Update roles for Ubuntu 24.04 and iRODS 4.3.3

Vagrantfile

@@ -7,7 +7,7 @@
 VAGRANTFILE_API_VERSION = "2"
 ENV['VAGRANT_DEFAULT_PROVIDER'] = "libvirt"
 
-BOX = 'generic/ubuntu2004'
+BOX = 'alvistack/ubuntu-24.04'
 GUI = false
 CPU = 2
 RAM = 4096
@@ -47,6 +47,10 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
       machine.vm.hostname = name + DOMAIN
       machine.vm.network 'private_network', ip: ipaddr, netmask: NETMASK
       machine.vm.synced_folder ".", "/vagrant", disabled: true
+      machine.vm.provision "shell" do |s|
+        s.inline = "sudo hostnamectl hostname $1"
+        s.args   = name + DOMAIN
+      end
       machine.vm.provision "shell",
         inline: "sudo timedatectl set-timezone Europe/Amsterdam"
       machine.vm.provision "shell",
@@ -64,7 +68,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
       controller.vm.provider :virtualbox do |vbox|
         vbox.customize ["guestproperty", "set", :id, "/VirtualBox/GuestAdd/VBoxService/--timesync-set-threshold", 10000]
       end
-      controller.vm.box = 'generic/ubuntu2004'
+      controller.vm.box = 'alvistack/ubuntu-24.04'
       controller.vm.hostname = "controller"
       controller.vm.network :private_network, ip: "192.168.56.5", netmask: NETMASK
       controller.vm.provision "shell", privileged: false, path: "vagrant/provision_controller.sh"

environments/development/allinone/hosts

@@ -12,26 +12,26 @@ allinone_eus
 
 # Define portal host here:
 [allinone_portal]
-combined
+combined.yoda.test
 
 # Define database host here:
 [allinone_database]
-combined
+combined.yoda.test
 
 # Define icat host here:
 [allinone_icat]
-combined
+combined.yoda.test
 
 # Define resource host here:
 [allinone_resource]
 
 # Define public host here:
 [allinone_public]
-combined
+combined.yoda.test
 
 # Define external user service host here:
 [allinone_eus]
-combined
+combined.yoda.test
 
 ###############
 # All instances

library/irods_indexing.py

@@ -1,5 +1,5 @@
 #!/usr/bin/python
-# Copyright (c) 2021 Utrecht University
+# Copyright (c) 2021-2024 Utrecht University
 # GNU General Public License v3.0
 
 ANSIBLE_METADATA = {
@@ -56,11 +56,6 @@ def main():
           "plugin_name": "irods_rule_engine_plugin-elasticsearch",
           "plugin_specific_configuration": config
         },
-        {
-          "instance_name": "irods_rule_engine_plugin-document_type-instance",
-          "plugin_name": "irods_rule_engine_plugin-document_type",
-          "plugin_specific_configuration": {}
-        },
         default_policy
       ])
       changed = True

roles/acme_certificates/meta/main.yml

@@ -8,6 +8,6 @@ galaxy_info:
   min_ansible_version: '2.11'
   platforms:
     - name: EL
-      version: 7
+      version: 8
     - name: Ubuntu
-      version: focal
+      version: noble

roles/apache/templates/usr.sbin.apache2.j2

@@ -1,5 +1,5 @@
 # {{ ansible_managed }}
-# Last Modified: Fri Oct 18 15:12:08 2024
+# Last Modified: Tue Nov 26 15:11:10 2024
 #include <tunables/global>
 
 # vim:syntax=apparmor
@@ -25,6 +25,8 @@
   capability kill,
 
   signal send set=term peer=unconfined,
+  signal send set=usr1 peer=unconfined,
+  signal send set=winch peer=unconfined,
 
   deny owner /etc/*.load r,
 
@@ -38,6 +40,8 @@
   /usr/bin/uname mrix,
   /usr/sbin/ldconfig* mrix,
   /var/log/apache2/*.log w,
+  /var/run/apache2/ r,
+  /var/run/apache2/** rw,
   /var/www/landingpages/** r,
   /var/www/yoda/** r,
   owner /dev/shm/* mrwl,
@@ -46,6 +50,7 @@
   owner /home/yodadeployment/flask_session/* rw,
   owner /opt/irods-externals/** mr,
   owner /run/apache2/apache2.pid rw,
+  owner /run/apache2/apache2.pid.* rw,
   owner /var/lib/davrods/__db.lockdb_locallock rw,
   owner /var/lib/davrods/lockdb_locallock rw,
   owner /var/www/extuser/** rw,

roles/certificates/meta/main.yml

@@ -9,7 +9,7 @@ galaxy_info:
   platforms:
     - name: EL
       version:
-        - 7
         - 8
+        - 9
     - name: Ubuntu
-      version: focal
+      version: noble

roles/certificates/tasks/main-tasks.yml

@@ -9,14 +9,21 @@
   ansible.builtin.package:
     name: python-cryptography
     state: present
-  when: (ansible_distribution_major_version == "7" and ansible_os_family == "RedHat") or ansible_os_family == "Debian"
+  when: ansible_distribution_major_version == "7" and ansible_os_family == "RedHat"
 
 
-- name: Ensure dependencies for Ansible OpenSSL module are present (EL8)
+- name: Ensure dependencies for Ansible OpenSSL module are present (EL8 and Debian)
   ansible.builtin.package:
     name: python3-cryptography
     state: present
-  when: ansible_distribution_major_version == "8" and ansible_os_family == "RedHat"
+  when: (ansible_distribution_major_version == "8" and ansible_os_family == "RedHat") or ansible_os_family == "Debian"
+
+
+- name: Ensure dependencies for Ansible OpenSSL module are present (EL9)
+  ansible.builtin.package:
+    name: python3-cryptography
+    state: present
+  when: ansible_distribution_major_version == "9" and ansible_os_family == "RedHat"
 
 
 - name: Ensure an OpenSSL 4096 bits RSA private key is present

roles/common/meta/main.yml

@@ -9,7 +9,7 @@ galaxy_info:
   platforms:
     - name: EL
       version:
-        - 7
         - 8
+        - 9
     - name: Ubuntu
-      version: focal
+      version: noble

roles/common/tasks/basics-redhat.yml

@@ -21,6 +21,16 @@
   when: ansible_distribution_major_version == "8"
 
 
+- name: Ensure Ansible dependencies are installed (EL9)
+  ansible.builtin.package:
+    name:
+      - python3-libselinux
+      - python3-libsemanage
+      - python3-policycoreutils
+    state: present
+  when: ansible_distribution_major_version == "9"
+
+
 - name: Ensure basics (vim, bind-utils, etc.) are installed
   ansible.builtin.package:
     name:

roles/common/tasks/irods-debian.yml

@@ -9,6 +9,6 @@
 
 - name: Ensure iRODS packages APT repository is enabled
   ansible.builtin.apt_repository:
-    repo: deb [arch=amd64] https://packages.irods.org/apt/ bionic main
+    repo: deb [arch=amd64] https://packages.irods.org/apt/ noble main
     filename: renci-irods
     state: present

roles/composable_resources/meta/main.yml

@@ -8,9 +8,9 @@ galaxy_info:
   min_ansible_version: '2.11'
   platforms:
     - name: EL
-      version: 7
+      version: 8
     - name: Ubuntu
-      version: focal
+      version: noble
 
 
 dependencies:

roles/dms_archive_mock/meta/main.yml

@@ -8,9 +8,9 @@ galaxy_info:
   min_ansible_version: '2.11'
   platforms:
     - name: EL
-      version: 7
+      version: 8
     - name: Ubuntu
-      version: focal
+      version: noble
 
 
 dependencies:

roles/dms_tape_archive/meta/main.yml

@@ -8,6 +8,6 @@ galaxy_info:
   min_ansible_version: '2.11'
   platforms:
     - name: EL
-      version: 7
+      version: 8
     - name: Ubuntu
-      version: focal
+      version: noble

roles/icat_database_checker/meta/main.yml

@@ -8,9 +8,9 @@ galaxy_info:
   min_ansible_version: '2.11'
   platforms:
     - name: EL
-      version: 7
+      version: 8
     - name: Ubuntu
-      version: focal
+      version: noble
 
 
 dependencies:

roles/icat_database_checker/tasks/main.yml

@@ -5,25 +5,10 @@
   ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
 
 
-- name: Check if icat-database-checker virtual environment is running Python 3.6
-  ansible.builtin.stat:
-    path: '/var/lib/irods/icat-database-checker/bin/pip3.6'
-  register: idbc_venv_python36
-
-
-# For upgrade to Yoda 1.9
-- name: Move old icat-database-checker virtual environment
-  become_user: '{{ irods_service_account }}'
-  become: true
-  ansible.builtin.command: # noqa no-changed-when
-    cmd: "mv /var/lib/irods/icat-database-checker /var/lib/irods/icat-database-checker.backup-py3.6"
-  when: idbc_venv_python36.stat.exists
-
-
 - name: Ensure iCAT database checker virtualenv exists
   become_user: '{{ irods_service_account }}'
   become: true
-  ansible.builtin.command: "{{ icat_database_checker_python3_path }} -m virtualenv /var/lib/irods/icat-database-checker"
+  ansible.builtin.command: "{{ icat_database_checker_python3_path }} -m venv /var/lib/irods/icat-database-checker"
   args:
     creates: /var/lib/irods/icat-database-checker
 

roles/irods_arb/meta/main.yml

@@ -8,9 +8,9 @@ galaxy_info:
   min_ansible_version: '2.11'
   platforms:
     - name: EL
-      version: 7
+      version: 8
     - name: Ubuntu
-      version: focal
+      version: noble
 
 
 dependencies:

roles/irods_arb/tasks/main.yml

@@ -15,10 +15,10 @@
     state: '{{ "present" if irods_arb_enabled else "absent" }}'
 
 
-- name: Ensure psutil is installed (Python 3)
+- name: Ensure psutil is installed
   become_user: '{{ irods_service_account }}'
   become: true
   ansible.builtin.pip:
     name: "psutil==5.9.5"
     executable: "{{ irods_arb_pip3_location }}"
-    extra_args: --user
+    extra_args: --user --break-system-packages

roles/irods_consistency_check/meta/main.yml

@@ -8,9 +8,9 @@ galaxy_info:
   min_ansible_version: '2.11'
   platforms:
     - name: EL
-      version: 7
+      version: 8
     - name: Ubuntu
-      version: focal
+      version: noble
 
 
 dependencies:

roles/irods_consistency_check/tasks/main.yml

@@ -5,25 +5,10 @@
   ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
 
 
-- name: Check if ichk virtual environment is running Python 3.6
-  ansible.builtin.stat:
-    path: '/var/lib/irods/irods-consistency-check/bin/pip3.6'
-  register: ichk_venv_python36
-
-
-# For upgrade to Yoda 1.9
-- name: Move old ichk virtual environment
-  become_user: '{{ irods_service_account }}'
-  become: true
-  ansible.builtin.command: # noqa no-changed-when
-    cmd: "mv /var/lib/irods/irods-consistency-check /var/lib/irods/irods-consistency-check.backup-py3.6"
-  when: ichk_venv_python36.stat.exists
-
-
 - name: Ensure iRODS consistency check virtualenv exists
   become_user: '{{ irods_service_account }}'
   become: true
-  ansible.builtin.command: "{{ irods_consistency_check_python3_path }} -m virtualenv /var/lib/irods/irods-consistency-check"
+  ansible.builtin.command: "{{ irods_consistency_check_python3_path }} -m venv /var/lib/irods/irods-consistency-check"
   args:
     creates: /var/lib/irods/irods-consistency-check
 

roles/irods_database/meta/main.yml

@@ -9,10 +9,10 @@ galaxy_info:
   platforms:
     - name: EL
       version:
-        - 7
         - 8
+        - 9
     - name: Ubuntu
-      version: focal
+      version: noble
 
 
 dependencies:

roles/irods_gocommands/meta/main.yml

@@ -8,6 +8,6 @@ galaxy_info:
   min_ansible_version: "2.7"
   platforms:
     - name: EL
-      version: 7
+      version: 8
     - name: Ubuntu
-      version: focal
+      version: noble

roles/irods_icat/defaults/main.yml

@@ -11,7 +11,7 @@ irods_database_name: ICAT
 irods_database_port: "{{ 6432 if enable_pgbouncer else 5432 }}"
 irods_database_user: irodsdb               # The iRODS database username
 irods_database_password: irodsdev          # The password for the iRODS database username
-irods_authentication_scheme: PAM           # iRODS authentication method: "Native" or "PAM"
+irods_authentication_scheme: pam_password  # iRODS authentication method: "native" or "pam_password"
 irods_zone: tempZone                       # The name of the iRODS Zone
 irods_default_resc: irodsResc              # iRODS default resource name
 irods_port_range_begin: 20000

roles/irods_icat/meta/main.yml

@@ -8,17 +8,14 @@ galaxy_info:
   min_ansible_version: '2.11'
   platforms:
     - name: EL
-      version: 7
+      version: 8
     - name: Ubuntu
-      version: focal
+      version: noble
 
 
 dependencies:
-  - role: irods_ubuntu_dependencies
-    when: ansible_os_family == 'Debian'
   - role: irods_remove_old_version
   - role: irods_database
   - role: irods_icommands
-  - role: python2
   - role: python_irodsclient
   - role: sqlcipher