From 4186c593685514e68eabd4adfde3972d37264257 Mon Sep 17 00:00:00 2001
From: George Adams <georgeadams1995@gmail.com>
Date: Thu, 16 Nov 2023 11:14:12 +0000
Subject: [PATCH] add packer files for building Orka images

---
 .github/workflows/build_packer.yml            | 46 +++++++++++++++
 ansible/packer/orka-base.pkr.hcl              | 50 ++++++++++++++++
 ansible/packer/orka.pkr.hcl                   | 59 +++++++++++++++++++
 .../roles/Ant-Contrib/tasks/main.yml          |  1 +
 .../roles/ant/tasks/main.yml                  |  4 +-
 .../roles/maven/tasks/main.yml                |  2 +
 6 files changed, 161 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/build_packer.yml
 create mode 100644 ansible/packer/orka-base.pkr.hcl
 create mode 100644 ansible/packer/orka.pkr.hcl

diff --git a/.github/workflows/build_packer.yml b/.github/workflows/build_packer.yml
new file mode 100644
index 0000000000..14a90ae5e4
--- /dev/null
+++ b/.github/workflows/build_packer.yml
@@ -0,0 +1,46 @@
+name: Packer
+
+on:
+  workflow_dispatch:
+  push:
+    paths:
+    - .github/workflows/build_packer.yml
+    - ansible/playbooks/AdoptOpenJDK_Unix_Playbook/**
+    - ansible/packer/**
+    branches:
+    - master
+
+permissions:
+  contents: read
+
+jobs:
+  run-packer:
+    name: Run Packer
+    runs-on: ubuntu-latest
+    steps:
+
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+
+    - name: Install openconnect
+      run: sudo apt-get install openconnect
+
+    - name: Connect to Orka VPN using openconnect
+      run: |
+        echo ${{ secrets.ORKA_VPN_PASSWORD }} |
+        sudo openconnect \
+          ${{ secrets.ORKA_VPN }} \
+          --protocol=anyconnect \
+          --background \
+          --user=${{ secrets.ORKA_VPN_USER }} \
+          --passwd-on-stdin \
+          --servercert pin-sha256:bRJt1DUgnbH6Mi2GjvLohOzVs0mmjkwb4Nyi62h+LZM=
+
+    - name: Intialize Packer
+      working-directory: ansible/packer
+      run: packer init orka.pkr.hcl
+
+    - name: Build Packer
+      working-directory: ansible/packer
+      run: packer build orka.pkr.hcl
+      env:
+        ORKA_TOKEN: ${{ secrets.ORKA_TOKEN }}
diff --git a/ansible/packer/orka-base.pkr.hcl b/ansible/packer/orka-base.pkr.hcl
new file mode 100644
index 0000000000..8435e5f4cd
--- /dev/null
+++ b/ansible/packer/orka-base.pkr.hcl
@@ -0,0 +1,50 @@
+packer {
+  required_plugins {
+    macstadium-orka = {
+      source  = "github.com/macstadium/macstadium-orka"
+      version = "~>3"
+    }
+  }
+}
+
+variable "ORKA_TOKEN" {
+  default = env("ORKA_TOKEN")
+}
+
+variable "ORKA_ENDPOINT" {
+  default = "http://10.221.188.20"
+}
+
+source "macstadium-orka" "sonoma-arm64" {
+  source_image = "sonoma-90gb-orka3-arm"
+  image_name = "sonoma-arm64-base"
+  image_description = "Base image with sudoers setup and brew/ansible installed"
+  image_force_overwrite = true
+  orka_endpoint = var.ORKA_ENDPOINT
+  orka_auth_token = var.ORKA_TOKEN
+}
+
+# Generate the base image for the sonoma-arm64 VMs which we will use to run the ansible playbook
+build {
+  sources = [
+    "macstadium-orka.sonoma-arm64",
+  ]
+
+  # set sudoers to allow passwordless sudo
+  provisioner "shell" {
+    inline = [
+      "echo admin | sudo -S sh -c 'echo \"%admin ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers'",
+    ]
+  }
+
+  # Install homebrew and ansible
+  provisioner "shell" {
+    inline = [
+      "curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh | bash",
+      "echo 'eval \"$(/opt/homebrew/bin/brew shellenv)\"' >> /Users/admin/.zprofile",
+      "eval \"$(/opt/homebrew/bin/brew shellenv)\"",
+      "echo 'export PATH=\"/opt/homebrew/bin:$PATH\"' >> /Users/admin/.zprofile",
+      "brew install ansible",
+    ]
+  }
+}
\ No newline at end of file
diff --git a/ansible/packer/orka.pkr.hcl b/ansible/packer/orka.pkr.hcl
new file mode 100644
index 0000000000..5037953326
--- /dev/null
+++ b/ansible/packer/orka.pkr.hcl
@@ -0,0 +1,59 @@
+packer {
+  required_plugins {
+    macstadium-orka = {
+      source  = "github.com/macstadium/macstadium-orka"
+      version = "~>3"
+    }
+    ansible = {
+      source  = "github.com/hashicorp/ansible"
+      version = "~> 1"
+    }
+  }
+}
+
+variable "ORKA_TOKEN" {
+  default = env("ORKA_TOKEN")
+}
+
+variable "ORKA_ENDPOINT" {
+  default = "http://10.221.188.20"
+}
+
+source "macstadium-orka" "sonoma-arm64" {
+  source_image = "sonoma-arm64-base"
+  image_name = "adoptium-sonoma-arm64"
+  image_description = "Adoptium Sonoma ARM64 image with full ansible playbook run"
+  image_force_overwrite = true
+  orka_endpoint = var.ORKA_ENDPOINT
+  orka_auth_token = var.ORKA_TOKEN
+}
+
+build {
+  sources = [
+    "macstadium-orka.sonoma-arm64",
+  ]
+
+  # Create /tmp/packer-provisioner-ansible-local
+  provisioner "shell" {
+    inline = [
+      "mkdir -p /tmp/packer-provisioner-ansible-local",
+    ]
+  }
+
+  # Copy playbooks/Supporting_Scripts to /tmp/packer-provisioner-ansible-local
+  provisioner "file" {
+    source      = "../playbooks/Supporting_Scripts"
+    destination = "/tmp/packer-provisioner-ansible-local"
+  }
+
+  # Run ansible playbook
+  provisioner "ansible-local" {
+    playbook_file = "../playbooks/AdoptOpenJDK_Unix_Playbook/main.yml"
+    playbook_dir = "../playbooks/AdoptOpenJDK_Unix_Playbook"
+    extra_arguments = [
+      "--extra-vars", "ansible_user=admin",
+      "--skip-tags=hostname,brew_upgrade,brew_cu,core_dumps,crontab,kernel_tuning,adoptopenjdk,jenkins,nagios,superuser,swap_file,jck_tools"
+    ]
+    command = "/opt/homebrew/bin/ansible-playbook" 
+  }
+}
\ No newline at end of file
diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Ant-Contrib/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Ant-Contrib/tasks/main.yml
index e1b62df104..2e0898dd42 100644
--- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Ant-Contrib/tasks/main.yml
+++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Ant-Contrib/tasks/main.yml
@@ -88,6 +88,7 @@
   tags: ant-contrib
 
 - name: Move ant-contrib.jar to ant lib folder
+  become: true
   command: mv /tmp/ant-contrib/lib/ant-contrib.jar {{ ant_lib_dir }}
   when: not antcontrib_status.stat.exists
   tags: ant-contrib
diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/ant/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/ant/tasks/main.yml
index cca5d09dd5..30322a1e69 100644
--- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/ant/tasks/main.yml
+++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/ant/tasks/main.yml
@@ -49,10 +49,11 @@
   tags: ant
 
 - name: Extract ant
+  become: true
   unarchive:
     src: /tmp/apache-ant-1.10.5-bin.zip
     dest: /usr/local
-    copy: False
+    copy: false
   when:
     - ant_installed.rc != 0
   tags: ant
@@ -66,6 +67,7 @@
   tags: ant
 
 - name: Create /usr/local/bin/ant symlink
+  become: true
   file:
     src: /usr/local/apache-ant-1.10.5/bin/ant
     dest: /usr/local/bin/ant
diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/maven/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/maven/tasks/main.yml
index 737a678854..79730b7e5e 100644
--- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/maven/tasks/main.yml
+++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/maven/tasks/main.yml
@@ -31,6 +31,7 @@
   tags: maven
 
 - name: Extract Apache Maven v3.6.3
+  become: true
   unarchive:
    src: /tmp/apache-maven-3.6.3-bin.tar.gz
    dest: /usr/local
@@ -39,6 +40,7 @@
   tags: maven
 
 - name: Create Symlink, Add Maven to PATH
+  become: true
   file:
    src: /usr/local/apache-maven-3.6.3/bin/mvn
    dest: /usr/local/bin/mvn