-
Notifications
You must be signed in to change notification settings - Fork 0
/
EBIZ_PassWd_Reset_Automation.yml
183 lines (180 loc) · 7.01 KB
/
EBIZ_PassWd_Reset_Automation.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
description: |
# Oracle E-Business Suite R12.2 Automated Administrative User Password Reset
The automation would handle the password reset process of the below users
* sys
* system
* apps
* oracle All
* sysadmin
* weblogic
* ebs_system
## Important Note:
1) This process will **stop** application services when password change scope is selected as All or Apps/Weblogic. This will introduce downtime, hence execute this automation with apprioriate communications.
2) Oracle database password file is regenerated as part of sys password reset. Ensure to copy the newly generated password file to the standby database server.
schemaVersion: '0.3'
parameters:
EBIZEnvName:
type: String
description: Name of the E-Business Suite environment for which password should be reset.
EBIZDbNodeName:
type: String
description: E-Business Suite database EC2 instance value of tag key Name.
EBIZDbOsUser:
type: String
description: E-Business Suite Database OS user
EBIZAppNodeName:
type: String
description: E-Business Suite application EC2 instance value of tag key Name.
EBIZAppOsUser:
type: String
description: E-Business Suite Application OS user
PasswordChangeScope:
type: String
allowedValues:
- DB
- Apps/Weblogic
- Sysadmin
- Custom
- All
description: Password Change Scope - DB for sys,system and ebs_system, Apps for apps, oracle all, sysadmin, weblogic
S3RepoBucketName:
type: String
description: S3 Bucket where scripts are stored
mainSteps:
- name: EBIZ_Chk_PasswordChangeScope01
action: aws:branch
inputs:
Choices:
- NextStep: EBIZ_RESET_DB_PASSWORD
Variable: '{{ PasswordChangeScope }}'
StringEquals: DB
- NextStep: EBIZ_RESET_APPWLS_PASSWORD
Variable: '{{ PasswordChangeScope }}'
StringEquals: Apps/Weblogic
- NextStep: EBIZ_RESET_SYSADMIN_PASSWORD
Variable: '{{ PasswordChangeScope }}'
StringEquals: Sysadmin
- NextStep: EBIZ_RESET_CUSTOM_PASSWORD
Variable: '{{ PasswordChangeScope }}'
StringEquals: Custom
- NextStep: EBIZ_RESET_DB_PASSWORD
Variable: '{{ PasswordChangeScope }}'
StringEquals: All
Default: Final_Step
- description: ''
name: EBIZ_RESET_DB_PASSWORD
action: aws:runCommand
timeoutSeconds: 900
nextStep: EBIZ_Chk_PasswordChangeScope02
isEnd: false
inputs:
DocumentName: AWS-RunShellScript
Parameters:
commands: runuser -l {{EBIZDbOsUser}} -c 'if [ ! -d EbizPassRst ]; then mkdir EbizPassRst; fi; cd EbizPassRst;if [ ! -d logs ]; then mkdir logs; fi; aws s3 cp s3://{{S3RepoBucketName}}/scripts/EbizPassRstDb . 2>&1 > /dev/null; if [ $? -gt 0 ]; then exit 11;fi; sh EbizPassRstDb -target_inst {{EBIZEnvName}}'
Targets:
- Key: tag:Name
Values:
- '{{ EBIZDbNodeName }}'
CloudWatchOutputConfig:
CloudWatchOutputEnabled: true
CloudWatchLogGroupName: EBIZPassWdResetAutomationLogs
- name: EBIZ_Chk_PasswordChangeScope02
action: aws:branch
inputs:
Choices:
- NextStep: EBIZ_RESET_APPWLS_PASSWORD
Variable: '{{ PasswordChangeScope }}'
StringEquals: All
- NextStep: EBIZ_RESET_APPWLS_PASSWORD
Variable: '{{ PasswordChangeScope }}'
StringEquals: Apps/Weblogic
- NextStep: EBIZ_RESET_SYSADMIN_PASSWORD
Variable: '{{ PasswordChangeScope }}'
StringEquals: Sysadmin
- NextStep: EBIZ_RESET_CUSTOM_PASSWORD
Variable: '{{ PasswordChangeScope }}'
StringEquals: Custom
Default: Final_Step
- name: EBIZ_RESET_APPWLS_PASSWORD
action: aws:runCommand
timeoutSeconds: 3600
nextStep: EBIZ_Chk_PasswordChangeScope03
isEnd: false
inputs:
DocumentName: AWS-RunShellScript
Targets:
- Key: tag:Name
Values:
- '{{ EBIZAppNodeName }}'
CloudWatchOutputConfig:
CloudWatchOutputEnabled: true
CloudWatchLogGroupName: EBIZPassWdResetAutomationLogs
Parameters:
commands: runuser -l {{EBIZAppOsUser}} -c 'if [ ! -d EbizPassRst ]; then mkdir EbizPassRst; fi; cd EbizPassRst;if [ ! -d logs ]; then mkdir logs; fi; aws s3 cp s3://{{S3RepoBucketName}}/scripts/EbizPassRstApp . 2>&1 > /dev/null; if [ $? -gt 0 ]; then exit 11;fi; sh EbizPassRstApp -target_inst {{EBIZEnvName}} -scope APPS'
- name: EBIZ_Chk_PasswordChangeScope03
action: aws:branch
inputs:
Choices:
- NextStep: EBIZ_RESET_SYSADMIN_PASSWORD
Variable: '{{ PasswordChangeScope }}'
StringEquals: All
- NextStep: EBIZ_RESET_SYSADMIN_PASSWORD
Variable: '{{ PasswordChangeScope }}'
StringEquals: Sysadmin
- NextStep: EBIZ_RESET_CUSTOM_PASSWORD
Variable: '{{ PasswordChangeScope }}'
StringEquals: Custom
Default: Final_Step
- name: EBIZ_RESET_SYSADMIN_PASSWORD
action: aws:runCommand
timeoutSeconds: 900
nextStep: EBIZ_Chk_PasswordChangeScope04
isEnd: false
inputs:
DocumentName: AWS-RunShellScript
Targets:
- Key: tag:Name
Values:
- '{{ EBIZAppNodeName }}'
CloudWatchOutputConfig:
CloudWatchOutputEnabled: true
CloudWatchLogGroupName: EBIZPassWdResetAutomationLogs
Parameters:
commands: runuser -l {{EBIZAppOsUser}} -c 'if [ ! -d EbizPassRst ]; then mkdir EbizPassRst; fi; cd EbizPassRst;if [ ! -d logs ]; then mkdir logs; fi; aws s3 cp s3://{{S3RepoBucketName}}/scripts/EbizPassRstApp . 2>&1 > /dev/null; if [ $? -gt 0 ]; then exit 11;fi; sh EbizPassRstApp -target_inst {{EBIZEnvName}} -scope SYSADMIN'
- name: EBIZ_Chk_PasswordChangeScope04
action: aws:branch
inputs:
Choices:
- NextStep: EBIZ_RESET_CUSTOM_PASSWORD
Variable: '{{ PasswordChangeScope }}'
StringEquals: All
- NextStep: EBIZ_RESET_CUSTOM_PASSWORD
Variable: '{{ PasswordChangeScope }}'
StringEquals: Custom
Default: Final_Step
- name: EBIZ_RESET_CUSTOM_PASSWORD
action: aws:runCommand
timeoutSeconds: 900
nextStep: Final_Step
isEnd: false
inputs:
DocumentName: AWS-RunShellScript
Targets:
- Key: tag:Name
Values:
- '{{ EBIZAppNodeName }}'
CloudWatchOutputConfig:
CloudWatchOutputEnabled: true
CloudWatchLogGroupName: EBIZPassWdResetAutomationLogs
Parameters:
commands: runuser -l {{EBIZAppOsUser}} -c 'if [ ! -d EbizPassRst ]; then mkdir EbizPassRst; fi; cd EbizPassRst;if [ ! -d logs ]; then mkdir logs; fi; aws s3 cp s3://{{S3RepoBucketName}}/scripts/EbizPassRstApp . 2>&1 > /dev/null; if [ $? -gt 0 ]; then exit 11;fi; sh EbizPassRstApp -target_inst {{EBIZEnvName}} -scope CUSTOM'
- name: Final_Step
action: aws:executeScript
isEnd: true
inputs:
Runtime: python3.11
Handler: script_handler
Script: |-
def script_handler(events, context):
print('End Step')
return {'message': 'End Step'}