Add steps to install OpenSSL 3 on AIX 7.2 machines

[Haroon-Khel]

ref #3271 (comment)

Dnf requires openssl 1.1.x while on our 7.2 machines we have 1.0.2t. OpenSSL 3 can be downloaded here https://www.ibm.com/resources/mrs/assets/DownloadList?source=aixbp&lang=en_US

Openssl 3 install steps can be found here https://www.ibm.com/support/pages/downloading-and-installing-or-upgrading-openssl-and-openssh

All thats left is to update the existing openssl role to accommodate this new version. It might be best for the openssl-3.0.10.1000.tar.Z binary to be in Vendor_Files and transferred over when necessary

[aixtools]

The problem with vendor_files, imho, is that they are not kept current.

The safe step is to have the playbook verify that a minimal version of OpenSSL is installed - and let the system administration handle resolving it when it does not pass muster.

p.s. putting this here, rather than on the PR.

p.p.s. researching this - and prepping to make the update as system administrator - and not being able to do so due to #1544 only stresses how important it is to take the steps to correct an ancient issue. The problem it causes just keeps recurring.

[sxa]

The SSL3 role is failing on the new build72-3 machine:

TASK [openssl3 : Transfer openssl binary] **************************************
fatal: [build-osuosl-aix72-ppc64-3]: FAILED! => {"changed": false, "msg": "Failed to find handler for \"/root/.ansible/tmp/ansible-tmp-1703709557.6199305-3073340-55459161035460/source\". Make sure the required command to extract the file is installed. Command \"/usr/bin/tar\" detected as tar type None. GNU tar required. Unable to find required 'unzip' or 'zipinfo' binary in the path."}
``

[sxa]

@Haroon-Khel @sej-jackson Can we make this work with the default AIX tooling?

[Haroon-Khel]

Update: Ive installed openssl3 manually. Kicked off a playbook run here, https://awx2.adoptopenjdk.net/#/jobs/playbook/2425?job_search=page_size:20;order_by:-finished;not__launch_type:sync, to finish off the setup

[Haroon-Khel]

TASK [dnf : Fail if python3 is not available] **********************************
fatal: [build-osuosl-aix72-ppc64-3]: FAILED! => {"changed": false, "failed_when_result": true, "stat": {"exists": false}}

Fails because it expects python3 to be in /opt/freeware/bin, its in /opt/bin on the machine. Should be fixed to use any python3 it finds. Will install dnf manually in the meantime

[Haroon-Khel]

rebuild after manual install of dnf
https://awx2.adoptopenjdk.net/#/jobs/playbook/2427?job_search=page_size:20;order_by:-finished;not__launch_type:sync

[sxa]

rebuild after manual install of dnf https://awx2.adoptopenjdk.net/#/jobs/playbook/2427?job_search=page_size:20;order_by:-finished;not__launch_type:sync

That run failed on GPG signature check of the ant download. I've re-run the job and if it fails we should create an issue and reference it from the issue regarding that machine setup: #3208

[Haroon-Khel]

The machine in question, build-osuosl-aix72-ppc64-3, is having problems with its gpg package. It comes with gpg (GnuPG) 2.4.3 which is giving this error when trying to importing keys

gpg: keyserver receive failed: No such file or directory

I've tried downgrading to a version which the other machines have gnupg2-2.0.30 (the above error is why we chose this specific package) but Im getting package conflicts

root@adopt09:[/root]dnf downgrade gnupg2-2.0.30-1
Last metadata expiration check: 0:17:17 ago on Wed May 22 16:14:23 2024.
Error: 
 Problem: problem with installed package gpgme-1.13.1-101.ppc
  - package gpgme-1.13.1-101.ppc requires gnupg2 >= 2.2.23, but none of the providers can be installed
  - package gpgme-1.13.1-100.ppc requires gnupg2 >= 2.2.23, but none of the providers can be installed
  - cannot install both gnupg2-2.0.30-1.ppc and gnupg2-2.2.23-1.ppc
  - cannot install both gnupg2-2.2.23-1.ppc and gnupg2-2.0.30-1.ppc
  - cannot install both gnupg2-2.2.35-1.ppc and gnupg2-2.0.30-1.ppc
  - cannot install both gnupg2-2.4.3-1.ppc and gnupg2-2.0.30-1.ppc
  - conflicting requests

And I cant remove gnupg2 altogether to do a clean install to version 2.0.30-1 because then it tries to remove dnf itself and cant (even with --noautoremove)

Problem: The operation would result in removing the following protected packages: dnf

So im pretty much stuck

[Haroon-Khel]

The gnupg2-2.0.30-1 rpm can be downloaded here https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/gnupg2/

So thats an option, manual installation and resolving the dependencies manually

[Haroon-Khel]

This issue can be closed because the steps to install Openssl3 were added with the related pr #3278, this was tested and works. This issue is left open due to build-osuosl-aix72-ppc64-3 being complicated with gnupg2, which I think should be in its own issue