add packer files for building Orka images (adoptium#3253)

* add packer files for building Orka images * add intel * further tweaks * switch to xcode 15 * Update README.md * always update ansible
steelhead31 · Jun 25, 2024 · 8d0becc · 8d0becc
1 parent f0cc1a3
commit 8d0becc
Show file tree

Hide file tree

Showing 11 changed files with 308 additions and 123 deletions.
diff --git a/ansible/packer/README.md b/ansible/packer/README.md
@@ -0,0 +1,47 @@
+# Packer Configuration for Virtual Machine Images
+
+This repository contains two Packer configuration files used for building virtual machine images for MacStadium Orka environments. These configurations are specifically tailored to set up environments with necessary tools like Homebrew, Ansible, and Xcode.
+
+## Configuration Files
+
+1. Base Image Creation (`orka-base.pkr.hcl`): This file is used to create a base image for sonoma-arm64 VMs. It installs Homebrew, Ansible, and specific versions of Xcode.
+
+1. Adoptium Image Creation (`orka.pkr.hcl`): This configuration builds upon the base image to create an Adoptium Sonoma ARM64 and Intel image, with a full Ansible playbook run excluding certain tags.
+
+## Prerequisites
+
+- [Packer](https://www.packer.io/downloads) installed on your system.
+- Access to a MacStadium Orka environment (via VPN).
+- Required environment variables set (`ORKA_TOKEN`, `XCode11_7_SAS_TOKEN`, `XCode15_0_1_SAS_TOKEN`).
+
+## Setup and Usage
+
+### Setting Environment Variables
+
+Set the necessary environment variables:
+
+```bash
+export ORKA_TOKEN="your-orka-token"
+export XCode11_7_SAS_TOKEN="your-xcode11.7-token"
+export XCode15_0_1_SAS_TOKEN="your-xcode15.0.1-token"
+```
+
+### Running the Packer Builds
+
+1. Building the Base image
+
+```bash
+packer init .
+packer build orka-base.pkr.hcl
+```
+
+This will create the base image for sonoma-arm64 and somoma-intel VMs. The base step has a pause which allows users to manually make any required changes and then resume the build.
+
+1. Building the Adoptium image
+
+The Adoptium image depends on the base image. This generates the images that we use in Jenkins and contains the full set of dependencies.
+
+```bash
+packer init .
+packer build orka.pkr.hcl
+```
diff --git a/ansible/packer/orka-base.pkr.hcl b/ansible/packer/orka-base.pkr.hcl
@@ -0,0 +1,98 @@
+packer {
+  required_plugins {
+    macstadium-orka = {
+      source  = "github.com/macstadium/macstadium-orka"
+      version = "~>3"
+    }
+    ansible = {
+      source  = "github.com/hashicorp/ansible"
+      version = "~> 1"
+    }
+  }
+}
+
+variable "ORKA_TOKEN" {
+  default = env("ORKA_TOKEN")
+}
+
+variable "ORKA_ENDPOINT" {
+  default = "http://10.221.188.20"
+}
+
+variable "XCode11_7_SAS_TOKEN" {
+  default = env("XCode11_7_SAS_TOKEN")
+}
+
+variable "XCode15_0_1_SAS_TOKEN" {
+  default = env("XCode15_0_1_SAS_TOKEN")
+}
+
+source "macstadium-orka" "sonoma-arm64" {
+  source_image = "sonoma-90gb-orka3-arm"
+  image_name = "sonoma-arm64-base"
+  image_description = "Base image with sudoers setup and xcode/brew/ansible installed"
+  image_force_overwrite = true
+  orka_endpoint = var.ORKA_ENDPOINT
+  orka_auth_token = var.ORKA_TOKEN
+  orka_vm_builder_name = "sonoma-arm64-builder"
+}
+
+source "macstadium-orka" "sonoma-intel" {
+  source_image = "90gbsonomassh.img"
+  image_name = "sonoma-intel-base"
+  image_description = "Base image with sudoers setup and brew/ansible installed"
+  image_force_overwrite = true
+  orka_endpoint = var.ORKA_ENDPOINT
+  orka_auth_token = var.ORKA_TOKEN
+  orka_vm_builder_name = "sonoma-intel-builder"
+}
+
+# Generate the base image for the sonoma-arm64 VMs which we will use to run the ansible playbook
+build {
+  sources = [
+    "macstadium-orka.sonoma-arm64",
+    "macstadium-orka.sonoma-intel"
+  ]
+
+  # set sudoers to allow passwordless sudo
+  provisioner "shell" {
+    inline = [
+      "echo admin | sudo -S sh -c 'echo \"%admin ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers'",
+    ]
+  }
+
+  # Pause the provisioner until user interacts (for install Xcode etc)
+  provisioner "breakpoint" {}
+
+  # Install homebrew and ansible
+  provisioner "shell" {
+    inline = [<<EOF
+      /bin/bash -c '\
+        curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh | bash; \
+        ARCH=$(uname -m); \
+        if [ "$ARCH" = "x86_64" ]; then \
+          BREW_PATH=/usr/local/bin; \
+        else \
+          BREW_PATH=/opt/homebrew/bin; \
+        fi; \
+        echo eval "$($BREW_PATH/brew shellenv)" >> /Users/admin/.zprofile; \
+        eval "$($BREW_PATH/brew shellenv)"; \
+        echo export PATH="$BREW_PATH:$PATH" >> /Users/admin/.zprofile; \
+        brew install ansible;'
+EOF
+    ]
+  }
+
+  # Install Xcode
+  provisioner "ansible-local" {
+    playbook_file = "../playbooks/AdoptOpenJDK_Unix_Playbook/main.yml"
+    playbook_dir = "../playbooks/AdoptOpenJDK_Unix_Playbook"
+    extra_arguments = [
+      "--extra-vars", "ansible_user=admin",
+      "--extra-vars", "XCode11_7_SAS_TOKEN=\"${var.XCode11_7_SAS_TOKEN}\"",
+      "--extra-vars", "XCode15_0_1_SAS_TOKEN=\"${var.XCode15_0_1_SAS_TOKEN}\"",
+      "--tags", "xcode11,xcode15"
+    ]
+    command = "source /Users/admin/.zprofile; ansible-playbook"
+  }
+}
diff --git a/ansible/packer/orka.pkr.hcl b/ansible/packer/orka.pkr.hcl
@@ -0,0 +1,78 @@
+packer {
+  required_plugins {
+    macstadium-orka = {
+      source  = "github.com/macstadium/macstadium-orka"
+      version = "~>3"
+    }
+    ansible = {
+      source  = "github.com/hashicorp/ansible"
+      version = "~> 1"
+    }
+  }
+}
+
+variable "ORKA_TOKEN" {
+  default = env("ORKA_TOKEN")
+}
+
+variable "ORKA_ENDPOINT" {
+  default = "http://10.221.188.20"
+}
+
+source "macstadium-orka" "sonoma-arm64" {
+  source_image = "sonoma-arm64-base"
+  image_name = "adoptium-sonoma-arm64"
+  image_description = "Adoptium Sonoma ARM64 image with full ansible playbook run"
+  image_force_overwrite = true
+  orka_endpoint = var.ORKA_ENDPOINT
+  orka_auth_token = var.ORKA_TOKEN
+  orka_vm_builder_name = "sonoma-arm64-builder"
+}
+
+source "macstadium-orka" "sonoma-intel" {
+  source_image = "sonoma-intel-base"
+  image_name = "adoptium-sonoma-intel"
+  image_description = "Base image with sudoers setup and brew/ansible installed"
+  image_force_overwrite = true
+  orka_endpoint = var.ORKA_ENDPOINT
+  orka_auth_token = var.ORKA_TOKEN
+  orka_vm_builder_name = "sonoma-intel-builder"
+}
+
+build {
+  sources = [
+    "macstadium-orka.sonoma-arm64",
+    "macstadium-orka.sonoma-intel"
+  ]
+
+  # Ensure ansible package is up to date
+  provisioner "shell" {
+    inline = [
+      "source /Users/admin/.zprofile; brew upgrade ansible",
+    ]
+  }
+
+  # Create /tmp/packer-provisioner-ansible-local
+  provisioner "shell" {
+    inline = [
+      "mkdir -p /tmp/packer-provisioner-ansible-local",
+    ]
+  }
+
+  # Copy playbooks/Supporting_Scripts to /tmp/packer-provisioner-ansible-local
+  provisioner "file" {
+    source = "../playbooks/Supporting_Scripts"
+    destination = "/tmp/packer-provisioner-ansible-local"
+  }
+
+  # Run ansible playbook
+  provisioner "ansible-local" {
+    playbook_file = "../playbooks/AdoptOpenJDK_Unix_Playbook/main.yml"
+    playbook_dir = "../playbooks/AdoptOpenJDK_Unix_Playbook"
+    extra_arguments = [
+      "--extra-vars", "ansible_user=admin",
+      "--skip-tags=hostname,brew_upgrade,brew_cu,core_dumps,crontab,kernel_tuning,adoptopenjdk,jenkins,nagios,superuser,swap_file,jck_tools"
+    ]
+    command = "source /Users/admin/.zprofile; ansible-playbook"
+  }
+}
diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml
@@ -84,11 +84,12 @@
         - ansible_os_family == "RedHat" or ansible_os_family == "Debian"
         - ansible_architecture == "aarch64"
       tags: [devkit]
-    - role: Xcode
-      when: ansible_distribution == "MacOSX"
     - role: Xcode11
       when: ansible_distribution == "MacOSX" and ansible_architecture == "arm64"
-      tags: [xcode11]
+      tags: [xcode11] # JDK 8
+    - role: Xcode15
+      when: ansible_distribution == "MacOSX" and ansible_architecture == "arm64"
+      tags: [xcode15] # JDK 17+
     - role: cmake                 # OpenJ9 / OpenJFX
       when: ansible_distribution != "Solaris" # Compile fails on Solaris
       tags: [build_tools, build_tools_openj9, build_tools_openjfx]

diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Ant-Contrib/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Ant-Contrib/tasks/main.yml
@@ -88,6 +88,7 @@
   tags: ant-contrib
 
 - name: Move ant-contrib.jar to ant lib folder
+  become: true
   command: mv /tmp/ant-contrib/lib/ant-contrib.jar {{ ant_lib_dir }}
   when: not antcontrib_status.stat.exists
   tags: ant-contrib

diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/MacOSX.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/MacOSX.yml
@@ -9,6 +9,7 @@ Build_Tool_Packages:
   - autoconf
   - automake # for compiling freetype on JDK8u
   - coreutils
+  - git
   - gnupg
   - gnu-sed
   - gnu-tar

diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Xcode/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Xcode/tasks/main.yml