init.pp 8.52 KiB
#
# Handles an Oracle database system. All of our Oracle databases are run
# essentially the same way and this module contains all the standard bits.
# TODO: parameterized class for Oracle versions (10 and 11).
class oracledb {
# TODO: change to include each individual class, no commas
include compatlibs,
group::dba,
base::libstdc,
oracledb::directories,
oracledb::packages,
oracledb::oracleusers,
user::ntirety,
user::oracle
# TODO: since this is only RH specific, just fail on non-RH instead of large case statement.
case $operatingsystem {
'redhat': {
case $lsbmajdistrelease {
# rhel4 only required packages
# need to add openmotif .
'4': {
# TODO: switch to array of packages
package {
'glibc-kernheaders': ensure => present;
'gnome-libs': ensure => present;
'openmotif21': ensure => present;
'pdksh': ensure => present;
'xorg-x11-deprecated-libs': ensure => present;
'xscreensaver': ensure => present;
}
# TODO: verify <name>.ARCH doesn't work on RHEL4 with puppet now
# install i386 RPM
exec {
' oracle 64 bit server required compat-db':
command => 'up2date --arch=i386 compat-db',
unless => "rpm -q --qf \"%{ARCH}\n\" compat-db | grep -q i386";
'oracle 64bit server required glibc-devel':
command => 'up2date --arch=i386 glibc-devel',
unless => "rpm -q --qf \"%{ARCH}\n\" glibc-devel | grep -q i386";
'oracle 64bit server required libaio':
command => 'up2date --arch=i386 libaio',
unless => "rpm -q --qf \"%{ARCH}\n\" libaio | grep -q i386";
}
# TODO: verify this is needed on all RHEL versions - might not be needed on RHEL5/6
# TODO: verify this should be different than RHEL5/6 - goal: unify
base::sysctl { "net.ipv4.ip_local_port_range": ensure => "1024 65000" }
# Override limits.conf to increase stack size and nofiles.
file { '/etc/security/limits.conf':
source => $architecture ? {
'x86_64' => "puppet:///oracledb/etc/limits.conf.$architecture",
default => 'puppet:///oracledb/etc/limits.conf',
}
}
}
## this is for rhel5
'5': {
include oracledb::rhel5
file {'/etc/security/limits.conf':
source => "puppet:///oracledb/etc/limits.conf.rhel5"
}
base::sysctl { "net.ipv4.ip_local_port_range": ensure => "9000 65500" }
}
}
}
}
base::sysctl {
'kernel.shmmax': ensure => '4294967295';
'kernel.sem': ensure => '250 32000 100 128';
'kernel.shmall': ensure => '2097152';
'kernel.shmmni': ensure => '4096';
'fs.file-max': ensure => '65536';
# 'net.ipv4.ip_local_port_range': ensure => '1024 65000';
'net.core.rmem_default': ensure => '262144';
'net.core.rmem_max': ensure => '262144';
'net.core.wmem_default': ensure => '262144';
'net.core.wmem_max': ensure => '262144';
}
# Drop in iptables rules to allow connections in to the listeners
#iptables::fragment { 'oracle-listeners': ensure => present }
base::iptables::rule { 'oracle-listeners':
protocol => 'tcp',
source => [ '171.64.0.0/14',
'172.24.0.0/14',
'192.168.220.96/19',
'192.168.15.0/24'],
port => ['1533','1534','1535','1568','1542'],
}
# init script and filter-syslog rules for oracle
file {
'/etc/init.d/oracle':
source => 'puppet:///oracledb/oracle.init',
mode => 755,
notify => Exec['chkconfig oracle'];
'/etc/filter-syslog/oracle':
source => 'puppet:///oracledb/filter-syslog';
}
# TODO: use service - don't ensure running, just enabled
exec { 'chkconfig oracle':
command => 'chkconfig --add oracle',
refreshonly => true,
}
# TODO: Cleanup leftover bits
# Override limits.conf to increase stack size and nofiles.
#file { '/etc/security/limits.conf':
# source => $architecture ? {
# 'x86_64' => "puppet:///oracledb/etc/limits.conf.$architecture",
# default => 'puppet:///oracledb/etc/limits.conf',
# }
#}
}
# TODO: separate out into own file because:
# - it doesn't inherit/override from another class
# - and it is used outside this one class (well, not true here)
# - or if it is longer than ~10 lines
#
# It is all about logical separation.
# Is it easier to understand if you separate it into another file?
class oracledb::packages {
# TODO: convert to array of packages
package {
'binutils': ensure => present;
'control-center': ensure => present;
'gcc': ensure => present;
'gcc-c++': ensure => present;
'glibc': ensure => present;
'glibc-common': ensure => present; 'glibc-devel': ensure => present;
'glibc-headers': ensure => present;
'libgcc': ensure => present;
'libaio': ensure => present;
'make': ensure => present;
# 'pdksh': ensure => present;
'sysstat': ensure => present;
# 'stanford-TDPO': ensure => present;
# 'TDP-Oracle': ensure => present;
# 'TDP-Oracle.Utility': ensure => present;
'xorg-x11-xauth': ensure => present;
}
## tpdo rpms exist in rhel4 and rhel5. Need to create 64bits tdpo rpms for rhel6
## install tdpo by hand in rhel6
case $lsbmajdistrelease {
"4","5" : {
package { [
'stanford-TDPO',
'TDP-Oracle',
'TDP-Oracle.Utility'
]:
ensure => present,
}
}
# rhel6 will give you an error if tdp BIN file not installed
default: {
exec { 'check el6 tdp bin installed':
command => 'echo TDP is not installed! Install it by hand from \
/afs/ir/product/storage/TDPO_LINUX_LATEST',
unless => 'ls /opt/tivoli/tsm/client/oracle/properties/version/TSM_Data_Protection_Oracle.cmptag',
}
}
}
}
# TODO: separate file for this class
# TODO: use array for files
class oracledb::directories {
# additional directories usually needed
file {
'/var/opt/oracle':
ensure => directory,
owner => 'oracle',
group => 'dba',
mode => 770;
'/u02':
ensure => directory,
owner => 'oracle',
group => 'dba',
mode => 770;
'/u03':
ensure => directory,
owner => 'oracle',
group => 'dba',
mode => 770;
'/u01/app/rman':
ensure => directory,
owner => 'oracle',
group => 'dba',
mode => 770
}
}
# TODO: separate out to another file
class oracledb::oracleusers {
include oracledb::ntirety
# Standard sudoers file for Oracle DBAs.
# TODO: long term strategy is to use /etc/sudoers.d fragments
base::textline {
'%dba ALL = NOPASSWD: /usr/bin/dsmc q se':
ensure => "/etc/sudoers"; 'oracle ALL= NOPASSWD: /usr/bin/tdpoconf PassWord *':
escaped_name => 'oracle ALL= NOPASSWD: /usr/bin/tdpoconf PassWord \*',
ensure => "/etc/sudoers";
}
k5login {
'/u01/app/oracle/.k5login':
purge => true,
principals => $oracledb::ntirety::ntiretyusers,
}
}