Merge branch 'Common-tags' of github.com:aswinkr77/infrastructure int…

…o Common-tags
adoptium · Jun 27, 2024 · 1b45b45 · 1b45b45
2 parents 7268db0 + f65f999
commit 1b45b45
Show file tree

Hide file tree

Showing 31 changed files with 523 additions and 166 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -25,7 +25,7 @@ jobs:
  runs-on: ubuntu-latest
  steps:
 
- - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
  - name: Set up Docker Buildx to use cache feature
  uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
@@ -39,7 +39,7 @@ jobs:
 
 
  - name: Docker Build CentOS6 Image Test
- uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
+ uses: docker/build-push-action@31159d49c0d4756269a0940a750801a1ea5d7003 # v6.1.0
  with:
  file: ./ansible/docker/Dockerfile.CentOS6
  build-args: git_sha=${{ github.sha }}
@@ -50,7 +50,7 @@ jobs:
  if: github.ref != 'refs/heads/master'
 
  - name: Docker Build & Push Centos6 Image to Docker Hub On Merge
- uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
+ uses: docker/build-push-action@31159d49c0d4756269a0940a750801a1ea5d7003 # v6.1.0
  with:
  file: ./ansible/docker/Dockerfile.CentOS6
  build-args: git_sha=${{ github.sha }}
@@ -65,13 +65,13 @@ jobs:
  runs-on: ubuntu-latest
  steps:
 
- - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
  - name: Set up Docker Buildx to use cache feature
  uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
 
  - name: Docker Build Alpine3 Image
- uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
+ uses: docker/build-push-action@31159d49c0d4756269a0940a750801a1ea5d7003 # v6.1.0
  with:
  file: ./ansible/docker/Dockerfile.Alpine3
  build-args: git_sha=${{ github.sha }}

diff --git a/.github/workflows/build_mac.yml b/.github/workflows/build_mac.yml
@@ -22,9 +22,12 @@ jobs:
  - os: [macos-14]
  steps:
 
- - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
- - name: Install dependencies
+ - name: Install Python
+ run: brew install [email protected] --overwrite
+
+ - name: Install Ansible
  run: brew install ansible
 
  # This is to fix an issue with the github macos14 runner, that cant resolve keyserver.ubuntu.com

diff --git a/.github/workflows/build_qemu.yml b/.github/workflows/build_qemu.yml
@@ -36,7 +36,7 @@ jobs:
  # distro: jessie
 
  steps:
- - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
  - name: Run on architecture
  uses: uraimo/run-on-arch-action@b0ffb25eb00af00468375982384441f063da1741 # v2.7.2

diff --git a/.github/workflows/build_vagrant.yml b/.github/workflows/build_vagrant.yml
@@ -19,16 +19,29 @@ permissions:
 jobs:
  build-solaris:
  name: Solaris
- runs-on: ubuntu-latest
+ runs-on: ubuntu-22.04
  steps:
 
- - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+ # As Solaris Needs An Older Version Of Ansible/Python
+ # Use Python2 & Pip To Install On Ubuntu 22.04
+ # Rather Than The System Packages
+
+ - name: Install Python 2
+ run: sudo apt-get install python2
+
+ - name: Python 2 Get Pip Bootstrap Script
+ run: curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py
+
+ - name: Python 2 Get Pip
+ run: sudo python2 get-pip.py
+
+ - name: Install Ansible Using PIP2
+ run: pip2 install ansible
 
  - name: Update Repos
  run: sudo apt-get update
-
- - name: Install Ansible
- run: sudo apt-get install ansible
 
  - name: Install VirtualBox
  run: sudo apt-get install virtualbox

diff --git a/.github/workflows/build_wsl.yml b/.github/workflows/build_wsl.yml
@@ -41,7 +41,7 @@ jobs:
  .\ConfigureRemotingForAnsible.ps1 -ForceNewSSLCert
  .\ConfigureRemotingForAnsible.ps1 -SkipNetworkProfileCheck
 
- - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
  - uses: Vampire/setup-wsl@6f87de3102a29ac6b92800f33bf1e8d9164ac0a1 # v3.1.1
 

diff --git a/.github/workflows/check_dockerstatic.yml b/.github/workflows/check_dockerstatic.yml
@@ -28,7 +28,7 @@ jobs:
  - os: alpine3.19
  dockerfile: "Dockerfile.alp319"
  steps:
- - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
  - name: Test Dockerfile on ${{ matrix.os }}
  env:
  DOCKERFILE: ${{ matrix.dockerfile }}
@@ -45,7 +45,7 @@ jobs:
  - os: centos8
  dockerfile: "Dockerfile.cent8"
  steps:
- - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
  - name: Test Dockerfile on ${{ matrix.os }}
  env:
  DOCKERFILE: ${{ matrix.dockerfile }}
@@ -62,7 +62,7 @@ jobs:
  - os: fedora39
  dockerfile: "Dockerfile.f39"
  steps:
- - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
  - name: Test Dockerfile on ${{ matrix.os }}
  env:
  DOCKERFILE: ${{ matrix.dockerfile }}
@@ -83,7 +83,7 @@ jobs:
  - os: ubuntu22.04
  dockerfile: "Dockerfile.u2204"
  steps:
- - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
  - name: Test Dockerfile on ${{ matrix.os }}
  env:
  DOCKERFILE: ${{ matrix.dockerfile }}

diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
@@ -25,7 +25,7 @@ jobs:
  runs-on: ubuntu-latest
  steps:
 
- - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
  - name: 'Yamllint'
  uses: karancode/yamllint-github-action@fdef6bc189425ecc84cc4543b2674566c0827053 # v2.1.1
@@ -39,7 +39,7 @@ jobs:
  runs-on: ubuntu-latest
  steps:
 
- - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
  - name: Set up Python 3.x
  uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0

diff --git a/.github/workflows/packer.yml b/.github/workflows/packer.yml
@@ -0,0 +1,48 @@
+name: Packer
+
+on:
+ workflow_dispatch:
+ push:
+ paths:
+ - .github/workflows/packer.yml
+ - ansible/playbooks/AdoptOpenJDK_Unix_Playbook/**
+ - ansible/packer/**
+ branches:
+ - master
+
+jobs:
+ packer:
+ name: Update macOS Orka Image
+ runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ os: [sonoma-arm64, sonoma-intel]
+ steps:
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+ # This is to fix an issue with the github macos14 runner, that cant resolve keyserver.ubuntu.com
+ # but this does work when replaced with the IP address. Spotted during the GPG verification of ANT step
+ # Upstream Bug : https://github.com/actions/runner-images/issues/9777
+ - name: Replace keyserver address with IP address
+ run: |
+ sed -i 's/keyserver\.ubuntu\.com/185.125.188.27/g' ansible/playbooks/Supporting_Scripts/package_signature_verification.sh
+
+ - name: Install openconnect
+ run: sudo apt-get install -y openconnect
+
+ - name: Connect to Orka VPN
+ run: |
+ echo ${{ secrets.ORKA_VPN_PASSWORD }} | sudo openconnect 207.254.69.34 \
+ --protocol=anyconnect --user=${{ secrets.ORKA_VPN_USERNAME }} \
+ --passwd-on-stdin --background \
+ --servercert ${{ secrets.ORKA_VPN_SERVER_CERT }}
+
+ - name: Init Packer
+ run: packer init orka.pkr.hcl
+ working-directory: ansible/packer
+
+ - name: Run Packer
+ run: packer build --only=macstadium-orka.${{ matrix.os }} orka.pkr.hcl
+ working-directory: ansible/packer
+ env:
+ ORKA_TOKEN: ${{ secrets.ORKA_TOKEN }}
diff --git a/ansible/inventory.yml b/ansible/inventory.yml
@@ -102,6 +102,7 @@ hosts:
  ubuntu1804-armv8-2: {ip: 114.119.175.125}
 
  - azure:
+ ubuntu2404-x64-1: {ip: 20.115.98.159, user: azureuser}
  win2016-x64-1: {ip: 172.172.147.29, user: adoptopenjdk}
  win2019-x64-1: {ip: 13.92.177.186, user: adoptopenjdk}
  win2022-x64-1: {ip: 51.132.234.42, user: adoptopenjdk}
@@ -128,6 +129,7 @@ hosts:
  ubuntu1804-ppc64le-1: {ip: 140.211.168.5, user: ubuntu}
  ubuntu1804-ppc64le-2: {ip: 140.211.168.8, user: ubuntu}
  ubuntu2004-ppc64le-1: {ip: 140.211.168.235, user: ubuntu}
+ ubuntu2404-aarch64-1: {ip: 140.211.169.12, user: ubuntu}
 
  - macincloud:
  macos1201-x64-1: {ip: 216.39.74.137, user: admin, description: DXT437}

diff --git a/ansible/packer/README.md b/ansible/packer/README.md
@@ -0,0 +1,47 @@
+# Packer Configuration for Virtual Machine Images
+
+This repository contains two Packer configuration files used for building virtual machine images for MacStadium Orka environments. These configurations are specifically tailored to set up environments with necessary tools like Homebrew, Ansible, and Xcode.
+
+## Configuration Files
+
+1. Base Image Creation (`orka-base.pkr.hcl`): This file is used to create a base image for sonoma-arm64 VMs. It installs Homebrew, Ansible, and specific versions of Xcode.
+
+1. Adoptium Image Creation (`orka.pkr.hcl`): This configuration builds upon the base image to create an Adoptium Sonoma ARM64 and Intel image, with a full Ansible playbook run excluding certain tags.
+
+## Prerequisites
+
+- [Packer](https://www.packer.io/downloads) installed on your system.
+- Access to a MacStadium Orka environment (via VPN).
+- Required environment variables set (`ORKA_TOKEN`, `XCode11_7_SAS_TOKEN`, `XCode15_0_1_SAS_TOKEN`).
+
+## Setup and Usage
+
+### Setting Environment Variables
+
+Set the necessary environment variables:
+
+```bash
+export ORKA_TOKEN="your-orka-token"
+export XCode11_7_SAS_TOKEN="your-xcode11.7-token"
+export XCode15_0_1_SAS_TOKEN="your-xcode15.0.1-token"
+```
+
+### Running the Packer Builds
+
+1. Building the Base image
+
+```bash
+packer init .
+packer build orka-base.pkr.hcl
+```
+
+This will create the base image for sonoma-arm64 and somoma-intel VMs. The base step has a pause which allows users to manually make any required changes and then resume the build.
+
+1. Building the Adoptium image
+
+The Adoptium image depends on the base image. This generates the images that we use in Jenkins and contains the full set of dependencies.
+
+```bash
+packer init .
+packer build orka.pkr.hcl
+```
diff --git a/ansible/packer/orka-base.pkr.hcl b/ansible/packer/orka-base.pkr.hcl
@@ -0,0 +1,98 @@
+packer {
+ required_plugins {
+ macstadium-orka = {
+ source = "github.com/macstadium/macstadium-orka"
+ version = "~>3"
+ }
+ ansible = {
+ source = "github.com/hashicorp/ansible"
+ version = "~> 1"
+ }
+ }
+}
+
+variable "ORKA_TOKEN" {
+ default = env("ORKA_TOKEN")
+}
+
+variable "ORKA_ENDPOINT" {
+ default = "http://10.221.188.20"
+}
+
+variable "XCode11_7_SAS_TOKEN" {
+ default = env("XCode11_7_SAS_TOKEN")
+}
+
+variable "XCode15_0_1_SAS_TOKEN" {
+ default = env("XCode15_0_1_SAS_TOKEN")
+}
+
+source "macstadium-orka" "sonoma-arm64" {
+ source_image = "sonoma-90gb-orka3-arm"
+ image_name = "sonoma-arm64-base"
+ image_description = "Base image with sudoers setup and xcode/brew/ansible installed"
+ image_force_overwrite = true
+ orka_endpoint = var.ORKA_ENDPOINT
+ orka_auth_token = var.ORKA_TOKEN
+ orka_vm_builder_name = "sonoma-arm64-builder"
+}
+
+source "macstadium-orka" "sonoma-intel" {
+ source_image = "90gbsonomassh.img"
+ image_name = "sonoma-intel-base"
+ image_description = "Base image with sudoers setup and brew/ansible installed"
+ image_force_overwrite = true
+ orka_endpoint = var.ORKA_ENDPOINT
+ orka_auth_token = var.ORKA_TOKEN
+ orka_vm_builder_name = "sonoma-intel-builder"
+}
+
+# Generate the base image for the sonoma-arm64 VMs which we will use to run the ansible playbook
+build {
+ sources = [
+ "macstadium-orka.sonoma-arm64",
+ "macstadium-orka.sonoma-intel"
+ ]
+
+ # set sudoers to allow passwordless sudo
+ provisioner "shell" {
+ inline = [
+ "echo admin | sudo -S sh -c 'echo \"%admin ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers'",
+ ]
+ }
+
+ # Pause the provisioner until user interacts (for install Xcode etc)
+ provisioner "breakpoint" {}
+
+ # Install homebrew and ansible
+ provisioner "shell" {
+ inline = [<<EOF
+ /bin/bash -c '\
+ curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh | bash; \
+ ARCH=$(uname -m); \
+ if [ "$ARCH" = "x86_64" ]; then \
+ BREW_PATH=/usr/local/bin; \
+ else \
+ BREW_PATH=/opt/homebrew/bin; \
+ fi; \
+ echo eval "$($BREW_PATH/brew shellenv)" >> /Users/admin/.zprofile; \
+ eval "$($BREW_PATH/brew shellenv)"; \
+ echo export PATH="$BREW_PATH:$PATH" >> /Users/admin/.zprofile; \
+ brew install ansible;'
+EOF
+ ]
+ }
+
+ # Install Xcode
+ provisioner "ansible-local" {
+ playbook_file = "../playbooks/AdoptOpenJDK_Unix_Playbook/main.yml"
+ playbook_dir = "../playbooks/AdoptOpenJDK_Unix_Playbook"
+ extra_arguments = [
+ "--extra-vars", "ansible_user=admin",
+ "--extra-vars", "XCode11_7_SAS_TOKEN=\"${var.XCode11_7_SAS_TOKEN}\"",
+ "--extra-vars", "XCode15_0_1_SAS_TOKEN=\"${var.XCode15_0_1_SAS_TOKEN}\"",
+ "--tags", "xcode11,xcode15"
+ ]
+ command = "source /Users/admin/.zprofile; ansible-playbook"
+ }
+}