diff --git a/.github/labeler.yml b/.github/labeler.yml index e7ae3a4e2f..f34cb11fc0 100644 --- a/.github/labeler.yml +++ b/.github/labeler.yml @@ -9,20 +9,22 @@ # label_name: # - path/to/file_or_folder + ghActions: - - .github/workflows/**/* +- changed-files: + - any-glob-to-any-file: [.github/*] doc: - - docs/* - - '**/*.md' +- changed-files: + - any-glob-to-any-file: [docs/*, '**/*.md'] Vagrant: - - ansible/pbTestScripts/**/* - - ansible/vagrant/Vagrantfile* +- changed-files: + - any-glob-to-any-file: [ansible/pbTestScripts/**/*, ansible/vagrant/Vagrantfile*] pbTests: - - ansible/pbTestScripts/**/* +- changed-files: + - any-glob-to-any-file: [ansible/pbTestScripts/**/*] docker: - - ansible/docker/Dockerfile* +- changed-files: + - any-glob-to-any-file: [ansible/docker/Dockerfile*] ansible: - - ansible/playbooks/**/* - - ansible/plugins/**/* - - ansible/inventory.yml - - ansible/ansible.cfg +- changed-files: + - any-glob-to-any-file: [ansible/playbooks/**/*, ansible/plugins/**/*, ansible/inventory.yml, ansible/ansible.cfg] diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b74dbb3895..9238511028 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,10 +25,10 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up Docker Buildx to use cache feature - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 - name: Login to Docker Hub uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3 @@ -39,7 +39,7 @@ jobs: - name: Docker Build CentOS6 Image Test - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a # v2.10.0 + uses: docker/build-push-action@af5a7ed5ba88268d5278f7203fb52cd833f66d6e # v5.2.0 with: file: ./ansible/docker/Dockerfile.CentOS6 build-args: git_sha=${{ github.sha }} @@ -50,7 +50,7 @@ jobs: if: github.ref != 'refs/heads/master' - name: Docker Build & Push Centos6 Image to Docker Hub On Merge - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a # v2.10.0 + uses: docker/build-push-action@af5a7ed5ba88268d5278f7203fb52cd833f66d6e # v5.2.0 with: file: ./ansible/docker/Dockerfile.CentOS6 build-args: git_sha=${{ github.sha }} @@ -65,13 +65,13 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up Docker Buildx to use cache feature - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 - name: Docker Build Alpine3 Image - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a # v2.10.0 + uses: docker/build-push-action@af5a7ed5ba88268d5278f7203fb52cd833f66d6e # v5.2.0 with: file: ./ansible/docker/Dockerfile.Alpine3 build-args: git_sha=${{ github.sha }} diff --git a/.github/workflows/build_mac.yml b/.github/workflows/build_mac.yml index 8720ba7998..8c57eb9ae4 100644 --- a/.github/workflows/build_mac.yml +++ b/.github/workflows/build_mac.yml @@ -17,10 +17,12 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - os: [macos-11] + include: + - os: [macos-11] + - os: [macos-14] steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install dependencies run: brew install ansible diff --git a/.github/workflows/build_qemu.yml b/.github/workflows/build_qemu.yml index c4df6ab2e5..2f56f628d7 100644 --- a/.github/workflows/build_qemu.yml +++ b/.github/workflows/build_qemu.yml @@ -36,7 +36,7 @@ jobs: # distro: jessie steps: - - uses: actions/checkout@01aecccf739ca6ff86c0539fbc67a7a5007bbc81 # v2.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Run on architecture uses: uraimo/run-on-arch-action@517085f0367c8256bcfa753e3e13e1550af09954 # v2.7.1 diff --git a/.github/workflows/build_vagrant.yml b/.github/workflows/build_vagrant.yml index 8e3b12ceab..d92af98739 100644 --- a/.github/workflows/build_vagrant.yml +++ b/.github/workflows/build_vagrant.yml @@ -19,39 +19,53 @@ permissions: jobs: build-solaris: name: Solaris - runs-on: macos-12 + runs-on: ubuntu-latest steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: Install dependencies - run: | - brew install ansible + - name: Install Ansible + run: sudo apt-get install ansible + + - name: Install VirtualBox + run: sudo apt-get install virtualbox + + - name: Install Vagrant + run: sudo apt-get install vagrant + + - name: Cache Solaris10.box + id: solaris-10-cache + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + with: + path: Solaris10.box + key: sol10boxcache - - name: Install Solaris 10 Box If Not Already Present + - name: Download Solaris 10 Box If Cache Misses + if: steps.solaris-10-cache.outputs.cache-hit != 'true' + run: wget https://ci.adoptium.net/userContent/vagrant/Solaris10.box.gz + + - name: Verify Checksum If Cache Misses + if: steps.solaris-10-cache.outputs.cache-hit != 'true' run: | - if [ `vagrant box list|grep ^solaris10|wc -l` -gt 0 ] + CKSUM=`shasum -a 256 ./Solaris10.box.gz|cut -d" " -f1` + if [ "$CKSUM" = "0879215f4bf03f5e125addb139d0b5a49a4f8a258297b765cf1f22a8a7ee3309" ] then - echo "Box Exists - Do Nothing" + echo "Checksum OK" else - echo "No Box - Download From Jenkins And Import" - wget https://ci.adoptium.net/userContent/vagrant/Solaris10.box.gz - CKSUM=`shasum -a 256 ./Solaris10.box.gz|cut -d" " -f1` - if [ "$CKSUM" = "0879215f4bf03f5e125addb139d0b5a49a4f8a258297b765cf1f22a8a7ee3309" ] - then - echo "Checksum OK" - gunzip Solaris10.box.gz - vagrant box add --name="solaris10" ./Solaris10.box - rm Solaris10.box - else - echo "Sum Bad" - exit 99; - fi + echo "Sum Bad" + exit 99; fi + - name: Extract Solaris10.box.gz If Cache Misses + if: steps.solaris-10-cache.outputs.cache-hit != 'true' + run: gunzip Solaris10.box.gz + + - name: Add Solaris 10 Box To Vagrant + run: vagrant box add --name="solaris10" ./Solaris10.box + - name: Setup Vagrant VM + working-directory: ansible run: | - cd ansible ln -sf vagrant/Vagrantfile.Solaris10 Vagrantfile rm -f id_rsa.pub id_rsa # Copy the machine's ssh key for the VMs to use, after removing prior files @@ -61,12 +75,13 @@ jobs: vagrantPORT=$(vagrant port | grep host | awk '{ print $4 }') rm -f playbooks/AdoptOpenJDK_Unix_Playbook/hosts.unx echo "[127.0.0.1]:${vagrantPORT}" >> playbooks/AdoptOpenJDK_Unix_Playbook/hosts.unx + [ ! -d $HOME/.ssh ] && mkdir $HOME/.ssh && chmod 700 $HOME/.ssh [ ! -r $HOME/.ssh/known_hosts ] && touch $HOME/.ssh/known_hosts && chmod 644 $HOME/.ssh/known_hosts + [ ! -d $HOME/.ansible ] && mkdir $HOME/.ansible ssh-keygen -R $(cat playbooks/AdoptOpenJDK_Unix_Playbook/hosts.unx) sed -i -e "s/.*hosts:.*/ hosts: all/g" playbooks/AdoptOpenJDK_Unix_Playbook/main.yml awk '{print}/^\[defaults\]$/{print "private_key_file = id_rsa"; print "timeout = 60"; print "remote_tmp = $HOME/.ansible/tmp"}' < ansible.cfg > ansible.cfg.tmp && mv ansible.cfg.tmp ansible.cfg - name: Run Ansible Playbook - run: | - cd ansible - ansible-playbook -i playbooks/AdoptOpenJDK_Unix_Playbook/hosts.unx --ssh-common-args='-o StrictHostKeyChecking=no -o HostKeyAlgorithms=ssh-rsa' -u vagrant -b --skip-tags adoptopenjdk,cups playbooks/AdoptOpenJDK_Unix_Playbook/main.yml + working-directory: ansible + run: ansible-playbook -i playbooks/AdoptOpenJDK_Unix_Playbook/hosts.unx --ssh-common-args='-o HostKeyAlgorithms=ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 -o PubKeyAcceptedKeyTypes=ssh-rsa' -u vagrant -b --skip-tags adoptopenjdk,cups playbooks/AdoptOpenJDK_Unix_Playbook/main.yml diff --git a/.github/workflows/build_wsl.yml b/.github/workflows/build_wsl.yml index d9b688c015..96e2ddd031 100644 --- a/.github/workflows/build_wsl.yml +++ b/.github/workflows/build_wsl.yml @@ -41,9 +41,9 @@ jobs: .\ConfigureRemotingForAnsible.ps1 -ForceNewSSLCert .\ConfigureRemotingForAnsible.ps1 -SkipNetworkProfileCheck - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: Vampire/setup-wsl@c5a800f46e4525a2e9f0b4d2be3262c85dea9f57 # v2.0.2 + - uses: Vampire/setup-wsl@d4e837996638afd047e7b468de70e28fe76cf75a # v3.0.0 - name: Install dependencies run: | diff --git a/.github/workflows/check_dockerstatic.yml b/.github/workflows/check_dockerstatic.yml index 5127786bb6..86079786c4 100644 --- a/.github/workflows/check_dockerstatic.yml +++ b/.github/workflows/check_dockerstatic.yml @@ -28,7 +28,7 @@ jobs: - os: alpine3.19 dockerfile: "Dockerfile.alp319" steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Test Dockerfile on ${{ matrix.os }} env: DOCKERFILE: ${{ matrix.dockerfile }} @@ -45,7 +45,7 @@ jobs: - os: centos8 dockerfile: "Dockerfile.cent8" steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Test Dockerfile on ${{ matrix.os }} env: DOCKERFILE: ${{ matrix.dockerfile }} @@ -62,7 +62,7 @@ jobs: - os: fedora39 dockerfile: "Dockerfile.f39" steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Test Dockerfile on ${{ matrix.os }} env: DOCKERFILE: ${{ matrix.dockerfile }} @@ -83,7 +83,7 @@ jobs: - os: ubuntu22.04 dockerfile: "Dockerfile.u2204" steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Test Dockerfile on ${{ matrix.os }} env: DOCKERFILE: ${{ matrix.dockerfile }} diff --git a/.github/workflows/code-freeze.yml b/.github/workflows/code-freeze.yml index 83ffd2746c..5f06ab68f4 100644 --- a/.github/workflows/code-freeze.yml +++ b/.github/workflows/code-freeze.yml @@ -7,6 +7,10 @@ on: issue_comment: types: [created] +permissions: + contents: write + pull-requests: write + jobs: codefreeze: uses: adoptium/.github/.github/workflows/code-freeze.yml@main diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index b32d3a518f..c4a207d2c7 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -5,17 +5,22 @@ on: pull_request_target: issues: issue_comment: - + jobs: triage: + permissions: + contents: read + pull-requests: write + issues: write runs-on: ubuntu-latest + name: Assign Labels steps: - - uses: actions/labeler@5c7539237e04b714afd8ad9b4aed733815b9fab4 # v4.0.2 + - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 if: ${{ github.event.pull_request }} with: repo-token: "${{ secrets.GITHUB_TOKEN }}" - - uses: fuxingloh/multi-labeler@fb9bc28b2d65e406ffd208384c5095793c3fd59a # v1.8.0 + - uses: fuxingloh/multi-labeler@b15a54460c38f54043fa75f7b08a0e2aa5b94b5b # v4.0.0 with: github-token: "${{secrets.GITHUB_TOKEN}}" config-path: .github/regex_labeler.yml diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 4c51a72abb..4f7dbebf30 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -25,7 +25,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: 'Yamllint' uses: karancode/yamllint-github-action@fdef6bc189425ecc84cc4543b2674566c0827053 # v2.1.1 @@ -39,10 +39,10 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up Python 3.x - uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa # v2.3.3 + uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 with: python-version: '3.x' diff --git a/.github/workflows/semgrep_diff.yml b/.github/workflows/semgrep_diff.yml new file mode 100644 index 0000000000..6c44589a6d --- /dev/null +++ b/.github/workflows/semgrep_diff.yml @@ -0,0 +1,23 @@ +--- +name: Semgrep Differential Scan +on: + pull_request: + +jobs: + semgrep-diff: + runs-on: ubuntu-latest + container: + image: returntocorp/semgrep + + steps: + # Step 1: Clone application source code + - name: Checkout code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + + # Step 2: Differential scan + - name: Differential scan + run: | + semgrep ci \ + --config="p/trailofbits" diff --git a/.semgrepignore b/.semgrepignore new file mode 100644 index 0000000000..09f86810a2 --- /dev/null +++ b/.semgrepignore @@ -0,0 +1,2 @@ +# Ignore The Nagios Configuration J2 templates, as they are only examples. +./ansible/playbooks/nagios/roles/Nagios_Config/files/templates/*.j2 diff --git a/FAQ.md b/FAQ.md index 447b8727ed..cc850474fb 100644 --- a/FAQ.md +++ b/FAQ.md @@ -208,8 +208,10 @@ is more information on running tests yourself in the A few examples that test specific pieces of infra-related functionality so useful to be aware of. These are the parameters to pass into a Grinder job in jenkins. If using -these from the command line as per the example above, the `TARGET` name -should have an underscore `_` prepended to it. +these from the command line instead of a Grinder job there are a couple of +things regarding the information in this table: +- The `TARGET` name should have an underscore `_` prepended to it (like the shell snippet above) +- For custom targets, specify it as a JDK_CUSTOM_TARGET variable to make e.g. `make _jdk_custom JDK_CUSTOM_TARGET=java/lang/invoke/lambda/LambdaFileEncodingSerialization.java` | `BUILD_LIST` | `TARGET` | `CUSTOM_TARGET` | What does it test? | | --- | --- | --- | --- | diff --git a/README.md b/README.md index dd573e6837..d5a5ba53e9 100644 --- a/README.md +++ b/README.md @@ -118,11 +118,11 @@ to do an out-of-bound patch if a sufficientl sever issue is identified. to identify any potential problems. Allow jenkins to upgrade itself 5. Redo step 1/2 so that any plugins that were unable to be updated due to the older jenkins level can update themselves. -6. If necessary, and the remediation cannot be performed within the window, - identify potentially risky plugins that were held back and create an issue - to deal with them in the next cycle. - -(TODO: Publish and link to video of an upgrade session) +6. If necessary, and the remediation cannot be performed within the + maintenance window, identify potentially risky plugins that were held + back and create an issue to deal with them in the next cycle. +7. Backup the main war in /usr/share/jenkins to a name with a version suffix + in case of corruption to the main jar. ### Backups diff --git a/ansible/create-solaris-esxi.md b/ansible/create-solaris-esxi.md new file mode 100644 index 0000000000..4dc74050fa --- /dev/null +++ b/ansible/create-solaris-esxi.md @@ -0,0 +1,88 @@ +# Instructions for creating Solaris machines in ESXi + +## Creating the new machine template + +1. Login to https://esxi.adoptopenjdk.net. @gdams and @sxa have credentials if needed. +1. Click `Create / Register VM`. +1. Click `Create a new virtual machine`. +1. Select a name and guest OS: + - Name: Provide a hostname + - Compatibility: `ESXi 6.5 virtual machine`. + - Guest OS family: `Other`. + - Guest OS version: `Oracle Solaris 10 (64-bit)` +1. Leave the storage as `datastore1`. +1. Customize settings: + - CPU: Select `4` unless more is needed. + - Memory: Select `8GB` unless more is needed. + - Hard disk 1: Select a minimum of 120GB. + - Network Adapter 1: Ensure that `VM Network` is selected and the `Connect` box is ticked. + - CD/DVD Drive 1: Select `Datastore ISO file`, then select `sol-10-u11-ga-x86-dvd.iso`. +1. Click `Finish` + + +## First boot and Solaris Installation + +### System Identification + +1. Once the machine has been created, click on it and select the `Power on` option. +1. You should then be able to click the console screen in the left corner which should display the `GNU GRUB` loader. +1. `Oracle Solaris` should boot by default or you can hit the enter button. +1. Type `1` and then enter (Oracle Solaris Interactive default) +1. Select the keyboard layout (in my case `UK-English`) and then hit `F2` (Or `Escape` then `2` as an alternative. +1. Press Enter in the screen test shell. +1. Select a language (in my case `0`), then hit Enter. +1. Click `F2` for the next few screen using the default settings until you get to the hostname. +1. Set the hostname to match what you set the machine name is ESXi to be and then hit `F2`. +1. Set the IP address. The current block of IP's that we have is `147.75.85.208/29` (8 addresses) See the [inventory.yml](https://github.com/temurin-compliance/infrastructure/blob/master/ansible/inventory.yml) and the [temurin-compliance inventory](https://github.com/temurin-compliance/infrastructure/blob/master/ansible/inventory.yml) to find out which of those are already in use. +1. The system is part of a subnet so select `Yes` at the next screen. +1. Set the subnet mask as `255.255.255.248`. +1. Select `No` to IPv6 support. +1. For the default route, use the `Specify one` option and set it to be `147.75.85.209`. +1. Check the summary and hit `F2` to confirm the network settings. +1. Select `No` to Kerberos security. +1. For the name service, select `DNS`. +1. For the Domain name, type `adoptium.net`. +1. For the DNS Server Addresses, add the following IPs: + - 147.75.207.207 + - 147.75.207.208 +1. For the Search domain, you can enter nothing and hit `F2`. +1. The next screen will say there is a name service error. Ignore this and select `No` to entering new name service information. +1. Use the default options for NFSv4. +1. At the Time Zone screen, select the timezone as Europe (or wherever the machine is hosted). The select the country on the next page. +1. At the Root Password prompt, add a suitable root password (remember to write this down and ensure that someone changes it if they take ownership of the machine). +1. Select `Yes` for Enabling Remote services. +1. Unselect the option that asks about registering using My Oracle Support. + +### Solaris Interactive Installation + +1. Hit `F2` to do a Standard install. +1. Select `Install on a non-iSCSI target`. +1. Select `Automatically eject CD/DVD`. +1. Select `Auto Reboot`. +1. Select `CD/DVD` as the media source. +1. Accept the license and then set the Geographic Region. +1. Leave the locale as `POSIX C ( C )`. +1. Select `None` when it asks if you want to install Additional Products. +1. Select `ZFS` as the filesystem to use. +1. Select `Entire Disribution` as the software choice and select the only available disk device (which you created in ESXi). +1. Hit F2 to progress through the next couple of screens until you reach the summary page. Check the options and then hit `F2` to begin installation. +1. The Solaris Initial Install will run for a few minutes (now is the time to get a coffee). +1. Once the install has completed, you will see a sceen saying that the install is paused for 90 seconds. You need to eject the virtual disk in ESXi. If you still have the console window open you can click the `Actions` button in the top right corner, click `Edit settings` and change `CD/DVD Drive 1` back to be `Host Device`. Then click Save. You'll likely see a warning about the machine using the device, Click `Yes` and then `Answer`. +1. You can then type `c` to continue. The VM will now reboot and all being well, you should end up at a Solaris Login prompt. +1. Enter the root credentials that you created earlier and you'll be logged in. +1. You may see a prompt about `Starting a Desktop Login`. You want to cancel this by hitting `Enter`. (The Desktop doesn't work well until the VMWare Tools are installed.) + +### Enable root SSH login + +1. Before you can SSH into the machine, you'll need to change the SSH config file. Open `/etc/ssh/sshd_config` with `vi` and change the line `PermitRootLogin` to `yes`. Once changed, you need to restart the ssh service with `svcadm restart svc:/network/ssh:default`. + +### Install VMware Tools + +At this point the machine is essentially setup but, it's highly recommended to install the VMware Tools for monitoring. + +1. With the console window open you can click the `Actions` button in the top right corner. The hover over `Guest OS` in the dropdown and select `Install VMware Tools`. This will mount a disk drive on the machine which contains the executable. +1. Whilst in the home directory run the following command to extract the VMware Tools: `gunzip -c /cdrom/vmwaretools/vmware-solaris-tools.tar.gz | tar xf -`. +1. Start the installation process by running: `./vmware-tools-distrib/vmware-install.pl`. +1. Click enter several times accepting all the default options. +1. Enable Autostart on the machine by clicking `Actions` button in the top right corner. Hover over `Autostart` and select `Enable`. +1. Finally, reboot the machine and the installation is complete! diff --git a/ansible/docker/Dockerfile.Ubuntu2004-riscv64 b/ansible/docker/Dockerfile.Ubuntu2004-riscv64 index 0a635b3936..72d9c3665d 100644 --- a/ansible/docker/Dockerfile.Ubuntu2004-riscv64 +++ b/ansible/docker/Dockerfile.Ubuntu2004-riscv64 @@ -20,8 +20,8 @@ RUN groupadd -g 1000 ${user} RUN useradd -c "Jenkins user" -d /home/${user} -u 1000 -g 1000 -m ${user} ENV \ - JDK11_BOOT_DIR="/usr/lib/jvm/java-11-openjdk-riscv64" \ + JDK11_BOOT_DIR="/usr/lib/jvm/jdk-11" \ JDK17_BOOT_DIR="/usr/lib/jvm/jdk-17" \ JDK19_BOOT_DIR="/usr/lib/jvm/jdk-19" \ JDK21_BOOT_DIR="/usr/lib/jvm/jdk-21" \ - JAVA_HOME="/usr/lib/jvm/java-11-openjdk-riscv64" + JAVA_HOME="/usr/lib/jvm/jdk-11" diff --git a/ansible/inventory.yml b/ansible/inventory.yml index 8dc8401017..a30893aa3e 100644 --- a/ansible/inventory.yml +++ b/ansible/inventory.yml @@ -14,6 +14,7 @@ hosts: ubuntu2004-x64-1: {ip: 40.121.206.1, user: webmaster, description: jckservices.adoptium.net} ubuntu2204-x64-1: {ip: 172.187.163.163, user: adoptopenjdk, description: infra-wazuh-server} ubuntu2204-x64-2: {ip: 20.90.182.165, description: trss.adoptium.net} + ubuntu2204-x64-3: {ip: 172.187.93.97, description: awx.adoptium.net} - digitalocean: ubuntu2004-x64-1: {ip: 178.62.115.224, description: bastillion.adoptopenjdk.net} @@ -83,6 +84,9 @@ hosts: - dockerhost: + - azure: + ubuntu2204-x64-1: {ip: 52.180.147.157, description: Xeon Platinum 8272CL, 16 cores, 64GB} + - equinix: ubuntu2204-x64-1: {ip: 145.40.113.173, description: Intel Xeon Gold 40 core} ubuntu2004-x64-1: {ip: 145.40.114.58, description: AMD EPYC 7401P 24 core} @@ -159,6 +163,10 @@ hosts: macos1015-x64-1: {ip: 10.0.40.10, ipv6: "2a02:418:3001:40::10", user: administrator} macos1015-x64-2: {ip: 10.0.40.11, ipv6: "2a02:418:3001:40::11", user: administrator} + - scaleway: + ubuntu2310-riscv64-1: {ip: 62.210.163.13, user: ubuntu} + ubuntu2310-riscv64-2: {ip: 62.210.163.98, user: ubuntu} + - siteox: solaris10u11-sparcv9-1: {ip: cloud.siteox.com, port: 53322} diff --git a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/bootjdk/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/bootjdk/tasks/main.yml index 45dccace65..ad1e3ca31c 100644 --- a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/bootjdk/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/bootjdk/tasks/main.yml @@ -19,6 +19,7 @@ - '11' - '16' - '17' + - '21' - name: Set /usr/java8_64 as default file: diff --git a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/bootjdk/tasks/openjdk.yml b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/bootjdk/tasks/openjdk.yml index c5ca659635..8349b9d065 100644 --- a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/bootjdk/tasks/openjdk.yml +++ b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/bootjdk/tasks/openjdk.yml @@ -7,44 +7,57 @@ os_img: "aix/ppc64/jdk" heap: "normal" impl: "hotspot" - new_baseurl: "https://api.adoptium.net/v3/binary/latest" - new_vendor: "eclipse" - baseurl: "https://api.adoptopenjdk.net/v3/binary/latest" - vendor: "adoptopenjdk" - project: "{{ heap }}/{{ vendor }}?project=jdk" + adoptium_baseurl: "https://api.adoptium.net/v3/binary/latest" + adoptopenjdk_baseurl: "https://api.adoptopenjdk.net/v3/binary/latest" + adoptium_project: "{{ heap }}/eclipse?project=jdk" + adoptopenjdk_project: "{{ heap }}/adoptopenjdk?project=jdk" block: - name: Verify space in /usr include_tasks: chfs.yml - - name: Check for jdk {{ jdk }} availability + - name: Check for jdk {{ jdk }} availability in /usr/java{{ jdk }}_64 stat: - path: /usr/java{{ jdk }}_64 + path: /usr/java{{ jdk }}_64/bin/java register: java_installed - - name: Download JDK {{ jdk }} binary + - name: Download JDK {{ jdk }} binary from api.adoptopenjdk.net get_url: - url: "{{ baseurl }}/{{ jdk }}/ga/{{ os_img }}/{{ impl }}/{{ project }}" + url: "{{ adoptopenjdk_baseurl }}/{{ jdk }}/ga/{{ os_img }}/{{ impl }}/{{ adoptopenjdk_project }}" dest: /tmp/jdk{{ jdk }}.tar.gz mode: 0440 timeout: 25 retries: 3 delay: 5 when: - - java_installed.stat.isdir is not defined + - not java_installed.stat.exists + - jdk == '10' or jdk == '16' # These are the only two we still use from adoptopenjdk API + register: openjdk + + - name: Download JDK {{ jdk }} binary from api.adoptium.net + get_url: + url: "{{ adoptium_baseurl }}/{{ jdk }}/ga/{{ os_img }}/{{ impl }}/{{ adoptium_project }}" + dest: /tmp/jdk{{ jdk }}.tar.gz + mode: 0440 + timeout: 25 + retries: 3 + delay: 5 + when: + - not java_installed.stat.exists + - not ( jdk == '10' or jdk == '16' ) register: openjdk - name: Get Signature File Link shell: curl -s 'https://api.adoptium.net/v3/assets/latest/{{ jdk }}/hotspot?architecture=ppc64&image_type=jdk&os=aix&vendor=eclipse' | grep signature_link | awk '{split($0,a,"\""); print a[4]}' when: - jdk != '10' and jdk != '16' - - java_installed.stat.isdir is not defined + - not java_installed.stat.exists register: sig_output - name: GPG Signature verification script: ../Supporting_Scripts/package_signature_verification.sh -f /tmp/jdk{{ jdk }}.tar.gz -sl "{{ sig_output.stdout }}" -k {{ key.adoptium }} when: - jdk != '10' and jdk != '16' - - java_installed.stat.isdir is not defined + - not java_installed.stat.exists - name: Install JDK {{ jdk }} binary unarchive: @@ -52,7 +65,7 @@ dest: /usr remote_src: yes when: - - java_installed.stat.isdir is not defined + - not java_installed.stat.exists - name: Report HTTP 404 message debug: @@ -66,7 +79,7 @@ path: /tmp/jdk{{ jdk }}.tar.gz state: absent when: - - java_installed.stat.isdir is not defined + - not java_installed.stat.exists # jdk8 directories do not have a hyphen - name: Find java 8 directory @@ -75,7 +88,7 @@ paths: /usr patterns: 'jdk8u*' when: - - java_installed.stat.isdir is not defined + - not java_installed.stat.exists - jdk == '8' register: java8_directory @@ -85,7 +98,7 @@ paths: /usr patterns: 'jdk-{{ jdk }}*' when: - - java_installed.stat.isdir is not defined + - not java_installed.stat.exists - jdk != '8' register: java_directory @@ -98,7 +111,7 @@ with_items: - "{{ java8_directory.files }}" when: - - java_installed.stat.isdir is not defined + - not java_installed.stat.exists - jdk == '8' - name: Symlink to java{{ jdk }}_64 @@ -109,7 +122,7 @@ with_items: - "{{ java_directory.files }}" when: - - java_installed.stat.isdir is not defined + - not java_installed.stat.exists - jdk != '8' # Defaults for BootJDK API # AdoptOpenJDK changes to Adoptium: diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml index fe976ced42..e43cf47b4e 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml @@ -107,30 +107,25 @@ when: - (ansible_distribution != "Alpine" or ansible_architecture != "aarch64") - ansible_distribution != "Solaris" - - ansible_architecture != "riscv64" tags: build_tools - role: adoptopenjdk_install # Previous LTS jdk_version: 17 when: - ansible_distribution != "Solaris" tags: build_tools - - role: adoptopenjdk_install # JDK19 Build Bootstrap - jdk_version: 18 + - role: adoptopenjdk_install # JDK21 Build Bootstrap + jdk_version: 20 when: - ansible_distribution != "Alpine" - ansible_distribution != "Solaris" - ansible_architecture != "riscv64" - tags: build_tools - - role: adoptopenjdk_install # JDK20 Build Bootstrap - jdk_version: 19 - when: - - ansible_distribution != "Alpine" - - ansible_distribution != "Solaris" + - ansible_architecture != "armv7l" tags: build_tools - role: adoptopenjdk_install # Current LTS jdk_version: 21 when: - - ansible_architecture == "riscv64" + - ansible_distribution != "Solaris" + - ansible_architecture != "armv7l" tags: build_tools - role: Nagios_Plugins # AdoptOpenJDK Infrastructure tags: [nagios_plugins, adoptopenjdk] diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Clean_Up/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Clean_Up/tasks/main.yml index a0c1f4434f..d44eae9124 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Clean_Up/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Clean_Up/tasks/main.yml @@ -20,8 +20,6 @@ - name: Remove yum dependencies that are no longer required - RedHat and CentOS command: yum -y autoremove - args: - warn: no when: - (ansible_distribution == "RedHat" and ansible_distribution_major_version != "6") or (ansible_distribution == "CentOS" and ansible_distribution_major_version != "6") - ansible_architecture != "aarch64" diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/CentOS.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/CentOS.yml index 99907e2888..079cb95eb0 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/CentOS.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/CentOS.yml @@ -113,6 +113,12 @@ - ! (ansible_distribution_major_version == "7" and ansible_architecture == "s390x") tags: build_tools +- name: Install jq for SBoM parsing for build reproducibility testing + package: "name=jq state=latest" + when: + - ansible_distribution_major_version > "7" + tags: test_tools + - name: Add devtools-2 to yum repo list for gcc 4.8 get_url: url: https://people.centos.org/tru/devtools-2/devtools-2.repo @@ -190,6 +196,13 @@ - ansible_distribution_major_version == "6" tags: build_tools +- name: Install jq for SBoM parsing for build reproducibility testing + package: "name=jq state=latest" + when: + - ansible_distribution_major_version != "6" + - ansible_distribution_major_version != "7" + tags: test_tools + ############################## # expat on CentOS on x86_64 # ############################## diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/RedHat.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/RedHat.yml index 46d5691c18..69268ba445 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/RedHat.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/RedHat.yml @@ -16,7 +16,6 @@ - ansible_architecture == "x86_64" tags: patch_update - - name: Enable EPEL release for RHEL8 or RHEL6 or RHEL7 yum: name=https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm failed_when: false @@ -110,6 +109,12 @@ - (ansible_distribution_major_version == "8") tags: build_tools +- name: Install jq for SBoM parsing for build reproducibility testing + package: "name=jq state=latest" + when: + - ansible_distribution_major_version > "7" + tags: test_tools + ################# # xorg Packages # ################# diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/SLES.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/SLES.yml index e487028701..71cc7ab63b 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/SLES.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/SLES.yml @@ -23,7 +23,7 @@ - name: Add Devel-Tools repository (SLES15) zypper_repository: - repo: https://download.opensuse.org/repositories/devel:/tools/15.4/devel:tools.repo + repo: https://download.opensuse.org/repositories/devel:/tools/15.5/devel:tools.repo auto_import_keys: yes state: present when: diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Debian.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Debian.yml index 0da7c701a1..28096f1d24 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Debian.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Debian.yml @@ -104,6 +104,7 @@ Test_Tool_Packages: - binfmt-support - qemu-user-static - gnutls-bin + - jq # For parsing SBoM during reproducibility tests - libnss3 - libnss3-dev - libnss3-tools diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Fedora.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Fedora.yml index f45d1ef322..149ab1d9d9 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Fedora.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Fedora.yml @@ -132,6 +132,7 @@ Test_Tool_Packages: - zlib-devel - perl-devel - expat-devel + - jq # For parsing SBoM during reproducibility tests - libcurl-devel - mercurial - gnutls diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/MacOSX.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/MacOSX.yml index 7b3506b690..1b5f24865c 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/MacOSX.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/MacOSX.yml @@ -21,7 +21,6 @@ Build_Tool_Packages_NOT_10_12: - ccache # ccache is no longer working on macOS 10.12 Build_Tool_Casks: - - adoptopenjdk10 - packages Test_Tool_Packages: diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/SLES.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/SLES.yml index ce8127ea30..0d8775b754 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/SLES.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/SLES.yml @@ -98,6 +98,7 @@ Test_Tool_Packages: - xorg-x11-server-extra - glibc-locale # Internationalization tests - gnutls + - jq # For parsing SBoM during reproducibility tests - mozilla-nss - mozilla-nss-devel - mozilla-nss-tools diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Ubuntu.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Ubuntu.yml index 81462d0ccc..b73ce02149 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Ubuntu.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Ubuntu.yml @@ -119,6 +119,7 @@ Test_Tool_Packages: - libexpat1-dev - libcurl4-openssl-dev - fakeroot + - jq # For parsing SBoM during reproducibility tests - gnutls-bin - libnss3 - libnss3-tools diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/NTP_TIME/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/NTP_TIME/tasks/main.yml index 7e0fd6e8ac..d17df7d829 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/NTP_TIME/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/NTP_TIME/tasks/main.yml @@ -37,15 +37,41 @@ - (ansible_distribution == "Ubuntu") or (ansible_distribution == "SLES" and ansible_distribution_major_version == "11") tags: ntp_time +- name: Gather Facts About The Services Present + service_facts: + tags: ntp_time + +- name: Check If NTPD Exists In The Service Facts + set_fact: + ntpd_entry_exists: "{{ 'ntpd.service' in services }}" + when: ansible_facts.services is defined + tags: ntp_time + +- name: Set Fact Where NTPD Is Not Available As A Service + set_fact: + ntpd_entry_exists: "false" + when: ansible_facts.services is not defined + tags: ntp_time + +- name: Display NTPD Status + debug: + var: ntpd_entry_exists + when: + - (ansible_distribution == "RedHat" and ansible_distribution_major_version != "8") or + (ansible_distribution == "SLES" and ansible_distribution_major_version == "12") or + (ansible_distribution == "CentOS" and ansible_distribution_major_version == "7" ) + tags: ntp_time + - name: Start NTP for RedHat, SLES 12 and CentOS 7 service: name: ntpd state: restarted enabled: yes when: + - ntpd_entry_exists | default(false) | bool - (ansible_distribution == "RedHat" and ansible_distribution_major_version != "8") or (ansible_distribution == "SLES" and ansible_distribution_major_version == "12") or - (ansible_distribution == "centos" and ansible_distribution_major_version == "7" ) + (ansible_distribution == "CentOS" and ansible_distribution_major_version == "7" ) tags: ntp_time - name: Start NTP for SUSE12 diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Providers/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Providers/tasks/main.yml index 15c0edf5c7..49b1af67d6 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Providers/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Providers/tasks/main.yml @@ -66,11 +66,11 @@ - providers - adoptopenjdk -########### -# Marist # -########### +##################### +# Marist & Scaleway # +##################### -# Marist machines need their host template updated for changes to /etc/hosts to persist +# Marist & Scaleway machines need their host template updated for changes to /etc/hosts to persist - name: Update /etc/cloud/cloud.cfg file - To remove update hosts function lineinfile: dest: /etc/cloud/cloud.cfg @@ -78,7 +78,7 @@ state: absent when: - provider_name.rc == 0 - - provider_name.stdout == "marist" + - (provider_name.stdout == "marist" or provider_name.stdout == "scaleway") tags: - providers - adoptopenjdk diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Xcode11/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Xcode11/tasks/main.yml index 623b658855..4fdb4d88ef 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Xcode11/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Xcode11/tasks/main.yml @@ -11,7 +11,7 @@ - name: Check if SAS variable is defined set_fact: apple_variables: yes - when: not xcode11_installed.stat.exists and XCode11.7_SAS_TOKEN is defined + when: not xcode11_installed.stat.exists and vars['XCode11.7_SAS_TOKEN'] is defined - name: Display Information when XCode11.7_SAS_TOKEN is not defined debug: diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/adoptopenjdk_install/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/adoptopenjdk_install/tasks/main.yml index f02f099f7c..d7e0c79261 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/adoptopenjdk_install/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/adoptopenjdk_install/tasks/main.yml @@ -1,12 +1,28 @@ --- ############################################################## -# ansible install adoptopenjdk into /usr/lib/jvm/JDK_VERSION # +# ansible install adopt binary into /usr/lib/jvm/JDK_VERSION # ############################################################## # Conditions: # Check if target is installed # Proceed with installing to /usr/lib/jvm +- name: Use adoptium API if release is available at adoptium + set_fact: + api_url: https://api.adoptium.net + api_vendor: eclipse + when: + - jdk_version == 8 or jdk_version == 11 or ( jdk_version | int >= 17) + tags: adoptopenjdk_install + +- name: Use adoptopenjdk API if release is not supported by adoptium + set_fact: + api_url: https://api.adoptopenjdk.net + api_vendor: adoptopenjdk + when: + - jdk_version == 10 or jdk_version == 16 + tags: adoptopenjdk_install + - name: Set path variable when jdk_version == 8 set_fact: path: /usr/lib/jvm/jdk8 @@ -134,21 +150,21 @@ - ansible_distribution != "MacOSX" - not ((ansible_distribution == "RedHat" or ansible_distribution == "CentOS") and ansible_distribution_major_version == "6") - ansible_os_family != "Solaris" - - not (ansible_architecture == "riscv64" and (jdk_version == 21 or jdk_version == 19 or jdk_version == 17)) # Linux-riscv64 for JDK 17, 19, 21 are special cased + - not (ansible_architecture == "riscv64" and (jdk_version == 21 or jdk_version == 20 or jdk_version == 19 or jdk_version == 17 or jdk_version == 11)) # Linux-riscv64 for JDK 11, 17, 19, 21 are special cased - adoptopenjdk_installed.rc != 0 tags: adoptopenjdk_install # Api does not return release information for JDK10 block: - name: Get Signature File Link (Linux/Alpine-Linux) - shell: curl -s 'https://api.adoptium.net/v3/assets/feature_releases/{{ jdk_version }}/ga?architecture={{ api_architecture }}&heap_size=normal&image_type=jdk&jvm_impl={{ bootjdk }}&os={{ platformLinux }}&page=0&page_size=1&project=jdk&vendor=eclipse' | grep signature_link | awk '{split($0,a,"\""); print a[4]}' + shell: curl -s '{{ api_url }}/v3/assets/feature_releases/{{ jdk_version }}/ga?architecture={{ api_architecture }}&heap_size=normal&image_type=jdk&jvm_impl={{ bootjdk }}&os={{ platformLinux }}&page=0&page_size=1&project=jdk&vendor={{ api_vendor }}' | grep signature_link | awk '{split($0,a,"\""); print a[4]}' when: - - jdk_version != 10 + - jdk_version != 10 and jdk_version != 16 - not (jdk_version == 8 and ansible_architecture == "s390x") register: sig_output - name: Download latest release (Linux/Alpine-Linux) get_url: - url: https://api.adoptopenjdk.net/v3/binary/latest/{{ jdk_version }}/ga/{{ platformLinux }}/{{ api_architecture }}/jdk/{{ bootjdk }}/normal/adoptopenjdk?project=jdk + url: "{{ api_url }}/v3/binary/latest/{{ jdk_version }}/ga/{{ platformLinux }}/{{ api_architecture }}/jdk/{{ bootjdk }}/normal/{{ api_vendor }}?project=jdk" dest: /tmp/jdk{{ jdk_version }}.tar.gz mode: 0440 retries: 3 @@ -159,10 +175,10 @@ - name: GPG Signature verification (Linux/Alpine-Linux) script: ../Supporting_Scripts/package_signature_verification.sh -f /tmp/jdk{{ jdk_version }}.tar.gz -sl "{{ sig_output.stdout }}" -k {{ key.adoptium }} when: - - jdk_version != 10 + - jdk_version != 10 and jdk_version != 16 - not (jdk_version == 8 and ansible_architecture == "s390x") - - name: Install latest release if one not already installed (Linux/Alpine-Linux) + - name: Install latest Adopt JDK{{ jdk_version }} if one not already installed (Linux/Alpine-Linux) unarchive: src: /tmp/jdk{{ jdk_version }}.tar.gz dest: /usr/lib/jvm @@ -265,6 +281,37 @@ path: /tmp/jdk17.tar.gz state: absent +# JDK 11 on Linux-riscv64 is a special-case because the Ubuntu openjdk-11-jdk package is just too +# damn slow (it's Zero VM) and times out on CI +- name: Install JDK {{ jdk_version }} on Linux-riscv64 + when: + - ansible_architecture == "riscv64" and jdk_version == 11 + - adoptopenjdk_installed.rc != 0 + tags: adoptopenjdk_install + # Api does not return release information for JDK10 + block: + - name: Download jdk{{ jdk_version }} release (Linux-riscv64) + get_url: + url: https://ci.adoptium.net/userContent/riscv/OpenJDK11U-jdk_riscv64_linux_hotspot_2024-02-08-16-01.tar.gz + dest: /tmp/jdk11.tar.gz + mode: 0440 + checksum: sha256:b14e237de3929f235671c38694a9458e7aeab1720065edc1888aa8754a2e21b2 + retries: 3 + delay: 5 + register: adoptopenjdk_download + until: adoptopenjdk_download is not failed + + - name: Install latest jdk{{ jdk_version }} release if one not already installed (Linux-riscv64) + unarchive: + src: /tmp/jdk11.tar.gz + dest: /usr/lib/jvm + remote_src: yes + + - name: Remove jdk11.tar.gz (Linux-riscv64) + file: + path: /tmp/jdk11.tar.gz + state: absent + # # CentOS6 needs it's own task so it can use a different python interpreter. # # See: https://github.com/adoptium/infrastructure/issues/1877 - name: Install latest JDK {{ jdk_version }} release if not already installed (CentOS6) @@ -274,7 +321,7 @@ tags: adoptopenjdk_install block: - name: Download latest JDK {{ jdk_version }} release (CentOS6) - command: wget -q 'https://api.adoptopenjdk.net/v3/binary/latest/{{ jdk_version }}/ga/{{ platformLinux }}/{{ api_architecture }}/jdk/{{ bootjdk }}/normal/adoptopenjdk?project=jdk' -O /tmp/jdk{{ jdk_version }}.tar.gz + command: wget -q '{{ api_url }}/v3/binary/latest/{{ jdk_version }}/ga/{{ platformLinux }}/{{ api_architecture }}/jdk/{{ bootjdk }}/normal/{{ api_vendor }}?project=jdk' -O /tmp/jdk{{ jdk_version }}.tar.gz vars: ansible_python_interpreter: /usr/local/python2/bin/python2.7 retries: 3 @@ -283,15 +330,15 @@ until: adoptopenjdk_download is not failed - name: Get Signature File Link (CentOS6) - shell: curl -s 'https://api.adoptium.net/v3/assets/feature_releases/{{ jdk_version }}/ga?architecture={{ api_architecture }}&heap_size=normal&image_type=jdk&jvm_impl={{ bootjdk }}&os={{ platformLinux }}&page=0&page_size=1&project=jdk&vendor=eclipse' | grep signature_link | awk '{split($0,a,"\""); print a[4]}' + shell: curl -s '{{ api_url }}/v3/assets/feature_releases/{{ jdk_version }}/ga?architecture={{ api_architecture }}&heap_size=normal&image_type=jdk&jvm_impl={{ bootjdk }}&os={{ platformLinux }}&page=0&page_size=1&project=jdk&vendor={{ api_vendor }}' | grep signature_link | awk '{split($0,a,"\""); print a[4]}' when: - - jdk_version != 10 + - jdk_version != 10 and jdk_version != 16 register: sig_output - name: GPG Signature verification (CentOS6) script: ../Supporting_Scripts/package_signature_verification.sh -f /tmp/jdk{{ jdk_version }}.tar.gz -sl "{{ sig_output.stdout }}" -k {{ key.adoptium }} when: - - jdk_version != 10 + - jdk_version != 10 and jdk_version != 16 - name: Install latest JDK {{ jdk_version }} release (CentOS6) unarchive: @@ -312,16 +359,16 @@ block: - name: Download latest JDK {{ jdk_version }} release (macOS) get_url: - url: https://api.adoptium.net/v3/installer/latest/{{ jdk_version }}/ga/mac/{{ api_architecture }}/jdk/{{ bootjdk }}/normal/eclipse?project=jdk + url: "{{ api_url }}/v3/installer/latest/{{ jdk_version }}/ga/mac/{{ api_architecture }}/jdk/{{ bootjdk }}/normal/{{ api_vendor }}?project=jdk" dest: /tmp/{{ jdk_version }}-installer.pkg register: adoptopenjdk_download until: adoptopenjdk_download is not failed when: - - jdk_version != 10 + - jdk_version != 10 and jdk_version != 16 - name: Download JDK10 tarball when installer is not available (macOS) unarchive: - src: https://api.adoptopenjdk.net/v3/binary/latest/{{ jdk_version }}/ga/mac/{{ api_architecture }}/jdk/{{ bootjdk }}/normal/adoptopenjdk?project=jdk + src: "{{ api_url }}/v3/binary/latest/{{ jdk_version }}/ga/mac/{{ api_architecture }}/jdk/{{ bootjdk }}/normal/{{ api_vendor }}?project=jdk" remote_src: yes dest: /Library/Java/JavaVirtualMachines/ become: yes @@ -334,20 +381,20 @@ - jdk_version == 10 - name: Get Signature File Link (macOS) - shell: curl -s 'https://api.adoptium.net/v3/assets/latest/{{ jdk_version }}/{{ bootjdk }}?architecture={{ api_architecture }}&image_type=jdk&os=mac&vendor=eclipse' | grep signature_link | grep pkg | awk '{split($0,a,"\""); print a[4]}' + shell: curl -s '{{ api_url }}/v3/assets/latest/{{ jdk_version }}/{{ bootjdk }}?architecture={{ api_architecture }}&image_type=jdk&os=mac&vendor={{ api_vendor }}' | grep signature_link | grep pkg | awk '{split($0,a,"\""); print a[4]}' when: - - jdk_version != 10 + - jdk_version != 10 and jdk_version != 16 register: sig_output - name: GPG Signature verification (macOS) script: ../Supporting_Scripts/package_signature_verification.sh -f /tmp/{{ jdk_version }}-installer.pkg -sl "{{ sig_output.stdout }}" -k {{ key.adoptium }} when: - - jdk_version != 10 + - jdk_version != 10 and jdk_version != 16 - name: Run installer for JDK {{ jdk_version }} (macOS) shell: sudo installer -pkg /tmp/{{ jdk_version }}-installer.pkg -target / when: - - jdk_version != 10 + - jdk_version != 10 and jdk_version != 16 # The boot JDK will be installed into a temurin directory. Playbooks, build and (possibly) test scripts will look for an adoptopenjdk directory # https://github.com/adoptium/infrastructure/issues/2281#issuecomment-1059322275 @@ -381,12 +428,12 @@ tags: adoptopenjdk_install block: - name: Download latest JDK {{ jdk_version }} release (Solaris) - command: wget https://api.adoptium.net/v3/binary/latest/{{ jdk_version }}/ga/solaris/{{ api_architecture }}/jdk/{{ bootjdk }}/normal/eclipse?project=jdk -O /tmp/jdk-{{ jdk_version }}.tar.gz + command: wget {{ api_url }}/v3/binary/latest/{{ jdk_version }}/ga/solaris/{{ api_architecture }}/jdk/{{ bootjdk }}/normal/{{ api_vendor }}?project=jdk -O /tmp/jdk-{{ jdk_version }}.tar.gz register: adoptopenjdk_download until: adoptopenjdk_download is not failed - name: Get Signature File Link (Solaris) - shell: curl -s 'https://api.adoptium.net/v3/assets/latest/{{ jdk_version }}/{{ bootjdk }}?architecture={{ api_architecture }}&image_type=jdk&os=solaris&vendor=eclipse' | grep signature_link | awk '{split($0,a,"\""); print a[4]}' + shell: curl -s '{{ api_url }}/v3/assets/latest/{{ jdk_version }}/{{ bootjdk }}?architecture={{ api_architecture }}&image_type=jdk&os=solaris&vendor={{ api_vendor }}' | grep signature_link | awk '{split($0,a,"\""); print a[4]}' register: sig_output - name: GPG Signature verification (Solaris) diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/jckservices_iptables/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/jckservices_iptables/tasks/main.yml index 9430f42319..97072bc632 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/jckservices_iptables/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/jckservices_iptables/tasks/main.yml @@ -62,8 +62,6 @@ - 140.211.168.163 # jck-osuol-ubuntu2004-ppc64le-1 - 140.211.168.2 # jck-osuol-ubuntu2004-ppc64le-2 - 213.146.141.66 # jck-linaro-ubuntu2004-aarch64-2 - - 20.61.136.211 # jck-skytap-aix71-ppc64-1 - - 20.61.136.213 # jck-skytap-aix71-ppc64-2 - 20.61.222.79 # jck-skytap-aix72-ppc64-3 - 20.61.222.106 # jck-skytap-aix72-ppc64-4 - 12.202.69.3 # jck-siteox-solaris10u11-sparcv9-1 @@ -74,6 +72,8 @@ - 207.254.73.168 # gn324-macos11-x86_64 - 207.254.28.13 # esmv4-macos11-arm64 - 207.254.28.99 # noh7B-macos12-arm64 + - 62.210.163.172 # jck-scaleway-ubuntu2310-riscv64-1 + - 62.210.163.106 # jck-scaleway-ubuntu2310-riscv64-2 - name: Setup iptables iptables: diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/main.yml index c7e09c00db..afc10a15c5 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/main.yml @@ -59,12 +59,14 @@ jdk_version: 10 - role: Java_install # For Gradle jdk_version: 11 - - role: Java_install # JDK16 build bootstrap - jdk_version: 15 - - role: Java_install # JDK17 build bootstrap + - role: Java_install # Latest LTS, for use by agents jdk_version: 16 - - role: Java_install + - role: Java_install # Latest LTS, for use by agents jdk_version: 17 + - role: Java_install # Bootstrap for JDK21 + jdk_version: 20 + - role: Java_install # Latest LTS, for use by agents + jdk_version: 21 - ANT # Testing - role: MSVS_2013 when: ansible_architecture == "64-bit" diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Java_install/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Java_install/tasks/main.yml index f0eba7af35..6786ce4313 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Java_install/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Java_install/tasks/main.yml @@ -8,9 +8,25 @@ register: java_installed tags: Java_install -- name: Download Java{{ jdk_version }} +- name: Use adoptium API if release is available at adoptium + set_fact: + api_url: api.adoptium.net + api_vendor: eclipse + when: + - jdk_version == '8' or jdk_version == '11' or ( jdk_version | int >= 17) + tags: adoptopenjdk_install + +- name: Use adoptopenjdk API if release is not supported by adoptium + set_fact: + api_url: api.adoptopenjdk.net + api_vendor: adoptopenjdk + when: + - jdk_version == 10 or jdk_version == 16 + tags: adoptopenjdk_install + +- name: Download Temurin JDK {{ jdk_version }} win_get_url: - url: https://api.adoptopenjdk.net/v3/binary/latest/{{ jdk_version }}/ga/windows/x64/jdk/{{ bootjdk }}/normal/adoptopenjdk?project=jdk + url: https://{{ api_url }}/v3/binary/latest/{{ jdk_version }}/ga/windows/x64/jdk/{{ bootjdk }}/normal/{{ api_vendor }}?project=jdk dest: 'C:\temp\jdk-{{ jdk_version }}.zip' when: not java_installed.stat.exists tags: Java_install diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022/tasks/main.yml index 06a9dc118f..1ed57d05c3 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022/tasks/main.yml @@ -94,7 +94,7 @@ - name: Download Visual Studio Community 2022 win_get_url: url: 'https://aka.ms/vs/17/release/vs_Community.exe' - checksum: 51d8dc03605a4fa11d445795cb1cc7ea1a518b0b0ce466cdaa805fc6029d7058 + checksum: 6dfb021f82e9e7f89de632c08a654c0695d7701c3f47bb894508717a9948048f checksum_algorithm: sha256 dest: 'C:\temp\vs_community22.exe' force: no diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/WiX/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/WiX/tasks/main.yml index 2fdcfa7997..bc606fcbfe 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/WiX/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/WiX/tasks/main.yml @@ -10,10 +10,10 @@ - name: Download WiX win_get_url: - url: https://wixtoolset.org/downloads/v3.14.0.3910/wix314.exe + url: https://github.com/wixtoolset/wix3/releases/download/wix314rtm/wix314.exe dest: 'C:\temp\wix.exe' follow_redirects: all - checksum: f333d4cf132f03b75222aa107633d28ce5ba8d612892b38cfc2ddc4cd92ad6de + checksum: 704439ea88fc9e5a3647eedeeb45943f9a392e3d209f58512280130096847937 checksum_algorithm: sha256 when: (not wix_installed.stat.exists) tags: Wix diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/cygwin/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/cygwin/tasks/main.yml index fec969b404..443bd11eec 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/cygwin/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/cygwin/tasks/main.yml @@ -17,7 +17,7 @@ - name: Install Cygwin win_shell: | - Start-Process -Wait -FilePath 'C:\temp\cygwin.exe' -ArgumentList '--packages autoconf,automake,bsdtar,cmake,cpio,curl,gcc-core,git,gnupg,grep,libtool,make,mingw64-x86_64-gcc-core,perl,rsync,unzip,wget,zip --quiet-mode --download --local-install --delete-orphans --site https://mirrors.kernel.org/sourceware/cygwin/ --local-package-dir C:\cygwin_packages --root C:\cygwin64' + Start-Process -Wait -FilePath 'C:\temp\cygwin.exe' -ArgumentList '--packages autoconf,automake,bsdtar,cmake,cpio,curl,gcc-core,git,gnupg,grep,jq,libtool,make,mingw64-x86_64-gcc-core,perl,rsync,unzip,wget,zip --quiet-mode --download --local-install --delete-orphans --site https://mirrors.kernel.org/sourceware/cygwin/ --local-package-dir C:\cygwin_packages --root C:\cygwin64' args: executable: powershell when: not cygwin_installed.stat.exists diff --git a/ansible/plugins/inventory/adoptopenjdk_yaml.py b/ansible/plugins/inventory/adoptopenjdk_yaml.py index dfd3c14240..f88ba3ba5c 100755 --- a/ansible/plugins/inventory/adoptopenjdk_yaml.py +++ b/ansible/plugins/inventory/adoptopenjdk_yaml.py @@ -32,6 +32,7 @@ from os import path import yaml + try: import configparser except ImportError: @@ -48,7 +49,7 @@ 'provider': ('alibaba', 'azure', 'marist', 'osuosl', 'macstadium', 'macincloud', 'ibmcloud', 'spearhead', 'siteox', 'equinix', 'linaro','digitalocean', 'ibm', 'godaddy', - 'aws', 'inspira', 'equinix_esxi', 'nine', 'gdams', 'skytap', + 'aws', 'inspira', 'equinix_esxi', 'nine', 'scaleway', 'skytap', 'hetzner') } diff --git a/collections/requirements.yml b/collections/requirements.yml new file mode 100644 index 0000000000..9ee87128fb --- /dev/null +++ b/collections/requirements.yml @@ -0,0 +1,6 @@ +--- +# Required by AWX for the homebrew and zypper operations +# in curl/GIT_Source roles +collections: + - name: community.general + source: https://galaxy.ansible.com