diff --git a/Vagrantfile b/Vagrantfile index 38d283e..e7ea653 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -4,7 +4,7 @@ VAGRANTFILE_API_VERSION = "2" Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| - config.vm.box = "bento/rockylinux-8" + config.vm.box = "bento/rockylinux-9" config.vm.synced_folder ".", "/vagrant" config.vm.synced_folder ".", "/etc/ansible/roles/dataverse" diff --git a/ec2/ec2-create-instance.sh b/ec2/ec2-create-instance.sh index 2d07974..1ada920 100755 --- a/ec2/ec2-create-instance.sh +++ b/ec2/ec2-create-instance.sh @@ -8,8 +8,10 @@ BRANCH_DEFAULT="develop" PEM_DEFAULT=${HOME} VERBOSE_ARG="" -# rocky linux 8.8 official, us-east-1 -AWS_AMI_DEFAULT='ami-093bfdaaa5ea85b41' +# rocky linux 9.3 official, us-east-1 +#AWS_AMI_DEFAULT='ami-06b7b440778b965d8' +# let's stick with rocky 8.9 until ITs pass +AWS_AMI_DEFAULT='ami-0408f4c4a072e3fb9' usage() { echo "Usage: $0 -b -r -p -g -a -i aws_image -u aws_user -s aws_size -t aws_tag -f aws_security group -e aws_profile -l local_log_path -d -v" 1>&2 diff --git a/files/shibboleth.rocky9.repo b/files/shibboleth.rocky9.repo new file mode 100644 index 0000000..509af03 --- /dev/null +++ b/files/shibboleth.rocky9.repo @@ -0,0 +1,9 @@ +[shibboleth] +name=Shibboleth (rockylinux9) +# Please report any problems to https://shibboleth.atlassian.net/jira +type=rpm-md +mirrorlist=https://shibboleth.net/cgi-bin/mirrorlist.cgi/rockylinux9 +gpgcheck=1 +gpgkey=https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key + https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key +enabled=1 diff --git a/tasks/aws_cli.yml b/tasks/aws_cli.yml index b5d840f..6cefc5d 100644 --- a/tasks/aws_cli.yml +++ b/tasks/aws_cli.yml @@ -7,6 +7,10 @@ # when: (ansible_os_family == "RedHat") and # (ansible_distribution_major_version) == "8" +- name: rocky9 needs codereadybuilder + ansible.builtin.shell: + cmd: 'dnf config-manager --set-enabled crb' + - name: just use OS-included binary for now ansible.builtin.package: name: awscli diff --git a/tasks/dataverse-apache.yml b/tasks/dataverse-apache.yml index a74350a..8e23caa 100644 --- a/tasks/dataverse-apache.yml +++ b/tasks/dataverse-apache.yml @@ -103,13 +103,14 @@ mode: 0644 notify: enable and restart apache -- name: this package provides semanage on RHEL / Rocky 8 - package: +- name: this package provides semanage on RHEL / Rocky 8 and 9 + ansible.builtin.package: name: policycoreutils-python-utils state: latest when: - ansible_os_family == "RedHat" - ansible_distribution_major_version == "8" + or ansible_distribution_major_version == "9" - name: remove unnecessary mod_cgi ansible.builtin.file: diff --git a/tasks/dataverse-counter.yml b/tasks/dataverse-counter.yml index 36ad018..8c112fb 100644 --- a/tasks/dataverse-counter.yml +++ b/tasks/dataverse-counter.yml @@ -4,10 +4,21 @@ debug: msg: '##### MAKE DATA COUNT #####' -- name: ensure python3-pip. Ansible on RHEL/Rocky now requires 3.8 - yum: +- name: ensure python3-pip. Ansible on RHEL/Rocky 8 now requires 3.8 + ansible.builtin.package: name: python38-pip state: latest + when: + - ansible_os_family == "RedHat" + - ansible_distribution_major_version == "8" + +- name: ensure python39-pip on RHEL/Rocky 9 + ansible.builtin.package: + name: python3-pip + state: latest + when: + - ansible_os_family == "RedHat" + - ansible_distribution_major_version == "9" - name: ensure counter user exists user: diff --git a/tasks/dataverse-install.yml b/tasks/dataverse-install.yml index 110b72d..d3ec653 100644 --- a/tasks/dataverse-install.yml +++ b/tasks/dataverse-install.yml @@ -137,8 +137,8 @@ set_fact: python_bin: '/usr/bin/python3' when: - - ansible_os_family == "RedHat" - - ansible_distribution_major_version == "8" + - ansible_os_family == "RedHat" and + (ansible_distribution_major_version == "8") or (ansible_distribution_major_version == "9") - name: Debian only offers Python3 nowadays set_fact: diff --git a/tasks/dataverse-prereqs.yml b/tasks/dataverse-prereqs.yml index 75e2364..14ff197 100644 --- a/tasks/dataverse-prereqs.yml +++ b/tasks/dataverse-prereqs.yml @@ -46,16 +46,23 @@ name: ['bash-completion', 'git', 'jq', 'mlocate', 'net-tools', 'sudo', 'unzip', 'python3-psycopg2', 'zip', 'tar'] state: latest -- name: "RHEL/Rocky 8.6 provides Ansible 5.4 which wants Python-3.8" +- name: "RHEL/Rocky 8.6-packaged Ansible wants Python-3.8" ansible.builtin.package: name: ['python38-psycopg2'] state: latest when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "8" +- name: "RHEL/Rocky 9 provides Python-3.9" + ansible.builtin.package: + name: python3-psycopg2 + state: latest + when: ansible_os_family == "RedHat" and + ansible_distribution_major_version == "9" + - name: install java-nnn-openjdk and other packages for RedHat/Rocky yum: - name: ['java-{{ java.version }}-openjdk-devel', 'tzdata-java', 'python38', 'vim-enhanced'] + name: ['java-{{ java.version }}-openjdk-devel', 'tzdata-java', 'vim-enhanced'] state: latest when: ansible_os_family == "RedHat" @@ -70,7 +77,7 @@ name: GraphicsMagick when: - ansible_os_family == "RedHat" - - ansible_distribution_major_version == "8" + - ansible_distribution_major_version == "8" or ansible_distribution_major_version == "9" - dataverse.thumbnails - name: install GraphicsMagic on Debian/Ubuntu for thumbnail generation diff --git a/tasks/rserve.yml b/tasks/rserve.yml index 22ff243..475b8ff 100644 --- a/tasks/rserve.yml +++ b/tasks/rserve.yml @@ -10,17 +10,22 @@ state: latest when: ansible_os_family == "RedHat" -- name: RHEL8 needs codeready-builder +- name: RHEL8/9 need codeready-builder rhsm_repository: name: codeready-builder-for-rhel-8-x86_64-rpms - when: ansible_distribution == "RedHat" and - ansible_distribution_major_version == "8" + when: (ansible_distribution == "RedHat" and ansible_distribution_major_version == "8") or + (ansible_distribution == "RedHat" and ansible_distribution_major_version == "9") -- name: Rocky needs powertools +- name: Rocky 8 needs powertools shell: "dnf config-manager --enable powertools" when: ansible_distribution == "Rocky" and ansible_distribution_major_version == "8" +- name: Rocky 9 calls it crb + shell: "dnf config-manager --enable crb" + when: ansible_distribution == "Rocky" and + ansible_distribution_major_version == "9" + - name: install base packages yum: name: "{{ packages }}" diff --git a/tasks/sampledata.yml b/tasks/sampledata.yml index 202ccf3..ee1ac1a 100644 --- a/tasks/sampledata.yml +++ b/tasks/sampledata.yml @@ -14,6 +14,17 @@ ansible.builtin.package: name: python38-pip state: latest + when: + - ansible_os_family == "RedHat" + - ansible_distribution_major_version == "8" + +- name: "RHEL/Rocky 9 packages Python-3.9" + ansible.builtin.package: + name: python3-pip + state: latest + when: + - ansible_os_family == "RedHat" + - ansible_distribution_major_version == "9" - name: clone sampledata repo git: diff --git a/tasks/sanity-checks.yml b/tasks/sanity-checks.yml index 794e684..be088ad 100644 --- a/tasks/sanity-checks.yml +++ b/tasks/sanity-checks.yml @@ -7,6 +7,13 @@ ansible_distribution_major_version == "8" and db.postgres.version < 10 +- name: RHEL9 and RockyLinux likely require PG13 + set_fact: + die: "RHEL/Rocky 9 packages PostgresQL 13 and likely won't work with earlier versions." + when: ansible_os_family == "RedHat" and + ansible_distribution_major_version == "9" and + db.postgres.version < 13 + - name: Shibboleth requires AJP set_fact: die: "Shibboleth requires AJP" diff --git a/tasks/selinux.yml b/tasks/selinux.yml index e10a390..95ae828 100644 --- a/tasks/selinux.yml +++ b/tasks/selinux.yml @@ -10,29 +10,34 @@ - policycoreutils when: ansible_os_family == 'RedHat' -# Ansible seboolean module is broken on RHEL/Rocky 8.6. dls 20220602 -#- name: set httpd_can_network_connect on and keep it persistent across reboots -# seboolean: -# name: httpd_can_network_connect -# state: yes -# persistent: yes -# when: ansible_os_family == 'RedHat' +# Ansible seboolean works on Rocky 9, 8.6 handled below. +- name: set httpd_can_network_connect on and keep it persistent across reboots + seboolean: + name: httpd_can_network_connect + state: yes + persistent: yes + when: + - ansible_os_family == 'RedHat' + - ansible_distribution_major_version == "9" +# Ansible seboolean module is broken on RHEL/Rocky 8.6, use shell cmd instead. - name: allow apache to make outbound connections shell: '/usr/sbin/setsebool -P httpd_can_network_connect 1' when: - ansible_os_family == "RedHat" - ansible_distribution_major_version == "8" -# Ansible seboolean module is broken on RHEL/Rocky 8.6. dls 20220602 -#- name: allow apache to read user content by default -# seboolean: -# name: httpd_read_user_content -# state: yes -# persistent: yes -# when: -# - ansible_os_family == "RedHat" +# Ansible seboolean works on Rocky 9, 8.6 handled below. +- name: allow apache to read user content by default + seboolean: + name: httpd_read_user_content + state: yes + persistent: yes + when: + - ansible_os_family == "RedHat" + - ansible_distribution_major_version == "9" +# Ansible seboolean module is broken on RHEL/Rocky 8.6. dls 20220602 - name: allow apache to read user content by default shell: 'setsebool -P httpd_read_user_content 1' when: diff --git a/tasks/shibboleth.yml b/tasks/shibboleth.yml index c09f305..b01b77c 100644 --- a/tasks/shibboleth.yml +++ b/tasks/shibboleth.yml @@ -16,7 +16,18 @@ owner: root group: root mode: 0644 - when: ansible_distribution == "Rocky" + when: ansible_distribution == "Rocky" and + ansible_distribution_major_version == "8" + +- name: install shibboleth repo for Rocky 9 + ansible.builtin.copy: + src: 'shibboleth.rocky9.repo' + dest: /etc/yum.repos.d/shibboleth.repo + owner: root + group: root + mode: 0644 + when: ansible_distribution == "Rocky" and + ansible_distribution_major_version == "9" - name: install shibboleth repo for RHEL/CentOS 8 ansible.builtin.copy: diff --git a/tests/group_vars/vagrant.yml b/tests/group_vars/vagrant.yml index 0b5b196..cc43593 100644 --- a/tests/group_vars/vagrant.yml +++ b/tests/group_vars/vagrant.yml @@ -301,6 +301,11 @@ grafana: grafana_user: 'admin' grafana_password: 'admin' +harvest: + oaiserver: + maxidentifiers: 2 + maxrecords: 2 + java: version: 17