Update prereq_jdk role to validate Manager and Runtime versions

plugins/modules/jdk_facts.py

@@ -23,7 +23,7 @@
 short_description: Retrieve JDK information
 description:
   - Retrieve information about the installed Java JDK as facts.
-options: {}
+version_added: 3.0.0
 author:
   - Webster Mudge <[email protected]>
 extends_documentation_fragment:
@@ -38,7 +38,8 @@
     support: full
   platform:
     support: full
-  seealso:
+seealso:
+  - name: Java version history
     description: Java version history
     link: https://en.wikipedia.org/wiki/Java_version_history
 """

roles/prereq_jdk/README.md

@@ -4,16 +4,20 @@ Set up JDK
 
 This role automates the setup of a Java Development Kit (JDK) on a host. It can optionally install the JDK packages from various providers (OpenJDK, Oracle, Azul), handle version management, and perform post-installation configuration. For older JDK versions (9 and below), it can also enable the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy to support stronger encryption.
 
+This role also verifies the JDK on target host against the official Cloudera on-premises support matrix, which is available at [supportmatrix.cloudera.com/](https://supportmatrix.cloudera.com). It is designed to be run early in a deployment pipeline to ensure that the environment meets the JDK prerequisites before proceeding with the installation of Cloudera products.
+
 The role will:
 - Install the specified JDK packages if `jdk_install_packages` is `true`.
 - For JDK versions 8 and below, it will apply the JCE Unlimited Strength Jurisdiction Policy if needed, by modifying `java.security` files.
 - If multiple `java.security` files are found during JCE configuration, it will either proceed or halt based on the `jdk_security_paths_override` flag.
 - For JDKs installed from Cloudera's repository, the role will ensure that any missing symbolic links are created to support a consistent JDK installation path.
+- Compare JDK against the support matrix at [supportmatrix.cloudera.com/](https://supportmatrix.cloudera.com) for the specified versions of Cloudera Manager and Cloudera Runtime.
 
 # Requirements
 
 - Root or `sudo` privileges are required to install packages and modify system-wide configuration files.
 - Network access to the package repositories for the chosen JDK provider.
+- Access to the [supportmatrix.cloudera.com/](https://supportmatrix.cloudera.com) site.
 
 # Dependencies
 
@@ -29,6 +33,8 @@ None.
 | `jdk_version` | `int` | `False` | `17` | The supported JDK version to install. Valid choices are `8`, `11`, and `17`. |
 | `jdk_security_paths` | `list` of `path` | `False` | - | A list of paths to search for `java.security` files. The role will only apply JCE changes to files in these locations. |
 | `jdk_security_paths_override` | `bool` | `False` | `False` | Flag to control behavior when multiple `java.security` files are found in the specified paths. If `true`, the role will continue with JCE changes even if multiple files are found. If `false`, the role will fail, requiring a more specific path list. |
+| `cloudera_manager_version` | `str` | `True` | | The version of Cloudera Manager to validate against. |
+| `cloudera_runtime_version` | `str` | `True` | | The version of Cloudera Runtime to validate against. |
 
 # Example Playbook
 
@@ -38,6 +44,9 @@ None.
     - name: Set up default OpenJDK 17 installation
       ansible.builtin.import_role:
         name: cloudera.exe.prereq_jdk
+      vars:
+        cloudera_manager_version: "7.11.3"
+        cloudera_runtime_version: "7.1.9"
       # All variables will use their defaults, installing OpenJDK 17.
 
     - name: Set up Oracle JDK 11 without installing packages
@@ -47,6 +56,8 @@ None.
         jdk_provider: oracle
         jdk_version: 11
         jdk_install_packages: false # Assume JDK 11 is already installed
+        cloudera_manager_version: "7.11.3"
+        cloudera_runtime_version: "7.1.9"
 
     - name: Set up OpenJDK 8 with JCE policy
       ansible.builtin.import_role:
@@ -57,6 +68,8 @@ None.
         jdk_security_paths:
           - /etc/java/security/
         jdk_security_paths_override: false
+        cloudera_manager_version: "7.11.3"
+        cloudera_runtime_version: "7.1.9"
 ```
 
 # License

roles/prereq_jdk/defaults/main.yml

@@ -19,3 +19,6 @@ jdk_install_packages: true
 jdk_version: 17
 # jdk_security_paths: []
 jdk_security_paths_override: false
+
+cloudera_manager_version: "{{ undef(hint='Please specify the Cloudera Manager version') }}"
+cloudera_runtime_version: "{{ undef(hint='Please specify the Cloudera Runtime version') }}"

roles/prereq_jdk/meta/argument_specs.yml

@@ -60,3 +60,11 @@ argument_specs:
           - Flag to disable JCE changes ifo multiple C(java.security) files are found.
         type: bool
         default: false
+      cloudera_manager_version:
+        description: Version of Cloudera Manager for validation testing
+        type: str
+        required: true
+      cloudera_runtime_version:
+        description: Version of Cloudera Runtime for validation testing
+        type: str
+        required: true

roles/prereq_jdk/tasks/main.yml

@@ -13,6 +13,26 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- name: Assert JDK support for Cloudera Runtime and Manager versions
+  ansible.builtin.assert:
+    that:
+      - supported_cms |
+        selectattr('family', 'eq', prereq_jdk_supported_map[jdk_provider]) |
+        selectattr('version', 'eq', 'JDK' + jdk_version | string) |
+        length > 0
+      - supported_runtime |
+        selectattr('family', 'eq', prereq_jdk_supported_map[jdk_provider]) |
+        selectattr('version', 'eq', 'JDK' + jdk_version | string) |
+        length > 0
+    fail_msg: "{{ jdk_provider }} {{ jdk_version }} not supported."
+  vars:
+    supported_cms: "{{ lookup('cloudera.exe.supported', 'jdks', product='cloudera_manager', version=cloudera_manager_version) }}"
+    supported_runtime: "{{ lookup('cloudera.exe.supported', 'jdks', product='cloudera_runtime', version=cloudera_runtime_version) }}"
+
+- name: Gather distribution details
+  ansible.builtin.setup:
+    gather_subset: distribution
+
 - name: Include OS-specific variables
   ansible.builtin.include_vars: "{{ item }}"
   with_first_found:

roles/prereq_jdk/vars/main.yml

@@ -11,3 +11,8 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
+prereq_jdk_supported_map:
+  azul: AzulJDK
+  openjdk: OpenJDK
+  oracle: OracleJDK