From b728c86a1b2fe798c29cae85f7b23e50ff9686fa Mon Sep 17 00:00:00 2001 From: Stewart X Addison <6487691+sxa@users.noreply.github.com> Date: Thu, 4 Apr 2024 14:25:35 +0100 Subject: [PATCH] Changes to support RHEL7/s390x image creation and devkit inclusion (#3492) --------- Signed-off-by: Stewart X Addison --- FAQ.md | 22 +++++++++++++++---- ansible/docker/Dockerfile.RHEL7 | 15 ++++++------- .../AdoptOpenJDK_Unix_Playbook/main.yml | 2 ++ 3 files changed, 27 insertions(+), 12 deletions(-) diff --git a/FAQ.md b/FAQ.md index cc850474fb..45c24e5fae 100644 --- a/FAQ.md +++ b/FAQ.md @@ -85,16 +85,30 @@ have at the moment: | Dockerfile | Image | Platforms | Where is this built? | In use? |---|---|---|---|---| | [Centos7](./ansible/docker/Dockerfile.CentOS7) | [`adoptopenjdk/centos7_build_image`](https://hub.docker.com/r/adoptopenjdk/centos7_build_image) | linux on amd64, arm64, ppc64le | [Jenkins](https://ci.adoptium.net/job/centos7_docker_image_updater/) | Yes +| [RHEL7](./ansible/docker/Dockerfile.RHEL7) | n/a - restricted (*) | s390x | [Jenkins](https://ci.adoptium.net/job/rhel7_docker_image_updater/) | Yes | [Centos6](./ansible/docker/Dockerfile.CentOS6) | [`adoptopenjdk/centos6_build_image`](https://hub.docker.com/r/adoptopenjdk/centos6_build_image)| linux/amd64 | [GH Actions](.github/workflows/build.yml) | Yes | [Alpine3](./ansible/docker/Dockerfile.Alpine3) | [`adoptopenjdk/alpine3_build_image`](https://hub.docker.com/r/adoptopenjdk/alpine3_build_image) | linux/x64 & linux/arm64 | [Jenkins](https://ci.adoptium.net/job/centos7_docker_image_updater/) | Yes | [Ubuntu 20.04 (riscv64 only)](./ansible/docker/Dockerfile.Ubuntu2004-riscv64) | [`adoptopenjdk/ubuntu2004_build_image:linux-riscv64`](https://hub.docker.com/r/adoptopenjdk/ubuntu2004_build_image) | linux/riscv64 | [Jenkins](https://ci.adoptium.net/job/centos7_docker_image_updater/) | Yes +
+(*) - Caveats: + +The RHEL7 image creation for s390x has to be run on a RHEL host using a +container implementation supplied by Red Hat, and we are using RHEL8 for +this as it has a stable implemention. The image creation requires the +following: + +1. The host needs to have an active RHEL subscription +2. The RHEL7 devkit (which cannot be made public) to be available in a tar file under /usr/local on the host as per the name in the Dockerfile +
+ When a change lands into master, the relevant dockerfiles are built using the appropriate CI system listed in the table above by configuring them with -the ansible playbooks and pushing them up to Docker Hub where they can be -consumed by our jenkins build agents when the `DOCKER_IMAGE` value is -defined on the jenkins build pipelines as configured in the -[pipeline_config files](https://github.com/AdoptOpenJDK/ci-jenkins-pipelines/tree/master/pipelines/jobs/configurations). +the ansible playbooks and - with the exception of the RHEL7 image for s390x - +pushing them up to Docker Hub where they can be consumed by our jenkins +build agents when the `DOCKER_IMAGE` value is defined on the jenkins build +pipelines as configured in the [pipeline_config +files](https://github.com/AdoptOpenJDK/ci-jenkins-pipelines/tree/master/pipelines/jobs/configurations). ### Adding a new dockerBuild dockerhub repository diff --git a/ansible/docker/Dockerfile.RHEL7 b/ansible/docker/Dockerfile.RHEL7 index e9e0f96bb6..dc0b773fae 100644 --- a/ansible/docker/Dockerfile.RHEL7 +++ b/ansible/docker/Dockerfile.RHEL7 @@ -1,10 +1,5 @@ FROM registry.access.redhat.com/rhel7 -# This dockerfile should be built using this from the top level of the repository: -# ROSIPW=******* docker build --no-cache -t rhel7_build_image -f ansible/docker/Dockerfile.RHEL7 --build-arg ROSIUSER=******* --secret id=ROSIPW --build-arg git_sha="$(git rev-parse --short HEAD)" `pwd` -ARG ROSIUSER -RUN sed -i 's/\(def in_container():\)/\1\n return False/g' /usr/lib64/python*/*-packages/rhsm/config.py -RUN --mount=type=secret,id=ROSIPW,required=true subscription-manager register --username=${ROSIUSER} --password="$(cat /run/secrets/ROSIPW)" --auto-attach -RUN subscription-manager repos --enable rhel-7-for-system-z-optional-rpms +RUN yum-config-manager --enable rhel-7-for-system-z-optional-rpms # ^^ Optional repo needed for Xvfb ARG git_sha @@ -15,6 +10,7 @@ RUN yum --enablerepo=rhel-7-server-ansible-2-for-system-z-rpms install -y ansibl RUN yum clean all COPY . /ansible +COPY devkit /usr/local/devkit RUN echo "localhost ansible_connection=local" > /ansible/hosts @@ -31,7 +27,10 @@ RUN useradd -c "Jenkins user" -d /home/${user} -u 1002 -g 1003 -m ${user} ENV \ JDK7_BOOT_DIR="/usr/lib/jvm/java-1.7.0-openjdk" \ JDK8_BOOT_DIR="/usr/lib/jvm/java-1.8.0-openjdk" \ - JDK10_BOOT_DIR="/usr/lib/jvm/jdk-10" \ JAVA_HOME="/usr/lib/jvm/java-1.8.0-openjdk" -RUN subscription-manager unregister +# While this does bloat the image it is required for building the +# devkit, and the process for that runs as non-root ... +# Disabled for now as we're going to copy from /usr/local/devkit on the host +RUN yum clean all +RUN yum reinstall --downloadonly glibc glibc-headers glibc-devel cups-libs cups-devel libX11 libX11-devel xorg-x11-proto-devel alsa-lib alsa-lib-devel libXext libXext-devel libXtst libXtst-devel libXrender libXrender-devel libXrandr libXrandr-devel freetype freetype-devel libXt libXt-devel libSM libSM-devel libICE libICE-devel libXi libXi-devel libXdmcp libXdmcp-devel libXau libXau-devel libgcc libxcrypt zlib zlib-devel libffi libffi-devel fontconfig fontconfig-devel kernel-headers diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml index e43cf47b4e..059989e1f4 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml @@ -94,6 +94,7 @@ when: - (ansible_distribution != "Alpine" or ansible_architecture != "aarch64") - ansible_architecture != "riscv64" + - ansible_architecture != "s390x" tags: build_tools - role: adoptopenjdk_install # JDK11 Build Bootstrap jdk_version: 10 @@ -120,6 +121,7 @@ - ansible_distribution != "Solaris" - ansible_architecture != "riscv64" - ansible_architecture != "armv7l" + - ansible_architecture != "s390x" tags: build_tools - role: adoptopenjdk_install # Current LTS jdk_version: 21