aixPb: Install OpenSSL3 on Aix

[Haroon-Khel]

• commit message has one of the standard prefixes
• faq.md updated if appropriate
• other documentation is changed or added (if applicable)
• playbook changes run through VPC or QPC (if you have access)
• VPC/QPC not applicable for this PR
• for inventory.yml changes, bastillion/nagios/jenkins updated accordingly

ref #3274

[sxa]

What is it that fails without this PATH update? This feels a little indicative of a problem elsewhere?
Should probably have a comment about this for our future selves to be aware of the reason

[Haroon-Khel]

It doesn't necessarily fail if the PATH is not adjusted this way, but it will use /opt/freeware/bin/uname somewhere in the install instead of /usr/bin/uname which causes alot of

uname: invalid option -- 'W'
Try 'uname --help' for more information.

in the output. Again this isn't causing the install to fail but i'd rather it use the uname it wants to use.

Ditto with the shell: PATH=/usr/bin/:$PATH && /usr/sbin/updtvpkg command

[Haroon-Khel]

It's an argument for putting /usr/bin ahead of /opt/freeware/bin in the PATH but I am not too sure of the full scope of how that affects things

[Haroon-Khel]

A good run on test-osuosl-aix72-ppc64-2
https://awx2.adoptopenjdk.net/#/jobs/playbook/2284?job_search=page_size:20;order_by:-finished;not__launch_type:sync

bash-5.0# openssl version
OpenSSL 3.0.10 1 Aug 2023 (Library: OpenSSL 3.0.10 1 Aug 2023)
bash-5.0# lslpp -l | grep openssl
  openssl.base           3.0.10.1000  COMMITTED  Open Secure Socket Layer
  openssl.license        3.0.10.1000  COMMITTED  Open Secure Socket License
  openssl.man.en_US      3.0.10.1000  COMMITTED  Open Secure Socket Layer
  openssl.base           3.0.10.1000  COMMITTED  Open Secure Socket Layer
bash-5.0# 

[sxa]

FYI @AdamBrousseau

[Haroon-Khel]

Is idempotent https://awx2.adoptopenjdk.net/#/jobs/playbook/2299?job_search=page_size:20;order_by:-finished;not__launch_type:sync

[Haroon-Khel]

ping @aixtools

[sxa]

Approving since Adam is happy with this change :-)
Thanks for the other responses.

[aixtools]

Basically, I feel the use of VendorPages is wrong.

The proper way is to run a check - and say to an administrator that it failed. And an administrator should install it for you.

You could print a message saying where it can be loaded and point an admin to it there.

fyi: I would have loaded it long ago (as I had already downloaded it, made it into a nim resource to install/update with - but other settings that break normal AIX admin are not being addressed.

This is, imho, patchwork, not a structural approach to system administration.

I don't approve - but I won't try to block it either. Although, it took me forever to get rid of the need for previous vendor_files (that only works in your environment, by default) - and I am discouraged to see it reappearing.

[steelhead31]

LGTM

[Haroon-Khel]

I'm not the biggest fan of vendor_files either, it is not a very 'open' way of doing things, but at the moment I believe it is a suitable way of automating our machine setup and patching process (the automation part being a priority)