diff --git a/README.md b/README.md index 78e3fdb3..cecff47b 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Before you start, please be sure to check out [Frequently Asked Questions](https For HCL Connections 7 dependencies this means that: -* Database will be installed (IBM DB2, Oracle or Microsoft SQL Server), configured as per Performance tunning guide for HCL Connections, and license applied. Please note: the license, the same one from FlexNet, will be applied only to IBM DB2 v11.1. If you want to learn more about using HCL Connections with different database backends, please [check out this document](https://github.com/HCL-TECH-SOFTWARE/connections-automation/blob/main/documentation/howtos/setup_connections_with_different_database_backends.md). +* Database will be installed (IBM DB2, Oracle or Microsoft SQL Server), configured as per Performance tunning guide for HCL Connections, and license applied. Please note: the license, the same one from FlexNet, will be applied only to IBM DB2 v11.5. If you want to learn more about using HCL Connections with different database backends, please [check out this document](https://github.com/HCL-TECH-SOFTWARE/connections-automation/blob/main/documentation/howtos/setup_connections_with_different_database_backends.md). * HCL Connections Wizard will populate the database with needed schemas and grants. * If needed for demo or even production purposes, OpenLDAP will be spun up and seeded with some demo users. OpenLDAP will be spun up with SSL enabled, as needed later for setting up IBM WebSphere Application Server properly. * IBM TDI will be installed, configured, and run to populate profiles database in IBM DB2 with users from OpenLDAP @@ -85,9 +85,9 @@ DB2: total 2067052 drwxr-xr-x. 2 dmenges orion 96 Nov 19 11:01 . drwxr-xr-x. 13 root orion 192 Nov 18 08:33 .. --rw-r--r--. 1 dmenges dmenges 3993254 Oct 16 13:13 CNB23ML.zip --rw-r--r--. 1 dmenges orion 250880000 Jun 3 10:48 v11.1.4fp5_jdbc_sqlj.tar.gz --rw-r--r--. 1 dmenges orion 1861783964 Apr 23 2020 v11.1.4fp5_linuxx64_universal_fixpack.tar.gz +-rw-r--r--. 1 dmenges dmenges 3993254 Oct 16 13:13 DB2_ESE_AUSI_Activation_11.5.zip +-rw-r--r--. 1 dmenges orion 250880000 Jun 3 10:48 v11.5.6_jdbc_sqlj.tar.gz +-rw-r--r--. 1 dmenges orion 1861783964 Apr 23 2020 v11.5.6_linuxx64_universal_fixpack.tar.gz Docs: total 1397484 @@ -433,7 +433,7 @@ ansible-playbook -i environments/examples/cnx7/db2/inventory.ini playbooks/hcl/s ### Running post installation tasks -If you don't plan on installing the Component Pack and `cnx_application_ingress` is set to a host that can access the Connections server frontend (eg. IHS) via a browser now, run this playbook to set up some post installation bits and pieces to make the Connections deployment accessible. Otherwise, continue to the Component Pack deployment before testing the deployment. +If you don't plan on installing the Component Pack and `cnx_application_ingress` is set to a host that can access the Connections server frontend (eg. IHS) via a browser now, run this playbook to set up some post installation bits and pieces to make the Connections deployment accessible. Otherwise, continue to the Component Pack deployment before testing the deployment. ``` ansible-playbook -i environments/examples/cnx7/db2/inventory.ini playbooks/hcl/connections-post-install.yml diff --git a/documentation/VARIABLES.md b/documentation/VARIABLES.md index 9dd60a6d..37fb674b 100644 --- a/documentation/VARIABLES.md +++ b/documentation/VARIABLES.md @@ -215,6 +215,9 @@ cnx_enable_moderation | false | true will install and configure Moderation global_moderator | *none* - optional | Global moderator user cnx_enable_full_icec | false | true will configure full CEC cnx_enable_lang_selector | false | true will enable and add additional languages to the language selector +enable_homepage_switcher | true | set `com.ibm.orient.isHomepageSwitcherEnabled` in LotusConnections-config.xml +enable_orientme_default_hp | true | true will set `com.ibm.orient.isOrientHomepage` in LotusConnections-config.xml +enable_action_center | enabled | set `actioncenter` in LotusConnections-config.xml mail_outgoing_server | *none* - optional | Mail notification outgoing server. When set, it will also set the SMTP port according to `{{ mail_smtp_port }}` mail_smtp_port | 25 | Mail SMTP port, set when `{{ mail_outgoing_server }}` is defined cnx_updates_enabled | false | true will upgrade Connections if a new version is available in cnx_repository_url diff --git a/documentation/howtos/setup_connections_with_different_database_backends.md b/documentation/howtos/setup_connections_with_different_database_backends.md index 700fa83f..1ca37a51 100644 --- a/documentation/howtos/setup_connections_with_different_database_backends.md +++ b/documentation/howtos/setup_connections_with_different_database_backends.md @@ -1,6 +1,6 @@ # Using different database backends with HCL Connections' automation -Automated and tested database backends by HCL are IBM DB2 11.1, Oracle 19c and Microsoft SQL Server 2019. Please note that automated and tested only implies that it is covered by this automation, and does not mean it is (not) officially supported by HCL. +Automated and tested database backends by HCL are IBM DB2 11.5.6, Oracle 19c and Microsoft SQL Server 2019. Please note that automated and tested only implies that it is covered by this automation, and does not mean it is (not) officially supported by HCL. ## What did we change? @@ -19,9 +19,9 @@ By default, they are set to false, which means that if you don specifically say This applies only for HCL Connections. -## Defaults and IBM DB2 11.1 +## Defaults and IBM DB2 11.5.6 -First supported database with this automation was IBM DB2 v11.1. +First supported database with this automation was IBM DB2 v11.5.6 To install Connections by using DB2 as a backend, all you need is this: @@ -44,9 +44,28 @@ db_username=LCUSER db_password=password db_hostname=db1.internal.example.com db_port=50000 -db_jdbc_file=/opt/IBM/db2/V11.1/java db_type=DB2 ``` +To install Connections by using DB2 v11.1 as a backend, addition to the above set of parameters you need to set(by default it is set to false): + +``` +install_latest_db2=false +``` + +To terminate the script when already installed version of DB2 (if any) on the system is different than the version that user expects you need to set(by default it is set to false). +``` +force_check_db2_version_mismatch=True +``` +If force_check_db2_version_mismatch is set to true: +- If already installed version on the system is different than the version that user expects - Script fails. +- If already installed version on the system is same as user's expectation - No change, existing flow. +- No existing DB2 installed - Install DB2 with the version derived from var install_latest_db2. + +If force_check_db2_version_mismatch is set to false: +- If already installed version on the system is different than the version that user expects - Script continues with the existing installed DB2 version. Also it overwrites variable's defaults which are needed for DB2 installation. +- If already installed version on the system is same as user's expectation - No change, existing flow. +- No existing DB2 installed - Install DB2 with the version derived from var install_latest_db2. + HCL Connections installer will use this set of parameters when setting up HCL Connections installation: diff --git a/playbooks/third_party/kubernetes/setup-kubernetes.yml b/playbooks/third_party/kubernetes/setup-kubernetes.yml index 3e2b955e..12e1d6ac 100644 --- a/playbooks/third_party/kubernetes/setup-kubernetes.yml +++ b/playbooks/third_party/kubernetes/setup-kubernetes.yml @@ -3,24 +3,28 @@ - name: Install Kubernetes hosts: k8s_masters, k8s_workers become: true + any_errors_fatal: true roles: - roles/third_party/kubernetes/kubernetes-install - name: Setup and initialize Kubernetes master node hosts: k8s_masters become: true + any_errors_fatal: true roles: - roles/third_party/kubernetes/setup-master-node - name: Setup kubectl on masters and workers hosts: k8s_masters, k8s_workers become: true + any_errors_fatal: true roles: - roles/third_party/kubernetes/setup-kubectl - name: Enable PodSecurity Policy hosts: k8s_masters become: true + any_errors_fatal: true roles: - roles/third_party/kubernetes/enable-pod-security-policy @@ -28,6 +32,7 @@ hosts: k8s_masters serial: 1 become: true + any_errors_fatal: true roles: - roles/third_party/kubernetes/install-network-addons @@ -35,23 +40,27 @@ hosts: k8s_masters serial: 1 become: true + any_errors_fatal: true roles: - roles/third_party/kubernetes/join-master-nodes - name: Setup Kubernetes worker nodes hosts: k8s_workers become: true + any_errors_fatal: true roles: - roles/third_party/kubernetes/setup-worker-node - name: Allow pods to run on master in case of single node installation hosts: k8s_masters, k8s_workers become: true + any_errors_fatal: true roles: - roles/third_party/kubernetes/taint-all-nodes - name: Setup Helm hosts: k8s_admin become: true + any_errors_fatal: true roles: - roles/third_party/helm-install diff --git a/playbooks/third_party/setup-database.yml b/playbooks/third_party/setup-database.yml index c8c08d43..45dad4ac 100644 --- a/playbooks/third_party/setup-database.yml +++ b/playbooks/third_party/setup-database.yml @@ -1,8 +1,11 @@ - name: Setup DB2 import_playbook: setup-db2.yml + when: "'db2_servers' in groups" - name: Setup Oracle import_playbook: setup-oracle.yml + when: "'oracle_servers' in groups" - name: Setup MSSQL import_playbook: setup-mssql.yml + when: "'mssql_servers' in groups" diff --git a/roles/hcl/component-pack/post-install-config/tasks/setup_orientme.yml b/roles/hcl/component-pack/post-install-config/tasks/setup_orientme.yml index 44c795bb..ac1b9933 100644 --- a/roles/hcl/component-pack/post-install-config/tasks/setup_orientme.yml +++ b/roles/hcl/component-pack/post-install-config/tasks/setup_orientme.yml @@ -8,12 +8,12 @@ when: cnx_setup_mt is not defined or not cnx_setup_mt|bool # internal use only, do not set cnx_setup_mt to true. This is set via auto-deploy when MT. -- name: Enable action center in LCC.xml +- name: "Update actioncenter in LCC.xml to {{ __enable_action_center | lower }}" xml: path: "{{ __lcc_full_path }}" namespaces: "{{ __lcc_namespaces }}" xpath: "{{ __lcc_action_center_xpath }}" - value: "enabled" + value: "{{ __enable_action_center | lower }}" # Query element text using XPath - name: Get current value of isHomepageSwitcherEnabled diff --git a/roles/hcl/component-pack/post-install-config/vars/main.yml b/roles/hcl/component-pack/post-install-config/vars/main.yml index b0b88251..9b9d8ec1 100644 --- a/roles/hcl/component-pack/post-install-config/vars/main.yml +++ b/roles/hcl/component-pack/post-install-config/vars/main.yml @@ -41,6 +41,7 @@ __lcc_genprop_default_hpswitch_xpath: "/tns:config/tns:properties/tns:genericPr __enable_homepage_switcher: "{{ enable_homepage_switcher | default('true') }}" __enable_orientme_default_hp: "{{ enable_orientme_default_hp | default('true') }}" +__enable_action_center: "{{ enable_action_center | default('enabled') }}" # appreg __lcc_version_xpath: "/tns:config/tns:properties" diff --git a/roles/hcl/component-pack/templates/helmvars/kudosboards.yml.j2 b/roles/hcl/component-pack/templates/helmvars/kudosboards.yml.j2 index 8b7a3e04..205ef1c3 100644 --- a/roles/hcl/component-pack/templates/helmvars/kudosboards.yml.j2 +++ b/roles/hcl/component-pack/templates/helmvars/kudosboards.yml.j2 @@ -29,12 +29,14 @@ webfront: ingress: annotations: nginx.ingress.kubernetes.io/rewrite-target: /$1 + kubernetes.io/ingress.class: nginx path: /boards/(.*) # This hostname must match other Ingresses defined in your CP environment # If all ingresses start with * you must match the pattern, or all traffic will be routed to Boards and everything will break # kubectl get ingresses --all-namespaces hosts: {% if __ingress_multi_domain_enabled == "true" %} + - "*.{{ load_balancer_dns.split('.', 1)[1] }}" {% if load_balancer_dns != frontend_fqdn %} - "*.{{ frontend_fqdn.split('.', 1)[1] }}" {% endif %} @@ -45,13 +47,6 @@ webfront: core: image: name: kudosboards-core - env: - NOTIFIER_EMAIL_HOST: smtp.example.com - NOTIFIER_EMAIL_USERNAME: user123 - NOTIFIER_EMAIL_PASSWORD: passw0rd - # APP_NAME: Kudos Boards # Used for all notifications, e.g. Orient Me - # NOTIFIER_EMAIL_FROM_NAME: Kudos Boards - # NOTIFIER_EMAIL_FROM_EMAIL: boards@connections.example.com ingress: annotations: nginx.ingress.kubernetes.io/rewrite-target: /$1 @@ -90,13 +85,23 @@ user: # CONNECTIONS_NAME: HCL Connections CONNECTIONS_CLIENT_ID: kudosboards CONNECTIONS_URL: https://{{ frontend_fqdn }} - CONNECTIONS_CLIENT_SECRET: {{ kudosboards_secret.stdout_lines | last }} + CONNECTIONS_CLIENT_SECRET: {{ kudosboards_secret.stdout_lines | last }} CONNECTIONS_ADMINS: "[\"admin1@company.example.com\", \"boss2@company.example.com\", \"PROF_GUID_3\"]" provider: image: name: kudosboards-provider +events: + image: + name: kudosboards-boards-event + env: + NOTIFIER_EMAIL_HOST: smtp.example.com + NOTIFIER_EMAIL_USERNAME: user123 + NOTIFIER_EMAIL_PASSWORD: passw0rd + # NOTIFIER_EMAIL_FROM_NAME: Kudos Boards + # NOTIFIER_EMAIL_FROM_EMAIL: boards@connections.example.com + migration: image: name: kudosboards-activity-migration diff --git a/roles/hcl/connections-wizards/tasks/main.yml b/roles/hcl/connections-wizards/tasks/main.yml index 282e8424..fae029f4 100644 --- a/roles/hcl/connections-wizards/tasks/main.yml +++ b/roles/hcl/connections-wizards/tasks/main.yml @@ -1,7 +1,10 @@ --- -- name: Pre-check DB2 version +- name: Pre-check DB2 version include_tasks: precheck_DB2_version.yml - + when: + - __setup_connections_wizards |bool + - "'db2_servers' in groups" + - name: Setup Connections Wizards on DB2 include_tasks: setup_connections_wizards.yml when: diff --git a/roles/hcl/connections/mt/tasks/main.yml b/roles/hcl/connections/mt/tasks/main.yml index 73d6bc91..397eae2a 100644 --- a/roles/hcl/connections/mt/tasks/main.yml +++ b/roles/hcl/connections/mt/tasks/main.yml @@ -9,6 +9,8 @@ - name: Pre-check DB2 version include_tasks: precheck_DB2_version.yml + when: + - "'db2_servers' in groups" - name: Define Vars include_tasks: define_vars.yml diff --git a/roles/hcl/connections/post_install_config/tasks/setup_invite_config.yml b/roles/hcl/connections/post_install_config/tasks/setup_invite_config.yml index 369f47ff..b3be9561 100644 --- a/roles/hcl/connections/post_install_config/tasks/setup_invite_config.yml +++ b/roles/hcl/connections/post_install_config/tasks/setup_invite_config.yml @@ -28,7 +28,7 @@ xml: path: "{{ __selfreg_full_path }}" xpath: "{{ __selfreg_invite_usertype_xpath }}" - value: "{{ invite_user_type | default('internal') }}" + value: "{{ invite_user_type | default('external') }}" when: - __cnx_major_version is version('7', '>=') diff --git a/roles/hcl/connections/tasks/main.yml b/roles/hcl/connections/tasks/main.yml index 051d3b38..204b25e0 100644 --- a/roles/hcl/connections/tasks/main.yml +++ b/roles/hcl/connections/tasks/main.yml @@ -11,6 +11,8 @@ - name: Pre-check DB2 version include_tasks: precheck_DB2_version.yml + when: + - "'db2_servers' in groups" - name: Define Vars include_tasks: define_vars.yml diff --git a/roles/hcl/docs/tasks/main.yml b/roles/hcl/docs/tasks/main.yml index 6613bd3a..6b599c42 100644 --- a/roles/hcl/docs/tasks/main.yml +++ b/roles/hcl/docs/tasks/main.yml @@ -7,6 +7,8 @@ - name: Pre-check DB2 version include_tasks: precheck_DB2_version.yml + when: + - "'db2_servers' in groups" - name: Download Docs installer to Docs env include_tasks: download_docs.yml diff --git a/roles/third_party/docker-install/tasks/install_docker.yml b/roles/third_party/docker-install/tasks/install_docker.yml deleted file mode 100644 index 3b4cd277..00000000 --- a/roles/third_party/docker-install/tasks/install_docker.yml +++ /dev/null @@ -1,107 +0,0 @@ ---- -- name: Show me Linux distribution - debug: - msg: "{{ ansible_distribution }}" - -- name: Show me Linux distribution version - debug: - msg: "{{ ansible_distribution_version }}" - -- name: Add Docker repo - get_url: - url: https://download.docker.com/linux/centos/docker-ce.repo - dest: /etc/yum.repos.d/docker-ce.repo - -- name: Replace baseurl on RedHat - replace: - path: /etc/yum.repos.d/docker-ce.repo - regexp: '^baseurl.*$' - replace: 'baseurl=https://download.docker.com/linux/centos/7/x86_64/stable' - when: - - ansible_distribution == "RedHat" - -- name: Enable Docker stable repo - ini_file: - dest: /etc/yum.repos.d/docker-ce.repo - section: 'docker-ce-stable' - option: enabled - value: 1 - -- name: Disable Docker Edge repo - ini_file: - dest: /etc/yum.repos.d/docker-ce.repo - section: 'docker-ce-edge' - option: enabled - value: 0 - -- name: Disable Docker Test repo - ini_file: - dest: /etc/yum.repos.d/docker-ce.repo - section: 'docker-ce-test' - option: enabled - value: 0 - -- name: Install containerd.io {{ __containerd_version }} - package: - name: containerd.io-{{ __containerd_version }} - state: present - allow_downgrade: yes - when: - - ansible_os_family == "RedHat" - -- name: Install docker-ce {{ __docker_version }} - package: - name: docker-ce-{{ __docker_version }} - state: present - allow_downgrade: yes - when: - - ansible_os_family == "RedHat" - -- name: Install docker-ce-cli {{ __docker_version }} - package: - name: docker-ce-cli-{{ __docker_version }} - state: present - allow_downgrade: yes - when: - - ansible_os_family == "RedHat" - -- name: Install pip and passlib modules for Docker - vars: - ansible_python_interpreter: /usr/bin/python3 - pip: - name: ['docker', 'passlib', 'six'] - when: - - ansible_os_family == "RedHat" - -- name: Prepare Docker folders - file: - path: "{{ item }}" - state: directory - with_items: - - "/etc/docker" - - "/etc/docker/auth" - - "/etc/docker/certs" - - "/etc/docker/registry" - - "/etc/docker/certs.d" - - "/etc/docker/certs.d/{{ inventory_hostname }}:5000" - - "/etc/systemd/system/docker.service.d" - -- name: Setup Docker daemon - template: - src: "{{ __docker_daemon_json_template }}" - dest: "{{ __docker_daemon_json_location }}" - when: - - __overlay2_enabled |bool - -- name: Add {{ __kubectl_user }} to the group docker - user: - name: "{{ __kubectl_user }}" - groups: docker - append: yes - -- name: Start Docker service - service: - name: docker - state: started - enabled: yes - daemon_reload: yes diff --git a/roles/third_party/ibm/db2-install/tasks/main.yml b/roles/third_party/ibm/db2-install/tasks/main.yml index 1d66282f..ac310098 100644 --- a/roles/third_party/ibm/db2-install/tasks/main.yml +++ b/roles/third_party/ibm/db2-install/tasks/main.yml @@ -7,15 +7,19 @@ delegate_to: "{{ item }}" with_items: - "{{ groups['db2_servers'] }}" + when: + - "'db2_servers' in group_names" - debug: msg: DB2 is already up and running when: + - "'db2_servers' in group_names" - db2_running.results[0].rc == 0 - name: Pre-check DB2 version include_tasks: precheck_DB2_version.yml when: + - "'db2_servers' in group_names" - db2_running.results[0].rc == 0 - name: Prepare Environment for DB2 @@ -62,6 +66,7 @@ - name: Install jdbc drivers only include_tasks: install_jdbc.yml - when: + when: + - "'db2_servers' in groups" - inventory_hostname in groups["was_servers"] - __setup_db2_jdbc |bool diff --git a/roles/third_party/ibm/tdi-install/tasks/main.yml b/roles/third_party/ibm/tdi-install/tasks/main.yml index 3accacfd..1d5b6983 100644 --- a/roles/third_party/ibm/tdi-install/tasks/main.yml +++ b/roles/third_party/ibm/tdi-install/tasks/main.yml @@ -4,6 +4,8 @@ - name: Pre-check DB2 version include_tasks: precheck_DB2_version.yml + when: + - "'db2_servers' in groups" - name: Download and install TDI include_tasks: tdi_install.yml @@ -14,7 +16,7 @@ - name: TDI Upgrade from java 7 to 8 include_tasks: upgrade-tdi-jre.yml - when: __upgrade_tdi_jre | bool + when: __upgrade_tdi_jre | bool or __cnx_major_version is version('7', '>') - name: Download and install tdisol include_tasks: tdisol_install.yml diff --git a/roles/third_party/ibm/tdi-install/vars/main.yml b/roles/third_party/ibm/tdi-install/vars/main.yml index cd8898d6..996017c8 100644 --- a/roles/third_party/ibm/tdi-install/vars/main.yml +++ b/roles/third_party/ibm/tdi-install/vars/main.yml @@ -2,6 +2,7 @@ __tdi_upgrade: "{{ tdi_upgrade_enable | default(true) }}" __upgrade_tdi_jre: "{{ upgrade_tdi_jre | default(false) |lower }}" +__cnx_major_version: "{{ cnx_major_version | default('7') }}" __cnx_updates_enabled: "{{ cnx_updates_enabled | default(false) |lower }}" __download_location: "{{ tdi_download_location | default('http://c7lb1.cnx.cwp.pnp-hcl.com:8001/TDI') }}" diff --git a/roles/third_party/ibm/wasnd/was-dmgr-config-interceptor/was-dmgr-config-interceptor/tasks/main.yml b/roles/third_party/ibm/wasnd/was-dmgr-config-interceptor/was-dmgr-config-interceptor/tasks/main.yml deleted file mode 100644 index 2915a1f1..00000000 --- a/roles/third_party/ibm/wasnd/was-dmgr-config-interceptor/was-dmgr-config-interceptor/tasks/main.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- - - name: "Verify if Profile already exists" - stat: - path: "{{ __was_install_location }}/profiles/{{ __profile_name }}" - register: profile_already_exists - - - name: Verify if pid file - shell: ps -p `cat "{{ __was_install_location }}/profiles/{{ __profile_name }}/logs/dmgr/dmgr.pid"` - register: dmgr_is_running - ignore_errors: true - - - name: "Verify if certificate {{ __trust_interceptor_name }} is already added" - stat: - path: "{{ __bin_dir }}/add_interceptor_{{ __trust_interceptor_name }}.success" - register: interceptor_already_added - when: profile_already_exists.stat.exists |bool - - - name: "Generate Response file" - template: - src: "{{ __tpl_file }}" - dest: "{{ __rsp_file }}" - when: not interceptor_already_added.stat.exists - - - name: "Add trust association interceptor {{ __trust_interceptor_name }}" - command: - chdir={{ __bin_dir }} - {{ __bin_dir }}/wsadmin.sh -lang jython -port {{ __dmgr_soap_port }} -username {{ __was_username }} -password {{ __was_password }} -f {{ __rsp_file }} - register: cout - changed_when: cout.rc == 0 - when: not interceptor_already_added.stat.exists - - - name: Create add_interceptor_{{ __trust_interceptor_name }}.success file - file: - path: "{{ __bin_dir }}/add_interceptor_{{ __trust_interceptor_name }}.success" - state: touch diff --git a/roles/third_party/ibm/wasnd/was-dmgr-config-interceptor/was-dmgr-config-interceptor/templates/add_trust_assoc_interceptor.py.j2 b/roles/third_party/ibm/wasnd/was-dmgr-config-interceptor/was-dmgr-config-interceptor/templates/add_trust_assoc_interceptor.py.j2 deleted file mode 100644 index 5aad2aab..00000000 --- a/roles/third_party/ibm/wasnd/was-dmgr-config-interceptor/was-dmgr-config-interceptor/templates/add_trust_assoc_interceptor.py.j2 +++ /dev/null @@ -1,19 +0,0 @@ -# Add trust association interceptor - -inteceptors = AdminTask.listInterceptors() - -# add if inteceptors doesn't exist -if inteceptors.find('{{ __trust_interceptor_name.lower() }}') < 0: -{% set ns = namespace(allprops="") %} -{% for prop in __trust_interceptor_prop %} -{% set propkeyvalue="\""+prop.name+"="+prop.value+"\"" %} -{% if loop.index > 1 %} -{% set ns.allprops=ns.allprops+", " +propkeyvalue %} -{% else %} -{% set ns.allprops=propkeyvalue %} -{% endif %} -{% endfor %} - AdminTask.configureInterceptor('[-interceptor {{ __trust_interceptor_name }} -customProperties [{{ ns.allprops }}]]') - AdminConfig.save() -else: - print "{{ __trust_interceptor_name }} already exists." diff --git a/roles/third_party/ibm/wasnd/was-dmgr-config-interceptor/was-dmgr-config-interceptor/vars/main.yml b/roles/third_party/ibm/wasnd/was-dmgr-config-interceptor/was-dmgr-config-interceptor/vars/main.yml deleted file mode 100644 index 33c58aba..00000000 --- a/roles/third_party/ibm/wasnd/was-dmgr-config-interceptor/was-dmgr-config-interceptor/vars/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - __was_install_location: "{{ was_install_location | default('/opt/IBM/WebSphere/AppServer') }}" - __profile_name: "{{ profile_name | default('Dmgr01') }}" - __was_cellname: "{{ was_cellname | default('ConnectionsCell') }}" - __app_profile_name: "{{ app_profile_name | default('AppSrv01') }}" - __default_nodename: "{{ inventory_hostname_short }}-node" - __nodeName: "{{ nodeName | default( __default_nodename ) }}" - __dmgr_soap_port: "{{ dmgr_soap_port | default('8879')}}" - __was_username: "{{ was_username }}" - __was_password: "{{ was_password }}" - __bin_dir: "{{ __was_install_location }}/profiles/{{ __profile_name }}/bin" - - __tpl_file: "add_trust_assoc_interceptor.py.j2" - __rsp_file: "{{ __bin_dir }}/add_trust_assoc_interceptor.py" - - __msteams_tenant_id: "{{ integrations_msteams_tenant_id | default('changeme') }}" - __msteams_login_host: "{{ integrations_msteams_login_host | default('login.microsoftonline.com') }}" - __msteams_login_version: "{{ integrations_msteams_login_version | default('v2.0') }}" - __msteams_jwk_endpoint: "{{ integrations_msteams_jwk_endpoint | default('discovery/v2.0/keys') }}" diff --git a/roles/third_party/ibm/wasnd/was-dmgr-config-interceptor/was-dmgr-config-interceptor/was-dmgr-config-interceptor/tasks/main.yml b/roles/third_party/ibm/wasnd/was-dmgr-config-interceptor/was-dmgr-config-interceptor/was-dmgr-config-interceptor/tasks/main.yml deleted file mode 100644 index b2de0bb3..00000000 --- a/roles/third_party/ibm/wasnd/was-dmgr-config-interceptor/was-dmgr-config-interceptor/was-dmgr-config-interceptor/tasks/main.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- - - name: "Verify if Profile already exists" - stat: - path: "{{ __was_install_location }}/profiles/{{ __profile_name }}" - register: profile_already_exists - - - name: Verify if pid file - shell: ps -p `cat "{{ __was_install_location }}/profiles/{{ __profile_name }}/logs/dmgr/dmgr.pid"` - register: dmgr_is_running - ignore_errors: true - - - name: "Verify if certificate {{ __trust_interceptor_name }} is already added" - stat: - path: "{{ __bin_dir }}/add_interceptor_{{ __trust_interceptor_name }}.success" - register: interceptor_already_added - when: profile_already_exists.stat.exists == true - - - name: "Generate Response file" - template: - src: "{{ __tpl_file }}" - dest: "{{ __rsp_file }}" - when: interceptor_already_added.stat.exists == false - - - name: "Add trust association interceptor {{ __trust_interceptor_name }}" - command: - chdir={{ __bin_dir }} - {{ __bin_dir }}/wsadmin.sh -lang jython -port {{ __dmgr_soap_port }} -username {{ __was_username }} -password {{ __was_password }} -f {{ __rsp_file }} - register: cout - changed_when: cout.rc == 0 - when: interceptor_already_added.stat.exists == false - - - name: Create add_interceptor_{{ __trust_interceptor_name }}.success file - file: - path: "{{ __bin_dir }}/add_interceptor_{{ __trust_interceptor_name }}.success" - state: touch diff --git a/roles/third_party/ibm/wasnd/was-dmgr-config-interceptor/was-dmgr-config-interceptor/was-dmgr-config-interceptor/templates/add_trust_assoc_interceptor.py.j2 b/roles/third_party/ibm/wasnd/was-dmgr-config-interceptor/was-dmgr-config-interceptor/was-dmgr-config-interceptor/templates/add_trust_assoc_interceptor.py.j2 deleted file mode 100644 index 5aad2aab..00000000 --- a/roles/third_party/ibm/wasnd/was-dmgr-config-interceptor/was-dmgr-config-interceptor/was-dmgr-config-interceptor/templates/add_trust_assoc_interceptor.py.j2 +++ /dev/null @@ -1,19 +0,0 @@ -# Add trust association interceptor - -inteceptors = AdminTask.listInterceptors() - -# add if inteceptors doesn't exist -if inteceptors.find('{{ __trust_interceptor_name.lower() }}') < 0: -{% set ns = namespace(allprops="") %} -{% for prop in __trust_interceptor_prop %} -{% set propkeyvalue="\""+prop.name+"="+prop.value+"\"" %} -{% if loop.index > 1 %} -{% set ns.allprops=ns.allprops+", " +propkeyvalue %} -{% else %} -{% set ns.allprops=propkeyvalue %} -{% endif %} -{% endfor %} - AdminTask.configureInterceptor('[-interceptor {{ __trust_interceptor_name }} -customProperties [{{ ns.allprops }}]]') - AdminConfig.save() -else: - print "{{ __trust_interceptor_name }} already exists." diff --git a/roles/third_party/ibm/wasnd/was-dmgr-config-interceptor/was-dmgr-config-interceptor/was-dmgr-config-interceptor/vars/main.yml b/roles/third_party/ibm/wasnd/was-dmgr-config-interceptor/was-dmgr-config-interceptor/was-dmgr-config-interceptor/vars/main.yml deleted file mode 100644 index 33c58aba..00000000 --- a/roles/third_party/ibm/wasnd/was-dmgr-config-interceptor/was-dmgr-config-interceptor/was-dmgr-config-interceptor/vars/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - __was_install_location: "{{ was_install_location | default('/opt/IBM/WebSphere/AppServer') }}" - __profile_name: "{{ profile_name | default('Dmgr01') }}" - __was_cellname: "{{ was_cellname | default('ConnectionsCell') }}" - __app_profile_name: "{{ app_profile_name | default('AppSrv01') }}" - __default_nodename: "{{ inventory_hostname_short }}-node" - __nodeName: "{{ nodeName | default( __default_nodename ) }}" - __dmgr_soap_port: "{{ dmgr_soap_port | default('8879')}}" - __was_username: "{{ was_username }}" - __was_password: "{{ was_password }}" - __bin_dir: "{{ __was_install_location }}/profiles/{{ __profile_name }}/bin" - - __tpl_file: "add_trust_assoc_interceptor.py.j2" - __rsp_file: "{{ __bin_dir }}/add_trust_assoc_interceptor.py" - - __msteams_tenant_id: "{{ integrations_msteams_tenant_id | default('changeme') }}" - __msteams_login_host: "{{ integrations_msteams_login_host | default('login.microsoftonline.com') }}" - __msteams_login_version: "{{ integrations_msteams_login_version | default('v2.0') }}" - __msteams_jwk_endpoint: "{{ integrations_msteams_jwk_endpoint | default('discovery/v2.0/keys') }}" diff --git a/roles/third_party/kubernetes/kubernetes-upgrade/tasks/drain_node.yml b/roles/third_party/kubernetes/kubernetes-upgrade/tasks/drain_node.yml index a63c73ce..fc817257 100644 --- a/roles/third_party/kubernetes/kubernetes-upgrade/tasks/drain_node.yml +++ b/roles/third_party/kubernetes/kubernetes-upgrade/tasks/drain_node.yml @@ -2,8 +2,26 @@ debug: msg: "{{ inventory_hostname }}" +- name: Run kubectl version + command: "kubectl version --client --short" + register: kubectl_version_output + ignore_errors: True + +- name: Get kubectl version + set_fact: + kubectl_version: "{{ kubectl_version_output.stdout | regex_search('Client Version:\\sv(.*)', '\\1') | first }}" + when: kubectl_version_output.rc == 0 + - name: Drain the node + command: "{{ item }}" + with_items: + - "kubectl drain {{ inventory_hostname }} --delete-emptydir-data --ignore-daemonsets" + become: false + when: kubectl_version is version('1.20', '>=') + +- name: Drain the node (< v1.20) command: "{{ item }}" with_items: - "kubectl drain {{ inventory_hostname }} --delete-local-data --ignore-daemonsets" become: false + when: kubectl_version is version('1.20', '<') diff --git a/roles/third_party/kubernetes/setup-kubectl/tasks/setup_kubectl.yml b/roles/third_party/kubernetes/setup-kubectl/tasks/setup_kubectl.yml index cb652ff8..9a161fb6 100644 --- a/roles/third_party/kubernetes/setup-kubectl/tasks/setup_kubectl.yml +++ b/roles/third_party/kubernetes/setup-kubectl/tasks/setup_kubectl.yml @@ -6,10 +6,39 @@ - chown {{ __kubectl_user }} /home/{{ __kubectl_user }}/.kube/config when: inventory_hostname == groups['k8s_masters'][0] -- name: Copy .kube to all hosts +- name: Copy .kube to controller synchronize: - src: /home/{{ __kubectl_user }}/.kube - dest: /home/{{ __kubectl_user }}/ - delegate_to: "{{ groups['k8s_masters'][0] }}" + src: "/home/{{ __kubectl_user }}/.kube" + dest: "/tmp/.kube_{{ groups['k8s_masters'][0] }}" + mode: pull + when: inventory_hostname == groups['k8s_masters'][0] + +- name: Copy .kube to all hosts + copy: + src: "/tmp/.kube_{{ groups['k8s_masters'][0] }}" + dest: /tmp/ when: inventory_hostname != groups['k8s_masters'][0] become: false + +- name: "Copy .kube to {{ __kubectl_user }}" + copy: + src: "/tmp/.kube_{{ groups['k8s_masters'][0] }}/" + dest: "/home/{{ __kubectl_user }}/" + remote_src: yes + when: inventory_hostname != groups['docker_registry'][0] + become_user: "{{ __kubectl_user }}" + +- name: Cleanup .kube on controller + local_action: + module: file + state: absent + path: "/tmp/.kube_{{ groups['k8s_masters'][0] }}" + become: false + ignore_errors: yes + +- name: Cleanup .kube on /tmp + file: + state: absent + path: "/tmp/.kube_{{ groups['k8s_masters'][0] }}" + become: false + ignore_errors: yes diff --git a/roles/third_party/mssql-install/tasks/main.yml b/roles/third_party/mssql-install/tasks/main.yml index 097ecd60..a927aba3 100644 --- a/roles/third_party/mssql-install/tasks/main.yml +++ b/roles/third_party/mssql-install/tasks/main.yml @@ -23,6 +23,6 @@ - name: Setup JDBC for MSSQL include_tasks: setup_jdbc.yml when: - - "'mssql_servers' in group_names and ('was_servers' in group_names or 'ldap_servers' in group_names)" + - "'mssql_servers' in groups and ('was_servers' in group_names or 'ldap_servers' in group_names)" - inventory_hostname in groups["was_servers"] or inventory_hostname in groups["mssql_servers"] or inventory_hostname in groups["ldap_servers"] - __setup_mssql_jdbc |bool diff --git a/roles/third_party/nginx-install/templates/customizer.conf.j2 b/roles/third_party/nginx-install/templates/customizer.conf.j2 index 10925955..90a88934 100644 --- a/roles/third_party/nginx-install/templates/customizer.conf.j2 +++ b/roles/third_party/nginx-install/templates/customizer.conf.j2 @@ -51,13 +51,6 @@ server { proxy_pass http://{{ __mw_proxy_address }}:31111; } - location /api-boards/ { - proxy_pass https://{{ ic_internal }}; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } - proxy_pass https://{{ ic_internal }}; } } diff --git a/roles/third_party/oracle-install/tasks/main.yml b/roles/third_party/oracle-install/tasks/main.yml index ed7d1c29..ba6e02b6 100644 --- a/roles/third_party/oracle-install/tasks/main.yml +++ b/roles/third_party/oracle-install/tasks/main.yml @@ -26,6 +26,7 @@ - name: Install JDBC drivers only include_tasks: install_jdbc.yml when: + - "'oracle_servers' in groups" - __setup_oracle_jdbc |bool - inventory_hostname in groups["was_servers"]