From 321b94fc65424037b21ce802963228fd5a99f9f2 Mon Sep 17 00:00:00 2001
From: Dan Chaffelson <chaffelson@gmail.com>
Date: Fri, 29 Apr 2022 18:32:48 +0200
Subject: [PATCH] WIP (#51)

Change ca_server_root_key_cipher from aes256 to auto as a fix for more modern OS deployment standards
More robustly ensure python2/3 install and pip upgrade for el8
Update AWS dynamic inventory to use amazon.aws.ec2_instance as the amazon.aws.ec2 was deprecated and settings are different
Readability improvements to readme.adoc in cloudera-deploy

Signed-off-by: Daniel Chaffelson <chaffelson@gmail.com>
---
 .../infrastructure/ca_server/vars/RedHat.yml  |  2 +-
 roles/prereqs/os/tasks/main-RedHat.yml        | 39 +++++++++++++------
 2 files changed, 29 insertions(+), 12 deletions(-)

diff --git a/roles/infrastructure/ca_server/vars/RedHat.yml b/roles/infrastructure/ca_server/vars/RedHat.yml
index 22079f89..8b333873 100644
--- a/roles/infrastructure/ca_server/vars/RedHat.yml
+++ b/roles/infrastructure/ca_server/vars/RedHat.yml
@@ -14,4 +14,4 @@
 
 ---
 
-ca_server_root_key_cipher: aes256
+ca_server_root_key_cipher: auto
diff --git a/roles/prereqs/os/tasks/main-RedHat.yml b/roles/prereqs/os/tasks/main-RedHat.yml
index bb918060..1219f615 100644
--- a/roles/prereqs/os/tasks/main-RedHat.yml
+++ b/roles/prereqs/os/tasks/main-RedHat.yml
@@ -14,28 +14,45 @@
 
 ---
 - name: Setup System python on Rhel8
-  when:
-    - ansible_os_family == 'RedHat'
-    - ansible_distribution_major_version | int >= 8
+  when: ansible_distribution_major_version | int >= 8
   block:
-    - name: install python versions
+    - name: Check if Python3 is installed so we don't end up with multiple versions
+      shell: python3 --version
+      register: __py3_check
+      changed_when: false
+      ignore_errors: true
+
+    - name: install python3 if not already present
+      when: __py3_check.rc != 0
+      ansible.builtin.package:
+        lock_timeout: 180
+        name: python3
+        update_cache: yes
+        state: present
+
+    - name: Check if Python2 is installed so we don't end up with multiple versions
+      shell: python2 --version
+      register: __py2_check
+      changed_when: false
+      ignore_errors: true
+
+    - name: install python2 if not already present
+      when: __py2_check.rc != 0
       ansible.builtin.package:
         lock_timeout: 180
-        name: "{{ __pyver_item }}"
+        name: python2
         update_cache: yes
         state: present
-      loop:
-        - python3
-        - python2
-      loop_control:
-        loop_var: __pyver_item
 
     - name: Ensure Python symlink available for Cloudera Manager and Ranger
       ansible.builtin.raw: |
         if [ -f /usr/bin/python2 ] && [ ! -f /usr/bin/python ]; then
-          ln --symbolic /usr/bin/python2 /usr/bin/python;
+          alternatives --set python /usr/bin/python2
         fi
 
+    - name: Ensure pip3 is upgraded
+      ansible.builtin.command: "pip3 install --upgrade pip"
+
 - name: Disable SELinux
   selinux:
     policy: targeted