Initial commit

Author: sergey-gr

.gitignore

@@ -0,0 +1,18 @@
+.DS_Store
+*.log
+
+# Inventory
+inventory/*
+!inventory/default
+
+# Addons
+addons/*
+!addons/readme.txt
+
+# Roles and more..
+roles/fmw/files/*.jar
+roles/jdk/files/*.tar.gz
+roles/managed/files/*.jks
+roles/update/ssl/files/*.jks
+roles/deploy/files/*.war
+roles/deploy/files/*.ear

.vscode/settings.json

@@ -0,0 +1,13 @@
+{
+    "editor.defaultFormatter": "vscode.git",
+    "[markdown]": {
+        "editor.defaultFormatter": "yzhang.markdown-all-in-one"
+    },
+    "[yaml]":  {
+        "editor.insertSpaces": true,
+        "editor.tabSize": 2,
+        "editor.autoIndent": "none"
+	},
+    "markdown.extension.toc.slugifyMode": "gitea",
+    "markdown.extension.tableFormatter.normalizeIndentation": true,
+}

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Sergejs Gračovs (zippo294@icloud.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,155 @@
+# Weblogic Cluster provisioning
+
+Repository contains everything to provision a Weblogic Cluster on any RedHat 7+ based system..
+
+- [1. Requirements](#1-requirements)
+  - [1.1. Proxy requirements](#1-1-proxy-requirements)
+- [2. Configuration](#2-configuration)
+  - [2.1 Installers configuration](#2-1-installers-configuration)
+- [3. Testing configuration](#3-testing-configuration)
+- [4. Installation](#4-installation)
+- [5. Uninstall](#5-uninstall)
+- [6. Cluster maintanace tasks](#6-cluster-maintanace-tasks)
+
+<br>
+
+## 1. Requirements
+
+**System requirements**:
+- 1 VM with minimums of 2 cpus and 4GB RAM (HDD size is on your preference) for AdminServer
+- 1 - ∞ VMs with minimum of 2 cpus and 8GB RAM each (HDD size is on your preference) for Managed Servers
+- static IPs on all VMs
+- supported linux OS: RedHat/CentOS 7/8, Oracle Linux 7/8, Rocky 8, AlmaLinux 8
+
+**Workstation requirements**:
+- [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html)
+
+**Additional requirements**:
+- NFS share for shared domain on all hosts, mounted on: `/u01/oracle`
+- [VMs and Workstation requirements](docs/requirements.md)
+
+### 1.1. Proxy requirements
+
+Access to following external resources are required:
+
+- Access to OS repository (yum/apt)
+- Access to Python packages (*.python.org, *.pypi.org, *.pythonhosted.org)
+- Access to Oracle Java and Middleware installer download (*.oracle.com)
+
+<br>
+
+## 2. Configuration
+
+- Create copy of `inventory/default` directory and name it after your environment, example: `inventory/<environment>`.
+- Edit your environment `inventory.ini` file by filling out environment servers configuration values.
+- Edit your environment `all.yml` file by filling out environment specific configuration values (also see [2.1 Installers](#21-installers)).
+- Edit your environment `all-vault.yml` file by filling out environment specific secrets.
+
+> NOTE: Encrypt the `all-vault.yaml` file using `ansible-vault encrypt inventory/<environment>/group_vars/all/all-vault.yml` and providing secure password.
+
+### 2.1 Installers configuration
+
+> NOTE: Instructions for downloading and configuring installers.
+
+Download [Linux x64 Compressed Archive](https://www.oracle.com/java/technologies/javase/javase-jdk8-downloads.html) and place `tar.gz` archive to:
+
+```
+./roles/jdk/files/jdk-8u371-linux-x64.tar.gz
+```
+
+Also set archive name (ex. `jdk-8u371-linux-x64.tar.gz`) as value for variable in your environments [all.yml](inventory/default/group_vars/all/all.yml#L2) file.
+
+```yml
+jdk_installer_archive: 'jdk-8u371-linux-x64.tar.gz'
+```
+
+Download [Generic Installer for Oracle WebLogic Server 12.2.1.4](https://www.oracle.com/middleware/technologies/weblogic-server-installers-downloads.html), extract archive and place generic `jar` installer to:
+
+```
+./roles/wls/files/fmw_12.2.1.4.0_wls_lite_generic.jar
+```
+
+Also set installer name (ex. `fmw_12.2.1.4.0_wls_lite_generic.jar`) as value for variable in your environments [all.yml](inventory/default/group_vars/all/all.yml#L5) file.
+
+```yml
+fmw_installer: 'fmw_12.2.1.4.0_wls_lite_generic.jar'
+```
+
+<br>
+
+## 3. Testing configuration
+
+Before installation you can test connection to your VMs using [check.yml](playbooks/check.yml) playbook.
+
+Simply run:
+
+```shell
+ansible-playbook -i inventory/<environment>/inventory.ini playbooks/check.yml --ask-vault-pass
+```
+
+Output should look like this:
+
+> NOTE: If playbook ran with no errors, then you are ready to begin installation.
+
+```shell
+...
+TASK [debug] **********************************************************************
+ok: [wl-admin] =>
+  msg:
+  - 'os_family: RedHat'
+  - 'distribution: AlmaLinux'
+  - 'major_version: 8'
+ok: [wl-node-01] =>
+  msg:
+  - 'os_family: RedHat'
+  - 'distribution: AlmaLinux'
+  - 'major_version: 8'
+ok: [wl-node-02] =>
+  msg:
+  - 'os_family: RedHat'
+  - 'distribution: AlmaLinux'
+  - 'major_version: 8'
+...
+```
+
+<br>
+
+## 4. Installation
+
+Playbook to install and configure Weblogic cluster.
+
+```shell
+ansible-playbook -i inventory/<environment>/inventory.ini playbooks/setup.yml --ask-vault-pass
+```
+
+Will configure the cluster based on provided configuration in inventory files.
+
+:exclamation: Weblogic console URL after installation: http://<admin_host_ip>:{{ admin_server_port }}/console
+
+<br>
+
+## 5. Uninstall
+
+Playbook to uninstall Weblogic cluster.
+
+```shell
+ansible-playbook -i inventory/<environment>/inventory.ini playbooks/reset.yml
+```
+
+Will uninstall the Weblogic cluster and reboot the machines.
+
+## 6. Cluster maintanace tasks
+
+Playbook to update some parts of Cluster or Domain configuration
+
+```shell
+ansible-playbook -i inventory/<environment>/inventory.ini playbooks/update.yml -t <tag>
+```
+
+Will update specific part of configuration.
+
+Currently available tags:
+
+| Category | File Path | Tag | Description |
+|----------|-----------|-----|-------------|
+| Update | [playbooks/update.yml](playbooks/update.yml) | `ssl` | Will update Managed server SSL certificate and do SSL reset. |

addons/readme.txt

@@ -0,0 +1 @@
+Folder should contain additions (playbooks, roles, etc.) to provision default cluster configuration with new, specific features or configuration.

ansible.cfg

@@ -0,0 +1,21 @@
+[defaults]
+nocows                  = True
+roles_path              = ./roles
+stdout_callback         = yaml
+
+remote_tmp              = $HOME/.ansible/tmp
+local_tmp               = $HOME/.ansible/tmp
+timeout                 = 60
+host_key_checking       = False
+deprecation_warnings    = False
+log_path                = ./ansible.log
+
+[privilege_escalation]
+become                  = True
+
+[ssh_connection]
+scp_if_ssh              = smart
+retries                 = 3
+ssh_args                = -o StrictHostKeyChecking=no -o ControlMaster=auto -o ControlPersist=30m -o Compression=yes -o ServerAliveInterval=15s
+pipelining              = True
+control_path            = %(directory)s/%%h-%%r

docs/requirements.md

@@ -0,0 +1,109 @@
+# VMs and Workstation requirements
+
+> Requirements for all cluster VMs and administrator workstation.
+
+<hr>
+
+- [1. On VMs](#1-on-vms)
+  - [1.1 OS user](#1-1-os-user)
+  - [1.2 Sudoers file](#1-2-sudoers-file)
+- [2. On ansible workstation (admin node)](#2-on-ansible-workstation-admin-node)
+  - [2.1 Generate SSH keys](#2-1-generate-ssh-keys)
+  - [2.2 SSH folder and file permissions](#2-2-ssh-folder-and-file-permissions)
+  - [2.3 Setup passwordless SSH](#2-3-setup-passwordless-ssh)
+
+<br>
+
+## 1. On VMs
+
+### 1.1 OS user
+
+Create new OS user for a ansible tasks on all cluster VMs:
+
+Debian/Ubuntu
+
+```shell
+sudo adduser ansible
+```
+
+RedHat/Rocky
+
+```shell
+sudo useradd ansible
+```
+
+```shell
+sudo passwd ansible
+```
+
+<br>
+
+### 1.2 Sudoers file
+
+Add newly created user to sudoers file (for passwordless sudo):
+
+```shell
+sudo su -
+```
+
+```shell
+echo -e "\n# Allow without a password\nansible        ALL=(ALL)       NOPASSWD: ALL" >> /etc/sudoers
+```
+
+```shell
+exit
+```
+
+<br>
+
+## 2. On ansible workstation (admin node)
+
+### 2.1 Generate SSH keys
+
+Create required directory
+
+```shell
+mkdir -p ~/.ssh/
+```
+
+Generate new SSH key:
+
+```shell
+ssh-keygen -f ~/.ssh/id_rsa -N ""
+```
+
+<br>
+
+### 2.2 SSH folder and file permissions
+
+```shell
+chmod 700 ~/.ssh
+```
+
+```shell
+chmod 644 ~/.ssh/id_rsa.pub
+```
+
+```shell
+chmod 600 ~/.ssh/id_rsa
+```
+
+```shell
+chmod 600 ~/.ssh/authorized_keys
+```
+
+### 2.3 Setup passwordless SSH
+
+Distribute the SSH public key to all servers:
+
+- use newly created user for ansible tasks:
+
+```shell
+ssh-copy-id ansible@127.0.0.11
+```
+
+SSH without password
+
+```shell
+ssh ansible@127.0.0.11
+```

inventory/default/group_vars/all/all-vault.yml

@@ -0,0 +1,3 @@
+# WebLogic secrets
+weblogic_admin: 'weblogic'
+weblogic_admin_pass: 'welcome1'