From 163eceb4ef9b8d088e2dbfadcd96d629f105e8af Mon Sep 17 00:00:00 2001 From: Steven Schader Date: Mon, 7 Mar 2022 12:51:23 -0500 Subject: [PATCH] NEST OSCert - Windoze support (#237) * daytrader3 * ear * rename ear * getNameFromIdFromId error * add datasource * db2 debug * it works * webserver name * daytrader tuning * jython args * args * fine tuning * wsadminlib pre-req * start cluster * syncall * add cluster parm * debug * debug * moved the tuning to it's own role * instana retention allows /mnt with 2TB not to fill up over time * better kill twas * remove dup createDatasource * twas_cell copy db2jars to targets * moved db2jar put * propogate plugin-cfg.kdb * pluginkey syntax * python3 tWAS SIB drop tables * mode 755 * datasourceHelperClassname * fix v90 package string * fix extension * v90 packages * twas90 alterations * sdk8 chagnes * twas90 install template * py->yml * wsadminlib.py dest * common daytrader role and files * roles->role * removed symlink due to ansible-galaxy * separate daytrader resource config and application * remove readme * daytrader7 app install * print debug * admin role issue still not working * unintall previous app on re-runs * use wsadminlib function to delete app * move ihsplugin to common role * missing defaults * complete the gen propagate function * java/jmeter forceReplace * java/jmeter forceReplace - helps update existing * missing = * jenkins debug * -vvv debug * bool * indent * indent * create dir * forceReplace.sh script * intial windoze ibm im install debug * add CYGWIN_NT-10.0-20348 * windoze uninstall im debug * windoze check * ihs windoze install path trick * re-enable no log to mask sensitive info * sync * sync * move actual shared config file later in process * sync with external updates * podman for jmeter containers * podman in jmeter play --- .../jmeter-play.yml | 7 ++++++- .../request-rhel-jmeter-fyre-play.yml | 1 + .../fyrevm_provision/tasks/fyrevm_provision.yml | 2 +- ansible/roles/http_defaults/defaults/main.yml | 2 ++ .../ibm_installation_manager/defaults/main.yml | 2 ++ .../tasks/ibm_installation_manager.yml | 1 + .../templates/ibm_im_responsefile.xml.j2 | 6 +++--- .../defaults/main.yml | 3 ++- .../tasks/im_cleanup_http_liberty_im.yml | 14 +++++++++++++- .../tasks/im_install_http_plugin.yml | 6 ++++++ .../templates/im_http_plugin_WAS90.xml.j2 | 8 ++++---- ansible/roles/podman/tasks/RedHat.8.yml | 17 +++++++++++++++++ ansible/roles/podman/tasks/main.yml | 4 ++++ .../scripts/configuretWasUsageMetering.py | 12 ++++++------ .../was_automation_register/tasks/liberty.yml | 17 ++++++++++++----- 15 files changed, 80 insertions(+), 22 deletions(-) create mode 100644 ansible/roles/podman/tasks/RedHat.8.yml create mode 100644 ansible/roles/podman/tasks/main.yml diff --git a/ansible/request-rhel-jmeter-fyre-play/jmeter-play.yml b/ansible/request-rhel-jmeter-fyre-play/jmeter-play.yml index 08ef36a74..7071f339b 100644 --- a/ansible/request-rhel-jmeter-fyre-play/jmeter-play.yml +++ b/ansible/request-rhel-jmeter-fyre-play/jmeter-play.yml @@ -1,5 +1,11 @@ --- +- hosts: all + vars: + - ansible_user: root + roles: + - role: podman + - hosts: all vars: - ansible_user: "{{ jmeterUser }}" @@ -8,4 +14,3 @@ roles: - role: jmeter_java - role: jmeter - diff --git a/ansible/request-rhel-jmeter-fyre-play/request-rhel-jmeter-fyre-play.yml b/ansible/request-rhel-jmeter-fyre-play/request-rhel-jmeter-fyre-play.yml index bdfd373ea..3cad02b8d 100644 --- a/ansible/request-rhel-jmeter-fyre-play/request-rhel-jmeter-fyre-play.yml +++ b/ansible/request-rhel-jmeter-fyre-play/request-rhel-jmeter-fyre-play.yml @@ -13,6 +13,7 @@ - role: jmeter_prereqs - role: nestuser - role: timezone + - role: podman - hosts: jmeter vars: diff --git a/ansible/roles/fyrevm_provision/tasks/fyrevm_provision.yml b/ansible/roles/fyrevm_provision/tasks/fyrevm_provision.yml index d194f82e0..011563384 100644 --- a/ansible/roles/fyrevm_provision/tasks/fyrevm_provision.yml +++ b/ansible/roles/fyrevm_provision/tasks/fyrevm_provision.yml @@ -146,4 +146,4 @@ args: "{{ extra_props| default(omit) }}" no_log: True changed_when: false - when: "fyre_addAnsibleHost|bool == false" \ No newline at end of file + when: "fyre_addAnsibleHost|bool == false" diff --git a/ansible/roles/http_defaults/defaults/main.yml b/ansible/roles/http_defaults/defaults/main.yml index d142077a5..6519e43ad 100644 --- a/ansible/roles/http_defaults/defaults/main.yml +++ b/ansible/roles/http_defaults/defaults/main.yml @@ -2,6 +2,8 @@ im_driver: 'f5102145.01' twas_release: 'WAS90' # WAS855 install_base: '/home/nest' +# trick the template to install onto windoze via cygwin +install_base_win: '' daily_or_test: 'test' http_dir: 'HTTPServer' plugin_dir: 'Plugins' diff --git a/ansible/roles/ibm_installation_manager/defaults/main.yml b/ansible/roles/ibm_installation_manager/defaults/main.yml index fb7ce8fe9..fd84474e8 100644 --- a/ansible/roles/ibm_installation_manager/defaults/main.yml +++ b/ansible/roles/ibm_installation_manager/defaults/main.yml @@ -3,4 +3,6 @@ im_archive_driver_version: '1916' im_archive_driver: '1.9.1006.20210614_1906' im_archive: 'https://rtpgsa.ibm.com/gsa/rtpgsa/home/w/a/wasngi/web/public/NGI/IM/recommended/drivers/{{ im_archive_driver_version }}/ga' install_base: '/home/nest' +# trick the template to install onto windoze via cygwin +install_base_win: '' shared_dir: 'IM-shared' diff --git a/ansible/roles/ibm_installation_manager/tasks/ibm_installation_manager.yml b/ansible/roles/ibm_installation_manager/tasks/ibm_installation_manager.yml index e860712ad..4bb78af9d 100644 --- a/ansible/roles/ibm_installation_manager/tasks/ibm_installation_manager.yml +++ b/ansible/roles/ibm_installation_manager/tasks/ibm_installation_manager.yml @@ -22,6 +22,7 @@ - ansible_system == 'Linux' - set_fact: archive_name_match: 'agent.installer.win32.win32.x86_64_{{ im_archive_driver }}.zip' + install_base_win: 'c:\cygwin' when: - ansible_architecture == 'x86_64' - ansible_system == 'Windows' or 'CYG' in ansible_system diff --git a/ansible/roles/ibm_installation_manager/templates/ibm_im_responsefile.xml.j2 b/ansible/roles/ibm_installation_manager/templates/ibm_im_responsefile.xml.j2 index 2381bdc58..8ba7261c5 100644 --- a/ansible/roles/ibm_installation_manager/templates/ibm_im_responsefile.xml.j2 +++ b/ansible/roles/ibm_installation_manager/templates/ibm_im_responsefile.xml.j2 @@ -1,10 +1,10 @@ - + - - + + diff --git a/ansible/roles/ibm_installation_manager_cic_selector/defaults/main.yml b/ansible/roles/ibm_installation_manager_cic_selector/defaults/main.yml index 960104159..1d5dff80c 100644 --- a/ansible/roles/ibm_installation_manager_cic_selector/defaults/main.yml +++ b/ansible/roles/ibm_installation_manager_cic_selector/defaults/main.yml @@ -10,4 +10,5 @@ cic_selector_os: AIX: 'aix' Linux: 'linux' Windows: 'win32' - ZOS: 'zos' + CYGWIN_NT-10.0-20348: 'win32' # hard coded to a specific cygwin version + ZOS: 'zos' \ No newline at end of file diff --git a/ansible/roles/im_cleanup_http_liberty_im/tasks/im_cleanup_http_liberty_im.yml b/ansible/roles/im_cleanup_http_liberty_im/tasks/im_cleanup_http_liberty_im.yml index e17bc9354..f6b82b86f 100644 --- a/ansible/roles/im_cleanup_http_liberty_im/tasks/im_cleanup_http_liberty_im.yml +++ b/ansible/roles/im_cleanup_http_liberty_im/tasks/im_cleanup_http_liberty_im.yml @@ -50,11 +50,23 @@ debug: msg: "{{ uninstallOutput.stdout_lines }}" -- name: uninstall ibm installation manager +# windoze /cygdrive/c/Users/Administrator/AppData/Roaming/IBM/Installation Manager/uninstall/userinstc +# ansible_user: Administrator +- name: uninstall Windoze ibm installation manager + ignore_errors: true + shell: "~/AppData/Roaming/IBM/Installation Manager/uninstall/userinstc" + register: uninstallOutput + failed_when: ( uninstallOutput.rc not in [ 0, 1 ] ) + when: + - ansible_system == 'Windows' or 'CYG' in ansible_system + +- name: uninstall *nix ibm installation manager ignore_errors: true shell: "~/var/ibm/InstallationManager/uninstall/uninstallc" register: uninstallOutput failed_when: ( uninstallOutput.rc not in [ 0, 1 ] ) + when: + - ansible_system != 'Windows' and 'CYG' not in ansible_system - name: uninstallAll output debug: diff --git a/ansible/roles/im_install_http_plugin/tasks/im_install_http_plugin.yml b/ansible/roles/im_install_http_plugin/tasks/im_install_http_plugin.yml index db80a8930..ad7dc097f 100644 --- a/ansible/roles/im_install_http_plugin/tasks/im_install_http_plugin.yml +++ b/ansible/roles/im_install_http_plugin/tasks/im_install_http_plugin.yml @@ -12,6 +12,12 @@ path: "{{ install_base }}/IM/eclipse/tools/imcl" register: isimcl failed_when: isimcl.stat.exists == False + + - set_fact: + install_base_win: 'c:\cygwin' + when: + - ansible_architecture == 'x86_64' + - ansible_system == 'Windows' or 'CYG' in ansible_system - name: copy ihs_plugin.xml template template: diff --git a/ansible/roles/im_install_http_plugin/templates/im_http_plugin_WAS90.xml.j2 b/ansible/roles/im_install_http_plugin/templates/im_http_plugin_WAS90.xml.j2 index 029191c39..ef708ef75 100644 --- a/ansible/roles/im_install_http_plugin/templates/im_http_plugin_WAS90.xml.j2 +++ b/ansible/roles/im_install_http_plugin/templates/im_http_plugin_WAS90.xml.j2 @@ -1,12 +1,12 @@ - + - + @@ -23,7 +23,7 @@ - + @@ -33,7 +33,7 @@ - + diff --git a/ansible/roles/podman/tasks/RedHat.8.yml b/ansible/roles/podman/tasks/RedHat.8.yml new file mode 100644 index 000000000..984af2ee2 --- /dev/null +++ b/ansible/roles/podman/tasks/RedHat.8.yml @@ -0,0 +1,17 @@ +--- +# specific OS supports wildcards, if preceded with @ its a group +# if the db is corrupt, this can fix it: rpm --rebuilddb +- name: dnf update + become: yes + dnf: + name: '*' + state: latest + +- name: install packages + become: yes + dnf: + name: "{{ packages }}" + state: present + vars: + packages: + - 'podman' diff --git a/ansible/roles/podman/tasks/main.yml b/ansible/roles/podman/tasks/main.yml new file mode 100644 index 000000000..8aaf878ae --- /dev/null +++ b/ansible/roles/podman/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- include_tasks: "{{ ansible_distribution }}.{{ ansible_distribution_major_version }}.yml" + when: + - ansible_system == 'Linux' diff --git a/ansible/roles/was_automation_register/scripts/configuretWasUsageMetering.py b/ansible/roles/was_automation_register/scripts/configuretWasUsageMetering.py index 17cd03329..d043795b7 100644 --- a/ansible/roles/was_automation_register/scripts/configuretWasUsageMetering.py +++ b/ansible/roles/was_automation_register/scripts/configuretWasUsageMetering.py @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------------ # configuretWasUsageMetering.py - configure tWAS server with usage metering feature -# https://www.ibm.com/docs/en/ws-automation?topic=vulnerabilities-adding-websphere-application-server-server#cf-t-add-was__wsascript +# https://www.ibm.com/docs/en/ws-automation?topic=monitoring-registering-websphere-application-server-traditional-servers #------------------------------------------------------------------------------------ # # This script configures a traditional WebSphere Application Server with the usage @@ -176,8 +176,7 @@ def configuretWasUsageMetering(url, apiKey, sslRef, trustStoreName, trustStorePa #------------------------------------------------------------- if len(certAlias) == 0: # use default certificate alias if it is not specified - # NOTE: the alias is stored in all lower case even if it has CAPS..... - certAlias = "meteringalias".lower() + certAlias = "meteringalias" print "Using default certificate alias: " + certAlias # delete certificate if it exists in keystore @@ -187,9 +186,8 @@ def configuretWasUsageMetering(url, apiKey, sslRef, trustStoreName, trustStorePa start = cert.find("alias") end = cert.find("] [version") alias = cert[start+6:end] - print "checking signer: " + alias if alias == certAlias.lower(): - print "Deleting signer: " + alias + print "Deleting existing certificate ... " + alias AdminTask.deleteSignerCertificate(['-keyStoreName', trustStoreName, '-certificateAlias', alias ]) # retrieve new certificate from api-usagemetering-host and port @@ -1090,7 +1088,7 @@ def _splitlist(s): if len(url) > 0: print " url: " + url if len(apiKey) > 0: - print " apiKey: " + "********" #### schader@us.ibm.com - do not echo sensitive info + print " apiKey: " + "********" if len(sslRef) > 0: print " sslRef: " + sslRef if len(trustStoreName) > 0: @@ -1113,3 +1111,5 @@ def _splitlist(s): configuretWasUsageMetering(url, apiKey, sslRef, trustStoreName, trustStorePassword, certAlias, nodeName, serverName, clusterName, startServers, namespace) #endIf + + diff --git a/ansible/roles/was_automation_register/tasks/liberty.yml b/ansible/roles/was_automation_register/tasks/liberty.yml index 89957e87c..ccdf55edc 100644 --- a/ansible/roles/was_automation_register/tasks/liberty.yml +++ b/ansible/roles/was_automation_register/tasks/liberty.yml @@ -39,6 +39,13 @@ liberty_usr_dir: "{{ usr_dir[usr_dir_index|int:usr_dir_len|int] }}" liberty_shared_config: "{{ usr_dir[usr_dir_index|int:usr_dir_len|int] }}/shared/config" +- name: ensure the liberty shared directory exists + file: + path: "{{ item }}" + state: directory + with_items: + - "{{ liberty_shared_config }}" + - name: remove existing config file: path: "{{ item }}" @@ -58,11 +65,6 @@ command: "{{ wa_target_path }}/{{ securityUtility_bin.stdout_lines[0] }} encode {{ wa_keystore_pass }}" register: xor # DO NOT CHANGE THIS NAME. ITS used in templates/was-usage-metering.xml.j2 -- name: Generate config files - template: - src: was-usage-metering.xml.j2 - dest: "{{ liberty_shared_config }}/was-usage-metering.xml" - - name: find the keytool command: "find . -name keytool" args: @@ -86,6 +88,11 @@ chdir: "{{ liberty_shared_config }}" register: import_cert +- name: Generate config files + template: + src: was-usage-metering.xml.j2 + dest: "{{ liberty_shared_config }}/was-usage-metering.xml" + - name: add new config into the servers server.xml file lineinfile: path: "{{ liberty_usr_dir }}/servers/{{ item }}/server.xml"