OPSEXP-3019 Bump python to 3.11 and ansible to 2.17

.gitignore

@@ -377,3 +377,5 @@ $RECYCLE.BIN/
 apache-activemq-*-bin.tar.gz
 apache-tomcat-*.tar.gz
 downloads/
+
+.ansible/

.pre-commit-config.yaml

@@ -1,9 +1,9 @@
 ---
 default_language_version:
-  python: python3.9
+  python: python3.11
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.5.0
+    rev: v5.0.0
     hooks:
       - id: check-yaml
         args: [--allow-multiple-documents]
@@ -17,12 +17,12 @@ repos:
       - id: trailing-whitespace
 
   - repo: https://github.com/Riverside-Healthcare/djLint
-    rev: v1.34.1
+    rev: v1.36.4
     hooks:
       - id: djlint-jinja
 
   - repo: https://github.com/jackdewinter/pymarkdown
-    rev: v0.9.18
+    rev: v0.9.27
     hooks:
       - id: pymarkdown
         files: (README\.md$|docs/.*\.md)
@@ -31,18 +31,18 @@ repos:
           - scan
 
   - repo: https://github.com/PyCQA/prospector
-    rev: v1.10.3
+    rev: v1.13.3
     hooks:
       - id: prospector
 
   - repo: https://github.com/Yelp/detect-secrets
-    rev: v1.4.0
+    rev: v1.5.0
     hooks:
       - id: detect-secrets
         args: ["--baseline", ".secrets.baseline"]
 
   - repo: https://github.com/awslabs/git-secrets
-    rev: b9e96b3
+    rev: "5357e18"
     hooks:
       - id: git-secrets
         name: detect aws secrets
@@ -65,7 +65,7 @@ repos:
         name: generate components version table
         entry: python ./scripts/generate-comp-ver-table.py
         language: python
-        language_version: python3.9
+        language_version: python3.11
         additional_dependencies: [pyyaml]
         pass_filenames: false
         always_run: true

.python-version

@@ -1 +1 @@
-3.9
+3.11

.secrets.baseline

@@ -1,5 +1,5 @@
 {
-  "version": "1.4.0",
+  "version": "1.5.0",
   "plugins_used": [
     {
       "name": "ArtifactoryDetector"

.yamllint

@@ -15,7 +15,8 @@ rules:
   commas:
     max-spaces-after: -1
     level: error
-  comments: disable
+  comments:
+    min-spaces-from-content: 1
   comments-indentation: disable
   document-start: disable
   empty-lines:
@@ -31,3 +32,6 @@ rules:
     type: unix
   trailing-spaces: disable
   truthy: disable
+  octal-values:
+    forbid-implicit-octal: true
+    forbid-explicit-octal: true

Pipfile

@@ -4,14 +4,14 @@ verify_ssl = true
 name = "pypi"
 
 [packages]
-ansible-core = "==2.15.13"
+ansible-core = "==2.16.14"
 jinja2 = "==3.1.5"
 jmespath = "==1.0.1"
 
 [dev-packages]
-ansible-lint = "==6.22.2"
-molecule = "==6.0.3"
-molecule-plugins = {extras = ["docker","ec2"], version = "23.5.3"}
+ansible-lint = "==25.1.2"
+molecule = "==24.12.0"
+molecule-plugins = {extras = ["docker","ec2"], version = "23.6.0"}
 boto3 = "==1.26.9"
 pyhamcrest = "==2.1.0"
 pylint = "==2.17.7"

docs/deployment-guide.md

@@ -148,26 +148,48 @@ cd alfresco-ansible-deployment
 
 ### Setup runtime environment
 
-Before starting using the playbook, make sure you are running at least python 3.9:
+Before starting using the playbook, make sure you are running at least Python 3.11:
 
 ```bash
 python3 --version
 ```
 
+If not, depending on your distribution, you may need to install Python 3.11. For
+example, on Ubuntu 22.04 you can install it with:
+
+```bash
+sudo apt-get install python3.11 python3-pip
+```
+
+and on rpm-based distributions like Rocky Linux and Red Hat:
+
+```bash
+sudo dnf install python3.11-pip
+```
+
+Then check again the version with:
+
+```bash
+python3.11 --version
+```
+
 We made mandatory the usage of [pipenv](https://pipenv.pypa.io/en/latest/) to
 make sure that you will run the playbook with the same set of python
 dependencies we are running our integration tests.
 
 Install pipenv via pip (alternate [install methods](https://pipenv.pypa.io/en/latest/installation.html)):
 
 ```bash
-pip install --user pipenv
+pip3 install --user pipenv
 ```
 
+> Try with `python3.11 -m pip` instead of `pip3` if there is more than one
+> python version in your system and 3.11 is not the default one.
+
 Now you are ready to install Ansible and required runtime dependencies in a dedicated
 virtual environment managed by pipenv.
 
-Run from the playbook folder:
+Run from the repository root folder:
 
 ```bash
 pipenv install --deploy

docs/playbook-upgrade.md

@@ -6,6 +6,29 @@ title: Upgrading the playbook
 
 ## Unreleased version
 
+### Python and Ansible version requirements
+
+The `ansible-core` version has been upgraded to 2.16, and the Python version we
+test against to 3.11.
+
+* Control node must have a Python version between 3.10 and
+  3.12.
+* Managed nodes must have a default Python version between 3.6 and 3.12.
+
+You can find updated information for the compatibility at
+[endoflife](https://endoflife.date/ansible-core#compatibility).
+
+To upgrade an existing pipenv virtualenv, you need to remove it first to force
+the recreation with the updated Python runtime:
+
+```bash
+pipenv --rm
+```
+
+For more information check the updated [deployment guide](deployment-guide.md#setup-runtime-environment).
+
+## v2.6.0
+
 ### Search Enterprise is the new default search engine
 
 The example inventories have been updated to default to Search Enterprise /
@@ -15,6 +38,8 @@ search engine from Enterprise since ACS 23.1.1.
 Search Services are still supported as before by assigning hosts to the `search`
 group.
 
+## v2.4.0
+
 ### Passing Alfresco global properties
 
 In previous version we provided an empty `alfresco-global.properties` file to

group_vars/all.yml

@@ -90,6 +90,7 @@ supported_os:
       - 9.2
       - 9.1
       - 9.0
+      - 8.10
       - 8.9
       - 8.8
       - 8.7
@@ -104,6 +105,7 @@ supported_os:
       - 9.2
       - 9.1
       - 9.0
+      - 8.10
       - 8.9
       - 8.8
       - 8.7

molecule/default/vars-rocky8.yml

@@ -1,4 +1,4 @@
-MOLECULE_IT_IMAGE_ID: ami-02a9ec082aa699151 # Rocky-8-EC2-Base-8.9-20231119.0.x86_64
+MOLECULE_IT_IMAGE_ID: ami-0ee382512e653ec35 # Rocky-8-EC2-Base-8.10-20240528.0.x86_64
 MOLECULE_IT_EXTRA_VARS: 7.4.N-extra-vars.yml
 MOLECULE_IT_TEST_CONFIG: tests/test-config-7.4.json
 MOLECULE_IT_PLATFORM: rocky8-74

molecule/default/verify.yml

@@ -41,14 +41,6 @@
         - name: Print multiline pytest stdout as best as we can
           debug:
             msg: "{{ ansible_failed_result.stdout_lines }}"
-        - name: Run pytest AGAIN only for failed tests
-          environment:
-            REQUESTS_CA_BUNDLE: "{{ project_dir }}/configuration_files/ssl_certificates/{{ node_hostname }}.crt"
-          ansible.builtin.shell:
-            chdir: "{{ dtas_dir }}"
-            cmd: |
-              pytest --tb=line --color=no --configuration {{ test_config_file }} tests/ -s --last-failed {{ dtas_additional_params }}
-
 
 - name: Verify adw plugins state
   hosts: adw

playbooks/pki.yml

@@ -177,7 +177,7 @@
           become: true
           community.crypto.openssl_privatekey:
             path: /etc/pki/private/{{ inventory_hostname | basename }}_{{ key_type }}.key
-            mode: 0600
+            mode: "0600"
             size: "{{ cert_key_size | default(omit) }}"
             type: "{{ key_type }}"
             return_content: true

roles/activemq/meta/argument_specs.yml

@@ -2,7 +2,7 @@
 argument_specs:
   main:
     short_description: Activemq
-    author: Alfresco
+    author: Alfresco Ops Readiness
     options:
       activemq_version:
         description: activemq version to use for deployment (URL still handled via group_vars)

roles/activemq/meta/main.yml

@@ -1,19 +1,25 @@
 galaxy_info:
-  author: Alfresco
-  description: Deploys and configures an ActiveMQ server
-  company: Alfresco Software Ltd
+  author: Alfresco Ops Readiness
+  namespace: alfresco
+  description: Install Activemq as required by Alfresco
+  company: Hyland Software
+
   license: Apache-2.0
+
+  min_ansible_version: "2.16"
+
   platforms:
     - name: Ubuntu
       versions:
         - focal
-        - bionic
+        - jammy
     - name: EL
       versions:
         - "7"
         - "8"
-  min_ansible_version: "2.12"
+        - "9"
+
   galaxy_tags: []
-allow_duplicates: false
+
 dependencies:
   - role: java

roles/adf_app/meta/main.yml

@@ -1,19 +1,26 @@
 galaxy_info:
-  author: Alfresco Ops Readiness Team
-  description: Configure an Alfresco adf_app
-  company: Hyland
+  author: Alfresco Ops Readiness
+  namespace: alfresco
+  description: Install an Alfresco ADF application
+  company: Hyland Software
+
   license: Apache-2.0
-  min_ansible_version: "2.12"
-  galaxy_tags: []
+
+  min_ansible_version: "2.16"
+
   platforms:
     - name: Ubuntu
       versions:
-        - bionic
         - focal
+        - jammy
     - name: EL
       versions:
         - "7"
         - "8"
+        - "9"
+
+  galaxy_tags: []
+
 dependencies:
   - role: nginx
     setup_vhosts: false

roles/audit_storage/meta/main.yml

@@ -1,33 +1,25 @@
 galaxy_info:
   author: Alfresco Ops Readiness
-  description: This role installs and configures the audit storage for Alfresco
+  namespace: alfresco
+  description: Install Alfresco Audit Storage
   company: Hyland Software
 
-  # If the issue tracker for your role is not on github, uncomment the
-  # next line and provide a value
-  # issue_tracker_url: http://example.com/issue/tracker
-
   license: Apache-2.0
 
-  min_ansible_version: "2.12"
+  min_ansible_version: "2.16"
 
   platforms:
     - name: Ubuntu
       versions:
-        - bionic
         - focal
+        - jammy
     - name: EL
       versions:
+        - "7"
         - "8"
         - "9"
 
   galaxy_tags: []
-    # List tags for your role here, one per line. A tag is a keyword that describes
-    # and categorizes the role. Users find roles by searching for tags. Be sure to
-    # remove the '[]' above, if you add tags to this list.
-    #
-    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
-    #       Maximum 20 tags per role.
 
 dependencies:
   - role: java