infrastructure icon indicating copy to clipboard operation
infrastructure copied to clipboard

Published 20 hours ago verified publisher icon adoptium

Add steps to install OpenSSL 3 on AIX 7.2 machines

Open Haroon-Khel opened this issue 1 year ago • 7 comments

ref https://github.com/adoptium/infrastructure/pull/3271#issuecomment-1836115340

Dnf requires openssl 1.1.x while on our 7.2 machines we have 1.0.2t. OpenSSL 3 can be downloaded here https://www.ibm.com/resources/mrs/assets/DownloadList?source=aixbp&lang=en_US

Openssl 3 install steps can be found here https://www.ibm.com/support/pages/downloading-and-installing-or-upgrading-openssl-and-openssh

All thats left is to update the existing openssl role to accommodate this new version. It might be best for the openssl-3.0.10.1000.tar.Z binary to be in Vendor_Files and transferred over when necessary

Haroon-Khel avatar Dec 01 '23 19:12 Haroon-Khel

The problem with vendor_files, imho, is that they are not kept current.

The safe step is to have the playbook verify that a minimal version of OpenSSL is installed - and let the system administration handle resolving it when it does not pass muster.

p.s. putting this here, rather than on the PR.

p.p.s. researching this - and prepping to make the update as system administrator - and not being able to do so due to #1544 only stresses how important it is to take the steps to correct an ancient issue. The problem it causes just keeps recurring.

aixtools avatar Dec 05 '23 14:12 aixtools

The SSL3 role is failing on the new build72-3 machine:

TASK [openssl3 : Transfer openssl binary] **************************************
fatal: [build-osuosl-aix72-ppc64-3]: FAILED! => {"changed": false, "msg": "Failed to find handler for \"/root/.ansible/tmp/ansible-tmp-1703709557.6199305-3073340-55459161035460/source\". Make sure the required command to extract the file is installed. Command \"/usr/bin/tar\" detected as tar type None. GNU tar required. Unable to find required 'unzip' or 'zipinfo' binary in the path."}
``

sxa avatar Dec 27 '23 20:12 sxa

@Haroon-Khel @sej-jackson Can we make this work with the default AIX tooling?

sxa avatar Jan 04 '24 14:01 sxa

Update: Ive installed openssl3 manually. Kicked off a playbook run here, https://awx2.adoptopenjdk.net/#/jobs/playbook/2425?job_search=page_size:20;order_by:-finished;not__launch_type:sync, to finish off the setup

Haroon-Khel avatar Jan 04 '24 16:01 Haroon-Khel 

TASK [dnf : Fail if python3 is not available] **********************************
fatal: [build-osuosl-aix72-ppc64-3]: FAILED! => {"changed": false, "failed_when_result": true, "stat": {"exists": false}}

Fails because it expects python3 to be in /opt/freeware/bin, its in /opt/bin on the machine. Should be fixed to use any python3 it finds. Will install dnf manually in the meantime

Haroon-Khel avatar Jan 04 '24 16:01 Haroon-Khel

rebuild after manual install of dnf https://awx2.adoptopenjdk.net/#/jobs/playbook/2427?job_search=page_size:20;order_by:-finished;not__launch_type:sync

Haroon-Khel avatar Jan 04 '24 17:01 Haroon-Khel

rebuild after manual install of dnf https://awx2.adoptopenjdk.net/#/jobs/playbook/2427?job_search=page_size:20;order_by:-finished;not__launch_type:sync

That run failed on GPG signature check of the ant download. I've re-run the job and if it fails we should create an issue and reference it from the issue regarding that machine setup: https://github.com/adoptium/infrastructure/issues/3208

sxa avatar Jan 08 '24 12:01 sxa