July 2023 cnx8 CR3 release (#304)

README.md

@@ -11,7 +11,7 @@ For HCL Connections 8 dependencies this means that:
 * If needed for demo or even production purposes, OpenLDAP will be spun up and seeded with some demo users. OpenLDAP will be spun up with SSL enabled, as needed later for setting up IBM WebSphere Application Server properly.
 * IBM TDI will be installed, configured, and run to populate profiles database in IBM DB2 with users from OpenLDAP
 * IBM Installation Manager will be set up on the nodes where IBM WebSphere Application Server Network Deployment needs to be installed.
-* IBM WebSphere Application Server Network Deployment will be set up where needed. Currently we tested it with Fixpack 22. By default, FP22 is going to be installed. Deployment manager and nodeagents profiles are going to be created, application security enabled, TLS certificated imported from LDAP, LDAP configured up to the point where it is ready to install HCL Connections 8.
+* IBM WebSphere Application Server Network Deployment will be set up where needed. Currently we tested it with Fixpack 23. By default, FP23 is going to be installed. Deployment manager and nodeagents profiles are going to be created, application security enabled, TLS certificated imported from LDAP, LDAP configured up to the point where it is ready to install HCL Connections 8.
 * IBM HTTP Server is going to be installed, patched with the same fixpack as IBM WebSphere Application Server, and added to the deployment manager.
 * NFS server will be installed, including master and clients configurations and proper folders set.
 
@@ -22,7 +22,7 @@ For HCL Connections 8 itself it means:
 * HCL Connections 8 will be downloaded and installed. Any type of layout is supported and customizable.
 * In LotusConnections-config.xml dynamicHost will be updated.
 * Optionaly, Prometheus JMX exported will be enabled for all HCL Connections clusters.
-* Optionally, Moderation can be enabled as well.
+* Moderation will be installed and optionally it can be enabled as well.
 * In case of upgrades, it will clean up temp folders to prevent possible issues with UI post upgrade.
 * All or some (or none) clusters will be started automatically.
 * IBM HTTP Server plugins will get generated and propagated
@@ -35,7 +35,7 @@ For Component Pack for HCL Connections 8 it means:
 * Haproxy will be set up configured to be the control plane for Kubernetes cluster and Component Pack.
 * NFS will be set up for Component Pack.
 * Containerd(container runtime) v1.4.12 will be installed with the optimisations required by the version of Kubernetes.
-* Kubernetes 1.25.6 will be set up.
+* Kubernetes 1.27.0 will be set up.
 * Component Pack will be set up by default using latest community Kubernetes Ingress, Grafana and Prometheus for monitoring out of the box.
 * Post installation tasks needed for configuring Component Pack and the WebSphere-side of Connections to work together are also going to be executed, including enabling searches and Metrics using OpenSearch.
 
@@ -60,7 +60,7 @@ To be able to use this automation you will need to be able to download the packa
 
 The suggestion is to have them all downloaded in a single location, and for this you would need at least 50G of disk space. Run a small HTTP server just to be able to serve them, it can be as simple as a single Ruby one liner to open web server on specific port so that automation can connect and download it.
 
-#### Note: There is a known issue in IBM WebSphere 8.5.5 Fixpack 22 where retrieve from port using TLS v1.3 or v1.2 ciphers may not work. See [PH49497: RETRIEVE FROM PORT NOT HONORING SSL PROTOCOL](https://www.ibm.com/support/pages/apar/PH49497) for details. Contact HCL Connections support or IBM WebSphere support for the iFix 8.5.5.22-WS-WAS-IFPH49497.zip and put it in the was855FP22 directory as the example below.
+#### Note: There is a known issue in IBM WebSphere 8.5.5 Fixpack 22 where retrieve from port using TLS v1.3 or v1.2 ciphers may not work. See [PH49497: RETRIEVE FROM PORT NOT HONORING SSL PROTOCOL](https://www.ibm.com/support/pages/apar/PH49497) for details.  The problem is fixed in Fixpack 23.  If Fixpack 22 is needed, contact HCL Connections support or IBM WebSphere support for the iFix 8.5.5.22-WS-WAS-IFPH49497.zip and put it in the was855FP22 directory as the example below.
 This is the example data folder structure we are following at HCL.  Please refer to FlexNet when verifying the size and timestamps of the packages.
 
 ```
@@ -84,8 +84,7 @@ Connections7:
 Connections8:
 -r-xr-xr-x   1 root root  2117918720 Oct  6 06:40 HCL_Connections_8.0_lin.tar
 -r-xr-xr-x   1 root root   661811200 Oct  6 06:41 HCL_Connections_8.0_wizards_lin_aix.tar
--r-xr-xr-x   1 root root  1736629222 Jan 26 16:41 HC8.0_CR1.zip
--r-xr-xr-x   1 root root             Jan 26 16:41 HC8.0_CR2.zip
+-r-xr-xr-x   1 root root             Jan 26 16:41 HC8.0_CR3.zip
 
 DB2:
 -rw-r--r--.  1 dmenges dmenges    3993254 Oct 16 13:13 DB2_ESE_AUSI_Activation_11.5.zip
@@ -124,7 +123,6 @@ was855:
 -rw-r--r--.  1 dmenges orion  998887246 Apr 23  2020 WAS_V8.5.5_SUPPL_3_OF_3.zip
 -rw-r--r--.  1 root    root   215292676 Aug 12  2020 agent.installer.linux.gtk.x86_64_1.9.1003.20200730_2125.zip
 
-
 was855FP22:
 -rw-r--r--   1 root  root      291085 Nov 17 19:35 8.5.5.22-WS-WAS-IFPH49497.zip
 -rw-rw-r--   1 pnott pnott 1036290018 Aug 30 16:21 8.5.5-WS-WAS-FP022-part1.zip
@@ -135,6 +133,16 @@ was855FP22:
 -rw-rw-r--   1 pnott pnott 1960491965 Aug 30 16:29 8.5.5-WS-WASSupplements-FP022-part3.zip
 -rw-rw-r--   1 pnott pnott  249260151 Aug 30 16:33 8.5.5-WS-WCT-FP022-part1.zip
 -rw-rw-r--   1 pnott pnott 1963965494 Aug 30 16:34 8.5.5-WS-WCT-FP022-part2.zip
+
+was855FP23:
+-rw-rw-r-- 1 pnott pnott 1043662686 Mar 31 10:50 8.5.5-WS-WAS-FP023-part1.zip
+-rw-rw-r-- 1 pnott pnott  198696280 Mar 31 10:52 8.5.5-WS-WAS-FP023-part2.zip
+-rw-rw-r-- 1 pnott pnott 1966668297 Mar 31 11:12 8.5.5-WS-WAS-FP023-part3.zip
+-rw-rw-r-- 1 pnott pnott  482766367 Mar 31 11:21 8.5.5-WS-WASSupplements-FP023-part1.zip
+-rw-rw-r-- 1 pnott pnott  778868291 Mar 31 11:25 8.5.5-WS-WASSupplements-FP023-part2.zip
+-rw-rw-r-- 1 pnott pnott 1966668297 Mar 31 11:38 8.5.5-WS-WASSupplements-FP023-part3.zip
+-rw-rw-r-- 1 pnott pnott  255537504 Mar 31 11:46 8.5.5-WS-WCT-FP023-part1.zip
+-rw-rw-r-- 1 pnott pnott 1970142229 Mar 31 12:01 8.5.5-WS-WCT-FP023-part2.zip
 ```
 
 Of course, you can drop it all to a single folder, or restructure it whatever way you prefer.
@@ -513,7 +521,7 @@ Desired kubernetes version can be set using
 kubernetes_version
 ```
 
-This set of automation will install by default 1.25.6 and should be always able to install the Kubernetes versions supported by Component Pack.
+This set of automation will install by default 1.27.0 and should be always able to install the Kubernetes versions supported by Component Pack.
 
 To install Kubernetes, execute:
 

documentation/VARIABLES.md

@@ -183,9 +183,9 @@ tdi_download_location | *none* - required | SDI install kit download location
 tdi_package_name | SDI_7.2_XLIN86_64_ML.tar | SDI install kit file
 tdi_user_install_dir | /opt/IBM/TDI/V7.20 | SDI program folder
 tdi_upgrade_enable | true | Enable SDI FP install
-tdi_upgrade_package_name | 7.2.0-ISS-SDI-FP0006.zip | SDI FP install kit file
-tdi_upgrade_package_bin | SDI-7.2-FP0006.zip | SDI FP file to provide to installer
-tdi_upgrade_package_folder_name | 7.2.0-ISS-SDI-FP0006 | Folder that stores tdi_upgrade_package_bin
+tdi_upgrade_package_name | 7.2.0-ISS-SDI-FP0009.zip | SDI FP install kit file
+tdi_upgrade_package_bin | SDI-7.2-FP0009.zip | SDI FP file to provide to installer
+tdi_upgrade_package_folder_name | 7.2.0-ISS-SDI-FP0009 | Folder that stores tdi_upgrade_package_bin
 tdi_cs_port | 1527 | SDI Derby server port
 cnx_updates_enabled | false | true will download `{{ cnx_package }}` (i.e. Connections install kit) again to get the tdisol from there
 upgrade_tdi_jre | false | Enable upgrade to SDI JRE 8 (need a separate 6.5CR1 or 7.0 tdisol kit)
@@ -207,8 +207,8 @@ connections_wizards_package_name | HCL_Connections_8.0_wizards_lin_aix.tar | Con
 setup_connections_wizards | true | true will run the Connections database wizard
 cnx_force_repopulation | false | true will drop the Connections databases and recreate them in `setup-connections-wizards.yml` playbook
 cnx_major_version | "8" | Connections major version to install
-cnx_fixes_version | *none* - optional | If defined (eg. 8.0.0.0_CR2) will install the CR version
-cnx_fixes_files | *none* - optional | If defined (eg. HC8.0_CR2.zip") and cnx_fixes_version is set, will download the CR install kit
+cnx_fixes_version | *none* - optional | If defined (eg. 8.0.0.0_CR3) will install the CR version
+cnx_fixes_files | *none* - optional | If defined (eg. HC8.0_CR3.zip") and cnx_fixes_version is set, will download the CR install kit
 cnx_application_ingress | *none*  - required | Set as *dynamicHosts* in LotusConnections-config.xml
 connections_admin | jjones1 | User to be passed to the Connections installer as admin user
 connections_admin_password | password | password for Connections admin user
@@ -219,7 +219,7 @@ cnx_shared_area_nfs | /nfs/data/shared | Connections shared data NFS share
 cnx_message_store | /opt/HCL/MessageStore | Connections bus SIB location mount point
 cnx_message_store_nfs | /nfs/data/messageStores | Connections bus SIB NFS share
 cnx_enable_invite | false | true will configure selfregistration-config.xml for Invite
-cnx_enable_moderation | false | true will install and configure Moderation
+cnx_enable_moderation | false | true will configure and enable Moderation
 global_moderator | *none* - optional | Global moderator user
 cnx_enable_full_icec | false | true will configure full CEC
 cnx_enable_lang_selector | false | true will enable and add additional languages to the language selector
@@ -302,7 +302,7 @@ uninstall_tinyeditors | true | true will uninstall Tiny Editors
 ### Component Pack Infra Variables
 Name | Default | Description
 ---- | --------| -------------
-containerd_version | 1.6.9-3.1.el7 | Containerd version to be installed
+containerd_version | 1.6.20-3.1.el7 | Containerd version to be installed
 docker_version | 20.10.12 | Docker version to be installed
 docker_insecure_registries | {{ docker_registry_url }} | Docker insecure-registries setting
 registry_port | 5000 | The registry defaults to listening on port 5000
@@ -312,15 +312,15 @@ component_pack_helm_repository | https://hclcr.io/chartrepo/cnx | Helm repo url,
 registry_user | admin | Docker Registry user name
 registry_password | password | Docker Registry user password
 overlay2_enabled | true | true enables OverlayFS storage driver
-kubernetes_version | 1.25.6 | Kubernetes version to be installed
+kubernetes_version | 1.27.0 | Kubernetes version to be installed
 kube_binaries_install_dir | /usr/bin | kuberneters binary install directory
 kube_binaries_download_url | https://storage.googleapis.com/kubernetes-release/release | kuberneters binary download path
 ic_internal | localhost | Connections server internal frontend host (eg. IHS host)
 load_balancer_dns | localhost | Specify a DNS name for the control plane.
 pod_subnet | 192.168.0.0/16 | Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node.
 kubectl_user |  ansible_env['SUDO_USER'] | Kubectl is setup for all the users listed here
 calico_version | 3.25.0 | Calico version to be installed
-helm_version | 3.10.2 | Helm version to be installed
+helm_version | 3.11.3 | Helm version to be installed
 haproxy_version | 2.6.6 | HAProxy version to be installed
 haproxy_url | *none* | Alternative HAProxy tar download location
 ssl_root_ca | /C=US/ST=CA/L=Sunnyvale/O=HCL America Inc/OU=Software/CN=hcltechsw.com | SSL Root CA Certificate
@@ -344,6 +344,7 @@ es_ca_password | password | Elasticsearch CA password
 redis_secret | password |  Redis secret used in bootstrap
 search_secret | password | search secret used in bootstrap
 solr_secret | password | Solr secret used in bootstrap
+force_regenerate_certs | false | When true, bootstrap installation overwrites existing certs/secrets
 default_namespace | connections | Kubernetes namespace
 nfsMasterAddress | hostvars[groups['nfs_servers'][0]]['ansible_default_ipv4']['address'] | NFS master IP
 persistentVolumePath | pv-connections | Persistent volume location to be created
@@ -373,7 +374,7 @@ huddo_boards_licence | *none* | Activities Plus license key
 huddoboards_registry_url | quay.io/huddo | huddoboards registry url
 huddoboards_registry_username | admin | huddoboards registry user name
 huddoboards_registry_password | password | huddoboards registry password
-huddoboards_image_tag | 2023-01-24 |  huddoboards image tag in huddoboards registry
+huddoboards_image_tag | 2023-05-12 |  huddoboards image tag in huddoboards registry
 huddoboards_chart_name | huddo-boards-cp-1.1.0.tgz | huddoboards chart name in huddoboards_registry_url. Refer https://docs.huddo.com/boards/cp/#deploy-boards-helm-chart
 huddoboards_chart_location | https://docs.huddo.com/assets/config/kubernetes | kudos boards chart location. Refer https://docs.huddo.com/boards/cp/#deploy-boards-helm-chart
 huddoboards_credentials_name | huddoboardsregkey | Kubernetes secret name for huddoboards registry credentials

documentation/howtos/connections_upgrade_to_8.x.md

@@ -19,7 +19,7 @@ Please note that if needed user can overwrite defaults using [files in this fold
 * We have our HCL Connections Wizards and HCL Connections installer living in a folder called Connections8, so we are setting the right paths here [#1](https://github.com/HCL-TECH-SOFTWARE/connections-automation/blob/main/environments/examples/cnx8/db2/group_vars/all.yml#L40) and [#2](https://github.com/HCL-TECH-SOFTWARE/connections-automation/blob/main/environments/examples/cnx8/db2/group_vars/all.yml#L47)
 * Check default supported version of IBM WebSphere [here](https://github.com/HCL-TECH-SOFTWARE/connections-automation/blob/main/documentation/VARIABLES.md#was_fp_version:~:text=WebSphere%20Base%20version-,was_fp_version).
 
-#### Note: There is a known issue in IBM WebSphere 8.5.5 Fixpack 22 where retrieve from port using TLS v1.3 or v1.2 ciphers may not work. See [PH49497: RETRIEVE FROM PORT NOT HONORING SSL PROTOCOL](https://www.ibm.com/support/pages/apar/PH49497) for details. Contact HCL Connections support or IBM WebSphere support for the iFix 8.5.5.22-WS-WAS-IFPH49497.zip.
+#### Note: There is a known issue in IBM WebSphere 8.5.5 Fixpack 22 where retrieve from port using TLS v1.3 or v1.2 ciphers may not work. See [PH49497: RETRIEVE FROM PORT NOT HONORING SSL PROTOCOL](https://www.ibm.com/support/pages/apar/PH49497) for details.  The problem is fixed in Fixpack 23.  If Fixpack 22 is needed, contact HCL Connections support or IBM WebSphere support for the iFix 8.5.5.22-WS-WAS-IFPH49497.zip and put it in the was855FP22 directory as the example below.
 * As connections kit names are different for different versions, so we can explicitly specify [Connections install kit name](https://github.com/HCL-TECH-SOFTWARE/connections-automation/blob/main/environments/examples/cnx8/db2/group_vars/all.yml#L50) and [Connections Wizard package name](https://github.com/HCL-TECH-SOFTWARE/connections-automation/blob/main/environments/examples/cnx8/db2/group_vars/all.yml#L51). Check out default values here [#1](https://github.com/HCL-TECH-SOFTWARE/connections-automation/blob/main/documentation/VARIABLES.md#:~:text=location%20to%20download-,cnx_package) and [#2](https://github.com/HCL-TECH-SOFTWARE/connections-automation/blob/main/documentation/VARIABLES.md#:~:text=connections_wizards_package_name)
 * Desired version of docker, helm, kubernetes can be set using variables docker_version, kubernetes_version, helm_version respectively set in the [inventory file](https://github.com/HCL-TECH-SOFTWARE/connections-automation/blob/main/environments/examples/cnx8/db2/group_vars/all.yml). [Click here](https://github.com/HCL-TECH-SOFTWARE/connections-automation/blob/main/documentation/VARIABLES.md) to see more details and supported default versions of these software.
 

environments/examples/cnx6/db2/group_vars/all.yml

@@ -37,9 +37,9 @@ tdi_download_location:                           http://{{ groups['installer'][0
 connections_wizards_download_location:           http://{{ groups['installer'][0] }}:8001/Connections6.5
 iim_repository_url:                              http://{{ groups['installer'][0] }}:8001/was855
 was_repository_url:                              http://{{ groups['installer'][0] }}:8001/was855
-was_fixes_repository_url:                        http://{{ groups['installer'][0] }}:8001/was855FP22
+was_fixes_repository_url:                        http://{{ groups['installer'][0] }}:8001/was855FP23
 ihs_repository_url:                              http://{{ groups['installer'][0] }}:8001/was855
-ihs_fixes_repository_url:                        http://{{ groups['installer'][0] }}:8001/was855FP22
+ihs_fixes_repository_url:                        http://{{ groups['installer'][0] }}:8001/was855FP23
 cnx_docs_download_location:                      http://{{ groups['installer'][0] }}:8001/Docs
 cnx_repository_url:                              http://{{ groups['installer'][0] }}:8001/Connections6.5
 cnx_fixes_repository_url:                        http://{{ groups['installer'][0] }}:8001/Connections6.5CR1

environments/examples/cnx7/db2/group_vars/all.yml

@@ -40,9 +40,9 @@ tdi_download_location:                           http://{{ groups['installer'][0
 connections_wizards_download_location:           http://{{ groups['installer'][0] }}:8001/Connections7
 iim_repository_url:                              http://{{ groups['installer'][0] }}:8001/was855
 was_repository_url:                              http://{{ groups['installer'][0] }}:8001/was855
-was_fixes_repository_url:                        http://{{ groups['installer'][0] }}:8001/was855FP22
+was_fixes_repository_url:                        http://{{ groups['installer'][0] }}:8001/was855FP23
 ihs_repository_url:                              http://{{ groups['installer'][0] }}:8001/was855
-ihs_fixes_repository_url:                        http://{{ groups['installer'][0] }}:8001/was855FP22
+ihs_fixes_repository_url:                        http://{{ groups['installer'][0] }}:8001/was855FP23
 cnx_docs_download_location:                      http://{{ groups['installer'][0] }}:8001/Docs
 cnx_repository_url:                              http://{{ groups['installer'][0] }}:8001/Connections7
 component_pack_download_location:                http://{{ groups['installer'][0] }}:8001/cp

environments/examples/cnx7/flexnet_db2/group_vars/all.yml

@@ -40,9 +40,9 @@ tdi_download_location:                           http://{{ groups['installer'][0
 connections_wizards_download_location:           http://{{ groups['installer'][0] }}:8001/Connections7
 iim_repository_url:                              http://{{ groups['installer'][0] }}:8001/was855
 was_repository_url:                              http://{{ groups['installer'][0] }}:8001/was855
-was_fixes_repository_url:                        http://{{ groups['installer'][0] }}:8001/was855FP22
+was_fixes_repository_url:                        http://{{ groups['installer'][0] }}:8001/was855FP23
 ihs_repository_url:                              http://{{ groups['installer'][0] }}:8001/was855
-ihs_fixes_repository_url:                        http://{{ groups['installer'][0] }}:8001/was855FP22
+ihs_fixes_repository_url:                        http://{{ groups['installer'][0] }}:8001/was855FP23
 cnx_docs_download_location:                      http://{{ groups['installer'][0] }}:8001/Docs
 cnx_repository_url:                              http://{{ groups['installer'][0] }}:8001/Connections7
 component_pack_download_location:                http://{{ groups['installer'][0] }}:8001/cp