Merge pull request #247 from ministryofjustice/DBA-670

Dba 670

Author: ranbeersingh1

.github/workflows/oracle-db-deinstall.yml

@@ -0,0 +1,153 @@
+name: "Oracle: Deinstall Oracle Software"
+run-name: "Oracle: ${{ format('{0}-{1}', github.event.inputs.TargetEnvironment, github.event.inputs.TargetHost) }}-deinstall-oracle-software"
+on:
+  workflow_dispatch:
+    inputs:
+      TargetEnvironment:
+        description: "Target environment"
+        required: true
+        type: choice
+        options:
+          - "delius-core-dev"
+          - "delius-core-test"
+          - "delius-core-training"
+          - "delius-core-stage"
+          - "delius-core-pre-prod"
+          - "delius-core-prod"
+      TargetHost:
+        description: "Database target host"
+        type: choice
+        options:
+          - "delius_primarydb"
+          - "delius_standbydb1"
+          - "delius_standbydb2"
+          - "delius_standbydb1,delius_standbydb2"
+          - "delius_dbs"
+          - "mis_primarydb"
+          - "mis_standbydb1"
+          - "mis_dbs"
+          - "misboe_primarydb"
+          - "misboe_standbydb1"
+          - "misboe_dbs"
+          - "misdsd_primarydb"
+          - "misdsd_standbydb1"
+          - "misdsd_dbs"
+      GridHome:
+        description: "Oracle Grid Infrastructure Home to Deinstall"
+        type: choice
+        default: "DO_NOT_DEINSTALL"
+        options: 
+          - "DO_NOT_DEINSTALL"
+          - "/u01/app/grid/product/19.0.0/grid"
+      DatabaseHome:
+        description: "Oracle Database Home to Deinstall"
+        type: choice
+        default: "DO_NOT_DEINSTALL"
+        options:
+          - "DO_NOT_DEINSTALL"
+          - "/u01/app/oracle/product/19.0.0/db"
+      VerboseOutput:
+        description: "Verbose Output level"
+        type: choice
+        default: ""
+        options:
+          - ""
+          - "-vv"
+          - "-vvv"
+          - "-vvvv"
+      SourceCodeVersion:
+        description: "Source version for the hmpps-delius-operation-automation. Enter a pull request, branch, commit ID, tag, or reference."
+        type: string
+        default: "main"
+      SourceConfigVersion:
+        description: "Source version for the modernisation-platform-configuration-management. Enter a pull request, branch, commit ID, tag, or reference."
+        type: string
+        default: "main"
+
+env:
+  ansible_config: ansible/playbooks/ansible.cfg
+  command: ansible-playbook operations/playbooks/oracle_release_update/deinstall_oracle.yml 
+  inventory: inventory/ansible
+
+permissions:
+  contents: read
+  packages: read
+  id-token: write
+
+jobs:
+  oracle-db-deinstall:
+    name: oracle-db-deinstall
+    environment: ${{ github.event.inputs.TargetEnvironment }}
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/ministryofjustice/hmpps-delius-operational-automation:0.41.0
+    timeout-minutes: 1440
+    continue-on-error: false
+    steps:
+
+      - name: Prepare Target Name
+        id: preparetargetname
+        shell: bash
+        run: |
+          environment_name="environment_name_$(echo ${{ github.event.inputs.TargetEnvironment }} | sed 's/delius-core-dev/delius_core_development_dev/;s/delius-core-test/delius_core_test_test/;s/delius-core-training/delius_core_test_training/;s/delius-core-stage/delius_core_preproduction_stage/;s/delius-core-pre-prod/delius_core_preproduction_pre_prod/;s/delius-core-prod/delius_core_production_prod/')"
+          IFS=","
+          for target in ${{ github.event.inputs.TargetHost }}
+          do
+            IFS=""
+            TargetHost+=${environment_name}_${target},
+          done
+          echo "TargetHost=${TargetHost%?}" >> $GITHUB_OUTPUT
+
+      - name: Checkout From hmpps-delius-operational-automation
+        uses: actions/checkout@v4
+        with:
+          repository: ministryofjustice/hmpps-delius-operational-automation
+          sparse-checkout-cone-mode: false
+          sparse-checkout: |
+            playbooks/oracle_release_update
+            common/*
+            playbooks/ansible.cfg
+          path: operations
+          ref: ${{ github.event.inputs.SourceCodeVersion }}
+          fetch-depth: 0
+
+      - name: Checkout Inventory From modernisation-platform-configuration-management
+        uses: actions/checkout@v4
+        with:
+          repository: ministryofjustice/modernisation-platform-configuration-management
+          sparse-checkout-cone-mode: false
+          sparse-checkout: |
+            ansible/hosts
+            ansible/group_vars
+          path: inventory
+          ref: ${{ github.event.inputs.SourceConfigVersion }}
+          fetch-depth: 0
+
+      - name: Checkout Ansible Required Roles From modernisation-platform-configuration-management
+        uses: actions/checkout@v4
+        with:
+          repository: ministryofjustice/modernisation-platform-configuration-management
+          sparse-checkout-cone-mode: false
+          sparse-checkout: |
+            ansible/roles/secretsmanager-passwords
+            ansible/roles/get-modernisation-platform-facts
+          path: roles
+          ref: ${{ github.event.inputs.SourceConfigVersion }}
+          fetch-depth: 0
+
+      - name: Configure AWS Credentials
+        id: login-aws
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: "arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/modernisation-platform-oidc-cicd"
+          role-session-name: "hmpps-delius-operational-automation-${{ github.run_number }}"
+          aws-region: "eu-west-2"
+
+      - name: Start Deinstall Oracle Home
+        run: | 
+            export ANSIBLE_CONFIG=$ansible_config
+            ln -s $PWD/roles/ansible/roles $PWD/operations/playbooks/oracle_release_update/roles
+            $command -i $inventory -e ansible_aws_ssm_bucket_name=${{ vars.ANSIBLE_AWS_SSM_BUCKET_NAME }} \
+            -e target_hosts="${{ steps.preparetargetname.outputs.TargetHost }}" \
+            -e oracle_grid_oracle_home="${{ github.event.inputs.GridHome }}" \
+            -e oracle_database_oracle_home="${{ github.event.inputs.DatabaseHome }}" ${{ github.event.inputs.VerboseOutput }}

playbooks/oracle_release_update/deinstall_oracle.yml

@@ -6,39 +6,13 @@
   roles:
     - deinstall_oracle
 
-# Run the following to Update OEM Targets *** only when inside of AWS ***
-# This playbook calls an SSM Automation to run the OEM Changes within the associated
-# Engineering Environment.   We loop through each host in the environment
-# where the deinstallation completed successfully.
-- hosts: localhost
-  gather_facts: no
-  become: no
-  tasks:
-    - include_vars:
-        file: release_update/vars/main.yml
-    - name: Run SSM Automation to Update OEM Targets
-      include: release_update/tasks/update_oem_targets.yml
-      vars:
-        update_host: "{{ item }}"
-        grid_home: "{{ oem_gi_home | replace('DO_NOT_DEINSTALL','NONE') }}"
-        database_home: "{{ oem_db_home | replace('DO_NOT_DEINSTALL','NONE') }}"
-        document_name: "oracle-delete-home-oem"
-      loop: "{{ target_hosts.split(',') }}"
-      run_once: yes
-      when:
-        - is_aws_environment
-        - ( groups[item][0] | default('UNDEFINED_TARGET') ) in deinstalled_targets
-
-# Run the following to Update OEM Targets *** only when run on non-AWS (e.g. local VMs) ***
-# This playbook runs on the Primary OEM Host directly since AWS IAM / Engineering Accounts
-# are not relevant if not running in AWS
-- hosts: "{{ groups['oem_primarydb'][0] }}"
+# Run the following to Update OEM Targets
+# This playbook runs ONLY on a single target host because emcli is installed
+- hosts: "{{ groups[target_hosts][0] }}"
   gather_facts: no
   become: yes
   become_user: oracle
   vars:
-    oracle_grid_new_oracle_home: "{{ hostvars.localhost.oem_gi_home }}"
-    oracle_database_new_oracle_home: "{{ hostvars.localhost.oem_db_home }}"
     deletion_targets: "{{ hostvars.localhost.deinstalled_targets | default([]) }}"
   roles:
-    - { role: update_oem_after_deinstall, when: not hostvars.localhost.is_aws_environment }
+    - update_oem_after_deinstall

playbooks/oracle_release_update/deinstall_oracle/files/detect_oracle_home_in_use.sh

@@ -61,30 +61,41 @@ done
 
 # If there are old controlfile snapshots present these may contain reference to previous Oracle Homes
 # Simply create a new snapshot controlfile if required
-if [[ -f ${DB_ORACLE_HOME}/dbs/snapcf${ORACLE_SID}.f ]]; then
 
-   grep "${DEINSTALL_HOME}" ${DB_ORACLE_HOME}/dbs/snapcf${ORACLE_SID}.f > /dev/null
+INSTANCEID=$(wget -q -O - http://169.254.169.254/latest/meta-data/instance-id)
+ENVIRONMENT_NAME=$(aws ec2 describe-tags --filters "Name=resource-id,Values=${INSTANCEID}" "Name=key,Values=environment-name"  --query "Tags[].Value" --output text)
+DELIUS_ENVIRONMENT=$(aws ec2 describe-tags --filters "Name=resource-id,Values=${INSTANCEID}" "Name=key,Values=delius-environment"  --query "Tags[].Value" --output text)
+APPLICATION=$(aws ec2 describe-tags --filters "Name=resource-id,Values=${INSTANCEID}" "Name=key,Values=application"  --query "Tags[].Value" --output text | sed 's/-core//')
+SYS_PASSWORD=$(aws secretsmanager get-secret-value --secret-id ${ENVIRONMENT_NAME}-${DELIUS_ENVIRONMENT}-${APPLICATION}-dba-passwords --region eu-west-2 --query SecretString --output text| jq -r .sys)
+
+if [[ -f ${DB_ORACLE_HOME}/dbs/snapcf_${ORACLE_SID}.f ]];
+then
+   grep "${DEINSTALL_HOME}" ${DB_ORACLE_HOME}/dbs/snapcf_${ORACLE_SID}.f > /dev/null
    if [[ $? -eq 0 ]];
    then  
-      rman target / <<EORMAN
+      rman target sys/${SYS_PASSWORD}@${ORACLE_SID} <<EORMAN
       backup current controlfile;
       exit
 EORMAN
    fi
 
    # Sometimes it is necessary to repeat the above step to clear all references
-   grep "${DEINSTALL_HOME}" ${DB_ORACLE_HOME}/dbs/snapcf${ORACLE_SID}.f > /dev/null
+   grep "${DEINSTALL_HOME}" ${DB_ORACLE_HOME}/dbs/snapcf_${ORACLE_SID}.f > /dev/null
    if [[ $? -eq 0 ]];
    then  
-      rman target / <<EORMAN
+      rman target sys/${SYS_PASSWORD}@${ORACLE_SID} <<EORMAN
       backup current controlfile;
       exit
 EORMAN
    fi
+
+   # Delete snapshot control file as will be created on next backup if defined in RMAN configuration
+   rm -f ${DB_ORACLE_HOME}/dbs/snapcf_${ORACLE_SID}.f
+
 fi
 
 # Check that the default RMAN SBT Channel is not pointing to the deinstall home
-rman target / <<EORMAN | grep "CONFIGURE CHANNEL DEVICE TYPE 'SBT_TAPE' PARMS" | awk -F= '{print $NF}' | tr -d ")';" | grep ${DEINSTALL_HOME}
+rman target sys/${SYS_PASSWORD}@${ORACLE_SID} <<EORMAN | grep "CONFIGURE CHANNEL DEVICE TYPE 'SBT_TAPE' PARMS" | awk -F= '{print $NF}' | tr -d ")';" | grep ${DEINSTALL_HOME}
 SHOW CHANNEL;
 exit;
 EORMAN
@@ -94,7 +105,7 @@ then
    exit 1
 fi
 
-for x in $(grep "${DEINSTALL_HOME}" ${DB_ORACLE_HOME}/dbs/* 2>/dev/null);
+for x in $(grep -r "${DEINSTALL_HOME}" ${DB_ORACLE_HOME}/dbs/* 2>/dev/null);
 do
    echo "$x ${DEINSTALL_HOME}"
    exit 1

playbooks/oracle_release_update/deinstall_oracle/tasks/deinstall.yml

@@ -11,7 +11,7 @@
   register: home_exists
 
 - name: Deinstall {{ deinstall_home }} Home
-  include: deinstall_oracle_home.yml
+  include_tasks: deinstall_oracle_home.yml
   vars:
     oracle_home: "{{ deinstall_home }}"
   when: home_exists.stat.exists

playbooks/oracle_release_update/deinstall_oracle/tasks/main.yml

@@ -10,7 +10,7 @@
       when: not ( oracle_grid_oracle_home | regex_search("^/u01/app/grid/product/[0-9\.]+/grid$"))
 
     - name: Deinstall Grid Infrastructure Home
-      include: deinstall.yml
+      include_tasks: deinstall.yml
       vars:
         deinstall_home: "{{ oracle_grid_oracle_home }}"
 
@@ -25,32 +25,15 @@
       when: not (oracle_database_oracle_home | regex_search("^/u01/app/oracle/product/[0-9\.]+/db$"))
 
     - name: Deinstall Database Home
-      include: deinstall.yml
+      include_tasks: deinstall.yml
       vars:
         deinstall_home: "{{ oracle_database_oracle_home }}"
 
-- name: Check if inside AWS.
-  uri:
-    url: http://169.254.169.254/latest/meta-data
-    timeout: 20
-  register: aws_uri_check
-  failed_when: false
-  run_once: yes
-
-- set_fact:
-    is_aws_environment: "{{ aws_uri_check.status == 200 }}"
-  run_once: yes
-  delegate_to: localhost
-  delegate_facts: true
-
 # Set variables ready to run target deletion in next playbook
-# (The approach taken to delete these targets will differ between AWS and non-AWS environments)
 # NB: We use ansible_play_hosts to compile a list of targets which have not failed so far
 # as we do not want to delete targets for hosts where the deinstall has failed.
 - name: Prepare Ansible Controller Variables for OEM Target Deletion
   set_fact:
-    oem_gi_home: "{{ oracle_grid_oracle_home }}"
-    oem_db_home: "{{ oracle_database_oracle_home }}"
     deinstalled_targets: "{{ ansible_play_hosts }}"
   delegate_to: localhost
   delegate_facts: true

playbooks/oracle_release_update/update_oem_after_deinstall/tasks/delete_agent_targets.yml

@@ -1,44 +1,38 @@
 ---
-- name: Get sysman password from ssm parameter store
-  shell: . /etc/environment && aws ssm get-parameters --region ${REGION} --with-decryption --name /${HMPPS_ENVIRONMENT}/${APPLICATION}/oem-database/db/oradb_sysman_password | jq -r '.Parameters[].Value'
-  register: sysman_output
-  changed_when: false
-  no_log: true
-
-- name: Set fact for sysman password to be used elsewhere
+- name: Set Agent Host
   set_fact:
-    sysman_password: "{{ sysman_output.stdout | default('Welcome1') }}"
-
-- name: Get Name of Agent Host
-  include: ../../update_oem/tasks/get_agent_target.yml
+    agent_host: "{{ target_host + '.' + dns_zone_internal }}"
 
 - name: Find Out if Deinstalled Home Exists as a Target
   shell: |
-    . ~/.bash_profile
-    {{ emcli }} login -username=sysman -password=${SYSMAN_PASSWORD} -force 1>&2
-    {{ emcli }} sync 1>&2
+    . {{ stage }}/emcli_login.sh
     ALL_HOME_TARGETS=$({{ emcli }} list -resource="Targets" -search="HOST_NAME='{{ agent_host }}'" -search="TARGET_TYPE='oracle_home'" -column="TARGET_NAME" -script -noheader)
     for TARGET in ${ALL_HOME_TARGETS}; do {{ emcli }} list -resource="TargetProperties" -search="TARGET_NAME='$TARGET'" -search="PROPERTY_NAME='INSTALL_LOCATION'" -column="PROPERTY_VALUE" -script | grep -q "{{ oracle_home }}" && echo $TARGET && break; done
   register: existing_oracle_home
   failed_when: existing_oracle_home.rc > 1
   changed_when: false
-  environment:
-    SYSMAN_PASSWORD: "{{ sysman_password }}"
 
-# This block will run if the Deinstalled Oracle Home Target still exists
-- name: Delete Deinstalled  Oracle Home Target
-  block:
-    - name: Delete Target from Repository
-      shell: |
-        . ~/.bash_profile
-          {{ emcli }} login -username=sysman -password={{ sysman_password }} -force
-          {{ emcli }} sync
-          {{ emcli }} delete_target -name="{{ existing_oracle_home.stdout }}" -type="oracle_home"
+- name: Search Output For Oracle Home Name
+  set_fact:
+    oracle_home_name: "{{ item }}"
+  loop: "{{ existing_oracle_home.stdout_lines }}"
+  when: item is search(agent_host)
 
-    # Pause Until OEM has Finished Deleting the Target
-    # (Otherwise it will fail when we try to add the new target)
-    - name: Wait for Existing Target Deletion
-      script: ../../update_oem/files/wait_for_target_deletion.sh {{ existing_oracle_home.stdout }}
-      changed_when: false
+# This block will run if the Deinstalled Oracle Home Target still exists
+- name: Delete Target from Repository
+  shell: |
+    . {{ stage }}/emcli_login.sh
+    {{ emcli }} delete_target -name="{{ oracle_home_name }}" -type="oracle_home"
+  when: existing_oracle_home.rc == 0 and oracle_home_name is defined
 
-  when: existing_oracle_home.rc == 0
+# Pause Until OEM has Finished Deleting the Target
+# (Otherwise it will fail when we try to add the new target)
+- name: Get Target From Repository
+  shell: |
+    . {{ stage }}/emcli_login.sh
+    {{ emcli }} get_targets -targets="{{ oracle_home_name }}:oracle_home" -script -noheader | awk '{print $NF}'
+  register: delete_target_monitor
+  until: delete_target_monitor.stdout_lines is not search(oracle_home_name)
+  delay: 60
+  retries: 10
+  when: oracle_home_name is defined