unixPB: CentOS Stream 10 updates and dockerfiles (#3850)

* unixPB: add CentOS Stream 10 static docker file

---------

Signed-off-by: Stewart X Addison <[email protected]>

Author: sxa

.github/workflows/check_dockerstatic.yml

@@ -46,6 +46,8 @@ jobs:
            dockerfile: "Dockerfile.cent8"
          - os: centos-stream-9
            dockerfile: "Dockerfile.centstream9"
+         - os: centos-stream-10
+           dockerfile: "Dockerfile.centstream10"
     steps:
     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - name: Test Dockerfile on ${{ matrix.os }}

ansible/docker/Dockerfile.CentOS10

@@ -0,0 +1,39 @@
+FROM quay.io/centos/centos:stream10
+
+ARG git_sha
+ARG user=jenkins
+
+# EPEL needed for ansible-collection-community-general
+RUN dnf -y update; yum clean all; \
+    dnf -y install python-pip sudo; \
+    dnf clean all
+
+RUN  pip install ansible
+#RUN  ansible-galaxy collection install ansible.posix
+
+COPY . /ansible
+
+RUN echo "localhost ansible_connection=local" > /ansible/hosts
+
+RUN ansible-playbook --version
+
+RUN dnf -y install epel-release
+
+RUN set -eux; \
+ cd /ansible; \
+ ansible-playbook -i hosts ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml -e "git_sha=$git_sha" --skip-tags="hosts_file,hostname,adoptopenjdk,jenkins,nagios,superuser,docker,swap_file,crontab,nvidia_cuda_toolkit"
+
+RUN rm -rf /ansible; dnf remove ansible; dnf clean all
+
+RUN groupadd -g 1000 ${user}
+RUN useradd -c "Jenkins user" -d /home/${user} -u 1000 -g 1000 -m ${user}
+
+ENV \
+    JDK7_BOOT_DIR="/usr/lib/jvm/java-1.7.0-openjdk" \
+    JDK8_BOOT_DIR="/usr/lib/jvm/java-1.8.0-openjdk" \
+    JDK10_BOOT_DIR="/usr/lib/jvm/jdk10" \
+    JDK11_BOOT_DIR="/usr/lib/jvm/jdk11" \
+    JDK13_BOOT_DIR="/usr/lib/jvm/jdk13" \
+    JDK14_BOOT_DIR="/usr/lib/jvm/jdk14" \
+    JDKLATEST_BOOT_DIR="/usr/lib/jvm/jdk14" \
+    JAVA_HOME="/usr/lib/jvm/java-1.8.0-openjdk"

ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/CentOS.yml

@@ -39,7 +39,7 @@
 - name: Enable CodeReady Builder repo for CentOS9 Stream
   shell: dnf config-manager --set-enabled crb
   when:
-    - ansible_distribution_major_version == "9"
+    - ansible_distribution_major_version| int > 8
   tags: patch_update
 
 - name: Clean dnf cache
@@ -69,21 +69,36 @@
   when: ansible_distribution_major_version == "7"
   tags: build_tools
 
-- name: Install additional build tools for CentOS 8/9 Stream
+- name: Install additional build tools for CentOS 8+
   package: "name={{ item }} state=latest"
-  with_items: "{{ Additional_Build_Tools_CentOS8_CentOS9Stream }}"
-  when: ansible_distribution_major_version == "8" or ansible_distribution_major_version == "9"
+  with_items: "{{ Additional_Build_Tools_CentOS8_Plus }}"
+  when:
+    - ansible_distribution_major_version|int > 7
+    - ansible_distribution_major_version|int > 7
   tags: build_tools
 
-- name: Install additional build tools for NOT CentOS8/9
+- name: Install additional build tools when NOT CentOS8+
   package: "name={{ item }} state=latest"
   with_items: "{{ Additional_Build_Tools_NOT_CentOS8_CentOS9Stream }}"
   when:
-    - ansible_distribution_major_version != "8"
-    - ansible_distribution_major_version != "9"
+    - ansible_distribution_major_version|int < 8
   tags: build_tools
 
-- name: Install Libdwarf.h for CentOS8 Stream
+- name: Install additional test tools for CentOS 10+ e.g. weston
+  package: "name={{ item }} state=latest"
+  with_items: "{{ Additional_Test_Tools_CentOS10_Plus }}"
+  when:
+    - ansible_distribution_major_version|int > 10
+  tags: test_tools
+
+- name: Install additional tools for CentOS pre-10
+  package: "name={{ item }} state=latest"
+  with_items: "{{ Additional_Test_Tools_PreCentOS10 }}"
+  when:
+    - ansible_distribution_major_version|int < 10
+  tags: test_tools
+
+- name: Install libdwarf.h for CentOS8 Stream
   shell: dnf --enablerepo=powertools install libdwarf-devel -y
   when: (ansible_distribution_major_version == "8") and (relfile_contents.stdout.find('Stream') != -1)
   tags: build_tools
@@ -117,7 +132,8 @@
 - name: Install jq for SBoM parsing for build reproducibility testing
   package: "name=jq state=latest"
   when:
-    - ansible_distribution_major_version > "7"
+    - ansible_distribution_major_version != "6"
+    - ansible_distribution_major_version != "7"
   tags: test_tools
 
 - name: Add devtools-2 to yum repo list for gcc 4.8
@@ -323,7 +339,8 @@
     name: java
     path: "{{ jre_path.stat.lnk_source }}/bin/java"
   when:
-    - ansible_distribution_major_version > "6"
+    - ansible_distribution_major_version|int > 6
+    - ansible_distribution_major_version|int < 10
   tags: default_java
 
 - name: Set Default JDK (CentOS 6)
@@ -339,7 +356,8 @@
     name: javac
     path: "{{ jdk_path.stat.lnk_source }}/bin/javac"
   when:
-    - ansible_distribution_major_version > "6"
+    - ansible_distribution_major_version|int > 6
+    - ansible_distribution_major_version|int < 9
   tags: default_java
 
 ###########

ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/CentOS.yml

@@ -28,7 +28,6 @@ Build_Tool_Packages:
   - gmp-devel
   - gnutls
   - gnutls-utils
-  - java-1.8.0-openjdk-devel
   - libcurl-devel
   - libpng-devel
   - libXext-devel
@@ -56,7 +55,7 @@ Build_Tool_Packages:
   - pigz
   - strace                        # For SBOM dependency analysis
   - systemtap-sdt-devel
-  - texinfo                       # For DevKit creation (binutils build)
+  - texinfo
   - unzip
   - wget
   - which
@@ -73,7 +72,7 @@ Additional_Build_Tools_CentOS7:
   - ccache
   - procps-ng
 
-Additional_Build_Tools_CentOS8_CentOS9Stream:
+Additional_Build_Tools_CentOS8_Plus:
   - glibc-locale-source
   - glibc-langpack-ja             # required for creating Japanese locales
   - glibc-langpack-ko             # required for creating Korean locales
@@ -86,6 +85,7 @@ Additional_Build_Tools_CentOS8_CentOS9Stream:
 Additional_Build_Tools_NOT_CentOS8_CentOS9Stream:
   - lbzip2
   - java-1.7.0-openjdk-devel
+  - java-1.8.0-openjdk-devel
   - ntp
 
 Additional_Build_Tools_CentOS_x86:
@@ -102,13 +102,22 @@ Additional_Build_Tools_CentOS8_Stream:
 Additional_Build_Tools_NOT_CentOS8_Stream:
   - libdwarf-devel                # OpenJ9
 
+Additional_Test_Tools_CentOS10_Plus:
+  - weston
+  - xwayland-run
+
+Additional_Test_Tools_PreCentOS10:
+  - xorg-x11-server-Xvfb
+  - java-1.8.0-openjdk-devel
+
 Test_Tool_Packages:
   - gcc
   - gcc-c++
   - unzip
   - zlib-devel
   - perl-devel
   - libcurl-devel
+  - openssl
   - openssl-devel
   - perl
   - perl-Test-Simple

ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles/Dockerfile.centstream10

@@ -0,0 +1,47 @@
+FROM quay.io/centos/centos:stream10
+
+ARG ant_version="1.10.15"
+ARG ant_512checksum="1de7facbc9874fa4e5a2f045d5c659f64e0b89318c1dbc8acc6aae4595c4ffaf90a7b1ffb57f958dd08d6e086d3fff07aa90e50c77342a0aa5c9b4c36bff03a9"
+
+RUN dnf -y update && dnf install -y perl openssh-server unzip zip wget epel-release
+RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -P ""
+
+# Download JDK
+RUN curl -Lo /tmp/jdk17.tar.gz 'https://api.adoptium.net/v3/binary/latest/17/ga/linux/aarch64/jdk/hotspot/normal/eclipse?project=jdk'
+# This looks odd but without it CS10 hits a lock file issue in the later GPG verify step
+# Ref: https://adoptium.slack.com/archives/C53GHCXL4/p1734707508976569?thread_ts=1734705997.537229&cid=C53GHCXL4
+RUN mkdir -p /root/.gnupg/public-keys.d
+RUN gpg --keyserver keyserver.ubuntu.com --recv-keys 3B04D753C9050D9A5D343F39843C48A565F8F04B
+# Get sig file for latest jdk17 ga
+RUN curl -Lo /tmp/jdk17.sig `curl -s 'https://api.adoptium.net/v3/assets/feature_releases/17/ga?architecture=aarch64&heap_size=normal&image_type=jdk&jvm_impl=hotspot&os=linux&page=0&page_size=1&project=jdk&vendor=eclipse' | grep signature_link | awk '{split($0,a,"\""); print a[4]}'`
+RUN gpg --verify /tmp/jdk17.sig /tmp/jdk17.tar.gz
+RUN mkdir -p /usr/lib/jvm/jdk17 && tar -xpzf /tmp/jdk17.tar.gz -C /usr/lib/jvm/jdk17 --strip-components=1
+
+# Install Ant
+RUN curl -Lo /tmp/ant.zip "https://archive.apache.org/dist/ant/binaries/apache-ant-$ant_version-bin.zip"
+RUN curl -Lo /tmp/ant-contrib.tgz  https://sourceforge.net/projects/ant-contrib/files/ant-contrib/ant-contrib-1.0b2/ant-contrib-1.0b2-bin.tar.gz
+RUN echo "$ant_512checksum  /tmp/ant.zip" > /tmp/ant.sha512
+RUN echo "0fd2771dca2b8b014a4cb3246715b32e20ad5d26754186d82eee781507a183d5e63064890b95eb27c091c93c1209528a0b18a6d7e6901899319492a7610e74ad  /tmp/ant-contrib.tgz" >> /tmp/ant.sha512
+RUN sha512sum --check --strict /tmp/ant.sha512
+RUN ln -s /usr/local/apache-ant-$ant_version/bin/ant /usr/bin/ant
+RUN unzip -q -d /usr/local /tmp/ant.zip
+RUN tar xpfz /tmp/ant-contrib.tgz -C /usr/local/apache-ant-$ant_version/lib --strip-components=2 ant-contrib/lib/ant-contrib.jar
+# Clear up space
+RUN rm /tmp/jdk17.tar.gz /tmp/ant.zip /tmp/ant-contrib.tgz /tmp/jdk17.sig /tmp/ant.sha512
+
+# Set up jenkins user
+RUN useradd -m -d /home/jenkins jenkins
+RUN mkdir /home/jenkins/.ssh
+RUN echo "Jenkins_User_SSHKey" > /home/jenkins/.ssh/authorized_keys
+RUN chown -R jenkins /home/jenkins/.ssh
+RUN chmod -R og-rwx /home/jenkins/.ssh
+# RUN service ssh start
+CMD ["/usr/sbin/sshd","-D"]
+
+RUN dnf -y --enablerepo=crb install turbojpeg
+RUN dnf install -y git make gcc weston xwayland-run libXrender libXi libXtst fontconfig fakeroot procps-ng hostname diffutils shared-mime-info
+# Install SSL Test packages
+RUN dnf install -y gnutls gnutls-utils nss nss-tools openssl
+# ENTRYPOINT /usr/lib/jvm/jdk17/bin/java
+EXPOSE 22
+# Start with docker run -p 2222:22 UUID

ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/README.md

@@ -6,13 +6,15 @@ A verbose description of our static docker container system can be found in the
 The DockerStatic ansible role provides allows us to automate the setup of our dockerhost machines using the [dockerhost.yml](https://github.com/adoptium/infrastructure/blob/master/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/dockerhost.yml) playbook.
 
 ## Our current Dockerhost machines
-* [docker-packet-ubuntu2004-amd-1](https://ci.adoptium.net/computer/docker-packet-ubuntu2004-amd-1/)
-* [docker-packet-ubuntu2004-intel-1](https://ci.adoptium.net/computer/docker-packet-ubuntu2004-intel-1/)
-* [docker-packet-ubuntu2004-armv8-1](https://ci.adoptium.net/computer/docker-packet-ubuntu2004-armv8-1/)
-* [dockerhost-equinix-ubuntu2004-armv8-1](https://ci.adoptium.net/computer/dockerhost-equinix-ubuntu2004-armv8-1/)
+* [dockerhost-azure-ubuntu2204-x64-1](https://ci.adoptium.net/computer/dockerhost-azure-ubuntu2204-x64-1/)
+* [dockerhost-equinix-ubuntu2204-armv8-1](https://ci.adoptium.net/computer/dockerhost-equinix-ubuntu2204-armv8-1/)
+* [dockerhost-equinix-ubuntu2404-armv8-1](https://ci.adoptium.net/computer/dockerhost-equinix-ubuntu2404-armv8-1/)
+* [dockerhost-marist-ubuntu2404-s390x-1](https://ci.adoptium.net/computer/dockerhost-marist-ubuntu2404-s390x-1/)
+* [dockerhost-osuosl-ubuntu2404-ppc64le-1](https://ci.adoptium.net/computer/dockerhost-osuosl-ubuntu2404-ppc64le-1/)
+* [dockerhost-skytap-ubuntu2004-ppc64le-1](https://ci.adoptium.net/computer/dockerhost-skytap-ubuntu2004-ppc64le-1/)
+* [dockerhost-skytap-ubuntu2204-x64-1](https://ci.adoptium.net/computer/dockerhost-skytap-ubuntu2204-x64-1/) (Generally offline)
 
-
-## Setting up a new DockerStatic container (recommended)
+## Setting up a new DockerStatic container with ansible (recommended method)
 
 The [dockerhost.yml](https://github.com/adoptium/infrastructure/blob/master/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/dockernode.yml) playbook is used to deploy docker containers onto our dockerhost machines. 
 
@@ -23,7 +25,7 @@ ansible-playbook -u root -i <host-file> AdoptOpenJDK_Unix_Playbook
 /dockernode.yml -t "deploy" -e "docker_images=u2204,alp319,deb12"
 ```
 
-The `docker_images` variable is where the user can specifiy which docker containers to deploy, using the dockerfiles avaiable [here](https://github.com/adoptium/infrastructure/tree/master/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles) (which do get updated regularly).
+The `docker_images` variable is where the user can specify which docker containers to deploy, using the dockerfiles avaiable [here](https://github.com/adoptium/infrastructure/tree/master/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/Dockerfiles) (which do get updated regularly).
 
 The `dockerhost.yml` playbook can deploy single, multiple and duplicate containers, for example
 

ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/logs/tasks/main.yml

@@ -3,19 +3,19 @@
 
 - name: Set Log path
   set_fact:
-    log_path: /var/log
+   log_path: /var/log
 
 - name: Set variables (MacOS)
   set_fact:
-    user_group: "staff"
+   user_group: "staff"
   when:
-    - ansible_distribution == "MacOSX"
+   - ansible_distribution == "MacOSX"
 
 - name: Set variables (Not MacOS)
   set_fact:
-    user_group: "root"
+   user_group: "root"
   when:
-    - ansible_distribution != "MacOSX"
+   - ansible_distribution != "MacOSX"
 
 - name: Get Date and Time
   shell: date +%Y-%m-%d\ %H:%M:%S
@@ -30,16 +30,16 @@
 
 - name: Set git_output to git_sha
   set_fact:
-    git_sha: "{{ git_output.stdout }}"
+   git_sha: "{{ git_output.stdout }}"
   when: git_sha is not defined
 
 - name: Update Log File
   lineinfile:
-    owner: root
-    group: "{{ user_group }}"
-    create: yes
-    path: "{{ log_path }}/ansible.log"
-    insertafter: EOF
-    line: "{{ position }} {{ date_output.stdout }} {{ git_sha }}"
+   owner: root
+   group: "{{ user_group }}"
+   create: yes
+   path: "{{ log_path }}/ansible.log"
+   insertafter: EOF
+   line: "{{ position }} {{ date_output.stdout }} {{ git_sha }}"
   become: yes
   become_user: root