From 5f5ce8aab23f1e53db879afd5e2750e41baa593b Mon Sep 17 00:00:00 2001 From: Haroon Khel Date: Mon, 4 Dec 2023 13:09:03 +0000 Subject: [PATCH 01/13] update openssl role to install openssl3 --- .../AdoptOpenJDK_AIX_Playbook/main.yml | 4 +- .../roles/openssl/tasks/main.yml | 49 ++++++++++--------- 2 files changed, 30 insertions(+), 23 deletions(-) diff --git a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/main.yml b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/main.yml index 992b027c07..6c7286c85b 100644 --- a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/main.yml @@ -30,7 +30,9 @@ # These packages are installed using installp - which can enlarge # filesystem space, as needed, on demand - - openssl + - role: openssl3 + tags: openssl3 + - security # 2. AIX BOS configuration diff --git a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl/tasks/main.yml index e590367ac7..d74fa4fcf4 100644 --- a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl/tasks/main.yml @@ -1,32 +1,37 @@ ################################################################## -# Verify openssl from IBM # +# Install OpenSSL 3.0.10.1000 # ################################################################## --- - name: Check if openssl is installed stat: path: /usr/bin/openssl - register: openssl_bin + register: openssl_installed -- name: "Fail: OpenSSL 1.0.2p or later required" - fail: - msg: - - "OpenSSL is required. Version 1.0.2p (1.0.2.1601) or later" - - "Please ask your AIX OS provider to install it on this host" - when: not (openssl_bin.stat.exists and openssl_bin.stat.executable) - -- name: Get openssl version - command: openssl version +- name: Get version of installed openssl (if installed else skip) + command: /usr/bin/openssl version | awk '{split ($0,a," "); print a[2]}' | awk '{split ($0,a,"."); print a[1]}' register: openssl_version + when: openssl_installed.stat.exists + +- name: Install openssl if not installed or version is less than 3 + when: (not openssl_installed.stat.exists) or (openssl_version.stdout_lines | int) < 3 + block: + - name: Transfer openssl binary + unarchive: + src: /Vendor_Files/aix/openssl-3.0.10.1000.tar.Z + dest: /tmp/openssl-3.0.10.1000 + remote_src: false + + - name: cd into openssl directory and installp the binary + command: cd /tmp/openssl-3.0.10.1000 && installp -qaXFY -d . openssl.base openssl.license openssl.man.en_US -- name: Check Version legitimacy - set_fact: - rdy: openssl_version.split(' ')[1] >= '1.0.2p' - when: openssl_version is defined + - name: Update AIX-rpm package + shell: PATH=/usr/bin/:$PATH && /usr/sbin/updtvpkg -- name: "Fail: OpenSSL 1.0.2p or later required" - fail: - msg: - - "OpenSSL Version 1.0.2p (1.0.2.1601) or later is required." - - "Please ask your AIX OS provider to install it on this host" - - "current OpenSSL: {{ openssl_version.stdout }}" - when: rdy is undefined or not rdy + - name: Remove openssl directory and binary + file: + path: "{{ item }}" + state: absent + with_items: + - /tmp/openssl-3.0.10.1000.tar.Z + - /tmp/openssl-3.0.10.1000.tar + - /tmp/openssl-3.0.10.1000 From 43cc55795e795dcdefa3eee26f238a128d22cb55 Mon Sep 17 00:00:00 2001 From: Haroon Khel Date: Mon, 4 Dec 2023 13:15:48 +0000 Subject: [PATCH 02/13] add comments --- .../AdoptOpenJDK_AIX_Playbook/roles/openssl/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl/tasks/main.yml index d74fa4fcf4..6dcee1d81a 100644 --- a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl/tasks/main.yml @@ -1,5 +1,7 @@ ################################################################## # Install OpenSSL 3.0.10.1000 # +# An OpenSSL version greater than 1.1.x is needed for DNF # +# See https://github.com/adoptium/infrastructure/issues/3274 ################################################################## --- - name: Check if openssl is installed From acd54d6fa778f3125f779861efa0cb35cb21e77f Mon Sep 17 00:00:00 2001 From: Haroon Khel Date: Mon, 4 Dec 2023 13:20:27 +0000 Subject: [PATCH 03/13] change name of role to openssl3 --- .../roles/{openssl => openssl3}/tasks/main.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/{openssl => openssl3}/tasks/main.yml (100%) diff --git a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml similarity index 100% rename from ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl/tasks/main.yml rename to ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml From 9df4ce15a47ecbdec407fe810ffa69ce80fec13b Mon Sep 17 00:00:00 2001 From: Haroon Khel Date: Tue, 5 Dec 2023 12:01:07 +0000 Subject: [PATCH 04/13] simplify awk command --- .../AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml index 6dcee1d81a..2de416c51b 100644 --- a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml @@ -10,7 +10,7 @@ register: openssl_installed - name: Get version of installed openssl (if installed else skip) - command: /usr/bin/openssl version | awk '{split ($0,a," "); print a[2]}' | awk '{split ($0,a,"."); print a[1]}' + command: /usr/bin/openssl version | awk '{print$2}' | awk -F. '{print$1}' register: openssl_version when: openssl_installed.stat.exists From a1c8ca4ba1ff7bd4a47c324747f90dad98a5b8a4 Mon Sep 17 00:00:00 2001 From: Haroon Khel Date: Tue, 5 Dec 2023 12:20:02 +0000 Subject: [PATCH 05/13] specifiy which awk --- .../AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml index 2de416c51b..692251a8d0 100644 --- a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml @@ -10,7 +10,7 @@ register: openssl_installed - name: Get version of installed openssl (if installed else skip) - command: /usr/bin/openssl version | awk '{print$2}' | awk -F. '{print$1}' + command: /usr/bin/openssl version | /usr/bin/awk '{print$2}' | /usr/bin/awk -F. '{print$1}' register: openssl_version when: openssl_installed.stat.exists From 6c371c6024f20ce47d9ab35799312f3fac121f0c Mon Sep 17 00:00:00 2001 From: Haroon Khel Date: Tue, 5 Dec 2023 12:21:29 +0000 Subject: [PATCH 06/13] change command to shell --- .../AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml index 692251a8d0..5cf4e15586 100644 --- a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml @@ -10,7 +10,7 @@ register: openssl_installed - name: Get version of installed openssl (if installed else skip) - command: /usr/bin/openssl version | /usr/bin/awk '{print$2}' | /usr/bin/awk -F. '{print$1}' + shell: /usr/bin/openssl version | awk '{print$2}' | awk -F. '{print$1}' register: openssl_version when: openssl_installed.stat.exists From eea19ed649b38ac97981167a5e37ae990d601c99 Mon Sep 17 00:00:00 2001 From: Haroon Khel Date: Tue, 5 Dec 2023 12:24:23 +0000 Subject: [PATCH 07/13] change src directory --- .../AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml index 5cf4e15586..a428f1ed79 100644 --- a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml @@ -20,7 +20,7 @@ - name: Transfer openssl binary unarchive: src: /Vendor_Files/aix/openssl-3.0.10.1000.tar.Z - dest: /tmp/openssl-3.0.10.1000 + dest: /tmp/ remote_src: false - name: cd into openssl directory and installp the binary From dea35ecd175a4e309260f5a46a1e6e468cedfb0e Mon Sep 17 00:00:00 2001 From: Haroon Khel Date: Tue, 5 Dec 2023 12:26:39 +0000 Subject: [PATCH 08/13] add /usr/bin to PATH before installing --- .../AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml index a428f1ed79..8b8373ea55 100644 --- a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml @@ -24,7 +24,7 @@ remote_src: false - name: cd into openssl directory and installp the binary - command: cd /tmp/openssl-3.0.10.1000 && installp -qaXFY -d . openssl.base openssl.license openssl.man.en_US + command: PATH=/usr/bin/:$PATH && cd /tmp/openssl-3.0.10.1000 && installp -qaXFY -d . openssl.base openssl.license openssl.man.en_US - name: Update AIX-rpm package shell: PATH=/usr/bin/:$PATH && /usr/sbin/updtvpkg From cd58bb76ced12606394b83865d14d2dbfcea6cbb Mon Sep 17 00:00:00 2001 From: Haroon Khel Date: Tue, 5 Dec 2023 12:33:34 +0000 Subject: [PATCH 09/13] change command to shell again --- .../AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml index 8b8373ea55..f71291a919 100644 --- a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml @@ -24,7 +24,7 @@ remote_src: false - name: cd into openssl directory and installp the binary - command: PATH=/usr/bin/:$PATH && cd /tmp/openssl-3.0.10.1000 && installp -qaXFY -d . openssl.base openssl.license openssl.man.en_US + shell: PATH=/usr/bin/:$PATH && cd /tmp/openssl-3.0.10.1000 && installp -qaXFY -d . openssl.base openssl.license openssl.man.en_US - name: Update AIX-rpm package shell: PATH=/usr/bin/:$PATH && /usr/sbin/updtvpkg From 31dc733fa3e64e37813c1ce66fa55d8789979ecc Mon Sep 17 00:00:00 2001 From: Haroon Khel Date: Tue, 5 Dec 2023 12:43:52 +0000 Subject: [PATCH 10/13] add some debug to check condition and comment for where they can download openssl3 --- .../roles/openssl3/tasks/main.yml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml index f71291a919..87b0fa807c 100644 --- a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml @@ -1,8 +1,10 @@ -################################################################## -# Install OpenSSL 3.0.10.1000 # -# An OpenSSL version greater than 1.1.x is needed for DNF # -# See https://github.com/adoptium/infrastructure/issues/3274 -################################################################## +################################################################################# +# Install OpenSSL 3.0.10.1000 # +# An OpenSSL version greater than 1.1.x is needed for DNF # +# See https://github.com/adoptium/infrastructure/issues/3274 # +# OpenSSL 3.0.10.1000 is downloaded from this link: # +# https://www.ibm.com/resources/mrs/assets/DownloadList?source=aixbp&lang=en_US # +################################################################################# --- - name: Check if openssl is installed stat: @@ -15,8 +17,12 @@ when: openssl_installed.stat.exists - name: Install openssl if not installed or version is less than 3 - when: (not openssl_installed.stat.exists) or (openssl_version.stdout_lines | int) < 3 + when: (not openssl_installed.stat.exists) or ((openssl_version.stdout_lines | int) < 3) block: + - name: debug + debug: + msg: "Version is less than 3: {{ ((openssl_version.stdout_lines | int) < 3) }}" + - name: Transfer openssl binary unarchive: src: /Vendor_Files/aix/openssl-3.0.10.1000.tar.Z From d0a3259733d6b38d52f4faf33adc852c3c2a4cd8 Mon Sep 17 00:00:00 2001 From: Haroon Khel Date: Tue, 5 Dec 2023 12:46:17 +0000 Subject: [PATCH 11/13] adjust condition and debug --- .../AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml index 87b0fa807c..66f07fe509 100644 --- a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml @@ -17,11 +17,11 @@ when: openssl_installed.stat.exists - name: Install openssl if not installed or version is less than 3 - when: (not openssl_installed.stat.exists) or ((openssl_version.stdout_lines | int) < 3) + when: (not openssl_installed.stat.exists) or ((openssl_version.stdout | int) < 3) block: - name: debug debug: - msg: "Version is less than 3: {{ ((openssl_version.stdout_lines | int) < 3) }}" + msg: "Version is less than 3: {{ ((openssl_version.stdout | int) < 3) }}" - name: Transfer openssl binary unarchive: From 8bc69d3afc8a23e8a36e656e04e0f268af6dbf0f Mon Sep 17 00:00:00 2001 From: Haroon Khel Date: Tue, 5 Dec 2023 12:47:43 +0000 Subject: [PATCH 12/13] remove debug --- .../AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml index 66f07fe509..9c38a79ae6 100644 --- a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml @@ -19,10 +19,6 @@ - name: Install openssl if not installed or version is less than 3 when: (not openssl_installed.stat.exists) or ((openssl_version.stdout | int) < 3) block: - - name: debug - debug: - msg: "Version is less than 3: {{ ((openssl_version.stdout | int) < 3) }}" - - name: Transfer openssl binary unarchive: src: /Vendor_Files/aix/openssl-3.0.10.1000.tar.Z From 1363e8944210f6ce02393bca1cc65c28927ec44e Mon Sep 17 00:00:00 2001 From: Haroon Khel Date: Tue, 5 Dec 2023 13:03:26 +0000 Subject: [PATCH 13/13] linter --- .../AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml index 9c38a79ae6..29e960b48c 100644 --- a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml @@ -25,7 +25,7 @@ dest: /tmp/ remote_src: false - - name: cd into openssl directory and installp the binary + - name: Install openssl files shell: PATH=/usr/bin/:$PATH && cd /tmp/openssl-3.0.10.1000 && installp -qaXFY -d . openssl.base openssl.license openssl.man.en_US - name: Update AIX-rpm package