /sys/kernel/mm/transparent_hugepage/defrag && echo changed
+  register: tphnuma_result
+  changed_when: "'changed' in tphnuma_result.stdout"
+  tags: tphnuma
+
+- name: Oracle-recommended security limits on SLES  # noqa args[module]
+  community.general.pam_limits:
+    domain: oracle
+    limit_type: "{{ item.name.split(' ')[0] }}"
+    limit_item: "{{ item.name.split(' ')[1] }}"
+    value: "{{ item.value }}"
+  with_items: "{{ oracle_seclimits }}"
+  when: ansible_os_family == 'Suse'
+  tags: seclimit

roles/orahost/tasks/RedHat.yml

@@ -0,0 +1,14 @@
+---
+- name: Check for correct OS family & min version
+  ansible.builtin.assert:
+    that:
+      - "ansible_os_family == '{{ os_family_supported }}'"
+      - "ansible_facts['distribution_version'] is version('{{ os_min_supported_version }}', '>=')"
+  tags:
+    - oscheck
+
+- name: Assert variables
+  ansible.builtin.assert:
+    quiet: true
+    that:
+      - device_persistence in ('', 'asmlib', 'asmfd', 'udev')

roles/orahost/tasks/Suse-12.yml

@@ -0,0 +1,47 @@
+---
+- name: Asmlib | Add configuration
+  ansible.builtin.template:
+    src: oracleasm.j2
+    dest: /etc/sysconfig/oracleasm-_dev_oracleasm
+    mode: "0644"
+  register: asmlibconfig
+  when:
+    - device_persistence | lower == 'asmlib'
+    - asm_diskgroups is defined
+  tags:
+    - asmlibconfig
+
+- name: Asmlib | Add configuration (link)
+  ansible.builtin.file:
+    src: /etc/sysconfig/oracleasm-_dev_oracleasm
+    dest: /etc/sysconfig/oracleasm
+    state: link
+    force: true
+  register: asmlibconfig
+  when:
+    - device_persistence | lower == 'asmlib'
+    - asm_diskgroups is defined
+  tags:
+    - asmlibconfig
+
+- name: Asmlib | Enable and start Oracle Asmlib
+  ansible.builtin.service:
+    name: oracleasm
+    state: started
+    enabled: true
+  when:
+    - device_persistence == 'asmlib'
+    - asm_diskgroups is defined
+  tags:
+    - asmlibconfig
+
+- name: Asmlib | Restart Asmlib  # noqa no-handler
+  ansible.builtin.service:
+    name: oracleasm
+    state: restarted
+  when:
+    - asm_diskgroups is defined
+    - device_persistence == 'asmlib'
+    - asmlibconfig.changed
+  tags:
+    - asmlibconfig