Oct CR8 Release (#346)

* CR8 * Add AlmaLinux back
HCL-TECH-SOFTWARE · Oct 15, 2024 · 464bc47 · 464bc47
1 parent d44ab27
commit 464bc47
Show file tree

Hide file tree

Showing 99 changed files with 1,049 additions and 184 deletions.
diff --git a/README.md b/README.md
@@ -13,7 +13,7 @@ For HCL Connections 8 dependencies this means that:
 * If needed for demo or even production purposes, OpenLDAP will be spun up and seeded with some demo users. OpenLDAP will be spun up with SSL enabled, as needed later for setting up IBM WebSphere Application Server properly.
 * IBM TDI will be installed, configured, and run to populate profiles database in IBM DB2 with users from OpenLDAP
 * IBM Installation Manager will be set up on the nodes where IBM WebSphere Application Server Network Deployment needs to be installed.
-* IBM WebSphere Application Server Network Deployment will be set up where needed. Currently we tested it with Fixpack 24. By default, FP24 is going to be installed. Deployment manager and nodeagents profiles are going to be created, application security enabled, TLS certificated imported from LDAP, LDAP configured up to the point where it is ready to install HCL Connections 8.
+* IBM WebSphere Application Server Network Deployment will be set up where needed. Currently we tested it with Fixpack 26. By default, FP26 is going to be installed. Deployment manager and nodeagents profiles are going to be created, application security enabled, TLS certificated imported from LDAP, LDAP configured up to the point where it is ready to install HCL Connections 8.
 * IBM HTTP Server is going to be installed, patched with the same fixpack as IBM WebSphere Application Server, and added to the deployment manager.
 * NFS server will be installed, including master and clients configurations and proper folders set.
 
@@ -92,9 +92,9 @@ Connections8:
 -r-xr-xr-x   1 root root             Apr 10 16:41 HC8.0_CR7.zip
 
 DB2:
--rw-r--r--.  1 dmenges dmenges    3993254 Oct 16 13:13 DB2_ESE_AUSI_Activation_11.5.zip
--rw-r--r--.  1 dmenges orion    250880000 Jun  3 10:48 v11.5.6_jdbc_sqlj.tar.gz
--rw-r--r--.  1 dmenges orion   1861783964 Apr 23  2020 v11.5.6_linuxx64_universal_fixpack.tar.gz
+-rw-r--r--. 1 root            root               1389624 Aug 13  2021 DB2_ESE_AUSI_Activation_11.5.zip
+-rw-rw-r--  1 ajaykumar-patel ajaykumar-patel    8707627 Aug 28 06:53 v11.5.9_jdbc_sqlj.tar.gz
+-rw-r--r--  1 root            root            1966221224 Apr  8 18:09 v11.5.9_linuxx64_universal_fixpack.tar.gz
 
 Docs:
 -r-xr-xr-x.  1 root orion 737753769 Sep  7  2020 HCL_Docs_v202.zip
@@ -128,15 +128,15 @@ was855:
 -rw-r--r--.  1 dmenges orion  998887246 Apr 23  2020 WAS_V8.5.5_SUPPL_3_OF_3.zip
 -rw-r--r--.  1 root    root   215292676 Aug 12  2020 agent.installer.linux.gtk.x86_64_1.9.1003.20200730_2125.zip
 
-was855FP24:
--rw-r--r-- 1 sabrinayee sabrinayee 1091490712 Oct 24 11:35 8.5.5-WS-WAS-FP024-part1.zip
--rw-r--r-- 1 sabrinayee sabrinayee  198883257 Oct 24 11:35 8.5.5-WS-WAS-FP024-part2.zip
--rw-r--r-- 1 sabrinayee sabrinayee 1975961319 Oct 24 11:35 8.5.5-WS-WAS-FP024-part3.zip
--rw-r--r-- 1 sabrinayee sabrinayee  528827632 Oct 24 11:35 8.5.5-WS-WASSupplements-FP024-part1.zip
--rw-r--r-- 1 sabrinayee sabrinayee  783773739 Oct 24 11:36 8.5.5-WS-WASSupplements-FP024-part2.zip
--rw-r--r-- 1 sabrinayee sabrinayee 1975961319 Oct 24 11:36 8.5.5-WS-WASSupplements-FP024-part3.zip
--rw-r--r-- 1 sabrinayee sabrinayee  301473547 Oct 24 11:36 8.5.5-WS-WCT-FP024-part1.zip
--rw-r--r-- 1 sabrinayee sabrinayee 1979434838 Oct 24 11:37 8.5.5-WS-WCT-FP024-part2.zip
+was855FP26:
+-rw-rw-r--   1 pnott pnott 1100773571 Jul 29 17:53 8.5.5-WS-WAS-FP026-part1.zip
+-rw-rw-r--   1 pnott pnott  198936058 Jul 29 17:51 8.5.5-WS-WAS-FP026-part2.zip
+-rw-rw-r--   1 pnott pnott 2006973467 Jul 29 17:53 8.5.5-WS-WAS-FP026-part3.zip
+-rw-rw-r--   1 pnott pnott  533279156 Jul 29 17:52 8.5.5-WS-WASSupplements-FP026-part1.zip
+-rw-rw-r--   1 pnott pnott  783934148 Jul 29 17:52 8.5.5-WS-WASSupplements-FP026-part2.zip
+-rw-rw-r--   1 pnott pnott 2006973467 Jul 29 17:53 8.5.5-WS-WASSupplements-FP026-part3.zip
+-rw-rw-r--   1 pnott pnott  302048768 Jul 29 17:51 8.5.5-WS-WCT-FP026-part1.zip
+-rw-rw-r--   1 pnott pnott 2010447111 Jul 29 19:38 8.5.5-WS-WCT-FP026-part2.zip
 ```
 
 Of course, you can drop it all to a single folder, or restructure it whatever way you prefer.

diff --git a/documentation/VARIABLES.md b/documentation/VARIABLES.md
@@ -143,7 +143,7 @@ was_repository_url | *none* - required | WebSphere install kit download location
 was_fixes_repository_url | *none* - required | WebSphere Fix Pack kit location to download
 was_major_version | 8 | WebSphere major version
 was_version | 8.5.5000.20130514_1044 | WebSphere Base version
-was_fp_version | 8.5.5024.20230628_1659 | WebSphere Fix Pack
+was_fp_version | 8.5.5026.20240702_1024 | WebSphere Fix Pack
 java_version | 8.0.6015.20200826_0935 | (only for Java upgrade during FP16/18 install)
 was_username | wasadmin | WAS admin user
 was_password | password | WAS admin user password
@@ -157,8 +157,8 @@ Name | Default | Description
 ---- | --------| -------------
 ihs_repository_url | *none* - required | IHS install kit download location
 ihs_fixes_repository_url | *none* - required | IHS Fix Pack kit location to download
-ihs_version | 8.5.5024.20230628_1659 | IHS Fix Pack version
-wct_version | 8.5.5024.20230628_1659 | WebSphere Toolbox Fix Pack version
+ihs_version | 8.5.5026.20240702_1024 | IHS Fix Pack version
+wct_version | 8.5.5026.20240702_1024 | WebSphere Toolbox Fix Pack version
 ihs_username | ihsadmin | IHS admin user
 ihs_password | *none* - required | IHS admin user password
 plg_install_location | /opt/IBM/WebSphere/Plugins | IBM WebSphere Plugin installation folder path
@@ -207,6 +207,7 @@ cnx_package | HCL_Connections_8.0_lin.tar | Connections install kit file
 connections_wizards_package_name | HCL_Connections_8.0_wizards_lin_aix.tar | Connections Wizard kit file
 setup_connections_wizards | true | true will run the Connections database wizard
 cnx_force_repopulation | false | true will drop the Connections databases and recreate them in `setup-connections-wizards.yml` playbook
+keep_db_extraction_folder | false | true will keep the database wizard installation kit for reuse
 cnx_major_version | "8" | Connections major version to install
 cnx_fixes_version | *none* - optional | If defined (eg. 8.0.0.0_CR3) will install the CR version
 cnx_fixes_files | *none* - optional | If defined (eg. HC8.0_CR3.zip") and cnx_fixes_version is set, will download the CR install kit
@@ -223,6 +224,7 @@ cnx_message_store_nfs | /nfs/data/messageStores | Connections bus SIB NFS share
 cnx_enable_invite | false | true will configure selfregistration-config.xml for Invite
 cnx_enable_moderation | false | true will configure and enable Moderation
 global_moderator | *none* - optional | Global moderator user
+connections_extended_user | *none* - optional | User to have EMPLOYEE_EXTENDED role for external collaboration
 cnx_enable_full_icec | false | true will configure full CEC
 cnx_enable_lang_selector | false | true will enable and add additional languages to the language selector
 enable_homepage_switcher | true | set `com.ibm.orient.isHomepageSwitcherEnabled` in LotusConnections-config.xml
@@ -307,7 +309,7 @@ uninstall_tinyeditors | true | true will uninstall Tiny Editors
 ### Component Pack Infra Variables
 Name | Default | Description
 ---- | --------| -------------
-containerd_version | 1.6.26-3.1.el7 | Containerd version to be installed
+containerd_version | 1.7.19-3.1 | Containerd version to be installed. Refer https://download.docker.com/linux to find available versions.
 docker_version | 20.10.12 | Docker version to be installed
 docker_insecure_registries | {{ docker_registry_url }} | Docker insecure-registries setting
 registry_port | 5000 | The registry defaults to listening on port 5000
@@ -317,18 +319,19 @@ component_pack_helm_repository | https://hclcr.io/chartrepo/cnx | Helm repo url,
 registry_user | admin | Docker Registry user name
 registry_password | password | Docker Registry user password
 overlay2_enabled | true | true enables OverlayFS storage driver
-kubernetes_version | 1.29.0 | Kubernetes version to be installed
+kubernetes_version | 1.30.3 | Kubernetes version to be installed
 kube_binaries_install_dir | /usr/bin | kuberneters binary install directory
 kube_binaries_download_url | https://storage.googleapis.com/kubernetes-release/release | kuberneters binary download path
 ic_internal | localhost | Connections server internal frontend host (eg. IHS host)
 load_balancer_dns | localhost | Specify a DNS name for the control plane.
 pod_subnet | 192.168.0.0/16 | Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node.
 kubectl_user |  ansible_env['SUDO_USER'] | Kubectl is setup for all the users listed here
-calico_version | 3.25.0 | Calico version to be installed
-helm_version | 3.11.3 | Helm version to be installed
-haproxy_version | 2.6.6 | HAProxy version to be installed
+calico_version | 3.28.0 | Calico version to be installed
+helm_version | 3.15.3 | Helm version to be installed
+haproxy_version | 3.0.3 | HAProxy version to be installed. For RedHat, and AlmaLinux, the version available via the yum install command will be installed.
 haproxy_url | *none* | Alternative HAProxy tar download location
 ssl_root_ca | /C=US/ST=CA/L=Sunnyvale/O=HCL America Inc/OU=Software/CN=hcltechsw.com | SSL Root CA Certificate
+nginx_version | 1.26.1 | nginx version to be installed
 build_nginx | true | true will build and install NGINX with headers-more-nginx-module to allow removal of Server information from header
 nginx_install_dir | /etc/nginx | NGINX install location
 nginx_logs_dir | /var/log/nginx | NGINX logs location

diff --git a/documentation/howtos/connections_upgrade_to_8.x.md b/documentation/howtos/connections_upgrade_to_8.x.md
@@ -125,7 +125,7 @@ kubectl delete ingress -n connections $(kubectl get ingress -n connections | awk
 >Ensure you reconfigure NFS by running playbook playbooks/third_party/setup-nfs.yml.
 </details>
 
-Follow [Kubernetes official document](https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade/) on how to upgrade kubernetes version. Kubernetes can be upgraded to the next minor version using below playbook.  Do NOT skip MINOR versions when upgrading Kubernetes.   For example, if you are upgrading from 1.27 -> 1.29, it needs to be upgraded from 1.27 -> 1.28 -> 1.29.  Add 'upgrade_version' variable in the [inventory file](https://github.com/HCL-TECH-SOFTWARE/connections-automation/blob/main/environments/examples/cnx8/db2/group_vars/all.yml) to the target version and adjust before running the playbook each time:
+Follow [Kubernetes official document](https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade/) on how to upgrade kubernetes version. Kubernetes can be upgraded to the next minor version using below playbook.  Do NOT skip MINOR versions when upgrading Kubernetes.   For example, if you are upgrading from 1.28 -> 1.30, it needs to be upgraded from 1.28 -> 1.29 -> 1.30.  Add 'upgrade_version' variable in the [inventory file](https://github.com/HCL-TECH-SOFTWARE/connections-automation/blob/main/environments/examples/cnx8/db2/group_vars/all.yml) to the target version and adjust before running the playbook each time:
 
 ```
 ansible-playbook -i environments/examples/cnx8/db2/inventory.ini playbooks/third_party/kubernetes/upgrade-kubernetes.yml

diff --git a/documentation/howtos/other_useful_playbooks.md b/documentation/howtos/other_useful_playbooks.md
@@ -14,7 +14,7 @@ restrict_reader_access__trusted_realms:  true
 ```
 then run this playbook:
 ```
-ansible-playbook -i environments/examples/cnx7/connections playbooks/hcl/connections-restrict-access.yml
+ansible-playbook -i <your inventory.ini> playbooks/hcl/connections-restrict-access.yml
 ```
 
 ## Set global moderator
@@ -24,7 +24,7 @@ global_moderator:  jjones2
 ```
 then run this playbook:
 ```
-ansible-playbook -i environments/examples/cnx7/connections playbooks/hcl/connections-set-global-moderator.yml
+ansible-playbook -i <your inventory.ini> playbooks/hcl/connections-set-global-moderator.yml
 ```
 
 ## Install Tiny Editors
@@ -36,5 +36,17 @@ tinyeditors_password: << Tiny Editors password. This field is required >>
 ```
 then run this playbook:
 ```
-ansible-playbook -i environments/examples/cnx7/connections playbooks/third_party/setup-tiny-editors.yml
+ansible-playbook -i <your inventory.ini> playbooks/third_party/setup-tiny-editors.yml
+```
+
+## Regenerate IHS SSL Certificate
+This playbook is useful when the IHS SSL certificate in your test environment has expired and needs another self-signed certificate.
+```
+ansible-playbook -i <your inventory.ini> playbooks/third_party/ibm-http-server-create-cert.yml
+```
+
+## Renew Kubernetes self generated kubeadm-managed certificates
+This playbook is useful for renewing Kubernetes self-generated, kubeadm-managed certificates that are close to expiration.
+```
+ansible-playbook -i <your inventory.ini> playbooks/third_party/kubernetes/renew-kubernetes-cert.yml
 ```
diff --git a/documentation/howtos/setup_connections_with_different_database_backends.md b/documentation/howtos/setup_connections_with_different_database_backends.md
@@ -19,9 +19,9 @@ By default, they are set to false, which means that if you don specifically say
 
 This applies only for HCL Connections.
 
-## Defaults and IBM DB2 11.5.6
+## Defaults and IBM DB2 11.5.9
 
-First supported database with this automation was IBM DB2 v11.5.6
+First supported database with this automation was IBM DB2 v11.5.9
 
 To install Connections by using DB2 as a backend, all you need is this:
 

diff --git a/environments/examples/cnx8/db2/group_vars/all.yml b/environments/examples/cnx8/db2/group_vars/all.yml
@@ -49,9 +49,9 @@ cnx_repository_url:                              "http://{{ groups['installer'][
 tinyeditors_download_location:                   http://{{ groups['installer'][0] }}:8001/TinyEditors
 cnx_fixes_repository_url:                        "http://{{ groups['installer'][0] }}:8001/{{ connections_kit_folder }}"
 
-cnx_fixes_version:                               "8.0.0.0_CR7"
+cnx_fixes_version:                               "8.0.0.0_CR8"
 cnx_fixes_files:
-  - { file_name: "HC8.0_CR7.zip" }
+  - { file_name: "HC8.0_CR8.zip" }
 
 cnx_package:                                     "HCL_Connections_8.0_lin.tar"
 connections_wizards_package_name:                "HCL_Connections_8.0_wizards_lin_aix.tar"
@@ -85,8 +85,14 @@ enable_prometheus_jmx_exporter:                  True
 
 # uncomment to install CFix, update these for the latest fix and updateInstaller
 # ifix_apar:                                       CFix.70.2110
-# cnx_ifix_installer:                              "updateInstaller_2104.zip"
 # ifix_file:                                       CFix.70.2110-IC7.0.0.0-Common-Fix.jar
+# cnx_ifix_installer:                              "updateInstaller_2104.zip"
+#
+# to install multiple fixes
+# ifix_apar:                                       "KBXXXXXX KBYYYYYY"
+# ifix_file:
+#  - { file_name: 8.0.0.0_CRX-XXXX-KBXXXXXX.jar }
+#  - { file_name: 8.0.0.0_CRX-YYYY-KBYYYYYY.jar }
 
 component_pack_helm_repository:                  https://hclcr.io/chartrepo/cnx
 docker_registry_url:                             hclcr.io/cnx

diff --git a/environments/examples/cnx8/oracle/group_vars/all.yml b/environments/examples/cnx8/oracle/group_vars/all.yml
@@ -49,9 +49,9 @@ cnx_repository_url:                              "http://{{ groups['installer'][
 tinyeditors_download_location:                   http://{{ groups['installer'][0] }}:8001/TinyEditors
 cnx_fixes_repository_url:                        "http://{{ groups['installer'][0] }}:8001/{{ connections_kit_folder }}"
 
-cnx_fixes_version:                               "8.0.0.0_CR7"
+cnx_fixes_version:                               "8.0.0.0_CR8"
 cnx_fixes_files:
-  - { file_name: "HC8.0_CR7.zip" }
+  - { file_name: "HC8.0_CR8.zip" }
 
 cnx_package:                                     "HCL_Connections_8.0_lin.tar"
 connections_wizards_package_name:                "HCL_Connections_8.0_wizards_lin_aix.tar"

diff --git a/environments/examples/cnx8/quick_start/group_vars/all.yml b/environments/examples/cnx8/quick_start/group_vars/all.yml
@@ -49,9 +49,9 @@ cnx_repository_url:                              "http://{{ groups['installer'][
 tinyeditors_download_location:                   http://{{ groups['installer'][0] }}:8001/TinyEditors
 cnx_fixes_repository_url:                        "http://{{ groups['installer'][0] }}:8001/{{ connections_kit_folder }}"
 
-cnx_fixes_version:                               "8.0.0.0_CR7"
+cnx_fixes_version:                               "8.0.0.0_CR8"
 cnx_fixes_files:
-  - { file_name: "HC8.0_CR7.zip" }
+  - { file_name: "HC8.0_CR8.zip" }
 
 cnx_package:                                     "HCL_Connections_8.0_lin.tar"
 connections_wizards_package_name:                "HCL_Connections_8.0_wizards_lin_aix.tar"
@@ -84,8 +84,14 @@ enable_prometheus_jmx_exporter:                  True
 
 # uncomment to install CFix, update these for the latest fix and updateInstaller
 # ifix_apar:                                       CFix.70.2110
-# cnx_ifix_installer:                              "updateInstaller_2104.zip"
 # ifix_file:                                       CFix.70.2110-IC7.0.0.0-Common-Fix.jar
+# cnx_ifix_installer:                              "updateInstaller_2104.zip"
+#
+# to install multiple fixes
+# ifix_apar:                                       "KBXXXXXX KBYYYYYY"
+# ifix_file:
+#  - { file_name: 8.0.0.0_CRX-XXXX-KBXXXXXX.jar }
+#  - { file_name: 8.0.0.0_CRX-YYYY-KBYYYYYY.jar }
 
 component_pack_helm_repository:                  https://hclcr.io/chartrepo/cnx
 docker_registry_url:                             hclcr.io/cnx

diff --git a/environments/examples/existing_database/db2/group_vars/all.yml b/environments/examples/existing_database/db2/group_vars/all.yml
@@ -49,9 +49,9 @@ cnx_repository_url:                              "http://{{ groups['installer'][
 tinyeditors_download_location:                   http://{{ groups['installer'][0] }}:8001/TinyEditors
 cnx_fixes_repository_url:                        "http://{{ groups['installer'][0] }}:8001/{{ connections_kit_folder }}"
 
-cnx_fixes_version:                               "8.0.0.0_CR7"
+cnx_fixes_version:                               "8.0.0.0_CR8"
 cnx_fixes_files:
-  - { file_name: "HC8.0_CR7.zip" }
+  - { file_name: "HC8.0_CR8.zip" }
 
 cnx_package:                                     "HCL_Connections_8.0_lin.tar"
 connections_wizards_package_name:                "HCL_Connections_8.0_wizards_lin_aix.tar"

diff --git a/environments/examples/existing_database/mssql/group_vars/all.yml b/environments/examples/existing_database/mssql/group_vars/all.yml
@@ -49,9 +49,9 @@ cnx_repository_url:                              "http://{{ groups['installer'][
 tinyeditors_download_location:                   http://{{ groups['installer'][0] }}:8001/TinyEditors
 cnx_fixes_repository_url:                        "http://{{ groups['installer'][0] }}:8001/{{ connections_kit_folder }}"
 
-cnx_fixes_version:                               "8.0.0.0_CR7"
+cnx_fixes_version:                               "8.0.0.0_CR8"
 cnx_fixes_files:
-  - { file_name: "HC8.0_CR7.zip" }
+  - { file_name: "HC8.0_CR8.zip" }
 
 cnx_package:                                     "HCL_Connections_8.0_lin.tar"
 connections_wizards_package_name:                "HCL_Connections_8.0_wizards_lin_aix.tar"

diff --git a/environments/examples/existing_database/oracle/group_vars/all.yml b/environments/examples/existing_database/oracle/group_vars/all.yml
@@ -49,9 +49,9 @@ cnx_repository_url:                              "http://{{ groups['installer'][
 tinyeditors_download_location:                   http://{{ groups['installer'][0] }}:8001/TinyEditors
 cnx_fixes_repository_url:                        "http://{{ groups['installer'][0] }}:8001/{{ connections_kit_folder }}"
 
-cnx_fixes_version:                               "8.0.0.0_CR7"
+cnx_fixes_version:                               "8.0.0.0_CR8"
 cnx_fixes_files:
-  - { file_name: "HC8.0_CR7.zip" }
+  - { file_name: "HC8.0_CR8.zip" }
 
 cnx_package:                                     "HCL_Connections_8.0_lin.tar"
 connections_wizards_package_name:                "HCL_Connections_8.0_wizards_lin_aix.tar"

diff --git a/playbooks/hcl/connections-post-install.yml b/playbooks/hcl/connections-post-install.yml
@@ -63,3 +63,6 @@
   roles:
     - roles/third_party/ibm/wasnd/was-dmgr-stop-cluster
     - roles/third_party/ibm/wasnd/was-dmgr-start-cluster
+
+- name:                    Configure an extended user to enable the creation of an External Community
+  import_playbook:         setup-extended-user.yml
diff --git a/playbooks/hcl/setup-connections-docs.yml b/playbooks/hcl/setup-connections-docs.yml
@@ -22,6 +22,8 @@
 - name:                    Setup Docs database
   hosts:                   db2_servers, oracle_servers, mssql_servers
   become:                  true
+  vars:
+    setup_connections_wizards: false
   roles:
     - roles/hcl/connections-wizards
 

diff --git a/playbooks/hcl/setup-extended-user.yml b/playbooks/hcl/setup-extended-user.yml
@@ -0,0 +1,10 @@
+---
+- name:                    Gather facts
+  hosts:                   dmgr
+  tasks:                   []
+
+- name:                    Setup an extended user
+  hosts:                   dmgr
+  become:                  true
+  roles:
+    - roles/hcl/connections/setup_extended_user
diff --git a/playbooks/third_party/ibm-http-server-create-cert.yml b/playbooks/third_party/ibm-http-server-create-cert.yml
@@ -0,0 +1,6 @@
+---
+  - name:                     Configure SSL for IBM HTTP Server
+    hosts:                    ihs_servers
+    become:                   true
+    roles:
+      - roles/third_party/ibm/ihs/ibm-http-gen-cert