klewan.ansible_role_oracle_manage_patches
Ansible 角色: oracle-manage-patches
这个角色管理 Oracle 补丁。
它可以应用和回滚补丁(一次性和季度补丁)到 Grid Infrastructure 和/或 Database Oracle Homes(包括 PRIMARY 和 STANDBY)。
此外,您可以通过直接提供 ORACLE_HOME 路径(oracle_manage_patches_oracle_home_name_patterns)或要考虑的软件版本(oracle_manage_patches_oracle_home_version_patterns)来限制受影响的 ORACLE_HOMEs。否则,所有与提供的补丁名称相关的 ORACLE_HOMEs 都会受到影响。与选定补丁名称无关的其他 ORACLE_HOMEs 和数据库将不会被触及。
该角色支持 RAC,并在检测到 Real Application Cluster 时将补丁应用于所有集群节点,即使 playbook 仅在其中一个 RAC 节点上执行(使用 ansible-playbook 的 --limit 参数)。
对于备用数据库,只有二进制文件会被打补丁,不会执行任何 sql/datapatch 脚本。
作为选项,以下功能可用:
- ORACLE_HOMEs 备份(在补丁安装之前) - (
oracle_manage_patches_backup_oracle_home开关 +oracle-homes-backup角色) - ASM 元数据备份(在补丁安装之前) - (
oracle_manage_patches_backup_asm_metadata开关和oracle_manage_patches_backup_dir变量) - 预检查和后检查脚本(opatch lsinventory 输出,INVALID 对象列表,
registry$history、dba_registry_sqlpatch、dba_registry_history和dba_registry表的输出)会将活动记录到目标的oracle_manage_patches_log_dir目录 - 直接从 My Oracle Support 下载补丁(
oracle_manage_patches_download_patch_from_mos开关 +oracle-download-patches角色)
此角色期望设置以下变量(可以在 playbook 中或通过 --extra-vars 设置 - 请参见下面的例子):
oracle_manage_patches_task- 可以是apply或rollbackoracle_manage_patches_patch_type- 可以是 'oneoff' 或任何 'oracle_manage_patches_quarterly_patches' 键(例如 ojvmgicombo/ojvmdbcombo/ru/dbbp/psu)oracle_manage_patches_patch_name- 补丁名称(例如 OCT2018/JUL2018)以用于季度补丁
应通过 oracle_databases 变量提供数据库列表(请参见 oracle 角色作为参考)。可以手动定义或通过自动发现角色 oracle-gatherinfo-databases 动态填充(请参见 示例 Playbook 部分)。手动设置时,oracle_databases 应如下定义:
oracle_databases:
- cluster_database: "false"
database_role: "PRIMARY"
database_type: "SINGLE"
db_name: "ORCL"
db_unique_name: "ORCL"
edition: "Enterprise"
instance_name: "ORCL"
instances: "ORCL"
is_registered_in_gi: "true"
oracle_home: "/u01/app/oracle/product/11.2.0.4/dbhome1"
software_version: "11.2.0.4.0"
类似地,Grid Infrastructure 配置信息应通过 oracle_gi_info 字典变量提供(请参见 oracle 作为参考)。可以手动定义或通过自动发现角色 oracle-gatherinfo-gi 动态填充(请参见 示例 Playbook 部分)。手动设置时,oracle_gi_info 应如下定义(示例):
oracle_gi_info:
oracle_home: "/u01/app/12.1.0/grid"
rac_nodes: []
rac_remote_nodes: []
software_version: "12.1.0.2.0"
或
oracle_gi_info:
oracle_home: "/u01/app/12.1.0/grid"
rac_nodes: ['server1', 'server2']
rac_remote_nodes: ['server2']
software_version: "12.1.0.2.0"
强烈建议在运行此角色之前触发自动发现角色 oracle-gatherinfo-listener 和 oracle-gatherinfo-dbconsole(请参见 示例 Playbook 部分)。这些角色填充 oracle_running_listeners 和 oracle_dbconsole_running_services 变量,供此角色(oracle-manage-patches)使用,以使系统恢复到与之前完全相同的状态。
补丁列表通过 oracle_manage_patches_opatch、oracle_manage_patches_quarterly_patches 和 oracle_manage_patches_oneoff_patches 变量定义。有关详细信息,请参见 角色变量。
补丁 zip 文件可以在远程系统上或 Ansible 控制器本地访问。要指出适用的配置,请使用 oracle_manage_patches_remote_stage 变量。
该角色根据 oracle_manage_patches_opatch 数据自动为受影响的 ORACLE_HOMEs 安装最新的 OPatch 工具。
支持的操作系统:
- RedHat
- CentOS
- OracleLinux
需求
此角色使用 oracle、oracle-asm-metadata、oracle-homes-backup 和 oracle-download-patches 角色。
此角色期望设置以下变量(可以在 playbook 中或通过 --extra-vars 设置 - 请参见下面的例子):
oracle_manage_patches_task- 可以是apply或rollbackoracle_manage_patches_patch_type- 可以是 'oneoff' 或任何 'oracle_manage_patches_quarterly_patches' 键(例如 ojvmgicombo/ojvmdbcombo/ru/dbbp/psu)oracle_manage_patches_patch_name- 补丁名称(例如 OCT2018/JUL2018)以用于季度补丁
角色变量
可用变量如下,默认值请参见 defaults/main.yml:
#
# 输入参数
#
# 可以是 'oneoff' 或任何 'oracle_manage_patches_quarterly_patches' 键(例如 ojvmgicombo/ojvmdbcombo/ru/dbbp/psu)
oracle_manage_patches_patch_type:
# 补丁名称(例如 OCT2018/JUL2018)以用于季度补丁
oracle_manage_patches_patch_name:
# 补丁任务 - 可以是 apply 或 rollback
oracle_manage_patches_task: apply
#
# 条件和控制处理
#
# 在补丁应用之前备份 ORACLE_HOME
oracle_manage_patches_backup_oracle_home: false
# 在补丁应用之前备份 ASM 元数据
oracle_manage_patches_backup_asm_metadata: false
# 从 My Oracle Support 下载补丁
oracle_manage_patches_download_patch_from_mos: false
# 补丁 ORACLE_HOMEs/GRID_HOMEs,其名称与该列表中的任何字符串匹配(或)
oracle_manage_patches_oracle_home_name_patterns: []
# 示例:
# oracle_manage_patches_oracle_home_name_patterns:
# - '/u01/app/oracle/product/11.2.0/dbhome_1'
# - '/u01/app/oracle/product/12.1.0/dbhome_2'
# - '/u01/app/12.1.0/grid'
# 补丁 ORACLE_HOMEs/GRID_HOMEs,其版本与该列表中的任何字符串匹配(或)
oracle_manage_patches_oracle_home_version_patterns: []
# 示例:
# oracle_manage_patches_oracle_home_version_patterns:
# - 11.2.0.4.0
# - 12.1.0.2.0
# 显示 'opatch lsinventory' 输出
oracle_manage_patches_display_opatch_lsinventory_output: true
# 显示 'opatchauto -analyze' 输出
oracle_manage_patches_display_opatchauto_analyze_output: true
# 显示 'ojvm 冲突检测' 输出
oracle_manage_patches_display_ojvm_conflict_detection_output: true
# 显示 'opatchauto apply' 输出
oracle_manage_patches_display_opatchauto_apply_output: true
# 显示 'datapatch' 输出
oracle_manage_patches_display_datapatch_output: true
# 是否运行预脚本(opatch lsinventory/db_psu_apply_checks.sql 等)
oracle_manage_patches_run_pre_scripts: true
# 是否运行后脚本(opatch lsinventory/db_psu_apply_checks.sql 等)
oracle_manage_patches_run_post_scripts: true
# 执行补丁冲突检测
oracle_manage_patches_conflict_detection: true
# 执行补丁安装(仅用于调试时设置为 'false')
oracle_manage_patches_patch_installation: true
#
# 阶段位置,安装文件
#
# 设置为 'true' 表示补丁 zip 文件的阶段目录在远程系统上可访问
# 设置为 'false' 以从 Ansible 控制器将补丁文件复制到远程系统
oracle_manage_patches_remote_stage: true
# OPatch 工具的阶段目录
oracle_manage_patches_stage_dir_opatch: /software/rdbms/opatch
# 是否更新(提取)OPatch 工具
oracle_manage_patches_update_opatch: true
# 是否提取补丁 zip 文件
oracle_manage_patches_extract_patch_file: true
# Oracle 季度补丁归档(PSU/RU 等)的阶段目录
oracle_manage_patches_stage_dir_quarterly_patches: /software/rdbms/quarterly_patches
# opatch 文件列表
# 'filename' 应该是完整路径,或者将在 'oracle_manage_patches_stage_dir_opatch' 目录中搜索
oracle_manage_patches_opatch:
11.2.0.1:
filename: p6880880_112000_{{ ansible_system }}-{{ ansible_architecture | replace('_', '-') }}.zip
11.2.0.2:
filename: p6880880_112000_{{ ansible_system }}-{{ ansible_architecture | replace('_', '-') }}.zip
11.2.0.3:
filename: p6880880_112000_{{ ansible_system }}-{{ ansible_architecture | replace('_', '-') }}.zip
11.2.0.4:
filename: p6880880_112000_{{ ansible_system }}-{{ ansible_architecture | replace('_', '-') }}.zip
12.1.0.1:
filename: p6880880_121010_{{ ansible_system }}-{{ ansible_architecture | replace('_', '-') }}.zip
12.1.0.2:
filename: p6880880_122010_{{ ansible_system }}-{{ ansible_architecture | replace('_', '-') }}.zip
12.2.0.1:
filename: p6880880_122010_{{ ansible_system }}-{{ ansible_architecture | replace('_', '-') }}.zip
18.0.0.0:
filename: p6880880_180000_{{ ansible_system }}-{{ ansible_architecture | replace('_', '-') }}.zip
# 季度补丁列表
# 'filename' 应该是完整路径,或者将在 'oracle_manage_patches_stage_dir_quarterly_patches' 目录中搜索
oracle_manage_patches_quarterly_patches:
ojvmgicombo:
description: 'OJVM 组件 DB PSU + GI PSU 的组合'
12.1.0.2:
JAN2019:
patchversion: 12.1.0.2.190115
filename: p28980120_121020_{{ ansible_system }}-{{ ansible_architecture | replace('_', '-') }}.zip
patchid: 28980120
gi_patchid: 28813884
ojvm_patchid: 28790654
OCT2018:
patchversion: 12.1.0.2.181016
filename: p28689148_121020_{{ ansible_system }}-{{ ansible_architecture | replace('_', '-') }}.zip
patchid: 28689148
gi_patchid: 28349311
ojvm_patchid: 28440711
JUL2018:
patchversion: 12.1.0.2.180717
filename: p28317214_121020_{{ ansible_system }}-{{ ansible_architecture | replace('_', '-') }}.zip
patchid: 28317214
gi_patchid: 27967747
ojvm_patchid: 27923320
12.2.0.1:
JAN2018:
patchversion: 12.2.0.1.180116
filename: p27010711_122010_{{ ansible_system }}-{{ ansible_architecture | replace('_', '-') }}.zip
patchid: 27010711
gi_patchid: 27100009
ojvm_patchid: 27001739
ojvmdbcombo:
description: 'OJVM 组件 DB PSU + DB PSU 的组合'
11.2.0.4:
OCT2018:
patchversion: 11.2.0.4.181016
filename: p28689165_112040_{{ ansible_system }}-{{ ansible_architecture | replace('_', '-') }}.zip
patchid: 28689165
db_patchid: 28204707
ojvm_patchid: 28440700
JUL2018:
patchversion: 11.2.0.4.180717
filename: p28317183_112040_{{ ansible_system }}-{{ ansible_architecture | replace('_', '-') }}.zip
patchid: 28317183
db_patchid: 27734982
ojvm_patchid: 27923163
ru:
description: '发布更新补丁 (RU)'
12.2.0.1:
JUL2018:
patchversion: 12.2.0.1.180717
filename: p28183653_122010_{{ ansible_system }}-{{ ansible_architecture | replace('_', '-') }}.zip
patchid: 28183653
si_patchid: 28163133
dbbp:
description: '数据库主动补丁包 (BP)'
12.1.0.2:
JUL2017:
patchversion: 12.1.0.2.170718
filename: p26022196_121020_{{ ansible_system }}-{{ ansible_architecture | replace('_', '-') }}.zip
patchid: 26022196
si_patchid: 25869760
psu:
description: '补丁集更新 (PSU)'
11.2.0.4:
JUL2017:
patchversion: 11.2.0.4.170718
filename: p26030799_112040_{{ ansible_system }}-{{ ansible_architecture | replace('_', '-') }}.zip
patchid: 26030799
si_patchid: 25869727
oracle_manage_patches_oneoff_patches: []
#
# 日志/备份/安装目录
#
# 用于不同非数据库备份的备份目录,例如 ASM 元数据、OCR 注册表备份等
oracle_manage_patches_backup_dir: '{{ oracle_default_backup_dir|default( "/u01/app/psu/backup", true ) }}'
# 日志目录
oracle_manage_patches_log_dir: '{{ oracle_default_log_dir|default( "/u01/app/psu/log", true ) }}'
# 阶段安装目录
oracle_manage_patches_stage_install_dir: '{{ oracle_default_stage_install_dir|default( "/u01/app/oracle/install", true ) }}'
#
# 调试信息
#
# (调试)显示补丁信息
oracle_manage_patches_debug_display_patches_info: true
# (调试)显示选定的 ORACLE_HOMEs 以进行打补丁
oracle_manage_patches_debug_display_homes_selected_for_patching: true
依赖
------------
此角色使用 `oracle`、`oracle-asm-metadata`、`oracle-homes-backup` 和 `oracle-download-patches` 角色。
示例 Playbook
----------------
一个简单的示例:
```yaml
- name: 应用 Oracle 补丁
hosts: ora-servers
gather_facts: true
become: true
become_user: '{{ oracle_user }}'
tasks:
- import_role:
name: oracle-manage-patches
vars:
oracle_manage_patches_task: apply
oracle_manage_patches_patch_type: ojvmgicombo
oracle_manage_patches_patch_name: OCT2018
tags:
- oracle-manage-patches
一个复杂的示例(包括附加功能,如 GI/DB 自动发现,计划任务和监控支持 [禁用/启用]):
- name: 应用 Oracle 补丁
hosts: ora-servers
gather_facts: true
become: true
become_user: '{{ oracle_user }}'
vars:
oracle_apply_patches_manage_monitoring: true
oracle_apply_patches_manage_cron_jobs: true
oracle_apply_patches_downtime_duration: '3h'
oracle_apply_patches_single_host_mode: true
tasks:
- name: 检查单主机模式
assert:
that:
- "play_hosts|length == 1"
fail_msg: "这是单主机模式,但当前 play 似乎有多个主机"
run_once: true
when: oracle_apply_patches_single_host_mode
tags:
- oracle_apply_patches_precheck
- always
- import_role:
name: oracle-gatherinfo-gi
tags:
- oracle-gatherinfo-gi
- oracle-gatherinfo-allcomponents
- import_role:
name: oracle-gatherinfo-databases
tags:
- oracle-gatherinfo-databases
- oracle-gatherinfo-allcomponents
- import_role:
name: oracle-gatherinfo-listener
tags:
- oracle-gatherinfo-listener
- oracle-gatherinfo-allcomponents
- import_role:
name: oracle-gatherinfo-dbconsole
tags:
- oracle-gatherinfo-dbconsole
- oracle-gatherinfo-allcomponents
- include_role:
name: oracle-host-cron
vars:
oracle_host_cron_copy_scripts: false
oracle_host_cron_disable_jobs: true
oracle_host_cron_manage_cron_jobs: '{{ oracle_apply_patches_manage_cron_jobs }}'
when: oracle_apply_patches_manage_cron_jobs
tags:
- oracle_disable_cron_jobs
- include_tasks: monitoring_set_downtime.yml
with_items:
- '{{ inventory_hostname }}'
- '{{ oracle_gi_info.rac_remote_nodes }}'
loop_control:
label: "[host: {{ _oracle_apply_patches_host_outer_item }}]"
loop_var: _oracle_apply_patches_host_outer_item
when: oracle_apply_patches_manage_monitoring
tags:
- nacl_manage_checks_set_downtime
- import_role:
name: oracle-manage-patches
vars:
oracle_manage_patches_task: apply
oracle_manage_patches_patch_type: ojvmgicombo
oracle_manage_patches_patch_name: OCT2018
tags:
- oracle-manage-patches
- include_tasks: monitoring_cancel_downtime.yml
with_items:
- '{{ inventory_hostname }}'
- '{{ oracle_gi_info.rac_remote_nodes }}'
loop_control:
label: "[host: {{ _oracle_apply_patches_host_outer_item }}]"
loop_var: _oracle_apply_patches_host_outer_item
when: oracle_apply_patches_manage_monitoring
tags:
- nacl_manage_checks_cancel_downtime
- include_role:
name: oracle-host-cron
vars:
oracle_host_cron_copy_scripts: false
oracle_host_cron_disable_jobs: false
oracle_host_cron_manage_cron_jobs: '{{ oracle_apply_patches_manage_cron_jobs }}'
when: oracle_apply_patches_manage_cron_jobs
tags:
- oracle_enable_cron_jobs
在 vars/main.yml 或 group_vars/.. 或 host_vars/.. 中:
#-------------------------------------------------
# 覆盖角色 'oracle-manage-patches' 的变量
#-------------------------------------------------
# 设置为 'true' 表示补丁 zip 文件的阶段目录在远程系统上可访问
# 设置为 'false' 以从 Ansible 控制器将补丁文件复制到远程系统
oracle_manage_patches_remote_stage: true
# OPatch 工具的阶段目录
oracle_manage_patches_stage_dir_opatch: /software/rdbms/opatch
# 季度补丁归档(PSU/RU 等)的阶段目录
oracle_manage_patches_stage_dir_quarterly_patches: /software/rdbms/quarterly_patches
# opatch 文件列表
# 'filename' 应该是完整路径,或者将在 'oracle_manage_patches_stage_dir_opatch' 目录中搜索
oracle_manage_patches_opatch:
11.2.0.4:
filename: p6880880_112000_{{ ansible_system }}-{{ ansible_architecture | replace('_', '-') }}.zip
12.1.0.2:
filename: p6880880_122010_{{ ansible_system }}-{{ ansible_architecture | replace('_', '-') }}.zip
12.2.0.1:
filename: p6880880_122010_{{ ansible_system }}-{{ ansible_architecture | replace('_', '-') }}.zip
18.0.0.0:
filename: p6880880_180000_{{ ansible_system }}-{{ ansible_architecture | replace('_', '-') }}.zip
# 季度补丁列表
# 'filename' 应该是完整路径,或者将在 'oracle_manage_patches_stage_dir_quarterly_patches' 目录中搜索
oracle_manage_patches_quarterly_patches:
ojvmgicombo:
description: 'OJVM 组件 DB PSU + GI PSU 的组合'
12.1.0.2:
OCT2018:
patchversion: 12.1.0.2.181016
filename: p28689148_121020_{{ ansible_system }}-{{ ansible_architecture | replace('_', '-') }}.zip
patchid: 28689148
gi_patchid: 28349311
ojvm_patchid: 28440711
ojvmdbcombo:
description: 'OJVM 组件 DB PSU + DB PSU 的组合'
11.2.0.4:
OCT2018:
patchversion: 11.2.0.4.181016
filename: p28689165_112040_{{ ansible_system }}-{{ ansible_architecture | replace('_', '-') }}.zip
patchid: 28689165
db_patchid: 28204707
ojvm_patchid: 28440700
许可证
GPLv3 - GNU 通用公共许可证 v3.0
作者信息
该角色由 Krzysztof Lewandowski 于 2018 年创建。