Skip to content

Commit 98ebd7a

Browse files
Merge pull request #247 from ministryofjustice/DBA-670
Dba 670
2 parents 6f4548b + 637119a commit 98ebd7a

File tree

8 files changed

+225
-91
lines changed

8 files changed

+225
-91
lines changed
+153
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,153 @@
1+
name: "Oracle: Deinstall Oracle Software"
2+
run-name: "Oracle: ${{ format('{0}-{1}', github.event.inputs.TargetEnvironment, github.event.inputs.TargetHost) }}-deinstall-oracle-software"
3+
on:
4+
workflow_dispatch:
5+
inputs:
6+
TargetEnvironment:
7+
description: "Target environment"
8+
required: true
9+
type: choice
10+
options:
11+
- "delius-core-dev"
12+
- "delius-core-test"
13+
- "delius-core-training"
14+
- "delius-core-stage"
15+
- "delius-core-pre-prod"
16+
- "delius-core-prod"
17+
TargetHost:
18+
description: "Database target host"
19+
type: choice
20+
options:
21+
- "delius_primarydb"
22+
- "delius_standbydb1"
23+
- "delius_standbydb2"
24+
- "delius_standbydb1,delius_standbydb2"
25+
- "delius_dbs"
26+
- "mis_primarydb"
27+
- "mis_standbydb1"
28+
- "mis_dbs"
29+
- "misboe_primarydb"
30+
- "misboe_standbydb1"
31+
- "misboe_dbs"
32+
- "misdsd_primarydb"
33+
- "misdsd_standbydb1"
34+
- "misdsd_dbs"
35+
GridHome:
36+
description: "Oracle Grid Infrastructure Home to Deinstall"
37+
type: choice
38+
default: "DO_NOT_DEINSTALL"
39+
options:
40+
- "DO_NOT_DEINSTALL"
41+
- "/u01/app/grid/product/19.0.0/grid"
42+
DatabaseHome:
43+
description: "Oracle Database Home to Deinstall"
44+
type: choice
45+
default: "DO_NOT_DEINSTALL"
46+
options:
47+
- "DO_NOT_DEINSTALL"
48+
- "/u01/app/oracle/product/19.0.0/db"
49+
VerboseOutput:
50+
description: "Verbose Output level"
51+
type: choice
52+
default: ""
53+
options:
54+
- ""
55+
- "-vv"
56+
- "-vvv"
57+
- "-vvvv"
58+
SourceCodeVersion:
59+
description: "Source version for the hmpps-delius-operation-automation. Enter a pull request, branch, commit ID, tag, or reference."
60+
type: string
61+
default: "main"
62+
SourceConfigVersion:
63+
description: "Source version for the modernisation-platform-configuration-management. Enter a pull request, branch, commit ID, tag, or reference."
64+
type: string
65+
default: "main"
66+
67+
env:
68+
ansible_config: ansible/playbooks/ansible.cfg
69+
command: ansible-playbook operations/playbooks/oracle_release_update/deinstall_oracle.yml
70+
inventory: inventory/ansible
71+
72+
permissions:
73+
contents: read
74+
packages: read
75+
id-token: write
76+
77+
jobs:
78+
oracle-db-deinstall:
79+
name: oracle-db-deinstall
80+
environment: ${{ github.event.inputs.TargetEnvironment }}
81+
runs-on: ubuntu-latest
82+
container:
83+
image: ghcr.io/ministryofjustice/hmpps-delius-operational-automation:0.41.0
84+
timeout-minutes: 1440
85+
continue-on-error: false
86+
steps:
87+
88+
- name: Prepare Target Name
89+
id: preparetargetname
90+
shell: bash
91+
run: |
92+
environment_name="environment_name_$(echo ${{ github.event.inputs.TargetEnvironment }} | sed 's/delius-core-dev/delius_core_development_dev/;s/delius-core-test/delius_core_test_test/;s/delius-core-training/delius_core_test_training/;s/delius-core-stage/delius_core_preproduction_stage/;s/delius-core-pre-prod/delius_core_preproduction_pre_prod/;s/delius-core-prod/delius_core_production_prod/')"
93+
IFS=","
94+
for target in ${{ github.event.inputs.TargetHost }}
95+
do
96+
IFS=""
97+
TargetHost+=${environment_name}_${target},
98+
done
99+
echo "TargetHost=${TargetHost%?}" >> $GITHUB_OUTPUT
100+
101+
- name: Checkout From hmpps-delius-operational-automation
102+
uses: actions/checkout@v4
103+
with:
104+
repository: ministryofjustice/hmpps-delius-operational-automation
105+
sparse-checkout-cone-mode: false
106+
sparse-checkout: |
107+
playbooks/oracle_release_update
108+
common/*
109+
playbooks/ansible.cfg
110+
path: operations
111+
ref: ${{ github.event.inputs.SourceCodeVersion }}
112+
fetch-depth: 0
113+
114+
- name: Checkout Inventory From modernisation-platform-configuration-management
115+
uses: actions/checkout@v4
116+
with:
117+
repository: ministryofjustice/modernisation-platform-configuration-management
118+
sparse-checkout-cone-mode: false
119+
sparse-checkout: |
120+
ansible/hosts
121+
ansible/group_vars
122+
path: inventory
123+
ref: ${{ github.event.inputs.SourceConfigVersion }}
124+
fetch-depth: 0
125+
126+
- name: Checkout Ansible Required Roles From modernisation-platform-configuration-management
127+
uses: actions/checkout@v4
128+
with:
129+
repository: ministryofjustice/modernisation-platform-configuration-management
130+
sparse-checkout-cone-mode: false
131+
sparse-checkout: |
132+
ansible/roles/secretsmanager-passwords
133+
ansible/roles/get-modernisation-platform-facts
134+
path: roles
135+
ref: ${{ github.event.inputs.SourceConfigVersion }}
136+
fetch-depth: 0
137+
138+
- name: Configure AWS Credentials
139+
id: login-aws
140+
uses: aws-actions/configure-aws-credentials@v4
141+
with:
142+
role-to-assume: "arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/modernisation-platform-oidc-cicd"
143+
role-session-name: "hmpps-delius-operational-automation-${{ github.run_number }}"
144+
aws-region: "eu-west-2"
145+
146+
- name: Start Deinstall Oracle Home
147+
run: |
148+
export ANSIBLE_CONFIG=$ansible_config
149+
ln -s $PWD/roles/ansible/roles $PWD/operations/playbooks/oracle_release_update/roles
150+
$command -i $inventory -e ansible_aws_ssm_bucket_name=${{ vars.ANSIBLE_AWS_SSM_BUCKET_NAME }} \
151+
-e target_hosts="${{ steps.preparetargetname.outputs.TargetHost }}" \
152+
-e oracle_grid_oracle_home="${{ github.event.inputs.GridHome }}" \
153+
-e oracle_database_oracle_home="${{ github.event.inputs.DatabaseHome }}" ${{ github.event.inputs.VerboseOutput }}

playbooks/oracle_release_update/deinstall_oracle.yml

+4-30
Original file line numberDiff line numberDiff line change
@@ -6,39 +6,13 @@
66
roles:
77
- deinstall_oracle
88

9-
# Run the following to Update OEM Targets *** only when inside of AWS ***
10-
# This playbook calls an SSM Automation to run the OEM Changes within the associated
11-
# Engineering Environment. We loop through each host in the environment
12-
# where the deinstallation completed successfully.
13-
- hosts: localhost
14-
gather_facts: no
15-
become: no
16-
tasks:
17-
- include_vars:
18-
file: release_update/vars/main.yml
19-
- name: Run SSM Automation to Update OEM Targets
20-
include: release_update/tasks/update_oem_targets.yml
21-
vars:
22-
update_host: "{{ item }}"
23-
grid_home: "{{ oem_gi_home | replace('DO_NOT_DEINSTALL','NONE') }}"
24-
database_home: "{{ oem_db_home | replace('DO_NOT_DEINSTALL','NONE') }}"
25-
document_name: "oracle-delete-home-oem"
26-
loop: "{{ target_hosts.split(',') }}"
27-
run_once: yes
28-
when:
29-
- is_aws_environment
30-
- ( groups[item][0] | default('UNDEFINED_TARGET') ) in deinstalled_targets
31-
32-
# Run the following to Update OEM Targets *** only when run on non-AWS (e.g. local VMs) ***
33-
# This playbook runs on the Primary OEM Host directly since AWS IAM / Engineering Accounts
34-
# are not relevant if not running in AWS
35-
- hosts: "{{ groups['oem_primarydb'][0] }}"
9+
# Run the following to Update OEM Targets
10+
# This playbook runs ONLY on a single target host because emcli is installed
11+
- hosts: "{{ groups[target_hosts][0] }}"
3612
gather_facts: no
3713
become: yes
3814
become_user: oracle
3915
vars:
40-
oracle_grid_new_oracle_home: "{{ hostvars.localhost.oem_gi_home }}"
41-
oracle_database_new_oracle_home: "{{ hostvars.localhost.oem_db_home }}"
4216
deletion_targets: "{{ hostvars.localhost.deinstalled_targets | default([]) }}"
4317
roles:
44-
- { role: update_oem_after_deinstall, when: not hostvars.localhost.is_aws_environment }
18+
- update_oem_after_deinstall

playbooks/oracle_release_update/deinstall_oracle/files/detect_oracle_home_in_use.sh

+18-7
Original file line numberDiff line numberDiff line change
@@ -61,30 +61,41 @@ done
6161

6262
# If there are old controlfile snapshots present these may contain reference to previous Oracle Homes
6363
# Simply create a new snapshot controlfile if required
64-
if [[ -f ${DB_ORACLE_HOME}/dbs/snapcf${ORACLE_SID}.f ]]; then
6564

66-
grep "${DEINSTALL_HOME}" ${DB_ORACLE_HOME}/dbs/snapcf${ORACLE_SID}.f > /dev/null
65+
INSTANCEID=$(wget -q -O - http://169.254.169.254/latest/meta-data/instance-id)
66+
ENVIRONMENT_NAME=$(aws ec2 describe-tags --filters "Name=resource-id,Values=${INSTANCEID}" "Name=key,Values=environment-name" --query "Tags[].Value" --output text)
67+
DELIUS_ENVIRONMENT=$(aws ec2 describe-tags --filters "Name=resource-id,Values=${INSTANCEID}" "Name=key,Values=delius-environment" --query "Tags[].Value" --output text)
68+
APPLICATION=$(aws ec2 describe-tags --filters "Name=resource-id,Values=${INSTANCEID}" "Name=key,Values=application" --query "Tags[].Value" --output text | sed 's/-core//')
69+
SYS_PASSWORD=$(aws secretsmanager get-secret-value --secret-id ${ENVIRONMENT_NAME}-${DELIUS_ENVIRONMENT}-${APPLICATION}-dba-passwords --region eu-west-2 --query SecretString --output text| jq -r .sys)
70+
71+
if [[ -f ${DB_ORACLE_HOME}/dbs/snapcf_${ORACLE_SID}.f ]];
72+
then
73+
grep "${DEINSTALL_HOME}" ${DB_ORACLE_HOME}/dbs/snapcf_${ORACLE_SID}.f > /dev/null
6774
if [[ $? -eq 0 ]];
6875
then
69-
rman target / <<EORMAN
76+
rman target sys/${SYS_PASSWORD}@${ORACLE_SID} <<EORMAN
7077
backup current controlfile;
7178
exit
7279
EORMAN
7380
fi
7481

7582
# Sometimes it is necessary to repeat the above step to clear all references
76-
grep "${DEINSTALL_HOME}" ${DB_ORACLE_HOME}/dbs/snapcf${ORACLE_SID}.f > /dev/null
83+
grep "${DEINSTALL_HOME}" ${DB_ORACLE_HOME}/dbs/snapcf_${ORACLE_SID}.f > /dev/null
7784
if [[ $? -eq 0 ]];
7885
then
79-
rman target / <<EORMAN
86+
rman target sys/${SYS_PASSWORD}@${ORACLE_SID} <<EORMAN
8087
backup current controlfile;
8188
exit
8289
EORMAN
8390
fi
91+
92+
# Delete snapshot control file as will be created on next backup if defined in RMAN configuration
93+
rm -f ${DB_ORACLE_HOME}/dbs/snapcf_${ORACLE_SID}.f
94+
8495
fi
8596

8697
# Check that the default RMAN SBT Channel is not pointing to the deinstall home
87-
rman target / <<EORMAN | grep "CONFIGURE CHANNEL DEVICE TYPE 'SBT_TAPE' PARMS" | awk -F= '{print $NF}' | tr -d ")';" | grep ${DEINSTALL_HOME}
98+
rman target sys/${SYS_PASSWORD}@${ORACLE_SID} <<EORMAN | grep "CONFIGURE CHANNEL DEVICE TYPE 'SBT_TAPE' PARMS" | awk -F= '{print $NF}' | tr -d ")';" | grep ${DEINSTALL_HOME}
8899
SHOW CHANNEL;
89100
exit;
90101
EORMAN
@@ -94,7 +105,7 @@ then
94105
exit 1
95106
fi
96107

97-
for x in $(grep "${DEINSTALL_HOME}" ${DB_ORACLE_HOME}/dbs/* 2>/dev/null);
108+
for x in $(grep -r "${DEINSTALL_HOME}" ${DB_ORACLE_HOME}/dbs/* 2>/dev/null);
98109
do
99110
echo "$x ${DEINSTALL_HOME}"
100111
exit 1

playbooks/oracle_release_update/deinstall_oracle/tasks/deinstall.yml

+1-1
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
register: home_exists
1212

1313
- name: Deinstall {{ deinstall_home }} Home
14-
include: deinstall_oracle_home.yml
14+
include_tasks: deinstall_oracle_home.yml
1515
vars:
1616
oracle_home: "{{ deinstall_home }}"
1717
when: home_exists.stat.exists

playbooks/oracle_release_update/deinstall_oracle/tasks/main.yml

+2-19
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
when: not ( oracle_grid_oracle_home | regex_search("^/u01/app/grid/product/[0-9\.]+/grid$"))
1111

1212
- name: Deinstall Grid Infrastructure Home
13-
include: deinstall.yml
13+
include_tasks: deinstall.yml
1414
vars:
1515
deinstall_home: "{{ oracle_grid_oracle_home }}"
1616

@@ -25,32 +25,15 @@
2525
when: not (oracle_database_oracle_home | regex_search("^/u01/app/oracle/product/[0-9\.]+/db$"))
2626

2727
- name: Deinstall Database Home
28-
include: deinstall.yml
28+
include_tasks: deinstall.yml
2929
vars:
3030
deinstall_home: "{{ oracle_database_oracle_home }}"
3131

32-
- name: Check if inside AWS.
33-
uri:
34-
url: http://169.254.169.254/latest/meta-data
35-
timeout: 20
36-
register: aws_uri_check
37-
failed_when: false
38-
run_once: yes
39-
40-
- set_fact:
41-
is_aws_environment: "{{ aws_uri_check.status == 200 }}"
42-
run_once: yes
43-
delegate_to: localhost
44-
delegate_facts: true
45-
4632
# Set variables ready to run target deletion in next playbook
47-
# (The approach taken to delete these targets will differ between AWS and non-AWS environments)
4833
# NB: We use ansible_play_hosts to compile a list of targets which have not failed so far
4934
# as we do not want to delete targets for hosts where the deinstall has failed.
5035
- name: Prepare Ansible Controller Variables for OEM Target Deletion
5136
set_fact:
52-
oem_gi_home: "{{ oracle_grid_oracle_home }}"
53-
oem_db_home: "{{ oracle_database_oracle_home }}"
5437
deinstalled_targets: "{{ ansible_play_hosts }}"
5538
delegate_to: localhost
5639
delegate_facts: true
Original file line numberDiff line numberDiff line change
@@ -1,44 +1,38 @@
11
---
2-
- name: Get sysman password from ssm parameter store
3-
shell: . /etc/environment && aws ssm get-parameters --region ${REGION} --with-decryption --name /${HMPPS_ENVIRONMENT}/${APPLICATION}/oem-database/db/oradb_sysman_password | jq -r '.Parameters[].Value'
4-
register: sysman_output
5-
changed_when: false
6-
no_log: true
7-
8-
- name: Set fact for sysman password to be used elsewhere
2+
- name: Set Agent Host
93
set_fact:
10-
sysman_password: "{{ sysman_output.stdout | default('Welcome1') }}"
11-
12-
- name: Get Name of Agent Host
13-
include: ../../update_oem/tasks/get_agent_target.yml
4+
agent_host: "{{ target_host + '.' + dns_zone_internal }}"
145

156
- name: Find Out if Deinstalled Home Exists as a Target
167
shell: |
17-
. ~/.bash_profile
18-
{{ emcli }} login -username=sysman -password=${SYSMAN_PASSWORD} -force 1>&2
19-
{{ emcli }} sync 1>&2
8+
. {{ stage }}/emcli_login.sh
209
ALL_HOME_TARGETS=$({{ emcli }} list -resource="Targets" -search="HOST_NAME='{{ agent_host }}'" -search="TARGET_TYPE='oracle_home'" -column="TARGET_NAME" -script -noheader)
2110
for TARGET in ${ALL_HOME_TARGETS}; do {{ emcli }} list -resource="TargetProperties" -search="TARGET_NAME='$TARGET'" -search="PROPERTY_NAME='INSTALL_LOCATION'" -column="PROPERTY_VALUE" -script | grep -q "{{ oracle_home }}" && echo $TARGET && break; done
2211
register: existing_oracle_home
2312
failed_when: existing_oracle_home.rc > 1
2413
changed_when: false
25-
environment:
26-
SYSMAN_PASSWORD: "{{ sysman_password }}"
2714

28-
# This block will run if the Deinstalled Oracle Home Target still exists
29-
- name: Delete Deinstalled Oracle Home Target
30-
block:
31-
- name: Delete Target from Repository
32-
shell: |
33-
. ~/.bash_profile
34-
{{ emcli }} login -username=sysman -password={{ sysman_password }} -force
35-
{{ emcli }} sync
36-
{{ emcli }} delete_target -name="{{ existing_oracle_home.stdout }}" -type="oracle_home"
15+
- name: Search Output For Oracle Home Name
16+
set_fact:
17+
oracle_home_name: "{{ item }}"
18+
loop: "{{ existing_oracle_home.stdout_lines }}"
19+
when: item is search(agent_host)
3720

38-
# Pause Until OEM has Finished Deleting the Target
39-
# (Otherwise it will fail when we try to add the new target)
40-
- name: Wait for Existing Target Deletion
41-
script: ../../update_oem/files/wait_for_target_deletion.sh {{ existing_oracle_home.stdout }}
42-
changed_when: false
21+
# This block will run if the Deinstalled Oracle Home Target still exists
22+
- name: Delete Target from Repository
23+
shell: |
24+
. {{ stage }}/emcli_login.sh
25+
{{ emcli }} delete_target -name="{{ oracle_home_name }}" -type="oracle_home"
26+
when: existing_oracle_home.rc == 0 and oracle_home_name is defined
4327

44-
when: existing_oracle_home.rc == 0
28+
# Pause Until OEM has Finished Deleting the Target
29+
# (Otherwise it will fail when we try to add the new target)
30+
- name: Get Target From Repository
31+
shell: |
32+
. {{ stage }}/emcli_login.sh
33+
{{ emcli }} get_targets -targets="{{ oracle_home_name }}:oracle_home" -script -noheader | awk '{print $NF}'
34+
register: delete_target_monitor
35+
until: delete_target_monitor.stdout_lines is not search(oracle_home_name)
36+
delay: 60
37+
retries: 10
38+
when: oracle_home_name is defined

0 commit comments

Comments
 (0)