Completed XE Release

Added TOC to 2021-01-23 Journal Entry

Issue #5 "XE: Using discovered Python interpreter"

Updated Firewall Configuration

Resolved "XE: Firewall needs to be reloaded after rule changes #10"
- Split firewalls between Oracle listener and Enterprise Manager Express
- Added handler to reload firewall rules

Added untested code for Python3 on OL7

Added design journal entries

design_journal/2021_01_23.md

@@ -7,6 +7,11 @@ configuration.
 
 # Table of Contents
 
+* [Rationale](#rationale)
+* [Design Options](#design-options)
+  * [Use Ansible Groups](#use-ansible-groups)
+    * [Ansible Group Names](#ansible-group-names)
+
 # Rationale
 
 The installation of Oracle 18C XE is relatively straight forward. There is no

design_journal/2021_02_02.md

@@ -0,0 +1,6 @@
+# 2021-02-02: Failed 18C XE Installation
+
+## Overview
+
+This is a hacked-together Ansible script to install XE and 19C. There was no
+real design involved.

design_journal/2021_02_03.md

@@ -0,0 +1,86 @@
+# 2021-02-03: Successful 18C XE Installation
+
+## Overview
+
+I am starting to get a handle on designing the installation of 18C XE. This is
+a summary of design decisions made to bring rationality to the overall design.
+
+# Table of Contents
+
+* [Issues Resolved:](#issues-resolved)
+* [Other Design Issues](#other-design-issues)
+  * [YAMLLINT Configuration Setting](#yamllint-configuration-setting)
+  * [Switch to Python2](#switch-to-python2)
+    * [Remove Python Setting](#remove-python-setting)
+    * [Check for Working Version of PIP2](#check-for-working-version-of-pip2)
+  * [Validate XE Installation on OL7](#validate-xe-installation-on-ol7)
+  * [Separate Script for OL7](#separate-script-for-ol7)
+  * [Restrict Ansible 2.10 to OL 8](#restrict-ansible-210-to-ol-8)
+  * [XE Specific Password](#xe-specific-password)
+
+# Issues Resolved:
+
+- #1 "XE: RPM Dependency - Cannot Use 19C Preinstall RPM"
+- #3 "XE: YUM fails for OL7"
+- #4 "XE: load passwords failed due to censored"
+- #6 "XE: PIP fails to install PEXPECT"
+- #7 "XE: Unable to find 18C XE RPM"
+- #8 "XE: Configuration Loops Indefinitely"
+- #9 "XE: Invalid Protocols for Firewall Rules"
+
+# Other Design Issues
+
+## YAMLLINT Configuration Setting
+
+Added `.yamllint` for my preferred yamllint settings. This is done through the
+script, `ansible-check.sh`, from the
+[local_utilities](https://github.com/dfhawthorne/local_utilities) GIT
+repository.
+
+This was done because I had forgotten how I have configured `yamllint` on other
+systems. It has the effect of exposing the `yamllint` configuration settings in
+the current project when using the `ansible-check.sh` utility.
+
+## Switch to Python2
+
+I had great difficulties running Ansible 2.10 scripts on Oracle Linux 7 (OL7)
+servers. The solution was to install Ansible 2.9 and use Python2 on OL7 servers.
+
+### Remove Python Setting
+
+Removed `python_interpreter` from Ansible configuration file, `ansible.cfg`.
+This allows me to specify the python interpreter per host by setting the
+variable, `ansible_python_interpreter`.
+
+This is needed because Oracle Linux 7 requires Python2 to work currently for
+Ansible scripts.
+
+### Check for Working Version of PIP2
+
+Because of
+"[pip install on Python 2 fails with SyntaxError: sys.stderr.write(f"ERROR: {exc}") #9500](https://github.com/pypa/pip/issues/9500)",
+I need to install a downgraded version of `pip2`.
+
+I created a utility, called `files/validate_pip2.sh`, which detects the
+existence of `pip2`, and whether that command is error-free. If `pip2` does
+not exist, or `pip2` fails, the script fails. In that case, the downgraded
+`pip2` is installed.
+
+## Validate XE Installation on OL7
+
+I restrict the installation of the XE software onto Oracle Linux 7 (OL7).
+
+## Separate Script for OL7
+
+Separated Oracle Linux 7 tasks into a separate file, `ol7_tasks.yml`. This
+allows operating specific tasks to be separated out.
+
+## Restrict Ansible 2.10 to OL 8
+
+I made the decision to restrict the use of Ansible 2.10 to Oracle Linux 8 (OL8).
+
+## XE Specific Password
+
+Because the XE password cannot include special characters, I created a special
+password variable, `xe_password`, which was added to `passwords/oracle.yml`.
+

design_journal/2021_02_04.md

@@ -0,0 +1,43 @@
+# 2021-02-04: Cleanup of 18C XE Installation
+
+## Overview
+
+After the successful installation of 18C XE, there were some minor changes to
+the playbook to fix remaining issues.
+
+# Table of Contents
+
+* [Issues Fixed](#issues-fixed)
+  * [Issue - #5 XE: Using discovered Python interpreter](#issue---#5-xe-using-discovered-python-interpreter)
+  * [Issue - #10 XE: Firewall needs to be reloaded after rule changes](#issue---#10-xe-firewall-needs-to-be-reloaded-after-rule-changes)
+* [Added Python Version Dependency](#added-python-version-dependency)
+
+# Issues Fixed
+
+## Issue - #5 XE: Using discovered Python interpreter
+
+Resolved issue #5 ("XE: Using discovered Python interpreter") by setting
+`ansible_python_interpreter` in the host variable file for XE.
+
+## Issue - #10 XE: Firewall needs to be reloaded after rule changes
+
+Resolved "XE: Firewall needs to be reloaded after rule changes #10" by:
+- Split firewall rules between Oracle listener and Enterprise Manager Express
+  - Firewall rules for Oracle listener moved to `sites.yml` because these rules
+    are common to all Oracle database builds.
+  - Firewall rules for Enterprise Manager Express are left in
+    `install_XE_database.yml` because this feature is part of the XE database.
+- Added handler to reload firewall rules to `sites.yml`.
+
+# Added Python Version Dependency
+
+Because of the issue described in
+"[pip install on Python 2 fails with SyntaxError: sys.stderr.write(f"ERROR: {exc}") #9500](https://github.com/pypa/pip/issues/9500)",
+I had to add code to deploy a downgraded version of PIP2. This code only runs
+if the version of Python used is 2.
+
+As a counterpart to this, I added untested code for Python3 on OL7 based on
+code I used in
+[install_modules.yml](https://github.com/dfhawthorne/ansible-ocm12c/blob/version_2/roles/common/tasks/install_modules.yml)
+of my [ansible-ocm12c](https://github.com/dfhawthorne/ansible-ocm12c)
+project.

design_journal/README.md

@@ -8,3 +8,6 @@ Prof. Fred Brooks recommends that one keep a journal of design decisions in orde
 
 - [2021-01-21](2021_01_21.md): Creation of a separate respository
 - [2021-01-23](2021_01_23.md): Installation of 18C XE Software
+- [2021-02-02](2021_02_02.md): Failed 18C XE Installation
+- [2021-02-03](2021_02_03.md): Successful 18C XE Installation
+- [2021-02-04](2021_02_04.md): Cleanup of 18C XE Installation

install_XE_database.yml

@@ -86,22 +86,21 @@
   when:                 configure_xe.stdout_lines is defined
 
 # ------------------------------------------------------------------------------
-# Configure the firewall
+# Configure the firewall for Enterprise Manager Express
 # ------------------------------------------------------------------------------
 
-- name:                 "Configure the firewall"
+- name:                 "Configure the firewall for Enterprise Manager Express"
   firewalld:
     permanent:          yes
     port:               "{{ item }}"
     state:              enabled
     zone:               public
   with_items:
-    -                   "1521/tcp"
-    -                   "1521/udp"
     -                   "5500/tcp"
     -                   "5500/udp"
   become:               yes
   become_user:          root
+  notify:              "Reload FireWall Rules"
 
 # ------------------------------------------------------------------------------
 # Automating Shutdown and Startup

inventory/group_vars/XE.yml

@@ -3,4 +3,6 @@
 # Configuration for XE database
 # ------------------------------------------------------------------------------
 
+ansible_python_interpreter:
+                        "/usr/bin/python2.7"
 ...

ol7_tasks.yml

@@ -14,50 +14,84 @@
   become:               yes
   become_user:          root
 
-- name:                 "Copy PIP2 validation script to remote host"
-  copy:
-    src:                files/validate_pip2.sh
-    dest:               /tmp/validate_pip2.sh
-    mode:               '0700'
-
-- name:                 "Validate PIP2 installation"
-  command:
-    argv:
-      -                 /tmp/validate_pip2.sh
-  register:             check_pip2
-  failed_when:          false
-  changed_when:         false
-
-- name:                 "Display output from PIP2 validation"
-  debug:
-    var:                check_pip2
-  when:                 check_pip2 is defined
-
-- name:                 "Download and install fix for PIP2"
+# ------------------------------------------------------------------------------
+# Python2 specific tasks to install a downgraded version of PIP2
+# ------------------------------------------------------------------------------
+
+- name:                 "Python2 specific tasks"
   block:
-  
-  - name:               "Download fix for PIP2"
-    get_url:
-      dest:             /tmp/get-pip.py
-      url:              "https://bootstrap.pypa.io/2.7/get-pip.py"
+
+  - name:               "Copy PIP2 validation script to remote host"
+    copy:
+      src:              files/validate_pip2.sh
+      dest:             /tmp/validate_pip2.sh
       mode:             '0700'
 
-  - name:               "Install correct version of PIP2"
+  - name:               "Validate PIP2 installation"
     command:
       argv:
-        -               /tmp/get-pip.py
-    become:             yes
-    become_user:        root
-    register:           install_pip2
+        -               /tmp/validate_pip2.sh
+    register:           check_pip2
+    failed_when:        false
+    changed_when:       false
 
-  - name:               "Display output from PIP2 installation"
+  - name:               "Display output from PIP2 validation"
     debug:
-      var:              install_pip2.stdout_lines
-    when:               install_pip2.stdout_lines is defined
+      var:              check_pip2
+    when:               check_pip2 is defined
+
+  - name:               "Download and install fix for PIP2"
+    block:
+
+    - name:             "Download fix for PIP2"
+      get_url:
+        dest:           /tmp/get-pip.py
+        url:            "https://bootstrap.pypa.io/2.7/get-pip.py"
+        mode:           '0700'
+
+    - name:             "Install correct version of PIP2"
+      command:
+        argv:
+          -             /tmp/get-pip.py
+      become:           yes
+      become_user:      root
+      register:         install_pip2
+
+    - name:             "Display output from PIP2 installation"
+      debug:
+        var:            install_pip2.stdout_lines
+      when:             install_pip2.stdout_lines is defined
+
+    when:
+      -                 check_pip2.rc is defined
+      -                 check_pip2.rc > 0
+
+  when:                 ansible_python_interpreter is search("python2")
+
+# ------------------------------------------------------------------------------
+# Python3 specific tasks to install the current version of PIP3
+# ------------------------------------------------------------------------------
+
+- name:                 "Python3 specific tasks"
+  block:
+
+  - name:               "Install SETUP_TOOLS for EASY_INSTALL on OEL 7+ systems"
+    yum:
+      name:             python-setuptools
+      state:            latest
+
+  - name:               "Install PIP on OEL 7+ systems"
+    easy_install:
+      name:             pip
+      state:            latest
 
-  when:
-    -                   check_pip2.rc is defined
-    -                   check_pip2.rc > 0
+  become:               yes
+  become_user:          root
+  when:                 ansible_python_interpreter is search("python3")
+
+# ------------------------------------------------------------------------------
+# Use PIP to install PEXPECT
+# ------------------------------------------------------------------------------
 
 - name:                 "Use PIP to install PEXPECT on OL 7+ systems"
   pip:

sites.yml

@@ -112,6 +112,23 @@
       -                 autofs_master.stat is defined
       -                 autofs_master.stat.exists
 
+# ------------------------------------------------------------------------------
+# Configure the firewall for Oracle Listener
+# ------------------------------------------------------------------------------
+
+  - name:               "Configure the firewall for Oracle Listener"
+    firewalld:
+      permanent:        yes
+      port:             "{{ item }}"
+      state:            enabled
+      zone:             public
+    with_items:
+      -                 "1521/tcp"
+      -                 "1521/udp"
+    become:             yes
+    become_user:        root
+    notify:             "Reload FireWall Rules"
+
 # ------------------------------------------------------------------------------
 # Include any OS specific tasks
 # ------------------------------------------------------------------------------
@@ -149,4 +166,11 @@
     become:             yes
     become_user:        root
 
+  - name:               "Reload FireWall Rules"
+    command:
+      argv:
+        -               firewall-cmd
+        -               "--reload"
+    become:             yes
+    become_user:        root
 ...