diff --git a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/main.yml b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/main.yml index 992b027c07..6c7286c85b 100644 --- a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/main.yml @@ -30,7 +30,9 @@ # These packages are installed using installp - which can enlarge # filesystem space, as needed, on demand - - openssl + - role: openssl3 + tags: openssl3 + - security # 2. AIX BOS configuration diff --git a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl/tasks/main.yml deleted file mode 100644 index e590367ac7..0000000000 --- a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl/tasks/main.yml +++ /dev/null @@ -1,32 +0,0 @@ -################################################################## -# Verify openssl from IBM # -################################################################## ---- -- name: Check if openssl is installed - stat: - path: /usr/bin/openssl - register: openssl_bin - -- name: "Fail: OpenSSL 1.0.2p or later required" - fail: - msg: - - "OpenSSL is required. Version 1.0.2p (1.0.2.1601) or later" - - "Please ask your AIX OS provider to install it on this host" - when: not (openssl_bin.stat.exists and openssl_bin.stat.executable) - -- name: Get openssl version - command: openssl version - register: openssl_version - -- name: Check Version legitimacy - set_fact: - rdy: openssl_version.split(' ')[1] >= '1.0.2p' - when: openssl_version is defined - -- name: "Fail: OpenSSL 1.0.2p or later required" - fail: - msg: - - "OpenSSL Version 1.0.2p (1.0.2.1601) or later is required." - - "Please ask your AIX OS provider to install it on this host" - - "current OpenSSL: {{ openssl_version.stdout }}" - when: rdy is undefined or not rdy diff --git a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml new file mode 100644 index 0000000000..29e960b48c --- /dev/null +++ b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml @@ -0,0 +1,41 @@ +################################################################################# +# Install OpenSSL 3.0.10.1000 # +# An OpenSSL version greater than 1.1.x is needed for DNF # +# See https://github.com/adoptium/infrastructure/issues/3274 # +# OpenSSL 3.0.10.1000 is downloaded from this link: # +# https://www.ibm.com/resources/mrs/assets/DownloadList?source=aixbp&lang=en_US # +################################################################################# +--- +- name: Check if openssl is installed + stat: + path: /usr/bin/openssl + register: openssl_installed + +- name: Get version of installed openssl (if installed else skip) + shell: /usr/bin/openssl version | awk '{print$2}' | awk -F. '{print$1}' + register: openssl_version + when: openssl_installed.stat.exists + +- name: Install openssl if not installed or version is less than 3 + when: (not openssl_installed.stat.exists) or ((openssl_version.stdout | int) < 3) + block: + - name: Transfer openssl binary + unarchive: + src: /Vendor_Files/aix/openssl-3.0.10.1000.tar.Z + dest: /tmp/ + remote_src: false + + - name: Install openssl files + shell: PATH=/usr/bin/:$PATH && cd /tmp/openssl-3.0.10.1000 && installp -qaXFY -d . openssl.base openssl.license openssl.man.en_US + + - name: Update AIX-rpm package + shell: PATH=/usr/bin/:$PATH && /usr/sbin/updtvpkg + + - name: Remove openssl directory and binary + file: + path: "{{ item }}" + state: absent + with_items: + - /tmp/openssl-3.0.10.1000.tar.Z + - /tmp/openssl-3.0.10.1000.tar + - /tmp/openssl-3.0.10.1000