Overview
Following the successful creation of AUBURN as an Ansible server, I wanted to create a playbook for the installation of Grid Infrastructure (GI) 12.1.0.2 that could be used as I experimented with GI.
The previous procedure created an Ansible playbook that created the Oracle directories. In this procedure, I want to complete the set-up of the Oracle user.
References
Procedure
Select Groups
Based on the suggestions in 6.1.8 Descriptions of Job Role Separation Groups and Users , I propose to modify the oracle user to have extra groups in order to manage ASM:
| Group Name | Group ID | Description | Created by |
|---|---|---|---|
| oinstall | 54321 | Oracle software owner | Oracle pre-installation RPM |
| dba | 54322 | Oracle user authenicated through operating system as SYSDBA | Oracle pre-installation RPM |
| oper | 54323 | Oracle user authenicated through operating system for limited operational tasks only as SYSOPER | By me |
| asmdba | 54327 | Oracle user authenicated through operating system as SYSDBA for ASM only | By me |
| asmoper | 54328 | Oracle user authenicated through operating system for limited operational tasks only as SYSOPER for ASM only | By me |
| asmadmin | 54329 | Oracle user authenicated through operating system for ASM operational tasks only as SYSASM (between SYSOPER and SYSDBA) | By me |
Create Playbook
On AUBURN , I created an Ansible playbook ( user_groups.yml ) with the following contents:
---
- name: Prepare REDFERN Cluster for Oracle GI 12.1 installation (Oracle Groups)
hosts: redfern1.yaocm.id.au
become: true
tasks:
- name: Add Oracle and Grid groups
group:
name: "{{ item.name }}"
gid: "{{ item.gid }}"
state: present
system: no
with_items:
- { name: "oper" , gid: 54323 }
- { name: "asmdba" , gid: 54327 }
- { name: "asmoper" , gid: 54328 }
- { name: "asmadmin" , gid: 54329 }
- name: Set groups and password for Oracle user
user:
name: oracle
comment: "Oracle sotware owner"
password: "************************************************"
group: oinstall
groups: oinstall,dba,oper,asmdba,asmoper,asmadmin
Note: The password value was copied out of /etc/shadow. The password is obscured because tools exists to decrypt such values.
Modify User Settings for the Oracle User
On AUBURN, I executed an Ansible playbook (user_groups.yml) as follows:
ansible-playbook -K user_groups.yml
The output was:
SUDO password: PLAY [Prepare REDFERN Cluster for Oracle GI 12.1 installation (Oracle Groups)] *** TASK [Gathering Facts] ********************************************************* ok: [redfern1.yaocm.id.au] TASK [Add Oracle and Grid groups] ********************************************** changed: [redfern1.yaocm.id.au] => (item={u'gid': 54323, u'name': u'oper'}) changed: [redfern1.yaocm.id.au] => (item={u'gid': 54327, u'name': u'asmdba'}) changed: [redfern1.yaocm.id.au] => (item={u'gid': 54328, u'name': u'asmoper'}) changed: [redfern1.yaocm.id.au] => (item={u'gid': 54329, u'name': u'asmadmin'}) TASK [Set groups and password for Oracle user] ********************************* changed: [redfern1.yaocm.id.au] PLAY RECAP ********************************************************************* redfern1.yaocm.id.au : ok=3 changed=2 unreachable=0 failed=0
Verification
Used the following command (on REDFERN1) to verify that the correct groups are set:
id oracle
The output was:
uid=54321(oracle) gid=54321(oinstall) groups=54321(oinstall),54322(dba),54323(oper),54327(asmdba),54328(asmoper),54329(asmadmin)
Expand Playbook to Include All Groups
The above playbook only adds the extra groups that were not created through the Oracle Pre-installation RPM.
For completeness, the RPM-supplied groups are added to the playbook (user_groups.yml) as follows (changes are in bold:
---
- name: Prepare REDFERN Cluster for Oracle GI 12.1 installation (Oracle Groups)
hosts: redfern1.yaocm.id.au
become: true
tasks:
- name: Add Oracle and Grid groups
group:
name: "{{ item.name }}"
gid: "{{ item.gid }}"
state: present
system: no
with_items:
- { name: "oinstall", gid: 54321 }
- { name: "dba", gid: 54322 }
- { name: "oper" , gid: 54323 }
- { name: "asmdba" , gid: 54327 }
- { name: "asmoper" , gid: 54328 }
- { name: "asmadmin" , gid: 54329 }
- name: Set groups and password for Oracle user
user:
name: oracle
comment: "Oracle sotware owner"
password: "************************************************"
group: oinstall
groups: oinstall,dba,oper,asmdba,asmoper,asmadmin
Note: The password value was copied out of /etc/shadow. The password is obscured because tools exists to decrypt such values.
Confirm User Settings for the Oracle User
On AUBURN, I executed the Ansible playbook (user_groups.yml) to confirm the correct settings for the oracle user:
ansible-playbook -K user_groups.yml
The output was:
SUDO password: PLAY [Prepare REDFERN Cluster for Oracle GI 12.1 installation (Oracle Groups)] *** TASK [Gathering Facts] ********************************************************* ok: [redfern1.yaocm.id.au] TASK [Add Oracle and Grid groups] ********************************************** ok: [redfern1.yaocm.id.au] => (item={u'gid': 54321, u'name': u'oinstall'}) ok: [redfern1.yaocm.id.au] => (item={u'gid': 54322, u'name': u'dba'}) ok: [redfern1.yaocm.id.au] => (item={u'gid': 54323, u'name': u'oper'}) ok: [redfern1.yaocm.id.au] => (item={u'gid': 54327, u'name': u'asmdba'}) ok: [redfern1.yaocm.id.au] => (item={u'gid': 54328, u'name': u'asmoper'}) ok: [redfern1.yaocm.id.au] => (item={u'gid': 54329, u'name': u'asmadmin'}) TASK [Set groups and password for Oracle user] ********************************* ok: [redfern1.yaocm.id.au] PLAY RECAP ********************************************************************* redfern1.yaocm.id.au : ok=3 changed=0 unreachable=0 failed=0
The settings for the oracle user are now documented in the playbook.