This issue has been opened in the oravirt repo
oravirt#65

Add the small and nice tool oratop to the .profile of ansible-oracle.

alias oratop='$ORACLE_HOME/suptools/oratop/oratop'

This is a duplicate of:
oravirt#228

Add more options to create a PDB.
Ideas:

• clone from external pdb
  create pluggable database ORDERFUL as clone using '/u02/charset_pdbs/filename.pdb';
• clone from Database-Link

This is a duplicate of: oravirt#201

The detection of ORACLE_SID is not working, when db_unique_name is <> ORACLE_SID.

The data should be read from Oracle Restart/GI when stack is in use.
Normal installations need also a change for this.

The following task leads to an issue, when db_homes_installed has different Oracle-Releases.
The variable oracle_home_db is initialized for the 1st elemt in a loop of the included tasklist. The 2nd element inside the loop will use the result from the 1st element.
=> The unarchive is wrong.

db_homes_installed:
  - home: db19-si-ee
    apply_patches: True
    state: present
  - home: db18-si-ee
    apply_patches: True
    state: present

  - include_tasks: install-home-db.yml
    with_items:
        - "{{ db_homes_installed }}"
    loop_control:
      loop_var: dbh
    when: db_homes_installed is defined and dbh.state|lower == 'present'
    tags: oradbinstall,dbchopt

Solution:
All loops in the include_task files needs a refactoring. There is no need to loop over db_homes_installed inside the included file.

There is a change in output format from srvctl in 19c.
The execution of 'srvctl status database -db <db_unique_name>' shows:
Instance <db_unique_name> is not running.

The module oracle_db fails, because the search filter is 'Database <db_unique_name> is not running' instead of 'Instance ...'.

With ansible 2.10 ansible-galaxy suports collections, which consist of multiple roles packed and versioned as one thing.
This entire repository would require just very tiny changes to be considered as a ansible-galaxy collection.

This would allow fetching of particular version just by having requirements.yml file containing something like:

collections:
  - name: https://github.com/opitzconsulting/ansible-oracle
    type: git
    version: oc #(or any other branch/tag)

Then, before starting ansible on own config or inventory repo one would just need to execute following command:
ansible-galaxy collection install -r requirements.yml -p collections/
this would download entire ansible-oracle repository and place it under collections directory.

The usage of roles would then look identical, but the ansible play would need following lines added:

- name: Oracle Host configuration
  collections:
    - opitzconsulting.ansible-oracle #to be defined in top-level galaxy.yml file that would need to be created
  hosts: "{{ hostgroup }}"
  roles:
    - common
    - orahost
    ...

The changes required for this would be adding galaxy.yml file in top level, and for each role meta/main.yml with galaxy_{info,tags} . It would be also advised to move python modules from /libraries to /plugins/modules to comply with ansible-collection repository format. No other changes would be required!

With this issue it is also not intended to upload the collection to ansible-galaxy repositories (at least for now). It can be used by just referencing github branch/tag or even within forks...

Please qualify this Issue, when it will be ok i have already all changes needed for it and can easily prepare PR for that.

Best Regards,
BartOwl

create a role to install and manage Statsack with ansible-oracle

Oracle 19.8 introduced "single instance high availability" (SEHA). Provide installation and configuration features.

The current configuration of listener.ora, sqlnet.ora and tnsnames.ora will be moved into a new role for easier configuration in the future.
In a next step the role get the ability to configure listener for Oracle Restart and Grid-Infrastructure.

Change in listener_installed:
The listener_installed needs modifications, when a listener for Restart/GI is configured, because 'home' points to an ORACLE_HOME instead of CRS_HOME.

Example: (current)

listener_installed:
  - home: db19-si-ee
    listener_name: LISTENER1521
    state: present

Idea:

listener_installed:
  - has_listener: yes | default(no)
    listener_name: LISTENER1521
    state: present

The following error is shown during 1st execution of orahost role on some systems:

TASK [orahost : Install packages required by Oracle on OL/RHEL version 6 and 7] *******************************************************************************************************************fatal: [dbfs161]: FAILED! => {"msg": "The conditional check 'facter_os.release.major is version('7', '<=')' failed. The error was: Version comparison: 'facter_os' is undefined\n\nThe error appears to be in '/home/vagrant/git/ansible-oracle/roles/orahost/tasks/main.yml': line 13, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n # OL8/RHEL8 has all needed RPMs in orahost role!\n - name: Install packages required by Oracle on OL/RHEL version 6 and 7\n ^ here\n"}

Please reexecute the role until fix is availible.

Done:

• Database only done with #53
• Oracle Restart #55

The profect https://github.com/andreasdijkman/oracle-systemd-scripts offers a good alternative solution to replace the existing systemd script.

This is a copy of oravirt/ansible-oracle/oravirt#209

Problem:

• cx_Oracle 8.x is not supported with Python2 anymore.
• Some modules in ansible-oracle-modules are not working with Python 3

Workarround:

• Limit installation of cx_Oracle to Version 7.x for RHEL/OL7
  There are problems with Python3 on RHEL/OL7. We need to stick on Python2 there. Stay on old cx_Oralce for this OS-version.
• Install current version on RHEL/OL8

The workarround for point 1 has been applied with oravirt/ansible-oracle/oravirt#210

The removal of databases needs some testing and fixes.

The following is not working:

• db_name <> db_instance_name

This issue is a description of planned improvements in patching Oracle wih RUs.

Ideas

Verify queryable Inventory

SELECT dbms_sqlpatch.verify_queryable_inventory FROM dual;

Check invalid Objects before patching

It is important that Objects in SYS are valid before the installation of a new RU.
Global check for invalid Objects is not a good idea. Some application vedors have invlid objects in their schema...

List invalid Objects after RU installation

Show Patch Inventory from Database Dictionary

Start Database aftter RU installation and before datapatch execution

Unclear how to store the last startup state of the target database.
First idea is another flag like 'stop_procs' but not 100% sure if this is a good idea...

Multiple executions of datapatch

Some combinations of RU + OneOff Patch require multiple exections of datapatch for a successful installation.
We need to ignrore errors during 1st execution and abert after failure during 2nd execution...

Remove OneOff before Installation of new RU

Example Patch 30352715.
This OneOff is needed in a lot of RUs to prevent trace file generation. This Patch needs to be removed before the installation of a new RU.
Related PR:

• opitzconsulting/ansible-oracle-modules#11 (merged)

A small tests shows some critical reszkts from an execution of orachk.

The following steps needs to be done:

• create role to install and execute AHF with orachk in ansible-oracle
• fix all criticals from orachk as long as it is possible

The ORACLE_BASE for grid and oracle is the same, when role seperation is used.
This could create big issues during installation of a Release-Update, because opatchauto fails with an error that the owner of ORACLE_BASE for grid is wrong. Simply changing the ownership of the directories will not solve the issue, because ansible-oracle will replace the ownership during reexecution of the playbook.

Please do not use role seperation in RAC with ansible-oracle at the moment.

I'll keep the issue section open for historical reasons.

Please open new Issues at: https://github.com/oravirt/ansible-oracle

The changes for ansible collections (#67 ) are not complete, due to limitations in collections.
The '-' in role names is not allowed and fails during import into galaxy.ansible.com.

As a result the project need a big incompatible change, because all roles with '-' must be renamed to '_'.

Finally the 'role-names' in .ansible-lint can be removed.

We need to wait for a response from Mikael:
oravirt#256

The sqlnet_config could only add '=<value' to sqlnet.ora. The wallet require configuration blocks in sqlnet.ora.

Solution:

sqlnet_config:
  sqlnetalias1:
    - {name: "ADR_BASE", value: "/u01/app/oracle/"}
    - name: "wallet"
      type: block
      value: |
	    WALLET_LOCATION =
              (SOURCE =
                (METHOD = FILE)
                (METHOD_DATA =
                  (DIRECTORY = /private/ora12/network/admin)
                )
              )

The type=block switch from 'lineinfile' to 'blockinfile'. The name is used as a block identifier in sqlnet.ora is this mode.

The python module oracle_sql does in line 232 a split using sqldelim as delimeter:

232:             sql = sqlfile.split(sqldelim)

This split does not care for quoted strings.
It is needed to fix this in order to be able to process sql files containing / or ; characters inside quoted blocks.
I have a fix available and can make a PR in a bit.

The role cannot be used to set parameters in RAC envoinments per Instnace.
This is needed when local_listener should be changed inside a PDB or on CDB level.

This is not a simpel fix, because the ansible_oracle_modules has no option to set a parameter per Instance.

Do not changed filesystems outside of Oracle context with host_fs_layout.

Example:

host_fs_layout:
  - vgname: rootvg
    state: present
    filesystem:
      - {mntp: /tmp, lvname: tmplv, lvsize: 1800M, fstype: ext4}
    disk:
      - {device: /dev/xvda, pvname: /dev/xvda2}

This will change owner, group and mask of /tmp to oracle and breaks other functionality in the OS.

oracle_user module and oradb-manage-users role has update_password: ['always','on_create']. on_create does not care if password got changed and effectively does not allow to apply password changes against a database at all.
using always does however always try to ALTER USER ... IDENTIFIED BY ... which results in problems when user profile is set to not reuse x old passwords.

There was a basic functionality to check whether old password hash matches provided password hash, but this was commented out (lines 295-300 of python module) but when providing the new password as cleartext no kind of check was ever executed.

What is expected would be update_password: when_differ that will only then alter the password when it really needs to be changed.
This can be implemented simply for password hashes (by uncommenting mentioned lines and comparing given hash against the one retrieved from database).
It is a bit more difficult when provided password is in plaintext, as it would require validating it against the stored hash from the database. This is however also doable with the S:xxxxxxxx enrypted form which is available since 11gR2 afair and is used also in 19c. for code see https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/changes-in-oracle-database-12c-password-hashes/ in particular "S: part"

This change would allow changing password when really changes for accounts with profiles that do not allow password re-usal.

in ensure_service_state() the lists _wanted_ai and _wanted_pi get initialized with one element of empty string

_wanted_ai = ['']
_wanted_pi = ['']

In non-RAC environments (where "preferred instances" and "available instances" are not possible) the function _get_service_config() returns empty lists _curr_config_inst_ai[] and _curr_config_inst_pi[] .

Due to this, the comparisons are always "false" in non-RAC:

        if _wanted_pi != _curr_config_pi:
            _inst_temp += ' -preferred %s' % (preferred_instances)
        if _wanted_ai != _curr_config_ai and '' not in _wanted_ai:
            _inst_temp += ' -available %s' % (available_instances)

So ensure_service_config() builds commands like "srvctl modify service -d MyDB1 -s MYDBSERVICE -modifyconfig -preferred None",
which is invalid in non-RAC environments and leads to

fatal: [mydbmachine]: FAILED! => {"changed": false, "msg": "Error modifying service. Command: /u01/app/oracle/product/19/db_1/bin/srvctl modify service -d MyDB1 -s MYDBSERVICE -modifyconfig -preferred None, stdout: PRKO-2002 : Invalid command line option: -modifyconfig\nPRKO-2002 : Invalid command line option: -preferred\n, stderr:

I modified the python code in https://github.com/mapausch/opitz-ansible-oracle/blob/master/plugins/modules/oracle_services.py
In my Single Instance environment this works, but don't have a RAC environment for testing :-(

Create a role for building GoldenImages for future installations.

New Roles:

• oraswgi-golden-image
• oraswdb-golden-image

The support for OL8 is needed for new Installations of Oracle RDBMS.

The following points are WiP:

• OL8 has no ntp
  ansible-oracle needs support for chrony.

This ticket is used to sort the requrements for a future spport of read only ORACLE_HOMEs.

This feauture has a big impact on the whole project, because many fTasks are using filenames, whos needs to be changed for this.

There is no planned time for the implementation at the moment.