From 9f0c5f1e5db19e1212d0ab0136cb5e2e2174bfb3 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 27 Sep 2022 16:49:34 -0400 Subject: [PATCH] Force-install libssl1.1 if MongoDB needed on Ubuntu >= 22.04 --- iiab-install | 9 ++++----- iiab-setup | 3 ++- roles/0-init/tasks/main.yml | 5 ++++- roles/7-edu-apps/tasks/main.yml | 2 +- roles/mongodb/defaults/main.yml | 4 ++-- roles/mongodb/tasks/install.yml | 33 ++++++++++++++++++++++++++++----- roles/mongodb/tasks/main.yml | 2 +- 7 files changed, 42 insertions(+), 16 deletions(-) diff --git a/iiab-install b/iiab-install index 03a638549..156fb71bb 100755 --- a/iiab-install +++ b/iiab-install @@ -81,15 +81,14 @@ fi echo -e "\n\n./iiab-install $* BEGUN IN $CWD\n" -mkdir -p /etc/iiab/install-flags # MANDATORY since 2022-07-22 (for PR #3318 netwarn pop-ups, asking you to run iiab-network) +mkdir -p /etc/iiab/install-flags # MANDATORY since 2022-07-22 +echo -e "/etc/iiab/install-flags directory created/verified." +echo -e "(e.g. for PR #3318 netwarn pop-ups, asking you to run iiab-network)\n" echo -e "local_facts.fact DIAGNOSTICS... (A FEW LINES OF ERRORS/WARNINGS BELOW ARE OK!)\n" - scripts/local_facts.fact # Exit & advise, if OS not supported. -if [ ! -f /etc/ansible/facts.d/local_facts.fact ]; then - mkdir -p /etc/ansible/facts.d -fi +mkdir -p /etc/ansible/facts.d cp scripts/local_facts.fact /etc/ansible/facts.d/local_facts.fact echo -e "\nPlaced /etc/ansible/facts.d/local_facts.fact into position." diff --git a/iiab-setup b/iiab-setup index 38541e820..359967bc2 100755 --- a/iiab-setup +++ b/iiab-setup @@ -10,7 +10,8 @@ apt -y install git curl nano gawk wget pastebinit cd /opt/iiab/iiab scripts/ansible -mkdir -p /etc/iiab/install-flags +# 2022-09-27: iiab-install now handles this +#mkdir -p /etc/iiab/install-flags if [ ! -f /etc/iiab/local_vars.yml ]; then cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index c8429a4ea..50047da46 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -9,9 +9,10 @@ # https://github.com/iiab/iiab/blob/master/vars/default_vars.yml - name: "Ansible just ran /etc/ansible/facts.d/local_facts.fact to set 11 vars -- here we extract 3 of those -- rpi_model: {{ ansible_local.local_facts.rpi_model }}, devicetree_model: {{ ansible_local.local_facts.devicetree_model }}, iiab_stage: {{ ansible_local.local_facts.stage }}" set_fact: + iiab_stage: "{{ ansible_local.local_facts.stage }}" rpi_model: "{{ ansible_local.local_facts.rpi_model }}" devicetree_model: "{{ ansible_local.local_facts.devicetree_model }}" - iiab_stage: "{{ ansible_local.local_facts.stage }}" + os_ver: "{{ ansible_local.local_facts.os_ver }}" # Initialize /etc/iiab/iiab.ini writing the 'location' and 'version' sections # once and only once, to preserve the install date and git hash. @@ -92,6 +93,8 @@ value: "{{ rpi_model }}" - option: devicetree_model value: "{{ devicetree_model }}" + - option: os_ver + value: "{{ os_ver }}" - option: first_run value: "{{ first_run }}" - option: local_tz # e.g. 'EDT' (summer) or 'EST' (winter) after Ansible interprets symlink /etc/localtime -- or 'UTC' if /etc/localtime doesn't exist diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index b7dd56855..3e991bed7 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -43,7 +43,7 @@ - name: SUGARIZER include_role: name: sugarizer - when: sugarizer_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY + when: sugarizer_install - name: Recording STAGE 7 HAS COMPLETED ======================== lineinfile: diff --git a/roles/mongodb/defaults/main.yml b/roles/mongodb/defaults/main.yml index f42149f8e..e1acd8fb0 100644 --- a/roles/mongodb/defaults/main.yml +++ b/roles/mongodb/defaults/main.yml @@ -20,8 +20,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mongodb_64bit_version: 4.4 # 5.0 also works as of 2022-06-09, but can fail on -# "pre-2011" CPU's lacking AVX. VERIFY both X.Y versions exist (+ work!) below: +mongodb_64bit_version: 4.4 # 5.0 and 6.0 also work as of 2022-09-27, but fail +# on "pre-2011" CPU's w/o AVX. VERIFY both X.Y versions exist (+ work!) below: # # 1) https://www.mongodb.org/static/pgp/server-X.Y.asc ~= https://pgp.mongodb.com # 2) http://repo.mongodb.org/apt/debian &/OR https://repo.mongodb.org/apt/ubuntu diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 414ddd080..e56229b18 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -92,7 +92,6 @@ # this was recently added to https://repo.mongodb.org/apt/debian/dists/ repo: deb https://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_64bit_version }} main #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main - state: present filename: mongodb-org when: is_debian and ansible_architecture == "x86_64" @@ -100,22 +99,47 @@ - name: Otherwise install mongodb-org's Ubuntu focal source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_64bit_version }} multiverse - state: present filename: mongodb-org when: not (is_debian and ansible_architecture == "x86_64") + # 2022-09-27: Workaround to install MongoDB on Ubuntu 22.04+, which include + # libssl3 instead of libssl1.1 -- https://github.com/iiab/iiab/issues/3190 + # https://www.mongodb.com/community/forums/t/installing-mongodb-over-ubuntu-22-04/159931 + # https://askubuntu.com/questions/1403619/mongodb-install-fails-on-ubuntu-22-04-depends-on-libssl1-1-but-it-is-not-insta/1403683#1403683 + # echo "deb http://security.ubuntu.com/ubuntu focal-security main" | sudo tee /etc/apt/sources.list.d/focal-security.list + # sudo apt-get update + # sudo apt-get install libssl1.1 + # rm /etc/apt/sources.list.d/focal-security.list + + - name: Install source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ + apt_repository: + repo: deb http://security.ubuntu.com/ubuntu focal-security main + #filename: focal-security # If filename focal-security.list is preferred + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') + + - name: Install libssl1.1 if Ubuntu 22.04+ (required by MongoDB below) + package: + name: libssl1.1 + state: present + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') + + - name: Remove source/repo "deb http://security.ubuntu.com/ubuntu focal-security main" at /etc/apt/sources.list.d/security_ubuntu_com_ubuntu.list if Ubuntu 22.04+ + apt_repository: + repo: deb http://security.ubuntu.com/ubuntu focal-security main + state: absent + #filename: focal-security # 100% IGNORED during repo deletion + when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') + # # Debian 10 aarch64 might work below but is blocked in main.yml # - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 # apt_repository: # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse - # state: present # filename: mongodb-org # when: is_raspbian and ansible_architecture == "aarch64" # - name: Use mongodb-org's Ubuntu focal repo for Linux Mint - 64bit only # apt_repository: # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse - # state: present # filename: mongodb-org # when: is_linuxmint @@ -126,7 +150,6 @@ # # so other Ubuntu's like groovy 20.10 need to revert to recent LTS repo: # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse # #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.4 multiverse - # state: present # filename: mongodb-org # when: is_ubuntu and not is_linuxmint diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index 3365e818a..748493c68 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -29,7 +29,7 @@ - debug: var: rpi_model # 0-init sets it from ansible_local.local_facts.rpi_model - debug: - var: ansible_local.local_facts.os_ver # Like OS_VER in /etc/iiab/iiab.env + var: os_ver # Equivalent to ansible_local.local_facts.os_ver and OS_VER in /etc/iiab/iiab.env - debug: var: is_debian - debug: