Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ansible: add Ubuntu 22.04 sharedlibs container #3371

Merged
merged 2 commits into from
Jun 12, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ansible/inventory.yml
Original file line number Diff line number Diff line change
Expand Up @@ -179,6 +179,7 @@ hosts:
rhel8-x64-3: {ip: 52.117.26.13, build_test_v8: yes}
ubuntu1804-x64-1: {ip: 52.117.26.14, alias: jenkins-workspace-6}
ubuntu1804-x64-2: {ip: 50.97.245.9}
ubuntu2204_docker-x64-1: {ip: 52.117.26.9}

- equinix_mnx:
smartos18-x64-3: {ip: 147.28.162.102}
Expand Down Expand Up @@ -343,4 +344,3 @@ hosts:
debian9-x64-1: {ip: 169.60.150.88}
debian10-x64-1: {ip: 169.44.16.126}
ubuntu1404-x64-1: {ip: 50.97.245.5}
ubuntu1804_docker-x64-1: {ip: 52.117.26.9}
18 changes: 18 additions & 0 deletions ansible/roles/docker/tasks/partials/repo/ubuntu2204.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
---

#
# add Docker repo
#

- name: "repo : add Ubuntu Docker repo key"
ansible.builtin.apt_key:
state: present
url: https://download.docker.com/linux/ubuntu/gpg

- name: "repo : add Ubuntu Docker repo"
ansible.builtin.apt_repository:
repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
register: has_updated_package_repo

- name: "repo : update apt cache"
apt: update_cache=yes
136 changes: 136 additions & 0 deletions ansible/roles/docker/templates/ubuntu2204_sharedlibs.Dockerfile.j2
Original file line number Diff line number Diff line change
@@ -0,0 +1,136 @@
FROM ubuntu:22.04

ENV LC_ALL C
ENV USER {{ server_user }}
ENV JOBS {{ server_jobs | default(ansible_processor_vcpus) }}
ENV SHELL /bin/bash
ENV HOME /home/{{ server_user }}
ENV PATH /usr/lib/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ENV NODE_COMMON_PIPE /home/{{ server_user }}/test.pipe
ENV NODE_TEST_DIR /home/{{ server_user }}/tmp
ENV OSTYPE linux-gnu
ENV OSVARIANT docker
ENV DESTCPU {{ arch }}
ENV ARCH {{ arch }}
ENV DEBIAN_FRONTEND noninteractive

RUN apt-get update && apt-get install apt-utils -y && \
apt-get dist-upgrade -y && apt-get install -y \
ccache \
g++ \
gcc \
git \
openjdk-17-jre-headless \
pkg-config \
curl \
python3-pip \
python-is-python3 \
libfontconfig1 \
libtool \
automake

RUN pip3 install tap2junit=={{ tap2junit_version }}

RUN addgroup --gid {{ server_user_gid.stdout_lines[0] }} {{ server_user }}

RUN adduser --gid {{ server_user_gid.stdout_lines[0] }} --uid {{ server_user_uid.stdout_lines[0] }} --disabled-password --gecos {{ server_user }} {{ server_user }}

ENV ICU68DIR=/opt/icu-68.1 \
ICU69DIR=/opt/icu-69.1 \
ICU71DIR=/opt/icu-71.1

RUN for ICU_ENV in $(env | grep ICU..DIR); do \
ICU_PREFIX=$(echo $ICU_ENV | cut -d '=' -f 2) && \
ICU_VERSION=$(echo $ICU_PREFIX | cut -d '-' -f 2) && \
ICU_MAJOR=$(echo $ICU_VERSION | cut -d '.' -f 1) && \
ICU_MINOR=$(echo $ICU_VERSION | cut -d '.' -f 2) && \
mkdir -p /tmp/icu-$ICU_VERSION && \
cd /tmp/icu-$ICU_VERSION && \
curl -sL "https://github.com/unicode-org/icu/releases/download/release-$ICU_MAJOR-$ICU_MINOR/icu4c-${ICU_MAJOR}_$ICU_MINOR-src.tgz" | tar zxv --strip=1 && \
cd source && \
./runConfigureICU Linux --prefix=$ICU_PREFIX && \
make -j $JOBS && \
make install && \
rm -rf /tmp/icu-$ICU_VERSION; \
done

ENV OPENSSL111VER 1.1.1u
ENV OPENSSL111DIR /opt/openssl-$OPENSSL111VER

RUN mkdir -p /tmp/openssl_$OPENSSL111VER && \
cd /tmp/openssl_$OPENSSL111VER && \
curl -sL https://www.openssl.org/source/openssl-$OPENSSL111VER.tar.gz | tar zxv --strip=1 && \
./config --prefix=$OPENSSL111DIR && \
make -j $JOBS && \
make install && \
rm -rf /tmp/openssl_$OPENSSL111VER

# OpenSSL FIPS validation occurs post-release, and not for every version.
# See https://www.openssl.org/docs/fips.html and the version documented in the
# certificate and security policy.
ENV OPENSSL30FIPSVER 3.0.8
ENV OPENSSL30FIPSDIR /opt/openssl-$OPENSSL30FIPSVER-fips

RUN mkdir -p /tmp/openssl-$OPENSSL30FIPSVER && \
cd /tmp/openssl-$OPENSSL30FIPSVER && \
curl -sL https://www.openssl.org/source/openssl-$OPENSSL30FIPSVER.tar.gz | tar zxv --strip=1 && \
./config --prefix=$OPENSSL30FIPSDIR enable-fips && \
make -j $JOBS && \
make install && \
rm -rf /tmp/openssl-$OPENSSL30FIPSVER
# Install the FIPS provider. Update OpenSSL config file to enable FIPS.
RUN LD_LIBRARY_PATH=$OPENSSL30FIPSDIR/lib64 $OPENSSL30FIPSDIR/bin/openssl fipsinstall \
-module $OPENSSL30FIPSDIR/lib64/ossl-modules/fips.so -provider_name fips \
-out $OPENSSL30FIPSDIR/ssl/fipsmodule.cnf && \
sed -i -r "s|^# (.include fipsmodule.cnf)|.include $OPENSSL30FIPSDIR\/ssl\/fipsmodule.cnf|g" $OPENSSL30FIPSDIR/ssl/openssl.cnf && \
sed -i -r '/^providers = provider_sect/a alg_section = evp_properties' $OPENSSL30FIPSDIR/ssl/openssl.cnf && \
sed -i -r 's/^# (fips = fips_sect)/\1/g' $OPENSSL30FIPSDIR/ssl/openssl.cnf && \
sed -i -r 's/^# (activate = 1)/\1/g' $OPENSSL30FIPSDIR/ssl/openssl.cnf && \
echo "\n[evp_properties]\ndefault_properties = \"fips=yes\"\n" >> $OPENSSL30FIPSDIR/ssl/openssl.cnf

ENV OPENSSL30VER 3.0.8+quic
ENV OPENSSL30DIR /opt/openssl-$OPENSSL30VER

RUN mkdir -p /tmp/openssl-$OPENSSL30VER && \
cd /tmp/openssl-$OPENSSL30VER && \
git clone https://github.com/quictls/openssl.git -b openssl-$OPENSSL30VER --depth 1 && \
cd openssl && \
./config --prefix=$OPENSSL30DIR && \
make -j $JOBS && \
make install && \
rm -rf /tmp/openssl-$OPENSSL30VER

ENV OPENSSL31VER 3.1.1
ENV OPENSSL31DIR /opt/openssl-$OPENSSL31VER

RUN mkdir -p /tmp/openssl-$OPENSSL31VER && \
cd /tmp/openssl-$OPENSSL31VER && \
curl -sL https://www.openssl.org/source/openssl-$OPENSSL31VER.tar.gz | tar zxv --strip=1 && \
./config --prefix=$OPENSSL31DIR && \
make -j $JOBS && \
make install && \
rm -rf /tmp/openssl-$OPENSSL31VER

ENV ZLIBVER 1.2.13
ENV ZLIB12DIR /opt/zlib_$ZLIBVER

RUN mkdir -p /tmp/zlib_$ZLIBVER && \
cd /tmp/zlib_$ZLIBVER && \
curl -sL https://zlib.net/fossils/zlib-$ZLIBVER.tar.gz | tar zxv --strip=1 && \
./configure --prefix=$ZLIB12DIR && \
make -j $JOBS && \
make install && \
rm -rf /tmp/zlib_$ZLIBVER

VOLUME /home/{{ server_user }}/ /home/{{ server_user }}/.ccache

USER iojs:iojs

ENV CCACHE_TEMPDIR /home/iojs/.ccache/{{ item.name }}

CMD cd /home/iojs \
&& curl https://ci.nodejs.org/jnlpJars/agent.jar -O \
&& java -Xmx{{ server_ram|default('128m') }} \
-jar /home/{{ server_user }}/agent.jar \
-jnlpUrl {{ jenkins_url }}/computer/{{ item.name }}/jenkins-agent.jnlp \
-secret {{ item.secret }}
5 changes: 4 additions & 1 deletion ansible/roles/docker/vars/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ ssh_config: /etc/ssh/sshd_config
sshd_service_name: 'sshd'

ntp_service: {
systemd: ['debian8', 'debian9', 'debian10', 'ubuntu1604', 'ubuntu1804']
systemd: ['debian8', 'debian9', 'debian10', 'ubuntu1604', 'ubuntu1804', 'ubuntu2204']
}

common_packages: [
Expand All @@ -18,6 +18,9 @@ common_packages: [
# you can either add os family or os to this list (see smartos)
# but the playbook chooses os over family - not both
packages: {
ubuntu2204: [
'docker.io',
],
ubuntu2004: [
'docker.io',
],
Expand Down