├── .ansible-lint ├── .github ├── ISSUE_TEMPLATE │ ├── ansible.md │ ├── machineaccess.md │ ├── newmachine.md │ ├── systemdown.md │ ├── systemfaulty.md │ ├── teamaccess.md │ └── testcasefail.md ├── PULL_REQUEST_TEMPLATE.md ├── cygwin-build │ └── setup-x86_64.exe ├── dependabot.yml ├── labeler.yml ├── regex_labeler.yml └── workflows │ ├── build.yml │ ├── build_mac.yml │ ├── build_qemu.yml │ ├── build_vagrant.yml │ ├── build_wsl.yml │ ├── check_dockerstatic.yml │ ├── code-freeze.yml │ ├── labeler.yml │ ├── linter.yml │ ├── packer.yml │ └── semgrep_diff.yml ├── .gitignore ├── .semgrepignore ├── .yamllint.yml ├── CHAOS_MONKEY.md ├── CONTRIBUTING.md ├── FAQ.md ├── Jenkinsfile ├── LICENSE ├── ONBOARDING.md ├── README.md ├── ansible ├── DockerInventory.json ├── MANUAL_STEPS.md ├── README.md ├── ansible.cfg ├── create-solaris-esxi.md ├── docker │ ├── Dockerfile.Alpine3 │ ├── Dockerfile.CentOS10 │ ├── Dockerfile.CentOS6 │ ├── Dockerfile.CentOS7 │ ├── Dockerfile.RHEL7 │ ├── Dockerfile.Ubuntu1604 │ ├── Dockerfile.Ubuntu2004-riscv64 │ ├── Dockerfile.Ubuntu2204 │ └── Dockerfile.win2022 ├── inventory.yml ├── packer │ ├── README.md │ ├── orka-base.pkr.hcl │ └── orka.pkr.hcl ├── pbTestScripts │ ├── README.md │ ├── buildJDK.sh │ ├── buildJDKWin.sh │ ├── qemuPlaybookCheck.sh │ ├── startScriptWin.py │ ├── testJDK.sh │ ├── testJDKWin.sh │ ├── updateBoxes.sh │ ├── vagrantPlaybookCheck.sh │ └── vmDestroy.sh ├── playbooks │ ├── .gitignore │ ├── AdoptOpenJDK_AIX_Playbook │ │ ├── group_vars │ │ │ └── all │ │ │ │ └── main.yml │ │ ├── main.yml │ │ └── roles │ │ │ ├── X11 │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── aixfs │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── ant │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── ant_contrib │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── bash_login │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── bootjdk │ │ │ └── tasks │ │ │ │ ├── bootjdk7.yml │ │ │ │ ├── chfs.yml │ │ │ │ ├── main.yml │ │ │ │ └── openjdk.yml │ │ │ ├── crontab │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── debug │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── disable_sendmail │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── dnf │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── enable_swap │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── hosts_file │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── logs │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── ntp_time_server │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── openssl3 │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── rbac │ │ │ ├── defaults │ │ │ │ └── main.yml │ │ │ └── tasks │ │ │ │ ├── main.yml │ │ │ │ └── setsecattr.yml │ │ │ ├── security │ │ │ ├── handlers │ │ │ │ └── main.yml │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── sys0 │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── syslog │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── users │ │ │ ├── defaults │ │ │ │ └── main.yml │ │ │ ├── files │ │ │ │ └── nagios.tar.gz │ │ │ ├── tasks │ │ │ │ ├── create_user.yml │ │ │ │ ├── jenkins.yml │ │ │ │ ├── limits.yml │ │ │ │ ├── main.yml │ │ │ │ ├── nagios.yml │ │ │ │ ├── user_attributes.yml │ │ │ │ └── zeus.yml │ │ │ └── vars │ │ │ │ └── main.yml │ │ │ ├── xlc_v13 │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── xlc_v16 │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ └── yum │ │ │ └── tasks │ │ │ └── main.yml │ ├── AdoptOpenJDK_Unix_Playbook │ │ ├── README.md │ │ ├── dockerhost.yml │ │ ├── dockernode.yml │ │ ├── group_vars │ │ │ └── all │ │ │ │ └── adoptopenjdk_variables.yml │ │ ├── linux_installer_setup.yml │ │ ├── main.yml │ │ ├── roles │ │ │ ├── Ant-Contrib │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── CentOS6-Cent7SSL │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── Clean_Up │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── Common │ │ │ │ ├── files │ │ │ │ │ ├── CSWpkgutil.pkg │ │ │ │ │ ├── fallocate.c │ │ │ │ │ ├── i386 │ │ │ │ │ │ └── fallocate.so │ │ │ │ │ ├── macos │ │ │ │ │ │ └── profile │ │ │ │ │ └── sun4v │ │ │ │ │ │ └── fallocate.so │ │ │ │ ├── scripts │ │ │ │ │ └── install-homebrew.sh │ │ │ │ ├── tasks │ │ │ │ │ ├── Alpine.yml │ │ │ │ │ ├── CentOS.yml │ │ │ │ │ ├── Debian.yml │ │ │ │ │ ├── Fedora.yml │ │ │ │ │ ├── FreeBSD.yml │ │ │ │ │ ├── MacOSX.yml │ │ │ │ │ ├── RedHat.yml │ │ │ │ │ ├── SLES.yml │ │ │ │ │ ├── Solaris.yml │ │ │ │ │ ├── Ubuntu.yml │ │ │ │ │ ├── build_packages_and_tools.yml │ │ │ │ │ ├── main.yml │ │ │ │ │ └── openSUSE.yml │ │ │ │ └── vars │ │ │ │ │ ├── Alpine.yml │ │ │ │ │ ├── CentOS.yml │ │ │ │ │ ├── Debian.yml │ │ │ │ │ ├── Fedora.yml │ │ │ │ │ ├── FreeBSD.yml │ │ │ │ │ ├── MacOSX.yml │ │ │ │ │ ├── RedHat.yml │ │ │ │ │ ├── SLES.yml │ │ │ │ │ ├── Solaris.yml │ │ │ │ │ ├── Ubuntu.yml │ │ │ │ │ └── openSUSE.yml │ │ │ ├── Crontab │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── Debug │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── Docker │ │ │ │ └── tasks │ │ │ │ │ ├── debian.yml │ │ │ │ │ ├── main.yml │ │ │ │ │ ├── rhel.yml │ │ │ │ │ ├── sles.yml │ │ │ │ │ └── ubuntu.yml │ │ │ ├── DockerStatic │ │ │ │ ├── Dockerfiles │ │ │ │ │ ├── Dockerfile.al2023 │ │ │ │ │ ├── Dockerfile.alp319 │ │ │ │ │ ├── Dockerfile.alp320 │ │ │ │ │ ├── Dockerfile.cent7 │ │ │ │ │ ├── Dockerfile.cent8 │ │ │ │ │ ├── Dockerfile.centstream10 │ │ │ │ │ ├── Dockerfile.centstream9 │ │ │ │ │ ├── Dockerfile.deb12 │ │ │ │ │ ├── Dockerfile.f40 │ │ │ │ │ ├── Dockerfile.f41 │ │ │ │ │ ├── Dockerfile.sles12 │ │ │ │ │ ├── Dockerfile.sles15 │ │ │ │ │ ├── Dockerfile.u2004 │ │ │ │ │ ├── Dockerfile.u2204 │ │ │ │ │ ├── Dockerfile.u2310 │ │ │ │ │ ├── Dockerfile.u2404 │ │ │ │ │ ├── Dockerfile.u2410 │ │ │ │ │ ├── Dockerfile.ubi8 │ │ │ │ │ └── Dockerfile.ubi9 │ │ │ │ ├── README.md │ │ │ │ ├── handlers │ │ │ │ │ └── main.yml │ │ │ │ ├── scripts │ │ │ │ │ ├── updateDockerStaticInventory.py │ │ │ │ │ └── updatepackages.sh │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── GIT_Source │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── Get_Vendor_Files │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── IPv6 │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── Jenkins_User │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── Kerberos │ │ │ │ ├── conf │ │ │ │ │ └── krb5.conf │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── NTP_TIME │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── NVidia_Cuda_Toolkit │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── Nagios_Plugins │ │ │ │ └── tasks │ │ │ │ │ ├── additional_plugins │ │ │ │ │ ├── check_container_spaces.sh │ │ │ │ │ ├── check_docker_overlay2_size.sh │ │ │ │ │ ├── check_label │ │ │ │ │ ├── check_ntp_timesync │ │ │ │ │ ├── check_pkg │ │ │ │ │ ├── check_sw_up │ │ │ │ │ ├── check_timesync │ │ │ │ │ ├── check_ubuntu_ntp_timesync │ │ │ │ │ ├── check_yum │ │ │ │ │ ├── check_zypper │ │ │ │ │ └── nagios_server_plugins │ │ │ │ │ │ ├── check_agent │ │ │ │ │ │ ├── check_inventory │ │ │ │ │ │ └── check_nagios_sync │ │ │ │ │ ├── main.yml │ │ │ │ │ ├── nagios_CentOS.yml │ │ │ │ │ ├── nagios_Debian.yml │ │ │ │ │ ├── nagios_FreeBSD.yml │ │ │ │ │ ├── nagios_MacOSX.yml │ │ │ │ │ ├── nagios_RedHat.yml │ │ │ │ │ ├── nagios_SLES.yml │ │ │ │ │ ├── nagios_Solaris.yml │ │ │ │ │ └── nagios_Ubuntu.yml │ │ │ ├── OpenSSL │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── Providers │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── Python2.7 │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── Python3_Source │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── Security │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── Superuser │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── Swap_File │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── Tomcat │ │ │ │ ├── files │ │ │ │ │ └── index.html │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── Vendor │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── Version │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── Xcode11 │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── Xcode15 │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── adopt_etc │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── adoptopenjdk_install │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── ant │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── autoconf │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── capstone │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── ccache │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── cmake │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── criu │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── curl │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── deploy_container │ │ │ │ └── tasks │ │ │ │ │ ├── deploy.yml │ │ │ │ │ └── main.yml │ │ │ ├── devkit │ │ │ │ ├── tasks │ │ │ │ │ └── main.yml │ │ │ │ └── vars │ │ │ │ │ └── main.yml │ │ │ ├── disable_gui │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── freemarker │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── gcc_10 │ │ │ │ ├── tasks │ │ │ │ │ └── main.yml │ │ │ │ └── vars │ │ │ │ │ └── main.yml │ │ │ ├── gcc_11 │ │ │ │ ├── tasks │ │ │ │ │ └── main.yml │ │ │ │ └── vars │ │ │ │ │ └── main.yml │ │ │ ├── gcc_48 │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── gcc_7 │ │ │ │ ├── tasks │ │ │ │ │ └── main.yml │ │ │ │ └── vars │ │ │ │ │ └── main.yml │ │ │ ├── gcc_9 │ │ │ │ ├── tasks │ │ │ │ │ └── main.yml │ │ │ │ └── vars │ │ │ │ │ └── main.yml │ │ │ ├── gmake │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── jckservices_iptables │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── linux_installer │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── local_srcinstall │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── logs │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── macos_codesign │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── maven │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── nasm │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── performance_tools │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── remove_container │ │ │ │ ├── scripts │ │ │ │ │ └── deleteNodes.py │ │ │ │ └── tasks │ │ │ │ │ ├── delete_container.yml │ │ │ │ │ └── main.yml │ │ │ ├── riscv_cross_compiler │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── vsftpd │ │ │ │ ├── conf │ │ │ │ │ └── vsftpd.conf │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ └── zulu7 │ │ │ │ └── tasks │ │ │ │ └── main.yml │ │ ├── trss.yml │ │ └── ubuntu-jckservices.yml │ ├── AdoptOpenJDK_Windows_Playbook │ │ ├── README.md │ │ ├── group_vars │ │ │ └── all │ │ │ │ └── adoptopenjdk_variables.yml │ │ ├── main.yml │ │ └── roles │ │ │ ├── 7-Zip │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── ANT │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── Clang_32bit │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── Clang_64bit │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── CodesignCert │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── Common │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── Debug │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── Dragonwell │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── Firefox │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── Freemarker │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── Freetype │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── GIT │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── GPG_signature_verification │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── Get_Vendor_Files │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── IcedTea-Web │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── Incredibuild │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── Java7 │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── Java8 │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── Java_install │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── Jenkins │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── Jenkins_Service_Installation │ │ │ ├── tasks │ │ │ │ └── main.yml │ │ │ └── templates │ │ │ │ └── JenkinsAgentService.xml.j2 │ │ │ ├── MSVS_2013 │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── MSVS_2017 │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── MSVS_2019 │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── MSVS_2022 │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── MSVS_2022_REDIST │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── NSClient │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── NTP_TIME │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── NVidia_Cuda_Toolkit │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── Rust │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── Strawberry_Perl │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── Thunderbird │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── Version │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── WMF_5.1 │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── WiX │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── Windows_Updates │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── cygwin │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── logs │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ ├── nasm │ │ │ └── tasks │ │ │ │ └── main.yml │ │ │ └── shortNames │ │ │ ├── scripts │ │ │ └── shortName.ps1 │ │ │ └── tasks │ │ │ └── main.yml │ ├── Supporting_Scripts │ │ └── package_signature_verification.sh │ ├── adoptopenjdk_variables.yml │ ├── aix.yml.old │ ├── correct_vnc_install.yml │ ├── nagios │ │ ├── README.md │ │ ├── VagrantFiles │ │ │ └── Vagrantfile.Nagios.Server.Ubuntu2204 │ │ ├── ansible.cfg │ │ ├── documentation │ │ │ ├── HOW_TO_ADD_WINDOWS_TO_NAGIOS.md │ │ │ ├── Manually_Adding_Nagios_Service_Checks.MD │ │ │ └── USAGE_GUIDE.md │ │ ├── nagios_inventory.yml │ │ ├── play_config_server.yml │ │ ├── play_setup_server.yml │ │ ├── roles │ │ │ ├── Nagios_Config │ │ │ │ ├── README.md │ │ │ │ ├── defaults │ │ │ │ │ └── main.yml │ │ │ │ ├── files │ │ │ │ │ ├── Nagios_Server_Config.py │ │ │ │ │ └── templates │ │ │ │ │ │ ├── build-aix-template.j2 │ │ │ │ │ │ ├── build-centos-template.j2 │ │ │ │ │ │ ├── build-macos-template.j2 │ │ │ │ │ │ ├── build-rhel-template.j2 │ │ │ │ │ │ ├── build-sles-template.j2 │ │ │ │ │ │ ├── build-ubuntu-template.j2 │ │ │ │ │ │ ├── build-windows-template.j2 │ │ │ │ │ │ ├── dockerhost-ubuntu-template.j2 │ │ │ │ │ │ ├── jenkins-template.j2 │ │ │ │ │ │ ├── test-aix-template.j2 │ │ │ │ │ │ ├── test-centos-template.j2 │ │ │ │ │ │ ├── test-macos-template.j2 │ │ │ │ │ │ ├── test-rhel-template.j2 │ │ │ │ │ │ ├── test-sles-template.j2 │ │ │ │ │ │ ├── test-solaris-noport-template.j2 │ │ │ │ │ │ ├── test-solaris-port-template.j2 │ │ │ │ │ │ ├── test-ubuntu-template.j2 │ │ │ │ │ │ └── test-windows-template.j2 │ │ │ │ ├── scripts │ │ │ │ │ ├── Create_Nagios_Hostgroups.py │ │ │ │ │ ├── Create_Nagios_Server_Configurations.py │ │ │ │ │ └── Create_Nagios_Servicegroups_config_file.py │ │ │ │ ├── tasks │ │ │ │ │ ├── Create_Nagios_Hostgroups.yml │ │ │ │ │ ├── Create_Nagios_Server_Configurations.yml │ │ │ │ │ ├── Create_Nagios_Servicegroups.yml │ │ │ │ │ ├── Get_Ansible_Inventory.yml │ │ │ │ │ ├── main.yml │ │ │ │ │ └── restart_nagios_server.yml │ │ │ │ └── vars │ │ │ │ │ └── Ubuntu.yml │ │ │ └── Nagios_Server │ │ │ │ ├── README.md │ │ │ │ ├── defaults │ │ │ │ └── main.yml │ │ │ │ ├── files │ │ │ │ ├── commands.cfg │ │ │ │ ├── contacts.cfg │ │ │ │ ├── nagios_server_plugins │ │ │ │ │ ├── check_agent │ │ │ │ │ ├── check_inventory │ │ │ │ │ ├── check_nagios_sync │ │ │ │ │ ├── excluded_ips.list │ │ │ │ │ └── setup_ssh.sh │ │ │ │ ├── templates.cfg │ │ │ │ ├── timeperiods.cfg │ │ │ │ └── windows.cfg │ │ │ │ ├── scripts │ │ │ │ ├── commands.cfg │ │ │ │ ├── nagios_host_group_add.sh │ │ │ │ ├── nagios_host_group_remove.sh │ │ │ │ └── slack_nagios.pl │ │ │ │ ├── tasks │ │ │ │ ├── configure_nagios_commands.yml │ │ │ │ ├── configure_nagios_contacts.yml │ │ │ │ ├── configure_nagios_core.yml │ │ │ │ ├── configure_nagios_server_crontab.yml │ │ │ │ ├── configure_nagios_server_monitoring.yml │ │ │ │ ├── configure_nagios_templates.yml │ │ │ │ ├── configure_nagios_timeperiods.yml │ │ │ │ ├── configure_nagios_windows.yml │ │ │ │ ├── install_nagios_core.yml │ │ │ │ ├── install_nagios_plugins.yml │ │ │ │ ├── install_nagios_scripts.yml │ │ │ │ ├── install_nagiosgraph.yml │ │ │ │ ├── install_pnp4nagios.yml │ │ │ │ ├── main.yml │ │ │ │ └── restart_nagios_server.yml │ │ │ │ └── vars │ │ │ │ └── Ubuntu.yml │ │ ├── secrets_setup_server.demo │ │ ├── secrets_setup_server.enc │ │ ├── secrets_setup_server.prod │ │ ├── vars_configure_server.yml │ │ └── vars_setup_server.yml │ ├── ubuntu-jck.yml │ └── vagrant.yml ├── plugins │ ├── filter │ │ └── filters.py │ ├── inventory │ │ ├── adoptopenjdk_yaml.py │ │ └── host_vars │ │ │ └── README.md │ └── library │ │ └── ssh_config.py └── vagrant │ ├── Vagrantfile.CentOS6 │ ├── Vagrantfile.CentOS7 │ ├── Vagrantfile.CentOS8 │ ├── Vagrantfile.Debian10 │ ├── Vagrantfile.Fedora35 │ ├── Vagrantfile.Fedora40 │ ├── Vagrantfile.FreeBSD12 │ ├── Vagrantfile.Solaris10 │ ├── Vagrantfile.Ubuntu1604 │ ├── Vagrantfile.Ubuntu1804 │ ├── Vagrantfile.Ubuntu2004 │ ├── Vagrantfile.Ubuntu2104 │ ├── Vagrantfile.Ubuntu2204 │ ├── Vagrantfile.Ubuntu2404 │ ├── Vagrantfile.Win2012 │ ├── Vagrantfile.Win2022 │ ├── Vagrantfile.Win2022.Adopt │ └── Vagrantfile.Windows2022.Core ├── collections └── requirements.yml ├── docs ├── AccessControl.md ├── Backups.md ├── README.md ├── Setup-QEMU-Images.md ├── Setup-RISCV-VMs.md ├── Setup-TRSS.md ├── Testing.md ├── adoptopenjdk.graphml └── adoptopenjdk.pdf ├── tools ├── restart_trss.sh └── run_backups └── wazuh ├── README.md ├── agent └── windows │ ├── agent.snippet.conf │ └── anti_flooding_config.MD └── server └── ssh-key-logging ├── 0310-ssh_decoders.snippet.xml └── Extending_The_SSH_Logger.MD /.ansible-lint: -------------------------------------------------------------------------------- 1 | --- 2 | # .ansible-lint 3 | 4 | skip_list: 5 | - '106' # Role name {} does not match ``^[a-z][a-z0-9_]+$`` pattern 6 | - '204' # Lines should be no longer than 160 chars 7 | - '207' # Nested jinja pattern 8 | - '208' # File permissions unset or incorrect 9 | - '301' # Commands should not change things if nothing needs doing 10 | - '303' # Using command rather than module 11 | - '305' # Use shell only when shell functionality is required 12 | - '306' # Shells that use pipes should set the pipefail option 13 | - '401' # Git checkouts must contain explicit version 14 | - '403' # Package installs should not use latest 15 | - '501' # Become_user requires become to work as expected 16 | - '503' # Tasks that run when changed should likely be handlers. 17 | - '601' # Don't compare to literal True/False 18 | - '602' # Don't compare to empty string 19 | - 'var-naming' # var-naming File defines variable that violates variable naming standards 20 | - 'fqcn-builtins' # Disable error introduced in ansible-lint 6.X (https://github.com/ansible/ansible-lint/pull/1908) 21 | - 'name[template]' # Jinja templates should only be at the end of ‘name’. 22 | - 'template-instead-of-copy' # Replaced upstream in https://github.com/ansible/ansible-lint/pull/2512 23 | - 'no-free-form' # Exclude As Requires Significant Changes ( 196 changes required ) 24 | - 'fqcn[action]' # Exclude As Requires Significant Changes ( 249 changes required ) 25 | - 'args[module]' # Exclude Experimental Rule Validation ( Prevents 4 experimental warnings ) 26 | 27 | kinds: 28 | - vars: "ansible/playbooks/adoptopenjdk_variables.yml" 29 | 30 | exclude_paths: 31 | - ansible/playbooks/adoptopenjdk_variables.yml # See: https://github.com/AdoptOpenJDK/openjdk-infrastructure/issues/1926 32 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/ansible.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: 🐛 Machine setup (ansible) bug or new installation/setup request 3 | about: Use this if you need to report a machine setup issue or if you want something changed in the setup 4 | title: Ansible request for 5 | labels: 'ansible' 6 | assignees: '' 7 | 8 | --- 9 | Please put the name of the software product (and affected platforms if relevant) in the title of this issue 10 | 11 | Delete as appropriate from this list: 12 | 13 | - Missing install 14 | - Bug in ansible playbook 15 | - Request for new playbook addition 16 | 17 | Details: 18 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/machineaccess.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: ⌨️ Request access to a machine 3 | about: Request access to an AdoptOpenJDK machine or set of machines 4 | title: Access request for 5 | labels: 'Temp Infra Access' 6 | 7 | --- 8 | **NOTE: THIS ISSUE SHOULD NOT BE CLOSED BY THE ORIGINATOR IF ACCESS IS GRANTED**. 9 | 10 | When the access is no longer needed please add a comment and a member 11 | of the infrastructure team will revoke it and close the issue. 12 | 13 | NOTE 2: For the infra team member picking this up, the process is described [here](https://github.com/adoptium/infrastructure/blob/master/FAQ.md#temporary-access-to-a-machine) 14 | 15 | Required access level (Delete as appropriate). Note that you should only 16 | request the minimum level that is required to solve your problem 17 | 18 | - [ ] Non-privileged 19 | - [ ] jenkins user 20 | - [ ] root/Administrative 21 | - [ ] other (Please specify): 22 | 23 | System for which access is needed: 24 | 25 | Please explain why you need this access including whether it is a temporary or permanent request: 26 | 27 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/newmachine.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: 🖥️ Request for additional machines 3 | about: Request for new machine to be added to the project 4 | title: New Machine requirement 5 | labels: 'Machine Request' 6 | assignees: '' 7 | 8 | --- 9 | I need to request a new machine: 10 | 11 | - New machine operating system (e.g. linux/windows/macos/solaris/aix): 12 | - New machine architecture (e.g. x64/aarch32/arm32/ppc64/ppc64le/sparc): 13 | - Provider (leave blank if it does not matter): 14 | - Desired usage: 15 | - Any unusual specification/setup required: 16 | - How many of them are required: 1 17 | 18 | Please explain what this machine is needed for: 19 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/systemdown.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: 😓 System down 3 | about: Use this if a system is non-responsive, not working as it should, or needs to be marked back online in jenkins 4 | title: 'System unavailable: ' 5 | labels: 'systemdown' 6 | assignees: '' 7 | 8 | --- 9 | 10 | - Please put the system name in the title of this issue. 11 | 12 | - Link to any log file showing the problem: 13 | 14 | - Please describe the issue: 15 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/systemfaulty.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: 😷 System faulty 3 | about: Use this if a particular machine is not doing what it needs to (config incorrect/disk space etc.) 4 | title: 'System faulty: ' 5 | labels: 'testFail' 6 | assignees: '' 7 | 8 | 9 | 10 | - Please put the system name (or other machine group identifier) in the title of this issue. 11 | 12 | - Output or log showing the problem: 13 | 14 | - Output or log from another machine where it passes: 15 | 16 | - Please describe the issue: 17 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/teamaccess.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Request/revoke access to an infrastructure team 3 | about: Request access to a github team 4 | title: Access request for 5 | labels: '' 6 | assignees: 'sxa' 7 | 8 | --- 9 | Team requested - delete those which are not applicable : 10 | 11 | - infrastructure-triage 12 | - infrastructure 13 | - infrastructure-core 14 | - infrastructure-secret 15 | 16 | Please explain why you need this access: 17 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/testcasefail.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: 👀 Machine-specific test case failure 3 | about: Tst case failures believed to be due to the configuration of specific machines 4 | labels: 'testFail' 5 | assignees: '' 6 | 7 | --- 8 | Please set the title to indicate the test name and machine name where known. 9 | 10 | To make it easy for the infrastructure team to repeat and diagnose, please 11 | answer the following questions: 12 | 13 | - test suite/name (e.g, BUILD_LIST, TARGET, CUSTOM_TARGET)? 14 | - a link into recent `Test_` job on https://ci.adoptium.net which showed the failure 15 | - **Hyperlink** to re-run in Grinder: 16 | - Is there an existing issue elsewhere covering this? 17 | - Which machine(s) does it work on? 18 | - Which machine(s) does it fail on? 19 | 20 | Any other details: 21 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 5 | 6 | ##### Checklist 7 | 8 | 9 | - [ ] commit message has one of the [standard prefixes](https://github.com/adoptium/infrastructure/blob/master/CONTRIBUTING.md#commit-messages) 10 | - [ ] [faq.md](https://github.com/adoptium/infrastructure/blob/master/FAQ.md) updated if appropriate 11 | - [ ] other documentation is changed or added (if applicable) 12 | - [ ] playbook changes run through [VPC](https://ci.adoptium.net/view/Tooling/job/VagrantPlaybookCheck/) or [QPC](https://ci.adoptium.net/view/Tooling/job/QEMUPlaybookCheck/) (if you have access) 13 | - [ ] VPC/QPC not applicable for this PR 14 | - [ ] for inventory.yml changes, bastillion/nagios/jenkins updated accordingly 15 | -------------------------------------------------------------------------------- /.github/cygwin-build/setup-x86_64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/adoptium/infrastructure/4476887600dca29b7873d435ed04d8e9c3473380/.github/cygwin-build/setup-x86_64.exe -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: github-actions 4 | directory: / 5 | schedule: 6 | interval: daily 7 | open-pull-requests-limit: 10 8 | -------------------------------------------------------------------------------- /.github/labeler.yml: -------------------------------------------------------------------------------- 1 | # Config file used by .github/workflows/labeler.yml 2 | 3 | # This file matches file/folder changes to labels. See https://github.com/actions/labeler for more information. 4 | 5 | # e.g to add the test label to any changes in the /tests directory: 6 | 7 | # test: 8 | # - tests/* 9 | 10 | # label_name: 11 | # - path/to/file_or_folder 12 | 13 | ghActions: 14 | - changed-files: 15 | - any-glob-to-any-file: [.github/*] 16 | doc: 17 | - changed-files: 18 | - any-glob-to-any-file: [docs/*, '**/*.md'] 19 | Vagrant: 20 | - changed-files: 21 | - any-glob-to-any-file: [ansible/pbTestScripts/**/*, ansible/vagrant/Vagrantfile*] 22 | pbTests: 23 | - changed-files: 24 | - any-glob-to-any-file: [ansible/pbTestScripts/**/*] 25 | docker: 26 | - changed-files: 27 | - any-glob-to-any-file: [ansible/docker/Dockerfile*] 28 | ansible: 29 | - changed-files: 30 | - any-glob-to-any-file: [ansible/playbooks/**/*, ansible/plugins/**/*, ansible/inventory.yml, ansible/ansible.cfg] 31 | -------------------------------------------------------------------------------- /.github/workflows/build_mac.yml: -------------------------------------------------------------------------------- 1 | name: Ansible Playbook 2 | 3 | on: 4 | pull_request: 5 | paths: 6 | - .github/workflows/build_mac.yml 7 | - ansible/playbooks/AdoptOpenJDK_Unix_Playbook/** 8 | branches: 9 | - master 10 | 11 | permissions: 12 | contents: read 13 | 14 | jobs: 15 | build-macos: 16 | name: macOS 17 | runs-on: ${{ matrix.os }} 18 | strategy: 19 | matrix: 20 | include: 21 | - os: [macos-13] 22 | - os: [macos-14] 23 | steps: 24 | 25 | - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 26 | 27 | - name: Install Python 28 | run: brew install python@3.12 --overwrite 29 | 30 | - name: Configure dirmgr 31 | run: | 32 | mkdir -p ~/.gnupg/ 33 | touch ~/.gnupg/dirmngr.conf 34 | echo "standard-resolver" > ~/.gnupg/dirmngr.conf 35 | 36 | - name: Install Ansible 37 | run: brew install ansible 38 | 39 | - name: Run Ansible Playbook 40 | run: | 41 | echo "localhost ansible_user=runner ansible_connection=local" > ansible/hosts 42 | set -eux 43 | cd ansible 44 | sudo ansible-playbook -i hosts playbooks/AdoptOpenJDK_Unix_Playbook/main.yml --skip-tags="hosts_file,hostname,brew_upgrade,brew_cu,kernel_tuning,adoptopenjdk,jenkins,nagios,superuser,swap_file,crontab" 45 | -------------------------------------------------------------------------------- /.github/workflows/build_qemu.yml: -------------------------------------------------------------------------------- 1 | name: QEMU Playbook Checker 2 | 3 | on: 4 | pull_request: 5 | paths: 6 | - .github/workflows/build_qemu.yml 7 | - ansible/playbooks/AdoptOpenJDK_Unix_Playbook/** 8 | branches: 9 | - master 10 | types: [ labeled ] 11 | 12 | permissions: 13 | contents: read 14 | 15 | jobs: 16 | build_job: 17 | if: ${{ github.event.label.name == 'QEMU-playbook-check' }} 18 | # The host should always be linux 19 | runs-on: ubuntu-latest 20 | name: Build on ${{ matrix.distro }} ${{ matrix.arch }} 21 | 22 | strategy: 23 | matrix: 24 | include: 25 | - arch: aarch64 26 | distro: ubuntu18.04 27 | - arch: aarch64 28 | distro: buster 29 | - arch: ppc64le 30 | distro: ubuntu18.04 31 | - arch: s390x 32 | distro: ubuntu18.04 33 | - arch: riscv64 34 | distro: ubuntu20.04 35 | # - arch: armv7 36 | # distro: jessie 37 | 38 | steps: 39 | - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 40 | 41 | - name: Run on architecture 42 | uses: uraimo/run-on-arch-action@d94c13912ea685de38fccc1109385b83fd79427d # v3.0.1 43 | with: 44 | arch: ${{ matrix.arch }} 45 | distro: ${{ matrix.distro }} 46 | run: | 47 | apt -y update 48 | apt -y install ansible sudo 49 | echo "localhost ansible_user=runner ansible_connection=local" > ansible/hosts 50 | set -eux 51 | cd ansible 52 | if [ ! -e /usr/bin/python ] ; then ln -s /usr/bin/python3 /usr/bin/python ; fi 53 | sudo ansible-playbook -i hosts --extra-vars 'git_sha=${{ github.sha }}' playbooks/AdoptOpenJDK_Unix_Playbook/main.yml --skip-tags="debug,jenkins,docker,ntp_time,swap_file,adoptopenjdk,jenkins" 54 | -------------------------------------------------------------------------------- /.github/workflows/code-freeze.yml: -------------------------------------------------------------------------------- 1 | name: Code Freeze Bot 2 | 3 | # Controls when the workflow will run 4 | on: 5 | pull_request_target: 6 | branches: [ "master" ] 7 | issue_comment: 8 | types: [created] 9 | 10 | permissions: 11 | contents: write 12 | pull-requests: write 13 | 14 | jobs: 15 | codefreeze: 16 | uses: adoptium/.github/.github/workflows/code-freeze.yml@main 17 | secrets: inherit 18 | -------------------------------------------------------------------------------- /.github/workflows/labeler.yml: -------------------------------------------------------------------------------- 1 | # Label adding bot, see .github/labeler.yml for config 2 | 3 | name: "Pull Request Labeler" 4 | on: 5 | pull_request_target: 6 | issues: 7 | issue_comment: 8 | 9 | jobs: 10 | triage: 11 | permissions: 12 | contents: read 13 | pull-requests: write 14 | issues: write 15 | runs-on: ubuntu-latest 16 | name: Assign Labels 17 | steps: 18 | - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 19 | if: ${{ github.event.pull_request }} 20 | with: 21 | repo-token: "${{ secrets.GITHUB_TOKEN }}" 22 | 23 | - uses: fuxingloh/multi-labeler@b15a54460c38f54043fa75f7b08a0e2aa5b94b5b # v4.0.0 24 | with: 25 | github-token: "${{secrets.GITHUB_TOKEN}}" 26 | config-path: .github/regex_labeler.yml 27 | -------------------------------------------------------------------------------- /.github/workflows/semgrep_diff.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Semgrep Differential Scan 3 | on: 4 | pull_request: 5 | 6 | permissions: 7 | contents: read 8 | statuses: write 9 | 10 | jobs: 11 | semgrep-diff: 12 | uses: adoptium/.github/.github/workflows/semgrep_diff.yml@main 13 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | .idea/* 3 | ansible/playbooks/*.retry 4 | *.pyc 5 | ansible/host_vars/* 6 | **/vendor_files 7 | .vscode/ 8 | *.swp 9 | -------------------------------------------------------------------------------- /.semgrepignore: -------------------------------------------------------------------------------- 1 | # Ignore The Nagios Configuration J2 templates, as they are only examples. 2 | ./ansible/playbooks/nagios/roles/Nagios_Config/files/templates/*.j2 3 | -------------------------------------------------------------------------------- /.yamllint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | 4 | ignore: | 5 | .github/ 6 | 7 | rules: 8 | line-length: disable 9 | comments-indentation: disable 10 | comments: disable 11 | # mixed style truthy values are OK for Ansible code 12 | truthy: disable 13 | -------------------------------------------------------------------------------- /ansible/MANUAL_STEPS.md: -------------------------------------------------------------------------------- 1 | # Manual steps required to run ansible on machines 2 | 3 | ## macOS 4 | 1. Update Sudoers file: 5 | 6 | this requires `NOPASSWD` to be added to the sudoers file to enable elevation 7 | 8 | `sudo visudo` 9 | and change: 10 | `%admin ALL = (ALL) ALL` 11 | to 12 | ``` 13 | %admin ALL=(ALL) NOPASSWD:ALL 14 | jenkins ALL=(ALL) NOPASSWD: /usr/bin/xcode-select 15 | ``` 16 | 17 | 2. Allow ssh access 18 | 19 | ```bash 20 | sudo systemsetup -setremotelogin on 21 | ``` 22 | -------------------------------------------------------------------------------- /ansible/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | filter_plugins = plugins/filter 3 | gathering = explicit 4 | host_key_checking = False 5 | inventory = plugins/inventory/adoptopenjdk_yaml.py 6 | library = plugins/library 7 | remote_user = root 8 | retry_files_enabled = False 9 | roles_path = roles 10 | squash_actions = apk 11 | allow_world_readable_tmpfiles = True 12 | 13 | 14 | # Pass an empty path to ssh so it doesn't read config. We don't need it 15 | # since we have all information available. 16 | [ssh_connection] 17 | ssh_args = -F /dev/null -o ControlMaster=auto -o ControlPersist=60s 18 | scp_if_ssh = True 19 | 20 | [privilege_escalation] 21 | become_user = root 22 | become_method = sudo 23 | 24 | [hosts:smartos] 25 | ansible_python_interpreter = /opt/local/bin/python 26 | 27 | [hosts:freebsd] 28 | ansible_python_interpreter = /usr/local/bin/python 29 | 30 | [hosts:solaris] 31 | remote_tmp = $HOME/.ansible/tmp 32 | -------------------------------------------------------------------------------- /ansible/docker/Dockerfile.Alpine3: -------------------------------------------------------------------------------- 1 | FROM alpine:3.15 2 | 3 | ARG git_sha 4 | 5 | RUN apk update \ 6 | && apk upgrade \ 7 | && apk add ansible 8 | 9 | COPY . /ansible 10 | 11 | RUN echo "localhost ansible_connection=local" > /ansible/hosts 12 | 13 | RUN set -eux; \ 14 | cd /ansible; \ 15 | ansible-playbook -i hosts ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml -e "git_sha=$git_sha" --skip-tags="debug,hosts_file,hostname,adoptopenjdk,jenkins,nagios,superuser,docker,swap_file,crontab,nvidia_cuda_toolkit"; \ 16 | rm -rf /ansible; apk del ansible 17 | 18 | ENV \ 19 | JDK7_BOOT_DIR="/usr/lib/jvm/jdk8" \ 20 | JDK8_BOOT_DIR="/usr/lib/jvm/jdk8" \ 21 | JDK10_BOOT_DIR="/usr/lib/jvm/jdk11" \ 22 | JDK11_BOOT_DIR="/usr/lib/jvm/jdk11" \ 23 | JDK14_BOOT_DIR="/usr/lib/jvm/zulu14" \ 24 | JDK15_BOOT_DIR="/usr/lib/jvm/zulu15" \ 25 | JDK16_BOOT_DIR="/usr/lib/jvm/zulu16" \ 26 | JDK17_BOOT_DIR="/usr/lib/jvm/jdk17" \ 27 | JDK18_BOOT_DIR="/usr/lib/jvm/zulu18" \ 28 | JDKLATEST_BOOT_DIR="/usr/lib/jvm/zulu18" \ 29 | JAVA_HOME="/usr/lib/jvm/jdk8" 30 | -------------------------------------------------------------------------------- /ansible/docker/Dockerfile.CentOS10: -------------------------------------------------------------------------------- 1 | FROM quay.io/centos/centos:stream10 2 | 3 | ARG git_sha 4 | ARG user=jenkins 5 | 6 | # EPEL needed for ansible-collection-community-general 7 | RUN dnf -y update; yum clean all; \ 8 | dnf -y install python-pip sudo; \ 9 | dnf clean all 10 | 11 | RUN pip install ansible 12 | #RUN ansible-galaxy collection install ansible.posix 13 | 14 | COPY . /ansible 15 | 16 | RUN echo "localhost ansible_connection=local" > /ansible/hosts 17 | 18 | RUN ansible-playbook --version 19 | 20 | RUN dnf -y install epel-release 21 | 22 | RUN set -eux; \ 23 | cd /ansible; \ 24 | ansible-playbook -i hosts ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml -e "git_sha=$git_sha" --skip-tags="hosts_file,hostname,adoptopenjdk,jenkins,nagios,superuser,docker,swap_file,crontab,nvidia_cuda_toolkit" 25 | 26 | RUN rm -rf /ansible; dnf remove ansible; dnf clean all 27 | 28 | RUN groupadd -g 1000 ${user} 29 | RUN useradd -c "Jenkins user" -d /home/${user} -u 1000 -g 1000 -m ${user} 30 | 31 | ENV \ 32 | JDK7_BOOT_DIR="/usr/lib/jvm/java-1.7.0-openjdk" \ 33 | JDK8_BOOT_DIR="/usr/lib/jvm/java-1.8.0-openjdk" \ 34 | JDK10_BOOT_DIR="/usr/lib/jvm/jdk10" \ 35 | JDK11_BOOT_DIR="/usr/lib/jvm/jdk11" \ 36 | JDK13_BOOT_DIR="/usr/lib/jvm/jdk13" \ 37 | JDK14_BOOT_DIR="/usr/lib/jvm/jdk14" \ 38 | JDKLATEST_BOOT_DIR="/usr/lib/jvm/jdk14" \ 39 | JAVA_HOME="/usr/lib/jvm/java-1.8.0-openjdk" 40 | -------------------------------------------------------------------------------- /ansible/docker/Dockerfile.CentOS6: -------------------------------------------------------------------------------- 1 | FROM centos:6.9 2 | 3 | ARG git_sha 4 | ARG user=jenkins 5 | 6 | # Install Python 3 7 | RUN sed -i -e 's!mirrorlist!#mirrorlist!g' /etc/yum.repos.d/CentOS-Base.repo; \ 8 | sed -i -e 's!#baseurl=http://mirror.centos.org/centos/\$releasever!baseurl=https://vault.centos.org/6.10/!g' /etc/yum.repos.d/CentOS-Base.repo; \ 9 | yum -y update; yum clean all; \ 10 | yum -y install gcc openssl-devel bzip2-devel sqlite-devel sudo wget python3 epel-release; \ 11 | yum -y install ansible 12 | 13 | COPY . /ansible 14 | 15 | RUN echo "localhost ansible_connection=local" > /ansible/hosts 16 | 17 | RUN set -eux; \ 18 | cd /ansible; \ 19 | ansible-playbook -i hosts ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml -e "git_sha=$git_sha" --skip-tags="debug,hosts_file,hostname,adoptopenjdk,jenkins,nagios,superuser,docker,swap_file,crontab,nvidia_cuda_toolkit"; \ 20 | ansible-playbook -i hosts ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml -e "git_sha=$git_sha" --tags="riscv" 21 | 22 | RUN rm -rf /ansible; yum remove -y ansible; yum clean all 23 | 24 | RUN groupadd -g 1000 ${user} 25 | RUN useradd -c "Jenkins user" -d /home/${user} -u 1000 -g 1000 -m ${user} 26 | 27 | ENV \ 28 | JDK7_BOOT_DIR="/usr/lib/jvm/java-1.7.0-openjdk.x86_64" \ 29 | JDK8_BOOT_DIR="/usr/lib/jvm/java-1.8.0-openjdk.x86_64" \ 30 | JDK10_BOOT_DIR="/usr/lib/jvm/jdk10" \ 31 | JDK11_BOOT_DIR="/usr/lib/jvm/jdk11" \ 32 | JDK13_BOOT_DIR="/usr/lib/jvm/jdk13" \ 33 | JDK14_BOOT_DIR="/usr/lib/jvm/jdk14" \ 34 | JDKLATEST_BOOT_DIR="/usr/lib/jvm/jdk14" \ 35 | JAVA_HOME="/usr/lib/jvm/java-1.8.0-openjdk.x86_64" 36 | -------------------------------------------------------------------------------- /ansible/docker/Dockerfile.CentOS7: -------------------------------------------------------------------------------- 1 | FROM centos:7 2 | 3 | ARG git_sha 4 | ARG user=jenkins 5 | 6 | RUN sed -i -e 's!mirrorlist!#mirrorlist!g' /etc/yum.repos.d/CentOS-Base.repo 7 | 8 | RUN if [ "$(uname -m)" == "x86_64" ]; then \ 9 | echo "Running on x64 architecture"; \ 10 | sed -i -e 's!#baseurl=http://mirror.centos.org/centos/\$releasever!baseurl=https://vault.centos.org/7.9.2009/!g' /etc/yum.repos.d/CentOS-Base.repo; \ 11 | else \ 12 | echo "Running on non-x64 architecture"; \ 13 | sed -i 's|#baseurl=http://mirror.centos.org/altarch/\$releasever/|baseurl=http://vault.centos.org/altarch/7.9.2009/|' /etc/yum.repos.d/CentOS-Base.repo; \ 14 | fi 15 | 16 | RUN yum -y update; yum clean all; \ 17 | yum -y install epel-release; \ 18 | yum -y install ansible sudo; yum clean all 19 | 20 | COPY . /ansible 21 | 22 | RUN echo "localhost ansible_connection=local" > /ansible/hosts 23 | 24 | RUN set -eux; \ 25 | cd /ansible; \ 26 | ansible-playbook -i hosts ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml -e "git_sha=$git_sha" --skip-tags="debug,hosts_file,hostname,adoptopenjdk,jenkins,nagios,superuser,docker,swap_file,crontab,nvidia_cuda_toolkit" 27 | 28 | RUN rm -rf /ansible; yum remove ansible; yum clean all 29 | 30 | RUN groupadd -g 1000 ${user} 31 | RUN useradd -c "Jenkins user" -d /home/${user} -u 1000 -g 1000 -m ${user} 32 | 33 | ENV \ 34 | JDK7_BOOT_DIR="/usr/lib/jvm/java-1.7.0-openjdk" \ 35 | JDK8_BOOT_DIR="/usr/lib/jvm/java-1.8.0-openjdk" \ 36 | JDK10_BOOT_DIR="/usr/lib/jvm/jdk10" \ 37 | JDK11_BOOT_DIR="/usr/lib/jvm/jdk11" \ 38 | JDK13_BOOT_DIR="/usr/lib/jvm/jdk13" \ 39 | JDK14_BOOT_DIR="/usr/lib/jvm/jdk14" \ 40 | JDKLATEST_BOOT_DIR="/usr/lib/jvm/jdk14" \ 41 | JAVA_HOME="/usr/lib/jvm/java-1.8.0-openjdk" 42 | -------------------------------------------------------------------------------- /ansible/docker/Dockerfile.Ubuntu1604: -------------------------------------------------------------------------------- 1 | FROM ubuntu:16.04 2 | 3 | ARG git_sha 4 | ARG user=jenkins 5 | 6 | RUN apt-get update 7 | RUN apt-get -y install python git curl 8 | RUN curl https://bootstrap.pypa.io/pip/2.7/get-pip.py -o get-pip.py 9 | RUN python2 get-pip.py 10 | 11 | # Prereqs for cryptography module. Ubuntu 16 has cryptography 12 | # 1.2.3 in its repos. v3 won't build with ssl102 13 | RUN apt-get -y install python-dev libffi-dev libssl-dev 14 | RUN apt-get -y install gcc 15 | RUN pip install cryptography==2.9.2 PyYAML==5.3.1 16 | 17 | RUN pip install ansible 18 | 19 | COPY . /ansible 20 | 21 | RUN echo "localhost ansible_connection=local" > /ansible/hosts 22 | 23 | RUN set -eux; \ 24 | cd /ansible; \ 25 | ansible-playbook -i hosts ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml -e "git_sha=$git_sha" --skip-tags="debug,hosts_file,hostname,adoptopenjdk,jenkins,nagios,superuser,docker,swap_file,crontab,nvidia_cuda_toolkit,ntp_time" 26 | 27 | RUN rm -rf /ansible 28 | 29 | RUN groupadd -g 1000 ${user} 30 | RUN useradd -c "Jenkins user" -d /home/${user} -u 1000 -g 1000 -m ${user} 31 | RUN mv /bin/uname /bin/uname.real && echo "/bin/uname.real \$@ | sed 's/aarch64/armv7l/g'" > /bin/uname && chmod 755 /bin/uname 32 | 33 | ENV \ 34 | JDK7_BOOT_DIR="/usr/lib/jvm/jdk8" \ 35 | JDK8_BOOT_DIR="/usr/lib/jvm/jdk8" \ 36 | JDK10_BOOT_DIR="/usr/lib/jvm/jdk10" \ 37 | JDK11_BOOT_DIR="/usr/lib/jvm/jdk11" \ 38 | JDK13_BOOT_DIR="/usr/lib/jvm/jdk13" \ 39 | JDK14_BOOT_DIR="/usr/lib/jvm/jdk14" \ 40 | JDKLATEST_BOOT_DIR="/usr/lib/jvm/jdk14" \ 41 | JAVA_HOME="/usr/lib/jvm/java-1.8.0-openjdk" 42 | -------------------------------------------------------------------------------- /ansible/docker/Dockerfile.Ubuntu2004-riscv64: -------------------------------------------------------------------------------- 1 | FROM riscv64/ubuntu:20.04 2 | 3 | ARG user=jenkins 4 | 5 | ENV DEBIAN_FRONTEND=noninteractive 6 | RUN apt-get update 7 | RUN apt-get -y install git curl ansible gpg 8 | 9 | COPY . /ansible 10 | 11 | RUN echo "localhost ansible_connection=local" > /ansible/hosts 12 | 13 | RUN set -eux; \ 14 | cd /ansible; \ 15 | ansible-playbook -i hosts ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml --skip-tags="debug,hosts_file,hostname,adoptopenjdk,jenkins,nagios,superuser,docker,swap_file,crontab,nvidia_cuda_toolkit,ntp_time" 16 | 17 | RUN rm -rf /ansible 18 | 19 | RUN groupadd -g 1000 ${user} 20 | RUN useradd -c "Jenkins user" -d /home/${user} -u 1000 -g 1000 -m ${user} 21 | 22 | ENV \ 23 | JDK11_BOOT_DIR="/usr/lib/jvm/jdk11" \ 24 | JDK17_BOOT_DIR="/usr/lib/jvm/jdk17" \ 25 | JDK19_BOOT_DIR="/usr/lib/jvm/jdk19" \ 26 | JDK21_BOOT_DIR="/usr/lib/jvm/jdk21" \ 27 | JAVA_HOME="/usr/lib/jvm/jdk11" 28 | -------------------------------------------------------------------------------- /ansible/docker/Dockerfile.Ubuntu2204: -------------------------------------------------------------------------------- 1 | FROM ubuntu 2 | 3 | ARG user=jenkins 4 | 5 | ENV DEBIAN_FRONTEND=noninteractive 6 | RUN apt-get update 7 | RUN apt-get -y install git curl ansible gnupg 8 | 9 | COPY . /ansible 10 | 11 | RUN echo "localhost ansible_connection=local" > /ansible/hosts 12 | 13 | RUN set -eux; \ 14 | cd /ansible; \ 15 | ansible-playbook -i hosts ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml --skip-tags="debug,hosts_file,hostname,adoptopenjdk,jenkins,nagios,superuser,docker,swap_file,crontab,nvidia_cuda_toolkit,ntp_time" 16 | 17 | RUN rm -rf /ansible 18 | 19 | RUN groupadd -g 1000 ${user} 20 | RUN useradd -c "Jenkins user" -d /home/${user} -u 1000 -g 1000 -m ${user} 21 | 22 | ENV \ 23 | JDK7_BOOT_DIR="/usr/lib/jvm/jdk8" \ 24 | JDK8_BOOT_DIR="/usr/lib/jvm/jdk8" \ 25 | JDK10_BOOT_DIR="/usr/lib/jvm/jdk10" \ 26 | JDK11_BOOT_DIR="/usr/lib/jvm/jdk11" \ 27 | JDK13_BOOT_DIR="/usr/lib/jvm/jdk13" \ 28 | JDK14_BOOT_DIR="/usr/lib/jvm/jdk14" \ 29 | JDKLATEST_BOOT_DIR="/usr/lib/jvm/jdk14" \ 30 | JAVA_HOME="/usr/lib/jvm/java-1.8.0-openjdk" 31 | -------------------------------------------------------------------------------- /ansible/packer/README.md: -------------------------------------------------------------------------------- 1 | # Packer Configuration for Virtual Machine Images 2 | 3 | This repository contains two Packer configuration files used for building virtual machine images for MacStadium Orka environments. These configurations are specifically tailored to set up environments with necessary tools like Homebrew, Ansible, and Xcode. 4 | 5 | ## Configuration Files 6 | 7 | 1. Base Image Creation (`orka-base.pkr.hcl`): This file is used to create a base image for sonoma-arm64 VMs. It installs Homebrew, Ansible, and specific versions of Xcode. 8 | 9 | 1. Adoptium Image Creation (`orka.pkr.hcl`): This configuration builds upon the base image to create an Adoptium Sonoma ARM64 and Intel image, with a full Ansible playbook run excluding certain tags. 10 | 11 | ## Prerequisites 12 | 13 | - [Packer](https://www.packer.io/downloads) installed on your system. 14 | - Access to a MacStadium Orka environment (via VPN). 15 | - Required environment variables set (`ORKA_TOKEN`, `XCode11_7_SAS_TOKEN`, `XCode15_0_1_SAS_TOKEN`). 16 | 17 | ## Setup and Usage 18 | 19 | ### Setting Environment Variables 20 | 21 | Set the necessary environment variables: 22 | 23 | ```bash 24 | export ORKA_TOKEN="your-orka-token" 25 | export XCode11_7_SAS_TOKEN="your-xcode11.7-token" 26 | export XCode15_0_1_SAS_TOKEN="your-xcode15.0.1-token" 27 | ``` 28 | 29 | ### Running the Packer Builds 30 | 31 | 1. Building the Base image 32 | 33 | ```bash 34 | packer init . 35 | packer build orka-base.pkr.hcl 36 | ``` 37 | 38 | This will create the base image for sonoma-arm64 and somoma-intel VMs. The base step has a pause which allows users to manually make any required changes and then resume the build. 39 | 40 | 1. Building the Adoptium image 41 | 42 | The Adoptium image depends on the base image. This generates the images that we use in Jenkins and contains the full set of dependencies. 43 | 44 | ```bash 45 | packer init . 46 | packer build orka.pkr.hcl 47 | ``` 48 | -------------------------------------------------------------------------------- /ansible/pbTestScripts/startScriptWin.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import sys 4 | import getopt 5 | import winrm 6 | 7 | def usage(): 8 | print("Usage: %s -i -a " % sys.argv[0]) 9 | print(" Use '-b' to run a build or '-t' to run a test") 10 | sys.exit(1) 11 | 12 | def run_winrm(vmIP, buildArgs, mode): 13 | cmd_str = "Start-Process powershell.exe -Verb runAs; cd C:/tmp; sh C:/vagrant/pbTestScripts/" 14 | print(mode) 15 | if mode == 1: 16 | cmd_str += "buildJDKWin.sh " 17 | else: 18 | cmd_str += "testJDKWin.sh " 19 | cmd_str += buildArgs 20 | print("Running : %s" %cmd_str) 21 | session = winrm.Session(str(vmIP), auth=('vagrant', 'vagrant')) 22 | session.run_ps(cmd_str, sys.stdout, sys.stderr) 23 | 24 | def main(argv): 25 | # mode refers to whether its running a build or a test 26 | mode = 1 27 | print("Running python script") 28 | inputArgs = "" 29 | ipAddress = "" 30 | try: 31 | opts, args = getopt.getopt(argv, "ha:i:bt") 32 | except getopt.GetoptError as error: 33 | print(str(error)) 34 | usage() 35 | 36 | for current_option, current_value in opts: 37 | if current_option == '-a': 38 | inputArgs = current_value 39 | elif current_option == '-i': 40 | ipAddress = current_value 41 | elif current_option == '-h': 42 | usage() 43 | elif current_option == '-b': 44 | mode = 1 45 | elif current_option == '-t': 46 | mode = 2 47 | 48 | print(" This is what is in the 'inputArgs' var: %s " %str(inputArgs)) 49 | print(" This is what is in the 'ipAddress' var: %s " %str(ipAddress)) 50 | run_winrm(str(ipAddress), str(inputArgs), mode) 51 | 52 | if __name__ == "__main__": # Execute only if run as a script 53 | main(sys.argv[1:]) 54 | -------------------------------------------------------------------------------- /ansible/pbTestScripts/testJDKWin.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Relocate Built JDKS 4 | mv /cygdrive/c/tmp/workspace/build/src/build/*/images/jdk* c:/tmp 5 | 6 | # Remove Redundant Images 7 | rm -rf /cygdrive/c/tmp/*-debug-image 8 | rm -rf /cygdrive/c/tmp/*-jre 9 | rm -rf /cygdrive/c/tmp/*-test-image 10 | 11 | #Identify The JDK 12 | 13 | # Set Test JDK HOME To The Relocated JDK 14 | # export TEST_JDK_HOME=C:/cygwin64$(find ~ -maxdepth 1 -type d -name "*jdk*"|grep -v ".*jre"| grep -v ".*-image") 15 | export TEST_JDK_HOME=`ls -d c:/tmp/jdk*|grep -v "static"|grep -v "debug"|grep -v "jre"|grep -v "test-image"|grep -v "jmods"` 16 | echo TEST_JDK_HOME=$TEST_JDK_HOME 17 | 18 | ## Run The Same Tests As Test JDK for Linux 19 | ## Run The Smoke Tests To Ensure The JDK Build OK 20 | 21 | cd /cygdrive/c/tmp 22 | if [ ! -d "testLocation" ]; 23 | then 24 | echo "Creating testLocation directory" 25 | mkdir testLocation 26 | fi 27 | cd testLocation 28 | git clone https://github.com/adoptium/aqa-tests.git 29 | pwd 30 | ls -tr 31 | cd aqa-tests 32 | ./get.sh --vendor_repos https://github.com/adoptium/temurin-build --vendor_branches master --vendor_dirs /test/functional 33 | pwd 34 | ls -ltr 35 | cd TKG || exit 1 36 | 37 | ## Run The Smoke Tests To Ensure The JDK Build OK 38 | export BUILD_LIST=functional/buildAndPackage 39 | make compile 40 | make _extended.functional 41 | 42 | # Run a few subsets of OpenJDK Tests as a shakedown of the built JDK. 43 | export BUILD_LIST=openjdk 44 | make compile 45 | make _hotspot_sanity_0 46 | make _jdk_math_0 47 | 48 | # Run Some Additional Tests To Test The Playbooks Have Run Properly 49 | export BUILD_LIST=functional 50 | make _MBCS_Tests_pref_ja_windows_0 51 | make _MBCS_Tests_formatter_ja_windows_0 52 | -------------------------------------------------------------------------------- /ansible/pbTestScripts/updateBoxes.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | FORCE="" 4 | REMOVE=false 5 | 6 | Usage(){ 7 | echo " 8 | Usage: ./updateBoxes.sh [options] 9 | 10 | Bash script to update vagrant boxes and remove old versions. Running with no parameters will query the system for outdated boxes and update them, but will retain the old boxes. 11 | 12 | Options: 13 | --remove | -r[f] Remove outdated boxes. ('-rf' will make this non-interactive) 14 | --help | -h Show this help message. 15 | " 16 | } 17 | 18 | while [ "$1" != "" ]; do 19 | case $1 in 20 | -r | --remove ) 21 | REMOVE=true 22 | ;; 23 | -rf ) 24 | REMOVE=true 25 | FORCE="--force" 26 | ;; 27 | -h | --help ) 28 | Usage; exit 0 29 | ;; 30 | * ) 31 | echo "Unrecognised option: $1"; Usage; exit 1 32 | ;; 33 | esac 34 | shift 35 | done 36 | 37 | VBList=$(vagrant box outdated --global | awk '/outdated/{print $2}' | sed "s/'//g") 38 | 39 | if [[ -z "$VBList" ]]; then 40 | echo "No boxes require updating." 41 | else 42 | for x in $VBList 43 | do 44 | # Ignore Debian8 for now; See: https://adoptium.slack.com/archives/C53GHCXL4/p1637069847046900 45 | if [[ "$x" != "roboxes/debian8" ]]; then 46 | vagrant box update --box "$x" 47 | fi 48 | done 49 | fi 50 | 51 | if [ $REMOVE = true ]; then 52 | vagrant box prune ${FORCE} 53 | else 54 | echo "Not checking for old versions of boxes." 55 | fi 56 | -------------------------------------------------------------------------------- /ansible/playbooks/.gitignore: -------------------------------------------------------------------------------- 1 | hosts 2 | main.retry 3 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/group_vars/all/main.yml: -------------------------------------------------------------------------------- 1 | ########################## 2 | # adoptopenjdk_variables # 3 | # merge of AdoptOpenJDK_Unix_Playbook/group_vars/all/adoptopenjdk_variables.yml 4 | # with ./adoptopenjdk_variables.yml - written for AIX back when... 5 | # and renamed group_vars/all/main.yml for automatic loading 6 | ########################## 7 | # AIX variables 8 | --- 9 | 10 | # Domain for setting hostname 11 | Domain: adoptopenjdk.net 12 | 13 | # Sudoers file 14 | Sudoers_File: /etc/sudoers 15 | 16 | # Jenkins User Variables: 17 | Jenkins_Username: jenkins 18 | Jenkins_User_SSHKey: /Vendor_Files/keys/id_rsa.pub 19 | 20 | # Superuser Variables: 21 | Superuser_Account: Enabled 22 | # Zeus_Username: zeus 23 | Zeus_User_SSHKey: /Vendor_Files/keys/zeus.key 24 | 25 | # Nagios Variables: 26 | Nagios_Plugins: Enabled 27 | # Nagios_Monitoring: Enabled 28 | # Nagios_Master_IP: 78.47.239.96 29 | 30 | # Security Variables: 31 | Security: Enabled 32 | 33 | # JCK Variables: 34 | jckftp_Username: jckftp 35 | 36 | # Jcktestr User Variables: 37 | Jcktestr_Username: jcktestr 38 | Jcktestr_User_SSHKey: /Vendor_Files/keys/keybox.key 39 | 40 | # Vendor Variables: 41 | Vendor_File: Disabled 42 | Vendor_Playbook: /Vendor_Files/Vendor_Playbook/Vendor.yml 43 | 44 | # Errata 45 | Asian_Locales: Disabled 46 | Slack_Notification: Disabled 47 | 48 | ant_version: 1.10.15 49 | ant_checksum: sha512:1de7facbc9874fa4e5a2f045d5c659f64e0b89318c1dbc8acc6aae4595c4ffaf90a7b1ffb57f958dd08d6e086d3fff07aa90e50c77342a0aa5c9b4c36bff03a9 50 | 51 | key: 52 | apache_ant: 0A123C1ED3F13A6A0140E166C71FB765CD9DE313 # Jaikiran Pai 53 | adoptium: 3B04D753C9050D9A5D343F39843C48A565F8F04B # Adoptium GPG Key (DEB/RPM Signing Key) 54 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/aixfs/tasks/main.yml: -------------------------------------------------------------------------------- 1 | ################################ 2 | # AIX filesystem configuration # 3 | ################################ 4 | # /usr is not included - as it gets increased as needed during bootjdk 5 | --- 6 | - name: Set AIX Filesystems to default values 7 | command: 8 | cmd: /usr/sbin/chfs -a size={{ item.size }}G {{ item.mount }} 9 | register: chfs 10 | changed_when: "'The filesystem size is already' not in chfs.stdout" 11 | loop: 12 | - mount: / 13 | size: 3 14 | - mount: /var 15 | size: 4 16 | - mount: /tmp 17 | size: 5 18 | - mount: /admin 19 | size: 1 20 | - mount: /opt 21 | size: 3 22 | - mount: /home 23 | size: 32 24 | - mount: /var/adm/ras/livedump 25 | size: 1 26 | tags: aixfs 27 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/ant/tasks/main.yml: -------------------------------------------------------------------------------- 1 | ############### 2 | # ant # 3 | ############### 4 | # Needs yum tag - so when yum is skipped, unarchive does not fail 5 | --- 6 | - name: Ant package processing 7 | tags: 8 | - ant 9 | - yum 10 | block: 11 | - name: Checking for Ant availability 12 | stat: 13 | path: /usr/bin/ant 14 | register: ant 15 | 16 | - name: "Ant installed, skipping download and installation" 17 | debug: 18 | msg: "Ant installed, skipping download and installation" 19 | when: ant.stat.islnk is defined 20 | 21 | - name: Download Apache Ant 22 | get_url: 23 | url: https://archive.apache.org/dist/ant/binaries/apache-ant-{{ ant_version }}-bin.zip 24 | dest: /tmp/apache-ant-{{ ant_version }}-bin.zip 25 | mode: 0440 26 | timeout: 25 27 | when: ant.stat.islnk is not defined 28 | 29 | - name: GPG Signature verification 30 | script: ../Supporting_Scripts/package_signature_verification.sh -f /tmp/apache-ant-{{ ant_version }}-bin.zip -sl "https://archive.apache.org/dist/ant/binaries/apache-ant-{{ ant_version }}-bin.zip.asc" -k {{ key.apache_ant }} 31 | when: ant.stat.islnk is not defined 32 | 33 | - name: Unarchive Ant 34 | unarchive: 35 | src: /tmp/apache-ant-{{ ant_version }}-bin.zip 36 | dest: /opt 37 | copy: False 38 | when: ant.stat.islnk is not defined 39 | 40 | - name: Create symlink for ant 41 | file: src=/opt/apache-ant-{{ ant_version }}/bin/ant dest=/usr/bin/ant state=link 42 | when: ant.stat.islnk is not defined 43 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/ant_contrib/tasks/main.yml: -------------------------------------------------------------------------------- 1 | ############### 2 | # ant-contrib # 3 | ############### 4 | # Like - ant - needs assurance that unarchive will work 5 | # so, also tagged as yum 6 | --- 7 | - name: Process ant-contrib 8 | tags: 9 | - ant-contrib 10 | - yum 11 | block: 12 | - name: Checking for ant-contrib availability 13 | stat: 14 | path: /opt/apache-ant-{{ ant_version }}/lib/ant-contrib.jar 15 | register: antcontrib 16 | 17 | - name: "Debug ant-contrib.jar installed, skipping download" 18 | debug: 19 | msg: "ant-contrib.jar installed, skipping download" 20 | when: not antcontrib.stat.exists 21 | 22 | - name: Download and extract ant-contrib 23 | unarchive: 24 | src: https://sourceforge.net/projects/ant-contrib/files/ant-contrib/ant-contrib-1.0b2/ant-contrib-1.0b2-bin.tar.gz 25 | dest: /tmp/ 26 | remote_src: true 27 | when: not antcontrib.stat.exists 28 | 29 | - name: Move ant-contrib.jar to lib folder 30 | command: mv /tmp/ant-contrib/lib/ant-contrib.jar /opt/apache-ant-{{ ant_version }}/lib/ 31 | when: not antcontrib.stat.exists 32 | 33 | - name: Clean ant-contrib tmp files 34 | file: 35 | path: "{{ item }}" 36 | state: absent 37 | with_items: 38 | - /tmp/ant-contrib 39 | - /tmp/ant-contrib-1.0b2-bin.tar.gz 40 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/bash_login/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ###################################### 3 | # Add bash to available login shells # 4 | ###################################### 5 | - name: Add bash to available login shells 6 | replace: 7 | path: /etc/security/login.cfg 8 | regexp: 'shells = ' 9 | replace: 'shells = /bin/bash,' 10 | tags: 11 | - login_shell 12 | - adoptopenjdk 13 | 14 | - name: Add bash to available login shells 15 | blockinfile: 16 | dest: /etc/shells 17 | block: | 18 | /bin/bash 19 | tags: 20 | - login_shell 21 | - adoptopenjdk 22 | 23 | # move to role later 24 | - name: Set variables for global environment 25 | blockinfile: 26 | dest: /etc/environment 27 | block: | 28 | AIXTHREAD_HRT=true 29 | PKG_CONFIG_PATH=/opt/freeware/lib64/pkgconfig:/opt/freeware/lib/pkgconfig 30 | PERL5LIB=/opt/freemarker/lib/perl5 31 | tags: 32 | - login_shell 33 | - adoptopenjdk 34 | 35 | - name: Add freeware and xlc to PATH for global environment 36 | replace: 37 | path: /etc/environment 38 | regexp: 'PATH=/usr/bin' 39 | replace: 'PATH=/usr/bin:/opt/IBM/xlC/13.1.3/bin:/opt/freeware/bin:' 40 | tags: 41 | - login_shell 42 | - adoptopenjdk 43 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/bootjdk/tasks/bootjdk7.yml: -------------------------------------------------------------------------------- 1 | ############## 2 | # Boot JDK 7 # 3 | ############## 4 | --- 5 | - name: Check Java7 installation 6 | stat: 7 | path: /usr/j2sdk-image 8 | register: java7 9 | 10 | - name: Transfer and Extract Java7 11 | unarchive: 12 | src: /Vendor_Files/aix/openjdk-7u-aix.tar 13 | dest: /usr 14 | remote_src: false 15 | when: java7.stat.isdir is not defined 16 | register: vf 17 | failed_when: "vf.failed 18 | and 'Could not find or access' not in vf.msg" 19 | 20 | - name: Mention access requirements 21 | debug: 22 | msg: 23 | - Need access to /Vendor_Files/aix/openjdk-7u-aix.tar for java7 24 | - "{{ vf.msg.split('\n') }}" 25 | verbosity: 0 26 | when: vf.changed == false and vf.skipped is not defined 27 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/bootjdk/tasks/chfs.yml: -------------------------------------------------------------------------------- 1 | # Tasks to check and enlarge /usr before performing a download 2 | --- 3 | - name: Verify 512M free in /usr 4 | shell: | 5 | free=$(/usr/bin/df -m /usr | tail -1 | awk ' { print $3 } ' | awk -F. ' { print $1 } ') 6 | if [[ $free -lt 512 ]]; then 7 | chfs -a size=+512M /usr 8 | fi 9 | register: chfs 10 | changed_when: "'Filesystem size changed ' in chfs.stdout" 11 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/bootjdk/tasks/main.yml: -------------------------------------------------------------------------------- 1 | ########### 2 | # BootJDK # 3 | ########### 4 | --- 5 | - name: Verify space in /usr 6 | include_tasks: chfs.yml 7 | - name: Install protected OpenJDK versions 8 | include_tasks: bootjdk7.yml 9 | 10 | - name: Install Additional OpenJDK versions 11 | include_tasks: openjdk.yml 12 | loop: "{{ jdk_versions }}" 13 | loop_control: 14 | loop_var: jdk 15 | vars: 16 | jdk_versions: 17 | - '8' 18 | - '10' 19 | - '11' 20 | - '16' 21 | - '17' 22 | - '21' 23 | 24 | - name: Set /usr/java8_64 as default 25 | file: 26 | src: /usr/java8_64/jre/bin/java 27 | dest: /usr/bin/java 28 | state: link 29 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/crontab/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ########### 3 | # crontab # 4 | ########### 5 | 6 | - name: Add cron job to remove stale files from /tmp (owned by jenkins) 7 | cron: name="Remove stale files from /tmp (jenkins)" weekday="*" minute="10" hour="0" user=root state=present 8 | job="/usr/bin/find /tmp -user jenkins ! -type d -mtime +4 | xargs rm -f" 9 | tags: crontab 10 | 11 | - name: Add cron job to remove stale directories from /tmp (owned by jenkins) 12 | cron: name="Remove stale directories from /tmp (jenkins)" weekday="*" minute="10" hour="2" user=root state=present 13 | job="/usr/bin/find /tmp -user jenkins -type d -mtime +4 | sort -r | xargs rmdir" 14 | tags: crontab 15 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/debug/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################### 3 | # Debug Information # 4 | ##################### 5 | - name: Display Debug Information (-v) 6 | debug: 7 | verbosity: 1 8 | msg: 9 | - "inventory_hostname: {{ inventory_hostname | default('***Undefined***') }} " 10 | - "ansible_hostname: {{ ansible_hostname | default('***Undefined***') }}" 11 | - "ansible_fqdn: {{ ansible_fqdn | default('***Undefined***') }}" 12 | - "ansible_user: {{ ansible_user | default('***Undefined***') }}" 13 | - "ansible_default_ipv4.address: {{ ansible_default_ipv4.address | default('***Undefined***') }}" 14 | - "ansible_host: {{ ansible_host | default('***Undefined***') }}" 15 | - "ansible_os_family: {{ ansible_os_family | default('***Undefined***') }} " 16 | - "ansible_distribution: {{ ansible_distribution | default('***Undefined***') }} " 17 | - "ansible_distribution_major_version: {{ ansible_distribution_major_version | default('***Undefined***') }} " 18 | - "ansible_architecture: {{ ansible_architecture | default('***Undefined***') }} " 19 | - "ansible_processor_vcpus: {{ ansible_processor_vcpus | default('***Undefined***') }} " 20 | - "ansible_processor_cores: {{ ansible_processor_cores | default('***Undefined***') }} " 21 | - "ansible_version.full: {{ ansible_version.full | default('***Undefined***') }} " 22 | - "Domain: {{ Domain | default('***Undefined***') }} " 23 | - "Jenkins_Username: {{ Jenkins_Username | default('***Undefined***') }} " 24 | - "Superuser_Account: {{ Superuser_Account | default('***Undefined***') }}" 25 | - "Vendor_File: {{ Vendor_File | default('***Undefined***') }}" 26 | - "Nagios_Plugins: {{ Nagios_Plugins | default('***Undefined***') }} " 27 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/disable_sendmail/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #################### 3 | # Disable sendmail # 4 | #################### 5 | - name: Check if sendmail is installed 6 | stat: 7 | path: /usr/sbin/sendmail 8 | register: sendmail_installed 9 | tags: sendmail 10 | 11 | - name: Stop and disable sendmail 12 | when: sendmail_installed.stat.exists 13 | tags: sendmail 14 | block: 15 | 16 | - name: Ensure sendmail is stopped 17 | service: name=sendmail state=stopped 18 | 19 | - name: Ensure sendmail is disabled 20 | replace: 21 | dest: /etc/rc.tcpip 22 | regexp: '^ *(start /usr/lib/sendmail (.+)\n)' 23 | replace: '#\1' 24 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/enable_swap/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################### 3 | # Enable swap space # 4 | ##################### 5 | - name: Verify paging space is at reasonable value 6 | vars: 7 | swap_lv: hd6 8 | target_ps: 2048 9 | shell: | 10 | pp_size=$(lsvg rootvg | grep "PP SIZE" | awk ' { print $6 } ') 11 | current_ps=$(lsps -s | tail -1 | awk -FM ' { print $1 } ') 12 | if [[ $current_ps -lt {{ target_ps }} ]] 13 | then 14 | # echo "Extending swap space {{ swap_lv }}" 15 | chps -s $(expr \( {{ target_ps }} - $current_ps \) / $pp_size) {{ swap_lv }} 16 | elif [[ $current_ps -gt {{ target_ps }} ]] 17 | then 18 | # echo "Shrinking swap space {{ swap_lv }}" 19 | chps -d $(expr \( $current_ps - {{ target_ps }} \) / $pp_size) {{ swap_lv }} 20 | fi 21 | register: chps 22 | changed_when: chps.stdout != "" 23 | tags: 24 | - swap 25 | - skip_ansible_lint 26 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/logs/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Updates $HOME/ansible.log with the date and time of latest ansible playbook run 3 | 4 | - name: Set Log path 5 | set_fact: 6 | log_path: /var/log 7 | 8 | - name: Get Date and Time 9 | shell: date +%Y-%m-%d\ %H:%M:%S 10 | register: date_output 11 | 12 | - name: Get Latest git commit SHA 13 | shell: git rev-parse HEAD 14 | register: git_output 15 | delegate_to: localhost 16 | ignore_errors: yes 17 | when: git_sha is not defined 18 | 19 | - name: Set git_output to git_sha 20 | set_fact: 21 | git_sha: "{{ git_output.stdout }}" 22 | when: git_sha is not defined 23 | 24 | - name: Update Log File 25 | lineinfile: 26 | create: yes 27 | path: "{{ log_path }}/ansible.log" 28 | insertafter: EOF 29 | line: "{{ position }} {{ date_output.stdout }} {{ git_sha }}" 30 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/ntp_time_server/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ################### 3 | # NTP Time Server # 4 | ################### 5 | - name: Ensure NTP daemon is enabled 6 | replace: 7 | dest: /etc/rc.tcpip 8 | regexp: '^ *# *(start /usr/sbin/xntpd (.+)\n)' 9 | replace: '\1' 10 | tags: ntp 11 | 12 | - name: Ensure NTP daemon is configured 13 | copy: 14 | content: | 15 | server 1.pool.ntp.org 16 | server 2.pool.ntp.org 17 | server 3.pool.ntp.org 18 | driftfile /etc/ntp.drift 19 | tracefile /etc/ntp.trace 20 | dest: /etc/ntp.conf 21 | owner: root 22 | group: system 23 | mode: 0664 24 | tags: ntp 25 | 26 | - name: Stop NTP daemon 27 | service: name=xntpd state=stopped 28 | changed_when: false 29 | tags: ntp 30 | 31 | - name: Start NTP daemon 32 | service: name=xntpd state=started 33 | changed_when: false 34 | tags: ntp 35 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/openssl3/tasks/main.yml: -------------------------------------------------------------------------------- 1 | ################################################################################# 2 | # Install OpenSSL 3.0.10.1000 # 3 | # An OpenSSL version greater than 1.1.x is needed for DNF # 4 | # See https://github.com/adoptium/infrastructure/issues/3274 # 5 | # OpenSSL 3.0.10.1000 is downloaded from this link: # 6 | # https://www.ibm.com/resources/mrs/assets/DownloadList?source=aixbp&lang=en_US # 7 | ################################################################################# 8 | --- 9 | - name: Check if openssl is installed 10 | stat: 11 | path: /usr/bin/openssl 12 | register: openssl_installed 13 | 14 | - name: Get version of installed openssl (if installed else skip) 15 | shell: /usr/bin/openssl version | awk '{print$2}' | awk -F. '{print$1}' 16 | register: openssl_version 17 | when: openssl_installed.stat.exists 18 | 19 | - name: Install openssl if not installed or version is less than 3 20 | when: (not openssl_installed.stat.exists) or ((openssl_version.stdout | int) < 3) 21 | block: 22 | - name: Transfer openssl binary 23 | unarchive: 24 | src: /Vendor_Files/aix/openssl-3.0.10.1000.tar.Z 25 | dest: /tmp/ 26 | remote_src: false 27 | 28 | - name: Install openssl files 29 | shell: PATH=/usr/bin/:$PATH && cd /tmp/openssl-3.0.10.1000 && installp -qaXFY -d . openssl.base openssl.license openssl.man.en_US 30 | 31 | - name: Update AIX-rpm package 32 | shell: PATH=/usr/bin/:$PATH && /usr/sbin/updtvpkg 33 | 34 | - name: Remove openssl directory and binary 35 | file: 36 | path: "{{ item }}" 37 | state: absent 38 | with_items: 39 | - /tmp/openssl-3.0.10.1000.tar.Z 40 | - /tmp/openssl-3.0.10.1000.tar 41 | - /tmp/openssl-3.0.10.1000 42 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/rbac/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default rbac_cmds - positioned here to ease command-line precedence 2 | # adding -e rbac_cmds="['path1', ..., 'pathn']" will override 3 | --- 4 | rbac_cmds: 5 | - /usr/bin/ksh 6 | - /opt/freeware/bin/bash_32 7 | - /opt/freeware/bin/bash_64 8 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/rbac/tasks/setsecattr.yml: -------------------------------------------------------------------------------- 1 | ######################################################################## 2 | # This task is included to permit processing a list of commands # 3 | # See: https://github.com/adoptium/infrastructure/issues/1918 # 4 | # and https://github.com/adoptium/infrastructure/issues/1803 # 5 | ######################################################################## 6 | --- 7 | - name: "Tagged Block for setting security attributes on {{ rbac_cmd }}" 8 | tags: rbac 9 | block: 10 | - name: "Verify file {{ rbac_cmd }} exists" 11 | stat: 12 | path: "{{ rbac_cmd }}" 13 | register: _exists 14 | 15 | - name: "Add authorization to command {{ rbac_cmd }}" 16 | when: _exists.stat.exists and _exists.stat.isreg 17 | block: 18 | - name: "Add authorization to command {{ rbac_cmd }}" 19 | shell: 20 | setsecattr -c accessauths=ojdk.rtclk,ojdk.proccore 21 | innateprivs=PV_PROC_RTCLK,PV_PROC_CORE 22 | inheritprivs=PV_PROC_RTCLK,PV_PROC_CORE 23 | secflags=FSF_EPS 24 | "{{ rbac_cmd }}" 25 | 26 | - name: Update Security Tables 27 | shell: setkst 28 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/security/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Restart sshd 4 | service: 5 | name: ssh 6 | state: restarted 7 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/security/tasks/main.yml: -------------------------------------------------------------------------------- 1 | ######################################################################### 2 | # Playbook to setup basic AIX hardening 3 | # - Deactivate inetd - to stop all services such as telnet, ftp, rexecd 4 | # - remove cas_agent, if installed. Not needed in modern systems 5 | ######################################################################### 6 | --- 7 | - name: Remove obsolete agent (for Director, FSM based system management) 8 | tags: aixsec 9 | block: 10 | - name: Disable inetd on boot 11 | shell: /usr/sbin/chrctcp -S -d inetd 12 | register: chrctcp 13 | changed_when: '"requested to stop" in chrctcp.stdout' 14 | 15 | - name: Look for obsolete agent (for Director, FSM based system management) 16 | shell: 17 | lslpp -L cas.agent 18 | changed_when: false 19 | register: _lslpp 20 | failed_when: "_lslpp.rc != 0 21 | and 'cas.agent not installed' not in _lslpp.stderr" 22 | 23 | - name: Remove obsolete agent (for Director, FSM based system management) 24 | shell: 25 | installp -ug cas.agent 26 | register: _installp 27 | changed_when: _installp.rc == 0 28 | when: _lslpp.rc == 0 29 | 30 | - name: Enable X11Forwarding 31 | notify: 32 | - Restart sshd 33 | block: 34 | - name: Make sure X11Forwarding is in sshd_config 35 | lineinfile: 36 | path: /etc/ssh/sshd_config 37 | regexp: '^#?X11Forwarding' 38 | line: 'X11Forwarding yes' 39 | 40 | - name: Make sure X11DisplayOffset is in sshd_config 41 | lineinfile: 42 | path: /etc/ssh/sshd_config 43 | regexp: '^#?X11DisplayOffset' 44 | line: 'X11DisplayOffset 10' 45 | 46 | - name: Make sure X11UseLocalhost is in sshd_config 47 | lineinfile: 48 | path: /etc/ssh/sshd_config 49 | regexp: '^#X11UseLocalhost' 50 | line: 'X11UseLocalhost yes' 51 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/sys0/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ############################ 3 | # Enable full core support # 4 | ############################ 5 | - name: Ensure full AIX core files are enabled 6 | command: chdev -l sys0 -a fullcore=true 7 | changed_when: false 8 | tags: sys0 9 | 10 | - name: Ensure maxuproc is 512 11 | command: chdev -l sys0 -a maxuproc=512 12 | changed_when: false 13 | tags: sys0 14 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/syslog/tasks/main.yml: -------------------------------------------------------------------------------- 1 | ######################### 2 | # Configure system logs # 3 | ######################### 4 | --- 5 | - name: Ensure /etc/syslog.conf entries are present 6 | blockinfile: 7 | backup: true 8 | dest: /etc/syslog.conf 9 | block: | 10 | *.debug;*.emerg;*.alert;*.crit;*.warning /var/log/messages rotate size 1000k files 4 11 | syslog.debug /var/log/syslog rotate size 1000k files 4 12 | *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages rotate size 1000k files 4 13 | tags: syslog 14 | 15 | - name: Ensure log files exist 16 | file: 17 | path: "{{ item }}" 18 | state: touch 19 | mode: 0644 20 | with_items: 21 | - /var/log/syslog 22 | - /var/adm/messages 23 | - /var/log/messages 24 | changed_when: false 25 | tags: syslog 26 | 27 | - name: Reload syslogd 28 | service: name=syslogd state=reloaded 29 | changed_when: false 30 | tags: syslog 31 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/users/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default users - positioned here to ease command-line precedence 2 | # adding -e users="['user1', ..., 'usern']" will override 3 | # ALSO: add: --skip_tags users_custom unless you also add an (empty) task file named 4 | # roles/users/tasks/{{user_name}}.yml 5 | --- 6 | users: 7 | - "{{ Jenkins_Username | default('jenkins') }}" 8 | 9 | # prefer to keep this users outside of a generic role (for now) 10 | skipusers: 11 | - zeus 12 | - nagios 13 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/users/files/nagios.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/adoptium/infrastructure/4476887600dca29b7873d435ed04d8e9c3473380/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/users/files/nagios.tar.gz -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/users/tasks/create_user.yml: -------------------------------------------------------------------------------- 1 | # Task to create accounts 2 | --- 3 | - name: "Create {{ username }} account" 4 | user: 5 | name: "{{ username }}" 6 | shell: /usr/bin/ksh 7 | group: staff 8 | groups: staff 9 | append: true 10 | generate_ssh_key: true 11 | ssh_key_bits: 4096 12 | ssh_key_file: .ssh/id_rsa 13 | home: "/home/{{ username }}" 14 | # create_home: true 15 | state: present 16 | comment: "Adoptium Build Farm account" 17 | register: newuser 18 | 19 | # May update/change this to copy a template profile 20 | - name: Remove .profile 21 | file: 22 | path: /home/{{ username }}/.profile 23 | state: absent 24 | when: newuser is defined and newuser.changed 25 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/users/tasks/jenkins.yml: -------------------------------------------------------------------------------- 1 | ################ 2 | # Jenkins user # 3 | ################ 4 | --- 5 | - name: Check localhost for authorized key for jenkins user 6 | delegate_to: localhost 7 | become: false 8 | stat: 9 | path: "{{ Jenkins_User_SSHKey }}" 10 | register: pubkey 11 | 12 | - name: Set authorized key for jenkins user 13 | authorized_key: 14 | user: "{{ username }}" 15 | state: present 16 | key: "{{ lookup('file', '{{ Jenkins_User_SSHKey }}') }}" 17 | when: pubkey is defined and pubkey.stat.exists 18 | register: jenkins_pubkey 19 | tags: jenkins_user 20 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/users/tasks/limits.yml: -------------------------------------------------------------------------------- 1 | # Put this in a playbook to be included to simplify nested loops 2 | # {{ username }} comes from the calling playbook 3 | --- 4 | - name: "Set/reset {{ username }} limits" 5 | command: 6 | cmd: /usr/bin/chuser 7 | "{{ limits.attr }}={{ limits.value | default('-1') }}" 8 | "{{ username }}" 9 | loop: 10 | "{{ user_limits }}" 11 | loop_control: 12 | loop_var: limits 13 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/users/tasks/nagios.yml: -------------------------------------------------------------------------------- 1 | #################################################################### 2 | # AdoptOpenJDK - Ansible Playbook to install Nagios plugins on AIX # 3 | #################################################################### 4 | --- 5 | - name: Check for Nagios at /opt/nagios/libexec 6 | stat: 7 | path: /opt/nagios/libexec 8 | register: nagios_lib 9 | 10 | - name: Install nagios libexec 11 | when: nagios_lib.stat.exists == False 12 | block: 13 | - name: Transfer over Nagios Image 14 | copy: 15 | src: nagios.tar.gz 16 | dest: /tmp 17 | - name: Install Nagios Image 18 | unarchive: 19 | src: /tmp/nagios.tar.gz 20 | dest: /opt 21 | mode: 0755 22 | remote_src: true 23 | 24 | - name: Cleanup Install files 25 | file: 26 | path: /tmp/nagios.tar.gz 27 | state: absent 28 | 29 | # This symbolic link is needed to support current scripts 30 | # AIX: don't ask me why/when - discourages use of /usr/local 31 | - name: Create symbolic link /usr/local/nagios - ensure /usr/local exists 32 | file: 33 | path: /usr/local 34 | state: directory 35 | mode: '0755' 36 | - name: Create symbolic link /usr/local/nagios to /opt/nagios 37 | file: 38 | src: /opt/nagios 39 | dest: /usr/local/nagios 40 | state: link 41 | 42 | - name: Add {{ username }} key 43 | authorized_key: 44 | user: nagios 45 | state: present 46 | key: "{{ lookup('file', '{{ Nagios_User_SSHKey }}') }}" 47 | failed_when: false 48 | when: Nagios_User_SSHKey is defined 49 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/users/tasks/user_attributes.yml: -------------------------------------------------------------------------------- 1 | # Put this in a playbook to be included to simplify nested loops 2 | # {{ username }} comes from the calling playbook 3 | --- 4 | - name: "Set/reset {{ username }} account attributes" 5 | command: 6 | cmd: /usr/bin/chuser 7 | "{{ limits.attr }}={{ limits.value | default('-1') }}" 8 | "{{ username }}" 9 | loop: 10 | "{{ user_attrs }}" 11 | loop_control: 12 | loop_var: limits 13 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/users/tasks/zeus.yml: -------------------------------------------------------------------------------- 1 | ##################### 2 | # superuser account # 3 | ##################### 4 | --- 5 | - name: Check for sudo installation 6 | stat: 7 | path: /etc/sudoers 8 | register: sudoers 9 | 10 | - name: "Check for {{ username }} authorization keyfile" 11 | delegate_to: localhost 12 | become: false 13 | stat: 14 | path: "{{ Zeus_User_SSHKey }}" 15 | register: pubkey 16 | when: sudoers.stat.exists and sudoers.stat.isreg and Superuser_Account == "Enabled" 17 | 18 | - name: "Customize {{ username }}" 19 | when: pubkey is defined and pubkey.stat.exists 20 | block: 21 | - name: Add key 22 | authorized_key: 23 | user: zeus 24 | state: present 25 | key: "{{ lookup('file', '{{ Zeus_User_SSHKey }}') }}" 26 | register: zeus_pubkey 27 | 28 | - name: Grant zeus sudo powers 29 | lineinfile: 30 | dest: /etc/sudoers 31 | state: present 32 | regexp: '^zeus' 33 | line: 'zeus ALL=(ALL) NOPASSWD: ALL' 34 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/users/vars/main.yml: -------------------------------------------------------------------------------- 1 | # USER Role variables 2 | # More precendence that roles/{{rolename}}/defaults/main.yml 3 | --- 4 | user_attrs: 5 | - attr: fsize 6 | - attr: core 7 | - attr: cpu 8 | - attr: data 9 | value: 524288 10 | - attr: rss 11 | value: 524288 12 | - attr: stack 13 | value: 16777216 14 | - attr: nofiles 15 | - attr: capabilities 16 | value: CAP_NUMA_ATTACH,CAP_BYPASS_RAC_VMM,CAP_PROPAGATE 17 | 18 | # SKIP these attributes until the AIX RBAC role is actually used. 19 | # See: https://github.com/adoptium/infrastructure/issues/1803 20 | # and https://github.com/adoptium/infrastructure/issues/1918 21 | _skip_attrs: 22 | - attr: roles 23 | value: rtclk 24 | - attr: default_roles 25 | value: rtclk 26 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/xlc_v13/tasks/main.yml: -------------------------------------------------------------------------------- 1 | ################### 2 | # IBM XL C 13.1.3 # 3 | ################### 4 | --- 5 | - name: Checking for XLC13 availability 6 | stat: 7 | path: /usr/lpp/xlCcmp.13.1.3 8 | register: xlc13 9 | tags: xlc13 10 | 11 | - name: Unpack and install Vendor Files 12 | when: xlc13.stat.isdir is undefined 13 | tags: [xlc13, vendor_files] 14 | block: 15 | - name: Transfer and Extract XLC13 16 | unarchive: 17 | src: /Vendor_Files/aix/XLC/IBM_XL_C_C___FOR_AIX_V13.1.3_EMG.tar.gz 18 | dest: /tmp 19 | remote_src: false 20 | register: _vendor_copied 21 | 22 | - name: Install IBM XLC13 - installp 23 | command: installp -aXYg -e /tmp/usr/install.log -d /tmp/usr/sys/inst.images all 24 | register: _installp 25 | failed_when: false 26 | when: _vendor_copied.failed != true 27 | 28 | - name: Remind that installp error messages may be ignored 29 | debug: 30 | msg='Errors from the previous installp command normal' 31 | when: _installp.skipped is not defined 32 | 33 | - name: Clean XLC13 tmp files 34 | file: 35 | path: /tmp/usr 36 | state: absent 37 | 38 | - name: TestIBM XLC13 39 | command: /opt/IBM/xlC/13.1.3/bin/xlc -qversion 40 | register: xlc13_qversion 41 | failed_when: false 42 | changed_when: false 43 | tags: xlc13 44 | 45 | - name: Display XLC13 qversion information 46 | debug: 47 | msg: "{{ xlc13_qversion.stdout }}" 48 | when: xlc13_qversion.failed == false 49 | changed_when: false 50 | tags: xlc13 51 | 52 | - name: Inform about XLC13 not found 53 | debug: 54 | msg: "{{ xlc13_qversion.cmd }} returns: {{ xlc13_qversion.msg }}" 55 | when: xlc13_qversion.failed == true 56 | tags: xlc13 57 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/xlc_v16/tasks/main.yml: -------------------------------------------------------------------------------- 1 | ################### 2 | # IBM XL C 16.1.0 # 3 | ################### 4 | --- 5 | - name: Checking for xlC16 installed as 'licensed' LPP 6 | stat: 7 | path: /usr/lpp/xlCcmp.16.1.0.license 8 | register: xlc16 9 | tags: xlc16 10 | 11 | - name: Vendor File processing 12 | when: xlc16.stat.isdir is undefined 13 | tags: [xlc16, vendor_files] 14 | block: 15 | - name: Transfer and Extract XLC16 16 | unarchive: 17 | src: /Vendor_Files/aix/XLC/XL_C_Cpp_FOR_AIX_V16.1_EMG.tar.Z 18 | dest: /tmp 19 | remote_src: false 20 | register: _vendor_copied 21 | 22 | - name: Install IBM XLC16 - installp 23 | command: installp -aXYg -e /tmp/xlc16_install.log -d /tmp/usr/sys/inst.images all 24 | register: _installp 25 | failed_when: false 26 | when: _vendor_copied.failed is defined and _vendor_copied.failed == false 27 | 28 | - name: 'Errors from the previous installp command can be ignored' 29 | debug: msg='Errors from the previous installp command can be ignored' 30 | when: xlc16.stat.islnk is not defined 31 | tags: xlc16 32 | 33 | - name: Clean XLC16 tmp files 34 | file: 35 | path: /tmp/usr 36 | state: absent 37 | 38 | - name: Query xlC version 39 | command: /opt/IBM/xlC/16.1.0/bin/xlc -qversion 40 | register: xlc16_qversion 41 | failed_when: false 42 | changed_when: false 43 | tags: xlc16 44 | 45 | - name: Display XLC16 qversion information 46 | debug: 47 | msg: "{{ xlc16_qversion.stdout }}" 48 | when: xlc16_qversion.failed == false 49 | tags: xlc16 50 | 51 | - name: Display error message 52 | debug: 53 | msg: "{{ xlc16_qversion.cmd }} returns {{ xlc16_qversion.msg }}" 54 | when: xlc16_qversion.failed == true 55 | tags: xlc16 56 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/dockerhost.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ################################### 3 | # AdoptOpenJDK - Ansible Playbook # 4 | ################################### 5 | # Groups can be passed in as a command-line variable in Ansible playbook. 6 | # It can be defined as 'all' or a specific group which the host belongs to. 7 | # For example, it can be 'all' or 'x86' for when a host is in the group 'x86'. 8 | #- hosts: "{{ Groups | default('localhost:docker:!*zos*:!*win*:!*aix*') }}" 9 | - name: Ansible dockerhost playbook 10 | hosts: all 11 | gather_facts: yes 12 | tasks: 13 | - name: Load Variables 14 | block: 15 | # Set standard variables 16 | - name: Load AdoptOpenJDKs variable file 17 | include_vars: group_vars/all/adoptopenjdk_variables.yml 18 | 19 | ######### 20 | # Roles # 21 | ######### 22 | roles: 23 | - Debug 24 | - Version 25 | - adopt_etc 26 | - Providers # AdoptOpenJDK Infrastructure 27 | - Get_Vendor_Files 28 | - Jenkins_User # AdoptOpenJDK Infrastructure 29 | - Superuser # AdoptOpenJDK Infrastructure 30 | - role: Swap_File 31 | - role: Crontab 32 | - role: adoptopenjdk_install 33 | jdk_version: 21 34 | - role: Nagios_Plugins # AdoptOpenJDK Infrastructure 35 | tags: [nagios_plugins, adoptopenjdk] 36 | - Security 37 | - Vendor 38 | - IPv6 39 | - Docker 40 | - DockerStatic 41 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/dockernode.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ############################### 3 | # Adoptium - Ansible Playbook # 4 | ############################### 5 | # This playbook is used to deploy static docker containers onto dockerhost machines 6 | # https://github.com/adoptium/infrastructure/issues/3370 7 | 8 | - name: Dockernode playbook 9 | hosts: all 10 | gather_facts: yes 11 | 12 | roles: 13 | - role: Debug 14 | tags: debug 15 | - role: Get_Vendor_Files 16 | tags: deploy 17 | - role: deploy_container 18 | tags: deploy 19 | - role: remove_container 20 | tags: remove 21 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/group_vars/all/adoptopenjdk_variables.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ########################## 3 | # adoptopenjdk_variables # 4 | ########################## 5 | 6 | # Domain for setting hostname 7 | Domain: adoptopenjdk.net 8 | 9 | # Sudoers file 10 | Sudoers_File: /etc/sudoers 11 | 12 | # Jenkins User Variables: 13 | Jenkins_Username: jenkins 14 | 15 | # Superuser Variables: 16 | Superuser_Account: Enabled 17 | 18 | # Nagios Variables: 19 | Nagios_Plugins: Enabled 20 | Nagios_Monitoring: Enabled 21 | Nagios_Master_IP: 78.47.239.96 22 | 23 | # Security Variables: 24 | Security: Enabled 25 | 26 | # JCK Variables: 27 | jckftp_Username: jckftp 28 | 29 | # Vendor Variables: 30 | Vendor_File: Disabled 31 | Vendor_Playbook: /Vendor_Files/Vendor_Playbook/Vendor.yml 32 | 33 | # Default BootJDK installed 34 | bootjdk: hotspot 35 | 36 | # Version of Ant used 37 | ant_version: 1.10.15 38 | ant_checksum: sha512:1de7facbc9874fa4e5a2f045d5c659f64e0b89318c1dbc8acc6aae4595c4ffaf90a7b1ffb57f958dd08d6e086d3fff07aa90e50c77342a0aa5c9b4c36bff03a9 39 | 40 | # GPG Public Keys 41 | key: 42 | curl: 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 # Daniel Stenberg 43 | apache_ant: 0A123C1ED3F13A6A0140E166C71FB765CD9DE313 # Jaikiran Pai 44 | apache_maven: B02137D875D833D9B23392ECAE5A7FB608A0221C # Robert Scholte 45 | autoconf: A7A16B4A2527436A # Eric Blake 46 | cmake: EC8FEF3A7BFB4EDA # Brad King 47 | gmake: 96B047156338B6D4 # Paul Smith (Mad Scientist) 48 | adoptium: 3B04D753C9050D9A5D343F39843C48A565F8F04B # Adoptium GPG Key (DEB/RPM Signing Key) 49 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/linux_installer_setup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Run Installer Playbook 3 | hosts: all 4 | gather_facts: yes 5 | tasks: 6 | - name: Set Variables 7 | block: 8 | # Set standard variables 9 | - name: Load AdoptOpenJDKs variable file 10 | include_vars: group_vars/all/adoptopenjdk_variables.yml 11 | 12 | ######### 13 | # Roles # 14 | ######### 15 | roles: 16 | - linux_installer 17 | - Jenkins_User 18 | - Superuser 19 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Clean_Up/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ############ 3 | # Clean_Up # 4 | ############ 5 | 6 | # Package manager clean up 7 | - name: Remove unneeded packages from the cache - Ubuntu 8 | apt: 9 | autoclean: yes 10 | when: 11 | - ansible_distribution == "Ubuntu" 12 | tags: clean_up 13 | 14 | - name: Remove apt dependencies that are no longer required - Ubuntu 15 | apt: 16 | autoremove: yes 17 | when: 18 | - ansible_distribution == "Ubuntu" 19 | tags: clean_up 20 | 21 | - name: Remove yum dependencies that are no longer required - RedHat and CentOS 22 | command: yum -y autoremove 23 | when: 24 | - (ansible_distribution == "RedHat" and ansible_distribution_major_version != "6") or (ansible_distribution == "CentOS" and ansible_distribution_major_version != "6") 25 | - ansible_architecture != "aarch64" 26 | tags: clean_up 27 | 28 | - name: Remove pkg dependencies that are no longer required - FreeBSD 29 | command: pkg autoremove -y 30 | when: 31 | - ansible_distribution == "FreeBSD" 32 | tags: clean_up 33 | 34 | ################################# 35 | # Remove unneeded files/folders # 36 | ################################# 37 | - name: Remove unneeded downloaded packages 38 | file: 39 | path: "{{ item }}" 40 | state: absent 41 | with_items: 42 | - /tmp/expat-2.2.5 # expat 43 | - /tmp/expat-2.2.5.tar.bz2 # expat 44 | - /tmp/junit-3.8.2-8.1.noarch.rpm # junit 45 | - /tmp/mpc-0.8.1 # gcc-4.8 46 | - /tmp/mpc-0.8.1.tar.gz # gcc-4.8 47 | - /tmp/nagios-plugins-2.2.1/ # nagios_plugins 48 | - /tmp/nagios-plugins-2.2.1.tar.gz #nagios_plugins 49 | - /tmp/sles12_cuda9_repo.rpm # NVidia_Cuda_Toolkit 50 | - /tmp/zlib-1.2.11 # zlib_sles11_ppc64 51 | - /tmp/zlib-1.2.11.tar.gz # zlib_sles11_ppc64 52 | - /tmp/git-2.31.0.tar.gz # solaris_git 53 | - /tmp/git-2.31.0 # solaris_git 54 | failed_when: false 55 | tags: clean_up 56 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/files/CSWpkgutil.pkg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/adoptium/infrastructure/4476887600dca29b7873d435ed04d8e9c3473380/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/files/CSWpkgutil.pkg -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/files/fallocate.c: -------------------------------------------------------------------------------- 1 | /* 2 | * This is the source of the libraries stored in binary form in the i386 and sun4v 3 | * directories and is required to be able to run Liberica JDK11 on Solaris 10. 4 | * See https://github.com/adoptium/infrastructure/issues/2763#issuecomment-1338305341 5 | */ 6 | #include 7 | int posix_fallocate(int fd, off_t offset, off_t len) 8 | { 9 | fprintf(stderr, "posix_fallocate() called but stubbed out\n"); 10 | } 11 | 12 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/files/i386/fallocate.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/adoptium/infrastructure/4476887600dca29b7873d435ed04d8e9c3473380/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/files/i386/fallocate.so -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/files/macos/profile: -------------------------------------------------------------------------------- 1 | # System-wide .profile for sh(1) 2 | 3 | if [ -x /usr/libexec/path_helper ]; then 4 | eval `/usr/libexec/path_helper -s` 5 | fi 6 | 7 | if [ "${BASH-no}" != "no" ]; then 8 | [ -r /etc/bashrc ] && . /etc/bashrc 9 | fi 10 | 11 | # Source global profile extensions 12 | if [ -d /etc/profile.d ]; then 13 | for i in /etc/profile.d/*.sh; do 14 | if [ -r $i ]; then 15 | . $i 16 | fi 17 | done 18 | unset i 19 | fi 20 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/files/sun4v/fallocate.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/adoptium/infrastructure/4476887600dca29b7873d435ed04d8e9c3473380/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/files/sun4v/fallocate.so -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/scripts/install-homebrew.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | yes | /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" 3 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/FreeBSD.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ########## 3 | # FreeBSD # 4 | ########## 5 | 6 | ############################################## 7 | # Workaround for Ansible not detecting cores # 8 | ############################################## 9 | 10 | # Skipping linting as no situation where this can't run (lint error 301) 11 | - name: Get number of cores on FreeBSD 12 | shell: sysctl hw.ncpu | awk '{print $2}' 13 | register: freebsd_cores 14 | changed_when: false 15 | tags: 16 | - skip_ansible_lint 17 | 18 | - name: Set ansible_processor_vcpus 19 | set_fact: 20 | ansible_processor_vcpus: "{{ freebsd_cores.stdout }}" 21 | 22 | ###################### 23 | # Overide root group # 24 | ###################### 25 | - name: Set default root group to wheel 26 | set_fact: 27 | root_group: "wheel" 28 | 29 | ######################## 30 | # Overide sudoers file # 31 | ######################## 32 | - name: Set sudoers file to /usr/local/etc/sudoers 33 | set_fact: 34 | Sudoers_File: "/usr/local/etc/sudoers" 35 | 36 | ############################ 37 | # Build Packages and tools # 38 | ############################ 39 | - name: Call Build Packages and Tools Task 40 | include_tasks: build_packages_and_tools.yml 41 | 42 | ########################## 43 | # Additional build tools # 44 | ########################## 45 | - name: Install GCC G++ on supported platforms 46 | package: "name={{ item }} state=present" 47 | with_items: "{{ gcc_compiler }}" 48 | tags: build_tools 49 | 50 | ####################### 51 | # Symlink gtar to tar # 52 | ####################### 53 | - name: Create symlink for gtar to tar 54 | file: 55 | src: /usr/local/bin/gtar 56 | dest: /usr/bin/tar 57 | owner: root 58 | group: wheel 59 | state: link 60 | tags: build_tools 61 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/build_packages_and_tools.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ############################ 3 | # Build_Packages_and_tools # 4 | ############################ 5 | - name: Set package manager var 6 | set_fact: 7 | package_var: "latest" 8 | 9 | - name: Set package manager var for FreeBSD 10 | set_fact: 11 | package_var: "present" 12 | when: 13 | - ansible_distribution == "FreeBSD" 14 | 15 | - name: Install Build Tool Packages 16 | package: "name={{ item }} state={{ package_var }}" 17 | with_items: "{{ Build_Tool_Packages }}" 18 | tags: build_tools 19 | 20 | - name: Create symlink for gmake to make 21 | file: 22 | src: /usr/bin/make 23 | dest: /usr/bin/gmake 24 | owner: root 25 | group: root 26 | state: link 27 | when: 28 | - ansible_distribution != "FreeBSD" 29 | - ansible_distribution != "RedHat" 30 | - ansible_distribution != "CentOS" 31 | - ansible_distribution != "Fedora" 32 | tags: build_tools 33 | 34 | - name: Install Test Tool Packages 35 | package: "name={{ item }} state={{ package_var }}" 36 | with_items: "{{ Test_Tool_Packages }}" 37 | tags: test_tools 38 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ######## 3 | # Main # 4 | ######## 5 | 6 | ############################### 7 | # Set ansible_processor_vcpus # 8 | ############################### 9 | - name: If ansible_processor_cpus is not defined, set to ansible_processor_cores or 1 10 | set_fact: 11 | ansible_processor_vcpus: "{{ ansible_processor_cores | default(1) }}" 12 | when: 13 | - ansible_processor_vcpus is not defined 14 | tags: 15 | - cmake 16 | - git_source 17 | 18 | ######################## 19 | # Include OS variables # 20 | ######################## 21 | - name: Include OS variables 22 | include_vars: "../vars/{{ ansible_distribution }}.yml" 23 | tags: main 24 | 25 | ############################## 26 | # OS setup and configuration # 27 | ############################## 28 | # If this errors, upgrade ansible to >=2.4 29 | - name: Perform OS setup and configuration 30 | include_tasks: "{{ ansible_distribution }}.yml" 31 | tags: main 32 | 33 | ################### 34 | # cmake on armv7l # 35 | ################### 36 | - name: Install cmake on armv7l 37 | apt: pkg=cmake state=latest update_cache=yes 38 | when: 39 | - ansible_architecture == "armv7l" 40 | tags: 41 | - cmake 42 | # TODO: Package installs should not use latest 43 | - skip_ansible_lint 44 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Alpine.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ########## 3 | # Alpine # 4 | ########## 5 | 6 | # Command Build Tool Packages 7 | Build_Tool_Packages: 8 | - alpine-sdk 9 | - alsa-lib 10 | - alsa-lib-dev 11 | - autoconf 12 | - bash 13 | - bison # OpenJ9 14 | - cups-dev 15 | - cups-libs 16 | - flex # OpenJ9 17 | - fontconfig 18 | - fontconfig-dev 19 | - freetype 20 | - freetype-dev 21 | - grep 22 | - gnupg 23 | - gnutls # OpenSSL tests 24 | - gnutls-dev # OpenSSL tests 25 | - gnutls-utils # OpenSSL tests 26 | - libdwarf # OpenJ9 27 | - libdwarf-dev # OpenJ9 28 | - libx11 29 | - libx11-dev 30 | - libxext 31 | - libxext-dev 32 | - libxrandr 33 | - libxrandr-dev 34 | - libxrender 35 | - libxrender-dev 36 | - libxt 37 | - libxt-dev 38 | - libxtst 39 | - libxtst-dev 40 | - linux-headers 41 | - nss 42 | - nss-dev 43 | - nss-tools 44 | - numactl 45 | - numactl-dev # OpenJ9 46 | - pigz # Used in preference to gzip for tar.gz'ing 47 | - sed # JDK8u requires GNU sed 48 | - strace # For SBOM dependency analysis 49 | - unzip 50 | - wget 51 | - which 52 | - xz 53 | - zip 54 | 55 | Test_Tool_Packages: 56 | - unzip 57 | - zlib 58 | - zlib-dev 59 | - perl 60 | - perl-dev 61 | - libcurl 62 | - curl-dev 63 | - openssl 64 | - openssl-dev 65 | - xauth 66 | - xorg-server 67 | - xvfb 68 | - gnutls 69 | - gnutls-dev 70 | - gnutls-utils 71 | - nss 72 | - nss-dev 73 | - nss-tools 74 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/FreeBSD.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ########## 3 | # FreeBSD # 4 | ########## 5 | 6 | # Command Build Tool Packages 7 | Build_Tool_Packages: 8 | - alsa-lib 9 | - autoconf 10 | - bash 11 | - cups 12 | - fontconfig 13 | - freetype2 14 | - giflib 15 | - git 16 | - gmake 17 | - gtar 18 | - jpeg-turbo 19 | - lcms2 20 | - libXext 21 | - libXi 22 | - libX11 23 | - libXrandr # JDK12+ compilation 24 | - libXrender 25 | - libXt 26 | - libXtst 27 | - openjdk 28 | - openjdk8 29 | - openjdk11 30 | - pkgconf 31 | - png 32 | - strace # For SBOM dependency analysis 33 | - unzip 34 | - wget 35 | - zip 36 | 37 | gcc_compiler: 38 | - gcc48 39 | 40 | Test_Tool_Packages: 41 | - perl5 42 | - xauth 43 | - xorg 44 | - xorg-vfbserver 45 | - pulseaudio 46 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/MacOSX.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ########## 3 | # macOS # 4 | ########## 5 | 6 | # Command Build Tool Packages 7 | 8 | Build_Tool_Packages: 9 | - autoconf 10 | - automake # for compiling freetype on JDK8u 11 | - coreutils 12 | - git 13 | - gnupg 14 | - gnu-sed 15 | - gnu-tar 16 | - nasm # openj9 jdk13+ 17 | - wget 18 | - bash # OpenJ9 needs bash v4 or later 19 | 20 | Build_Tool_Packages_NOT_10_12: 21 | - ccache # ccache is no longer working on macOS 10.12 22 | 23 | Build_Tool_Casks: 24 | - packages 25 | 26 | Test_Tool_Packages: 27 | - pulseaudio 28 | - jq 29 | 30 | JCK_Tool_Casks: 31 | - blackhole-2ch # Used to emulate a line in feed for JCK tests 32 | - thunderbird # Used to run JCK email tests 33 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Solaris.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ########### 3 | # Solaris # 4 | ########### 5 | 6 | # Command Build Tool Packages 7 | Build_Tool_Packages: 8 | - autoconf 9 | - binutils 10 | - coreutils 11 | - ccache 12 | - ggrep 13 | - jdk7 14 | - jdk8 15 | - openssh # needed to clone from GitHub via ssh - https://github.com/adoptium/infrastructure/pull/2220 16 | - pigz 17 | - git 18 | - sudo 19 | - nano 20 | - ntp 21 | - wget 22 | - curl 23 | - gmake 24 | - gnupg 25 | - gtar 26 | - xz 27 | - zip 28 | - tcl 29 | - python27 30 | 31 | Additional_Build_Tools_x64: 32 | - freetype 33 | 34 | Test_Tool_Packages: 35 | - perl 36 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/openSUSE.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ######## 3 | # SUSE # 4 | ######## 5 | 6 | # Command Build Tool Packages 7 | Build_Tool_Packages: 8 | - alsa-devel 9 | - autoconf 10 | - bind-utils 11 | - bison # OpenJ9 12 | - cpio 13 | - curl 14 | - cups 15 | - cups-devel 16 | - flex 17 | - gcc 18 | - gcc-c++ 19 | - glibc 20 | - glibc-devel 21 | - gnutls 22 | - libcurl-devel 23 | - libdw1 24 | - libdwarf-devel 25 | - libelf-devel 26 | - libelf0 27 | - libelf1 28 | - libnss3.so 29 | - libnuma-devel 30 | - libpng15-devel 31 | - libXext-devel 32 | - libXi-devel 33 | - libXrandr-devel 34 | - libXrender-devel 35 | - libXt-devel 36 | - libXtst-devel 37 | - make 38 | - mozilla-nss 39 | - ntp 40 | - numactl 41 | - pkg-config 42 | - strace # For SBOM dependency analysis 43 | - systemtap-sdt-devel 44 | - unzip 45 | - wget 46 | - zip 47 | - zlib-devel 48 | 49 | Additional_Build_Tools_SUSE12: 50 | - git-core 51 | - libfreetype6 52 | - libXext6 53 | - libXi6 # JDK12+ compilation 54 | - libXrandr2 # JDK12+ compilation 55 | - libXrender1 56 | - libXt6 57 | - libXtst6 58 | - Mesa-libGL1 59 | 60 | Additional_Build_Tools_SUSE_x86: 61 | - glibc-32bit # a dependency required for executing a 32-bit C binary 62 | - glibc-devel-32bit # a dependency required for executing a 32-bit C binary 63 | 64 | Test_Tool_Packages: 65 | - perl 66 | - pulseaudio 67 | - xorg-x11 68 | - xorg-x11-devel 69 | - glibc-locale # Internationalization tests 70 | - gnutls 71 | - libnss3.so 72 | - mozilla-nss 73 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Docker/tasks/debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add Docker GPG apt Key 3 | apt_key: 4 | url: https://download.docker.com/linux/debian/gpg 5 | state: present 6 | 7 | ################################################################################################################### 8 | 9 | - name: Add Docker repo for Debian x86_64 10 | apt_repository: 11 | repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable" 12 | state: present 13 | when: 14 | - ansible_architecture == "x86_64" 15 | 16 | - name: Add Docker repo for Raspbian arm7vl 17 | apt_repository: 18 | repo: "deb https://download.docker.com/linux/raspbian {{ ansible_distribution_release }} stable" 19 | state: present 20 | when: 21 | - ansible_architecture == "armv7l" 22 | 23 | - name: Run apt-get update 24 | apt: 25 | update_cache: true 26 | 27 | ########################################################################################### 28 | - name: Install Docker prerequisites for Debian ( >= 10 ) 29 | apt: 30 | pkg: "{{ item }}" 31 | state: latest 32 | with_items: 33 | - ca-certificates 34 | - curl 35 | - gnupg 36 | - lsb-release 37 | when: 38 | - ansible_distribution_major_version|int >= 10 39 | tags: 40 | - skip_ansible_lint 41 | 42 | - name: Install Docker prerequisites for Debian ( < 10 ) 43 | apt: 44 | pkg: "{ item }}" 45 | state: latest 46 | with_items: 47 | - apt-transport-https 48 | - ca-certificates 49 | - curl 50 | - software-properties-common 51 | when: 52 | - ansible_distribution_major_version|int <10 53 | tags: 54 | - skip_ansible_lint 55 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Docker/tasks/rhel.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ############## 3 | # Below enable different YUM repo not EPEL 4 | ############## 5 | #################CentOS#################################### 6 | 7 | # Same key for the Centos Repo 8 | - name: Import Docker Repo key 9 | rpm_key: 10 | key: https://download.docker.com/linux/rhel/gpg 11 | state: present 12 | 13 | - name: Add Docker Repo x86-64/ppc64le 14 | yum_repository: 15 | name: docker 16 | description: docker repository 17 | baseurl: "https://download.docker.com/linux/centos/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/stable" 18 | enabled: true 19 | gpgcheck: true 20 | when: 21 | - ansible_architecture == "x86_64" or ansible_architecture == "ppc64le" 22 | 23 | - name: Add Docker repo for s390x on RHEL 24 | yum_repository: 25 | name: docker 26 | description: docker YUM repo s390x 27 | baseurl: https://download.docker.com/linux/rhel/{{ ansible_distribution_major_version }}/s390x/stable/ 28 | enabled: true 29 | gpgcheck: true 30 | when: 31 | - ansible_architecture == "s390x" 32 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Docker/tasks/sles.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add Docker Repo for SLES15 3 | command: zypper ar https://download.docker.com/linux/sles/docker-ce.repo 4 | when: 5 | - ansible_distribution_major_version == "15" 6 | - ansible_architecture == "x86_64" or ansible_architecture == "s390x" 7 | 8 | - name: Add security repo for container-selinux for SLES 15 9 | zypper_repository: 10 | repo: https://download.opensuse.org/repositories/security:SELinux/SLE_15_SP3/security:SELinux.repo 11 | state: present 12 | auto_import_keys: yes 13 | when: 14 | - ansible_distribution_major_version == "15" 15 | - ansible_architecture == "x86_64" or ansible_architecture == "s390x" 16 | 17 | - name: Install Docker on SLES15 18 | zypper: 19 | pkg: "{{ item }}" 20 | state: latest 21 | update_cache: yes 22 | with_items: 23 | - docker-ce 24 | - docker-ce-cli 25 | - containerd.io 26 | when: 27 | - ansible_distribution_major_version == "15" 28 | - ansible_architecture == "x86_64" or ansible_architecture == "s390x" 29 | tags: 30 | # TODO: Package installs should not use latest 31 | - skip_ansible_lint 32 | 33 | - name: Install docker in SLES 12 34 | package: 35 | update_cache: yes 36 | name: ['containerd', 'runc', 'docker'] 37 | state: latest 38 | when: 39 | - ansible_distribution == "SLES" 40 | - ansible_distribution_major_version == "12" 41 | - ansible_architecture != "aarch64" #no docker support for sles 12 aarch64 42 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart docker service 3 | service: 4 | name: docker 5 | state: restarted 6 | when: restart_docker.changed is true 7 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/scripts/updatepackages.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -u 3 | 4 | export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 5 | containerIds=$(docker ps -q) 6 | 7 | commonPackages="gnupg fakeroot fontconfig" 8 | fedoraPackages="procps-ng hostname shared-mime-info" 9 | debianPackages="" 10 | alpinePackages="" 11 | 12 | for container in $containerIds 13 | do 14 | OS=$(docker exec -it $container sh -c "cat /etc/os-release" | head -n 1) 15 | if [[ "$OS" == *"CentOS"* ]] || [[ "$OS" == *"Fedora"* ]] || [[ "$OS" == *"Red Hat Enterprise Linux"* ]]; then 16 | installCommand="yum -y update && yum -y install $commonPackages $fedoraPackages" 17 | elif [[ "$OS" == *"Ubuntu"* ]] || [[ "$OS" == *"Debian"* ]]; then 18 | installCommand="apt-get update && apt-get -y upgrade && apt-get -y install $commonPackages $debianPackages" 19 | elif [[ "$OS" == *"Alpine"* ]]; then 20 | installCommand="apk update && apk upgrade && apk --update add $commonPackages $alpinePackages" 21 | else 22 | echo "Unrecognised OS, skipping package update" 23 | continue 24 | fi 25 | echo "Updating packages for container $container" 26 | echo "Running $installCommand" 27 | docker exec -it $container sh -c "$installCommand" 28 | echo "==============================================" 29 | done 30 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/DockerStatic/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ########################################## 3 | # Config changes for Dockerhost machines # 4 | ########################################## 5 | 6 | - name: Enable ipv6 on Dockerhost 7 | lineinfile: 8 | path: /etc/docker/daemon.json 9 | line: '{ "ipv6": true, "fixed-cidr-v6": "fd00::/80" }' 10 | insertafter: EOF 11 | create: yes 12 | register: restart_docker 13 | notify: 14 | - Restart docker service 15 | 16 | # lineinfile does not work here - similar to the operation in /var/log in adopt_etc 17 | # lineinfile: path /proc/sys/kernel/core_pattern state: present: regexp: . line: core.%p 18 | # therefore the following section wil not become live prior to a reboot 19 | # 20 | - name: Make core file setting live immediately; 21 | command: "echo core.%p > /proc/sys/kernel/core_pattern" 22 | 23 | - name: Ensure core files are able to be created within docker containers on reboot 24 | lineinfile: 25 | path: /etc/sysctl.conf 26 | state: present 27 | regexp: kernel_core_pattern 28 | line: kernel.core_pattern=core.%p 29 | 30 | - name: Run updatePackage.sh script 31 | script: scripts/updatepackages.sh 32 | args: 33 | executable: bash 34 | tags: 35 | - updateContainers 36 | - never 37 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/IPv6/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ############################## 3 | # Enable IPv6 in sysctl.conf # 4 | ############################## 5 | 6 | - name: Setting net.ipv6.conf.all.disable_ipv6 = 0 7 | sysctl: 8 | name: net.ipv6.conf.all.disable_ipv6 9 | value: '0' 10 | sysctl_set: yes 11 | state: present 12 | reload: no 13 | when: 14 | - (ansible_distribution == "RedHat" or ansible_distribution == "CentOS") 15 | tags: 16 | - IPv6_sysctl 17 | - adoptopenjdk 18 | 19 | - name: Setting net.ipv6.conf.default.disable_ipv6 = 0 20 | sysctl: 21 | name: net.ipv6.conf.default.disable_ipv6 22 | value: '0' 23 | sysctl_set: yes 24 | state: present 25 | reload: yes 26 | when: 27 | - (ansible_distribution == "RedHat" or ansible_distribution == "CentOS") 28 | tags: 29 | - IPv6_sysctl 30 | - adoptopenjdk 31 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Kerberos/conf/krb5.conf: -------------------------------------------------------------------------------- 1 | [libdefaults] 2 | default_realm = ADOPTIUM_NET 3 | 4 | # The following encryption type specification will be used by MIT Kerberos 5 | # if uncommented. In general, the defaults in the MIT Kerberos code are 6 | # correct and overriding these specifications only serves to disable new 7 | # encryption types as they are added, creating interoperability problems. 8 | # 9 | # Thie only time when you might need to uncomment these lines and change 10 | # the enctypes is if you have local software that will break on ticket 11 | # caches containing ticket encryption types it doesn't know about (such as 12 | # old versions of Sun Java). 13 | 14 | # default_tgs_enctypes = des3-hmac-sha1 15 | # default_tkt_enctypes = des3-hmac-sha1 16 | # permitted_enctypes = des3-hmac-sha1 17 | 18 | [realms] 19 | ADOPTIUM_NET = { 20 | kdc = jckservices.adoptium.net 21 | admin_server = jckservices.adoptium.net 22 | } 23 | 24 | [domain_realm] 25 | adoptium.net = ADOPTIUM_NET 26 | 27 | [logging] 28 | default = SYSLOG 29 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Kerberos/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ################## 3 | # Kerberos Setup # 4 | ################## 5 | - name: Install Kerberos prerequisistes 6 | apt: pkg={{ item }} state=latest 7 | with_items: 8 | - krb5-kdc 9 | - krb5-admin-server 10 | - pwgen 11 | tags: dependencies 12 | 13 | - name: Copy krb5.conf 14 | copy: 15 | src: conf/krb5.conf 16 | dest: /etc/krb5.conf 17 | owner: root 18 | group: root 19 | mode: 0644 20 | backup: yes 21 | 22 | - name: Configure kerberos server 23 | shell: kdb5_util create -r ADOPTIUM_NET -W -s -P `pwgen -1` 24 | args: 25 | creates: /var/lib/krb5kdc/principal.kadm5 26 | 27 | - name: Run shell scripts 28 | shell: "{{ item }}" 29 | with_items: 30 | - kadmin.local -q "addprinc -pw `pwgen -1` admin/admin@ADOPTIUM_NET" 31 | - kadmin.local -q "addprinc -pw user1 user1/jckservices.adoptium.net@ADOPTIUM_NET" 32 | - kadmin.local -q "addprinc -pw user2 user2/jckservices.adoptium.net@ADOPTIUM_NET" 33 | - kadmin.local -q getprincs | egrep '^admin/admin@|^user1/|^user2/' > krb5.jckusers.txt; if test $(wc -l < krb5.jckusers.txt) -ne 3; then echo Wrong number of users - expected 3:; cat krb5.jckusers.txt; rm krb5.jckusers.txt; exit 1; fi 34 | args: 35 | creates: krb5.jckusers.txt 36 | tags: 37 | # false positive for 'use shell only when shell is required' 38 | # this whole piece should be rewritten to avoid 'bashsible' code style 39 | - skip_ansible_lint 40 | 41 | - name: Start krb5-kdc service 42 | service: 43 | name: krb5-kdc 44 | state: started 45 | 46 | - name: Start krb5-admin-server service 47 | service: 48 | name: krb5-admin-server 49 | state: started 50 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/additional_plugins/check_ntp_timesync: -------------------------------------------------------------------------------- 1 | # Copyright 2020 The Original Author(s) 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | #! /usr/bin/env bash 16 | 17 | /sbin/service ntpd status >/dev/null 2>&1 18 | if [[ $? != 0 ]]; then 19 | echo "WARNING - Check NTPD Service" 20 | exit 1 21 | fi 22 | 23 | ntpstat >/dev/null 2>&1 24 | is_agent_syncd=$? 25 | 26 | case $is_agent_syncd in 27 | 0) 28 | echo "OK - Time synchronized" 29 | exit 0 30 | ;; 31 | 1) 32 | echo "CRITICAL - Time not synchronized" 33 | exit 2 34 | ;; 35 | 2) 36 | echo "UNKNOWN - Clock state indeterminant" 37 | exit 3 38 | ;; 39 | *) 40 | echo "UNKNOWN - Unexpected RC" 41 | exit 3 42 | ;; 43 | esac 44 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/additional_plugins/check_pkg: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Nagios Plugin to check for OS updates using ‘pkg’ for FreeBSD 3 | # 4 | # Test for pkg 5 | if [ ! -x /usr/sbin/pkg ] ; then 6 | echo 'pkg CRITICAL - pkg not found!' 7 | exit 2 8 | fi 9 | # Test for patches required 10 | /usr/sbin/pkg audit -F 2> /dev/null > /tmp/nagios_pkg.tmp 11 | /usr/sbin/pkg upgrade --dry-run 2> /dev/null > /tmp/nagios_pkg_need.tmp 12 | pkg_sec=`cat /tmp/nagios_pkg.tmp | grep 'problem(s)' | awk '{print $1}' ` 13 | pkg_needed=`cat /tmp/nagios_pkg_need.tmp | tail -1` 14 | 15 | if [[ $pkg_needed = "Your packages are up to date." ]] ; then 16 | pkg_needed="0" 17 | else 18 | pkg_needed=`cat /tmp/nagios_pkg_need.tmp | grep 'package(s)' | awk '{print $1}'` 19 | fi 20 | if [[ $pkg_sec -gt 0 ]] ; then 21 | echo "pkg CRITICAL: "$pkg_needed "packages available for upgrade ("$pkg_sec "critical updates)" 22 | rm /tmp/nagios_pkg.tmp 23 | exit 2 24 | fi 25 | if [[ $pkg_needed -gt 0 ]] ; then 26 | echo "pkg WARNING: "$pkg_needed "packages available for upgrade" 27 | rm /tmp/nagios_pkg.tmp 28 | exit 1 29 | fi 30 | 31 | echo "pkg OK - No updates available" 32 | rm /tmp/nagios_pkg.tmp /tmp/nagios_pkg_need.tmp 33 | exit 0 34 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/additional_plugins/check_sw_up: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Nagios Plugin to check for OS updates using ‘softwareupdate’ for MacOSX 3 | # 4 | # Check if any patches are required 5 | /usr/sbin/softwareupdate -l 2>/dev/null > /tmp/check_sw_up.tmp 6 | # Test if any are Security patches or just normal patches 7 | MAC_sec=`cat /tmp/check_sw_up.tmp | grep "*" | grep -i Security | wc -l` 8 | MAC_needed=`cat /tmp/check_sw_up.tmp | grep "*" | wc -l` 9 | # 10 | if [[ $MAC_sec -gt 0 ]] ; then 11 | echo "SW_Updates CRITICAL: "$MAC_needed "packages available for upgrade ("$MAC_sec" critical updates)" 12 | rm /tmp/check_sw_up.tmp 13 | exit 2 14 | fi 15 | if [[ $MAC_needed -gt 0 ]] ; then 16 | echo "SW_Updates WARNING: "$MAC_needed "packages available for upgrade" 17 | rm /tmp/check_sw_up.tmp 18 | exit 1 19 | fi 20 | # 21 | echo "SW_Updates OK: No updates available" 22 | rm /tmp/check_sw_up.tmp 23 | exit 0 24 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/additional_plugins/check_ubuntu_ntp_timesync: -------------------------------------------------------------------------------- 1 | # Copyright 2020 The Original Author(s) 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | #! /usr/bin/env bash 16 | 17 | service ntp status >/dev/null 2>&1 18 | if [[ $? != 0 ]]; then 19 | echo "WARNING - Check NTPD Service" 20 | exit 1 21 | fi 22 | 23 | service ntp status >/dev/null 2>&1 24 | is_agent_syncd=$? 25 | 26 | case $is_agent_syncd in 27 | 0) 28 | echo "OK - Time synchronized" 29 | exit 0 30 | ;; 31 | 1) 32 | echo "CRITICAL - Time not synchronized" 33 | exit 2 34 | ;; 35 | 2) 36 | echo "UNKNOWN - Clock state indeterminant" 37 | exit 3 38 | ;; 39 | *) 40 | echo "UNKNOWN - Unexpected RC" 41 | exit 3 42 | ;; 43 | esac 44 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/additional_plugins/check_yum: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Nagios Plugin to check for OS updates using ‘yum’ for RedHat like systems 3 | # 4 | # Test for yum 5 | if [ ! -x /usr/bin/yum ] ; then 6 | echo 'yum CRITICAL - Yum not found!' 7 | exit 2 8 | fi 9 | # Test for patches required 10 | /usr/bin/yum --security check-update 2> /dev/null > /tmp/nagios_yum.tmp 11 | yum_sec=`cat /tmp/nagios_yum.tmp | grep 'package(s)' | awk '{print $1}' ` 12 | yum_needed=`cat /tmp/nagios_yum.tmp | grep 'package(s)' | sed 's/.*out of //' | awk '{print $1}'` 13 | 14 | if [[ $yum_needed = "" ]] ; then 15 | yum_needed=`cat /tmp/nagios_yum.tmp | grep 'packages' | sed 's/.*; //' | awk '{print $1}'` 16 | fi 17 | if [[ $yum_sec -gt 0 ]] ; then 18 | echo "yum CRITICAL: "$yum_needed "packages available for upgrade ("$yum_sec "critical updates)" 19 | rm /tmp/nagios_yum.tmp 20 | exit 2 21 | fi 22 | if [[ $yum_needed -gt 0 ]] ; then 23 | echo "yum WARNING: "$yum_needed "packages available for upgrade" 24 | rm /tmp/nagios_yum.tmp 25 | exit 1 26 | fi 27 | 28 | echo "yum OK - No updates available" 29 | rm /tmp/nagios_yum.tmp 30 | exit 0 31 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/additional_plugins/check_zypper: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Nagios Plugin to check for OS updates using ‘zypper’ for SuSE like systems 3 | # 4 | # Test for zypper 5 | if [ ! -x /usr/bin/zypper ] ; then 6 | echo 'Zypper CRITICAL - Zypper not found!' 7 | exit 2 8 | fi 9 | # Refresh Repo 10 | /usr/bin/zypper ref >/dev/null 2>&1 11 | # Test for patches required 12 | zypper_sec=`/usr/bin/zypper list-patches | grep "security " | wc -l` 13 | zypper_needed=`/usr/bin/zypper list-patches | grep "needed |" | wc -l` 14 | 15 | if [[ $zypper_sec -gt 0 ]] ; then 16 | echo "Zypper CRITICAL: "$zypper_needed "packages available for upgrade ("$zypper_sec "critical updates)" 17 | exit 2 18 | fi 19 | if [[ $zypper_needed -gt 0 ]] ; then 20 | echo "Zypper WARNING: "$zypper_needed "packages available for upgrade" 21 | exit 1 22 | fi 23 | 24 | echo "Zypper OK - No updates available" 25 | exit 0 26 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_CentOS.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ######################################################################################### 3 | # AdoptOpenJDK - Ansible Playbook to install Nagios plugins on CentOS 7 on x86 hardware # 4 | ######################################################################################### 5 | 6 | ############### 7 | # Nagios user # 8 | ############### 9 | - name: Allow Nagios to use yum while restricting it to check-update only 10 | shell: | 11 | echo "nagios ALL = NOPASSWD: /usr/bin/yum --security check-update" >> /etc/sudoers 12 | when: 13 | - ansible_architecture == "x86_64" 14 | 15 | ################### 16 | # Install plugins # 17 | ################### 18 | - name: Install nagios-plugins-all 19 | yum: 20 | name: nagios-plugins-all 21 | state: latest 22 | 23 | ########## 24 | # Layout # 25 | ########## 26 | - name: Creates Nagios folder 27 | file: path=/usr/local/nagios/ state=directory mode=0755 owner=nagios 28 | 29 | - name: Create symlink to plugins 30 | file: src=/usr/lib64/nagios/plugins dest=/usr/local/nagios/libexec state=link 31 | 32 | ############################## 33 | # Install additional plugins # 34 | ############################## 35 | - name: Copy check_yum plugin 36 | copy: 37 | src: roles/Nagios_Plugins/tasks/additional_plugins/check_yum 38 | dest: /usr/local/nagios/libexec/check_yum 39 | mode: 0755 40 | 41 | - name: Copy check_ntp_timesync plugin 42 | copy: 43 | src: roles/Nagios_Plugins/tasks/additional_plugins/check_ntp_timesync 44 | dest: /usr/local/nagios/libexec/check_ntp_timesync 45 | mode: 0755 46 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_Debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ################################################################################################# 3 | # AdoptOpenJDK - Ansible Playbook to install Nagios plugins on Debian on x86 hardware # 4 | ################################################################################################# 5 | 6 | ######################################## 7 | # Install Nagios dependencies packages # 8 | ######################################## 9 | - name: Install Nagios plugins 10 | apt: 11 | state: latest 12 | update_cache: yes 13 | pkg: 14 | - fping 15 | - nagios-plugins 16 | - nagios-plugins-common 17 | - perl 18 | - qstat 19 | 20 | ########## 21 | # Layout # 22 | ########## 23 | - name: Creates Nagios folder 24 | file: path=/usr/local/nagios/ state=directory mode=0755 owner=nagios 25 | 26 | - name: Create symlink to plugins 27 | file: src=/usr/lib/nagios/plugins dest=/usr/local/nagios/libexec state=link 28 | 29 | ############################## 30 | # Install Additional Plugins # 31 | ############################## 32 | 33 | - name: Copy check_timesync plugin 34 | copy: 35 | src: roles/Nagios_Plugins/tasks/additional_plugins/check_timesync 36 | dest: /usr/local/nagios/libexec/check_timesync 37 | mode: 0755 38 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_MacOSX.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ###################################################################################### 3 | # AdoptOpenJDK - Ansible Playbook to install Nagios plugins on macOS on x86 hardware # 4 | ###################################################################################### 5 | 6 | ######################################## 7 | # Install Nagios dependencies packages # 8 | ######################################## 9 | 10 | - name: Set Mac homebrew path (x64) 11 | set_fact: 12 | homebrew_path: /usr/local/bin 13 | when: ansible_architecture == "x86_64" 14 | 15 | - name: Set Mac homebrew path (Arm64) 16 | set_fact: 17 | homebrew_path: /opt/homebrew/bin 18 | when: ansible_architecture == "arm64" 19 | 20 | - name: Install additional packages used by Nagios 21 | homebrew: 22 | name: "{{ item }}" 23 | state: present 24 | path: "{{ homebrew_path }}" 25 | become: yes 26 | become_user: "{{ ansible_user }}" 27 | with_items: 28 | - nagios-plugins 29 | 30 | - name: Create Nagios Plugins folder 31 | file: 32 | path: /usr/local/nagios/ 33 | state: directory 34 | mode: 0755 35 | owner: nagios 36 | become: yes 37 | 38 | - name: Symlink to plugins (x86_64) 39 | file: 40 | src: /usr/local/Cellar/nagios-plugins/2.3.3/libexec/sbin 41 | dest: /usr/local/nagios/libexec 42 | state: link 43 | become: yes 44 | when: ansible_architecture == "x86_64" 45 | 46 | # Arm64's Homebrew installation prefix is `/opt/homebrew/`, not `/usr/local/` 47 | # See: https://github.com/adoptium/infrastructure/issues/1716#issuecomment-764713146 48 | - name: Symlink to plugins (arm64) 49 | file: 50 | src: /opt/homebrew/Cellar/nagios-plugins/2.4.4/sbin/ 51 | dest: /usr/local/nagios/libexec 52 | state: link 53 | become: yes 54 | when: ansible_architecture == "arm64" 55 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_Solaris.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ######################################################################## 3 | # AdoptOpenJDK - Ansible Playbook to install Nagios plugins on Solaris # 4 | ######################################################################## 5 | 6 | ################### 7 | # Install plugins # 8 | ################### 9 | - name: Install nagios_plugins 10 | pkgutil: "name=nagios_plugins state=present" 11 | 12 | ########## 13 | # Layout # 14 | ########## 15 | - name: Creates Nagios folder 16 | file: path=/usr/local/nagios/ state=directory mode=0755 owner=nagios 17 | 18 | - name: Create symlink to plugins 19 | file: src=/opt/csw/libexec/nagios-plugins dest=/usr/local/nagios/libexec state=link 20 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Nagios_Plugins/tasks/nagios_Ubuntu.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ################################################################################################# 3 | # AdoptOpenJDK - Ansible Playbook to install Nagios plugins on Ubuntu 14 and 16 on x86 hardware # 4 | ################################################################################################# 5 | 6 | ######################################## 7 | # Install Nagios dependencies packages # 8 | ######################################## 9 | - name: Install Nagios plugins 10 | apt: 11 | state: latest 12 | update_cache: yes 13 | pkg: 14 | - fping 15 | - nagios-plugins 16 | - perl 17 | - qstat 18 | 19 | - name: Install nagios-plugins-common for NOT U20 20 | apt: 21 | state: latest 22 | update_cache: yes 23 | pkg: nagios-plugins-common 24 | when: (not ansible_distribution_version is version_compare('20', operator='ge')) 25 | 26 | ########## 27 | # Layout # 28 | ########## 29 | - name: Creates Nagios folder 30 | file: path=/usr/local/nagios/ state=directory mode=0755 owner=nagios 31 | 32 | - name: Create symlink to plugins 33 | file: src=/usr/lib/nagios/plugins dest=/usr/local/nagios/libexec state=link 34 | 35 | ############################## 36 | # Install Additional Plugins # 37 | ############################## 38 | 39 | - name: Copy check_timesync plugin 40 | copy: 41 | src: roles/Nagios_Plugins/tasks/additional_plugins/check_timesync 42 | dest: /usr/local/nagios/libexec/check_timesync 43 | mode: 0755 44 | 45 | - name: Copy check_ubuntu_ntp_timesync plugin 46 | copy: 47 | src: roles/Nagios_Plugins/tasks/additional_plugins/check_ubuntu_ntp_timesync 48 | dest: /usr/local/nagios/libexec/check_ubuntu_ntp_timesync 49 | mode: 0755 50 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Python2.7/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #################### 3 | # Python Bootstrap # 4 | #################### 5 | 6 | # Check if Python is installed, and its version. If Python isn't installed, or it's at a version below 2.7.18, install Python 2.7.18. 7 | # Currently only for CentOS6. See: https://github.com/adoptium/infrastructure/issues/1877 8 | 9 | - name: Check for Python 2's version 10 | shell: python -V 2>&1 | grep -Po '(?<=Python )(.+)' 11 | register: python_version 12 | changed_when: false 13 | failed_when: false 14 | when: 15 | - (ansible_distribution == "CentOS" or ansible_distribution == "RedHat") and (ansible_distribution_major_version == "6") 16 | tags: 17 | - python2.7 18 | 19 | - name: Install Python2.7 to /usr/local/python2 20 | unarchive: 21 | src: https://ci.adoptium.net/userContent/usrlocalPython27.tar.xz 22 | dest: /usr/local/ 23 | remote_src: yes 24 | mode: 0755 25 | retries: 3 26 | delay: 5 27 | register: python_download 28 | until: python_download is not failed 29 | when: 30 | - (ansible_distribution == "CentOS" or ansible_distribution == "RedHat") and (ansible_distribution_major_version == "6") 31 | - (python_version.rc != 0) or (python_version.rc == 0 and python_version.stdout is version_compare('2.7.18', operator='lt')) 32 | tags: 33 | - python2.7 34 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Tomcat/files/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | jckservices | Eclipse Temurin 4 | 5 | 6 | 7 | 8 |

Eclipse Temurin

9 | 10 |

JCKServices - used for Kerberos, FTP and HTTP testing

11 | 12 |

Welcome to JCKServices. To find out more about this service please go to 13 | adoptium/infrastructure

14 | 15 | 16 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Tomcat/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ################ 3 | # Tomcat Setup # 4 | ################ 5 | - name: Install tomcat9 6 | apt: pkg=tomcat9 state=latest 7 | tags: dependencies 8 | 9 | - name: Copy index.html 10 | copy: 11 | src: files/index.html 12 | dest: /var/lib/tomcat9/webapps/ROOT/index.html 13 | owner: root 14 | group: root 15 | mode: 0755 16 | 17 | - name: Change port to 80 18 | lineinfile: 19 | path: /etc/tomcat9/server.xml 20 | regexp: '=') }}" 9 | msg: "Ansible 2.4 or above is required" 10 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/ccache/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ########## 3 | # ccache # 4 | ########## 5 | 6 | - name: Set ccache version 7 | set_fact: ccacheVersion=3.4.2 8 | tags: ccache 9 | 10 | - name: Check if ccache is already installed 11 | shell: ccache --version >/dev/null 12 | failed_when: false 13 | register: ccache_status 14 | changed_when: false 15 | tags: ccache 16 | 17 | - name: Download ccache.tar.gz 18 | command: wget -O /tmp/ccache.tar.gz https://github.com/ccache/ccache/releases/download/v{{ ccacheVersion }}/ccache-{{ ccacheVersion }}.tar.gz 19 | when: ccache_status.rc != 0 20 | tags: ccache 21 | 22 | - name: Extract ccache 23 | unarchive: 24 | src: /tmp/ccache.tar.gz 25 | dest: /tmp 26 | copy: False 27 | when: ccache_status.rc != 0 28 | tags: ccache 29 | 30 | - name: Running ./configure & make for CCACHE 31 | shell: cd /tmp/ccache-{{ ccacheVersion }} && ./configure && make clean && make -j {{ ansible_processor_vcpus }} && make install 32 | when: 33 | - ccache_status.rc != 0 34 | - ansible_distribution != "FreeBSD" 35 | tags: ccache 36 | 37 | - name: Running ./configure & make for CCACHE for FreeBSD 38 | shell: cd /tmp/ccache-{{ ccacheVersion }} && ./configure && make -j {{ ansible_processor_vcpus }} && gmake install 39 | when: 40 | - ccache_status.rc != 0 41 | - ansible_distribution == "FreeBSD" 42 | tags: ccache 43 | 44 | - name: Remove downloaded packages for ccache 45 | file: 46 | path: "{{ item }}" 47 | state: absent 48 | with_items: 49 | - /tmp/ccache.tar.gz 50 | - /tmp/ccache-{{ ccacheVersion }} 51 | failed_when: false 52 | tags: ccache 53 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/deploy_container/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This task verifies the docker_images arguments passed into the playbook 3 | # Then runs the deploy.yml task to build and run each image on the dockerhost 4 | - name: Set docker images list variable 5 | set_fact: 6 | docker_images_list: "{{ docker_images.split(',') | list }}" 7 | 8 | - name: Check if dockerfile exists 9 | delegate_to: localhost 10 | stat: 11 | path: "roles/DockerStatic/Dockerfiles/Dockerfile.{{ item }}" 12 | loop: "{{ docker_images_list }}" 13 | register: dockerfiles_exist 14 | 15 | - name: Fail if dockerfile does not exist 16 | fail: 17 | msg: "{{ item.invocation.module_args.path }} does not exist" 18 | when: not item.stat.exists 19 | loop: "{{ dockerfiles_exist.results }}" 20 | 21 | - name: Run deploy.yml for every docker image 22 | include_tasks: deploy.yml 23 | loop: "{{ docker_images_list }}" 24 | loop_control: 25 | loop_var: docker_image 26 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/devkit/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ################################ 3 | # Adoptium devkit installation # 4 | ################################ 5 | 6 | - name: Check if devkit {{ devkit_version }} is installed 7 | shell: /usr/local/devkit/{{ devkit_version }}/bin/gcc --version 2>&1 > /dev/null 8 | failed_when: false 9 | register: devkit_installed 10 | changed_when: False 11 | tags: devkit 12 | 13 | - name: Set filename of devkit tarball 14 | set_fact: 15 | devkit_filename: devkit-{{ devkit_version }}-{{ ansible_architecture }}-linux-gnu.tar.xz 16 | when: 17 | - devkit_installed.rc != 0 18 | tags: devkit 19 | 20 | - name: Download {{ devkit_filename }} 21 | get_url: 22 | url: https://github.com/adoptium/devkit-binaries/releases/download/{{ devkit_version }}/{{ devkit_filename }} 23 | dest: /tmp/devkit.tar.xz 24 | force: no 25 | mode: 0644 26 | checksum: "sha256:{{ lookup('vars', 'csum_' + ansible_architecture) }}" 27 | when: 28 | - devkit_installed.rc != 0 29 | tags: devkit 30 | 31 | # Perhaps this should have the `b01` removed ... Or use a symlink? 32 | - name: Create /usr/local/devkit/{{ devkit_version }} 33 | file: 34 | path: /usr/local/devkit/{{ devkit_version }} 35 | state: directory 36 | mode: '0755' 37 | 38 | - name: Extract {{ devkit_filename }} to /usr/local/devkit 39 | unarchive: 40 | src: /tmp/devkit.tar.xz 41 | dest: /usr/local/devkit/{{ devkit_version }} 42 | copy: False 43 | when: 44 | - devkit_installed.rc != 0 45 | tags: devkit 46 | 47 | - name: Remove tarball 48 | file: 49 | path: '/tmp/devkit.tar.xz' 50 | state: absent 51 | when: 52 | - devkit_installed.rc != 0 53 | tags: devkit 54 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/devkit/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | csum_x86_64: 97373a8e9efa47fd3748215a7739f3c149e36f3f2eeddf772dc51c8a35525b4c 3 | csum_aarch64: e53c18b752cb0e6070e5277bf1eee24d2ad931d0f46b1de203e8180fed5e315c 4 | csum_ppc64le: c3aa6b87dba9c76cd7c839354c564cc0370cce77af396483bad63da884267172 5 | csum_riscv64: d7e63b59bb30b9cb4ccca989ab1771988567f93a66e0551230d7b4fdf8514be1 6 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/gcc_10/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | csum_x86_64: ae8eb7e617fbdbca055b00be713564a255d811444625ebc9af422d53bde99555 3 | csum_aarch64: d0f49182cd737ed039efca861fea66a1bd1359a54f4f15e3ed4670b862a2dbe0 4 | csum_armv7l: 2ae7777ba9ab2b7aefba8e1b70728358124a8a4754dd8fc78a584d3fe3c82f52 5 | csum_ppc64le: 5dc8a5553bb3543f0baddff9999ef27b9cf8161bc492d0ff955d30d4a0d13cbc 6 | csum_s390x: 686f5fe4a2e1cc4969f15f78eb27375b8a544d3e2eb9b37841fbaf9d48616edc 7 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/gcc_11/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | csum_x86_64: c59bde6e2b594fb127c1f7fa82a0f95b0b6bb17fcd7631f65d3963109e311f7c 3 | csum_aarch64: 5b7e0cb839b74ebe769557dae157fcbff5f7bcf2885003cc528fb65cd922b66c 4 | csum_armv7l: a9f5d487243cd9d531a0c285275a3b518c30457bcec6d1fc9de4f8a109268bd8 5 | csum_ppc64le: fd84b3b5b2593762b837c74fe3f410d9d2ae73539eb2f4334da344449ed0e6fc 6 | csum_s390x: eb8cae5f49f405ae32140860d67a90813d9d21614afd2c4dd7dfd565c5e2ea69 7 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/gcc_7/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | csum_aarch64_xz: f918253b4be66c9830aedda3c1a186822f850c1f22f571864358d7c5b4fced89 3 | csum_armv7l_gz: a85d2123bb7246fed0ef340382a0af8ea00c2b7b2dc6cc06570a81a2c0ccf19c 4 | csum_armv7l_xz: 91648bc18845e9c2db990c76c56f9c8095451777f5529b1dc750b9fcf00362b8 5 | csum_ppc64le_xz: 09bf8e00d437a9c24733b6883974c997c0acf94ee423179e9af7f05bcf654729 6 | csum_s390x_xz: 04bf5585b0b13cb87c315d07fd858796f1d9a0be67088ba1e082765ad125931d 7 | csum_x86_64_xz: b54b6684e7d03bbcde6f11209bfc18e042c96702121d7d9a57ca8c8902cba6c8 8 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/gcc_9/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ######### 3 | # gcc_9 # 4 | ######### 5 | 6 | - name: Check if gcc 9.3 is installed on RHEL/CentOS 7 | shell: /usr/local/gcc9/bin/gcc-9.3 --version 2>&1 > /dev/null 8 | failed_when: false 9 | register: gcc9_installed 10 | when: 11 | - (ansible_distribution == "RedHat" or ansible_distribution == "CentOS" ) 12 | - (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") 13 | changed_when: false 14 | tags: gcc_9 15 | 16 | - name: Download AdoptOpenJDK gcc-9.3.0 binary 17 | get_url: 18 | url: https://ci.adoptium.net/userContent/gcc/gcc930.{{ ansible_architecture }}.tar.xz 19 | dest: '/tmp/ansible-adoptopenjdk-gcc-9.tar.xz' 20 | force: no 21 | mode: 0644 22 | checksum: "sha256:{{ lookup('vars', 'csum_' + ansible_architecture) }}" 23 | when: 24 | - (ansible_distribution == "RedHat" or ansible_distribution == "CentOS" ) 25 | - (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") 26 | - gcc9_installed.rc != 0 27 | tags: gcc_9 28 | 29 | - name: Extract AdoptOpenJDK gcc-9 binary to /usr/local/gcc 30 | unarchive: 31 | src: /tmp/ansible-adoptopenjdk-gcc-9.tar.xz 32 | dest: /usr/local/ 33 | copy: False 34 | when: 35 | - (ansible_distribution == "RedHat" or ansible_distribution == "CentOS" ) 36 | - (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") 37 | - gcc9_installed.rc != 0 38 | tags: gcc_9 39 | 40 | - name: Remove downloaded gcc 9 binary tarball 41 | file: 42 | path: '/tmp/ansible-adoptopenjdk-gcc-9.tar.xz' 43 | state: absent 44 | when: 45 | - (ansible_distribution == "RedHat" or ansible_distribution == "CentOS" ) 46 | - (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") 47 | - gcc9_installed.rc != 0 48 | tags: gcc_9 49 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/gcc_9/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | csum_x86_64: 6170a91343512a99c478eaaf16e392bfc4b24b4464faa122ca156b4112cd7560 3 | csum_aarch64: 5ca7db3a4b01d92580b00373ce871b3a38a8beb8556375286d8098bf77c847a6 4 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/linux_installer/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################### 3 | # Build tool prerequisites for Linux installer jobs # 4 | # Currently only supports Ubuntu 18.04 # 5 | ##################################################### 6 | 7 | - name: Install FPM prerequisites 8 | apt: 9 | name: "{{ item }}" 10 | state: present 11 | update_cache: yes 12 | with_items: 13 | - openjdk-8-jdk-headless 14 | - make 15 | - gcc 16 | - git 17 | - ruby 18 | - ruby-dev 19 | - build-essential 20 | - rpm 21 | - rubygems 22 | when: 23 | - ansible_distribution == "Ubuntu" 24 | tags: linux_installer 25 | 26 | - name: Install FPM with RubyGems 27 | shell: gem install --no-document fpm 28 | tags: linux_installer 29 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/logs/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Updates $HOME/ansible.log with the date and time of latest ansible playbook run 3 | 4 | - name: Set Log path 5 | set_fact: 6 | log_path: /var/log 7 | 8 | - name: Set variables (MacOS) 9 | set_fact: 10 | user_group: "staff" 11 | when: 12 | - ansible_distribution == "MacOSX" 13 | 14 | - name: Set variables (Not MacOS) 15 | set_fact: 16 | user_group: "root" 17 | when: 18 | - ansible_distribution != "MacOSX" 19 | 20 | - name: Get Date and Time 21 | shell: date +%Y-%m-%d\ %H:%M:%S 22 | register: date_output 23 | 24 | - name: Get Latest git commit SHA 25 | shell: git rev-parse HEAD 26 | register: git_output 27 | delegate_to: localhost 28 | ignore_errors: yes 29 | when: git_sha is not defined 30 | 31 | - name: Set git_output to git_sha 32 | set_fact: 33 | git_sha: "{{ git_output.stdout }}" 34 | when: git_sha is not defined 35 | 36 | - name: Update Log File 37 | lineinfile: 38 | owner: root 39 | group: "{{ user_group }}" 40 | create: yes 41 | path: "{{ log_path }}/ansible.log" 42 | insertafter: EOF 43 | line: "{{ position }} {{ date_output.stdout }} {{ git_sha }}" 44 | become: yes 45 | become_user: root 46 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/macos_codesign/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ################## 3 | # macOS Codesign # 4 | ################## 5 | 6 | # Since moving to the Eclipse Foundation, we no longer need these steps and so we've changed this role to ensure that no LJC certs exist on the machines. 7 | # See https://github.com/adoptium/infrastructure/blob/ccdc434d5f13861a03b598e9e34674d978c85d34/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/macos_codesign/tasks/main.yml for the original content. 8 | 9 | - name: Remove Jenkins password file 10 | file: path="/Users/jenkins/.password" state=absent 11 | 12 | - name: Remove Application Certificate 13 | shell: | 14 | security delete-certificate -c "Developer ID Application: London Jamocha Community CIC" "/Users/jenkins/Library/Keychains/login.keychain-db" 15 | become_user: jenkins 16 | failed_when: false 17 | 18 | - name: Remove Installer Certificate 19 | shell: | 20 | security delete-certificate -c "Developer ID Installer: London Jamocha Community CIC" "/Users/jenkins/Library/Keychains/login.keychain-db" 21 | become_user: jenkins 22 | failed_when: false 23 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/remove_container/tasks/delete_container.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Get the container ID using the port number found in DockerhostInventory.json 4 | - name: Get container ID of container running on {{ docker_port }} 5 | shell: docker ps | grep {{ docker_port }} | sed 's/ /\n/g' | head -n 1 6 | register: docker_container_ID 7 | 8 | - name: Stop and remove container {{ docker_container_ID.stdout }} 9 | community.docker.docker_container: 10 | name: "{{ docker_container_ID.stdout }}" 11 | state: absent 12 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/remove_container/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # The deleteNodes.py script deletes the nodes in Jenkins 3 | # Ansible then removes the docker containers on the dockerhost via the delete_container role 4 | # If the node is not idle in Jenkins, the node is not deleted 5 | 6 | # no_log hides the api_token from the output 7 | - name: Run deleteNodes script 8 | script: scripts/deleteNodes.py {{ jenkins_username }} {{ jenkins_api_token }} {{ delete_nodes }} 9 | args: 10 | executable: python3 11 | delegate_to: localhost 12 | no_log: true 13 | register: docker_ports 14 | 15 | - name: Set docker_ports variable 16 | set_fact: 17 | ports_list: "{{ docker_ports.stdout_lines[0].split(' ') | list }}" 18 | 19 | # Iterate over each machine, removes container on dockerhost machine 20 | - name: Run delete_container.yml for every docker port 21 | include_tasks: delete_container.yml 22 | loop: "{{ ports_list }}" 23 | loop_control: 24 | loop_var: docker_port 25 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/vsftpd/conf/vsftpd.conf: -------------------------------------------------------------------------------- 1 | listen=YES 2 | listen_ipv6=No 3 | anonymous_enable=NO 4 | local_enable=YES 5 | write_enable=YES 6 | local_umask=022 7 | dirmessage_enable=YES 8 | use_localtime=YES 9 | xferlog_enable=YES 10 | chroot_local_user=YES 11 | secure_chroot_dir=/var/run/vsftpd/empty 12 | pam_service_name=vsftpd 13 | force_dot_files=YES 14 | pasv_enable=YES 15 | pasv_min_port=40000 16 | pasv_max_port=50000 17 | pasv_address=jckservices.adoptium.net 18 | pasv_addr_resolve=YES 19 | user_sub_token=$USER 20 | local_root=/home/$USER/ftp 21 | allow_writeable_chroot=YES 22 | port_enable=YES 23 | connect_from_port_20=YES 24 | ftp_data_port=20 25 | seccomp_sandbox=NO 26 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/vsftpd/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ################# 3 | # VSFTPD Server # 4 | ################# 5 | - name: Install vsftpd 6 | apt: pkg=vsftpd state=latest 7 | tags: dependencies 8 | 9 | - name: Add Shell /sbin/nologin 10 | command: add-shell /sbin/nologin 11 | 12 | - name: Create FTP user with password 13 | action: user name="{{ jckftp_Username }}" home="/home/{{ jckftp_Username }}" shell=/sbin/nologin password="{{ jckftp_Passwd | password_hash('sha512') }}" state=present 14 | 15 | - name: Create symlink to /etc/securetty 16 | file: 17 | src: /usr/share/doc/util-linux/examples/securetty 18 | dest: /etc/securetty 19 | state: link 20 | 21 | - name: "Create /home/{{ jckftp_Username }}/ftp" 22 | file: 23 | path: "/home/{{ jckftp_Username }}/ftp" 24 | owner: "{{ jckftp_Username }}" 25 | group: "{{ jckftp_Username }}" 26 | state: directory 27 | 28 | - name: Create file for FTP access 29 | copy: 30 | content: "" 31 | dest: "/home/{{ jckftp_Username }}/ftp/filename.txt" 32 | force: no 33 | owner: "{{ jckftp_Username }}" 34 | group: "{{ jckftp_Username }}" 35 | mode: 0755 36 | 37 | - name: Copy vsftpd.conf 38 | copy: 39 | src: conf/vsftpd.conf 40 | dest: /etc/vsftpd.conf 41 | owner: root 42 | group: root 43 | mode: 0644 44 | backup: yes 45 | 46 | - name: Restart vsftpd service 47 | service: 48 | name: vsftpd 49 | state: restarted 50 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Unix_Playbook/ubuntu-jckservices.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ############################################### 3 | # AdoptOpenJDK Ansible JCK svcs Playbook for: # 4 | # -------- Ubuntu 20 (tested on x64) -------- # 5 | ############################################### 6 | 7 | - name: Ansible JCK Services Playbook 8 | hosts: all 9 | gather_facts: yes 10 | tasks: 11 | - name: Load Variables 12 | block: 13 | - name: Load AdoptOpenJDKs variable file 14 | include_vars: group_vars/all/adoptopenjdk_variables.yml 15 | 16 | - name: Set hostname to jckservices.adoptium.net 17 | hostname: 18 | name: jckservices.adoptium.net 19 | tags: hostname 20 | 21 | ######### 22 | # Roles # 23 | ######### 24 | roles: 25 | - Debug 26 | - role: Get_Vendor_Files 27 | tags: [vendor_files, adoptopenjdk, jenkins_user] 28 | - role: vsftpd 29 | tags: ftp_server 30 | - role: Kerberos 31 | tags: kerberos 32 | - role: Tomcat 33 | tags: tomcat 34 | - role: jckservices_iptables 35 | tags: iptables 36 | - Crontab 37 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/group_vars/all/adoptopenjdk_variables.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ansible_port: 5986 3 | ansible_connection: winrm 4 | ansible_winrm_server_cert_validation: ignore 5 | Jenkins_Username: jenkins 6 | Nagios_Plugins: Disabled 7 | 8 | ##### This needs to be set before running ###### 9 | #ansible_password: CHANGE_ME 10 | 11 | # If Experiencing timeout errors, set the two variables below. (See https://github.com/adoptium/infrastructure/tree/master/ansible#how-do-i-run-the-playbooks-on-a-remote-windows-host) 12 | # ansible_winrm_operation_timeout_sec: 600 13 | # ansible_winrm_read_timeout_sec: 630 14 | 15 | ### Default JDK ### 16 | bootjdk: hotspot 17 | heapsize: normal 18 | 19 | ant_version: 1.10.15 20 | ant_checksum: 1de7facbc9874fa4e5a2f045d5c659f64e0b89318c1dbc8acc6aae4595c4ffaf90a7b1ffb57f958dd08d6e086d3fff07aa90e50c77342a0aa5c9b4c36bff03a9 21 | 22 | ## Nagios Server Details 23 | Nagios_Master_IP: 78.47.239.96 24 | 25 | # GPG Public Keys 26 | key: 27 | apache_ant: 0A123C1ED3F13A6A0140E166C71FB765CD9DE313 # Jaikiran Pai 28 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/7-Zip/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ######## 3 | # 7zip # 4 | ######## 5 | # Added for extracting MinGW-W64 6 | 7 | - name: Check if 7-Zip is installed 8 | win_stat: 9 | path: 'C:\7-Zip\7z.exe' 10 | register: zip_installed 11 | tags: 7zip 12 | 13 | - name: Download and install 7-Zip 14 | when: not zip_installed.stat.exists 15 | tags: 7zip 16 | block: 17 | - name: Download 7-Zip (required to unpack MinGW-W64) 18 | win_get_url: 19 | url: https://www.7-zip.org/a/7z2201-x64.exe 20 | dest: 'C:\temp\7z.exe' 21 | force: no 22 | checksum: b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4 23 | checksum_algorithm: sha256 24 | 25 | - name: Install 7-Zip 26 | win_package: 27 | path: 'C:\temp\7z.exe' 28 | creates_path: 'C:\7-Zip\7z.exe' 29 | state: present 30 | arguments: /S /D="C:\7-Zip" 31 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Clang_32bit/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #################### 3 | # LLVM/Clang 32bit # 4 | #################### 5 | # Clang 32bit is an OpenJ9 prerequisite. 6 | # Silent installer for 32-bit will remove the 64-bit version so 7 | # we install from a zip file 8 | 9 | - name: Test if Clang 32bit is already installed (required by OpenJ9) 10 | win_stat: 11 | path: 'C:\Program Files (x86)\LLVM\bin\clang.exe' 12 | register: clang_32bit_installed 13 | tags: clang_32bit 14 | 15 | - name: Download Clang 32bit 16 | win_get_url: 17 | url: https://ci.adoptium.net/userContent/winansible/llvm-7.0.0-win32.zip 18 | dest: 'C:\temp\' 19 | force: no 20 | checksum: 89dcd42d240b3e7ef3a5487855e224f2f90a23a2a194dbadd8c427c2dd59df79 21 | checksum_algorithm: sha256 22 | when: not clang_32bit_installed.stat.exists 23 | tags: clang_32bit 24 | 25 | - name: Install (unzip) Clang 32bit 26 | win_unzip: 27 | src: C:\temp\llvm-7.0.0-win32.zip 28 | dest: C:\ 29 | creates: 'C:\Program Files (x86)\LLVM\bin\clang.exe' 30 | when: not clang_32bit_installed.stat.exists 31 | tags: clang_32bit 32 | 33 | - name: Test if LLVM32 symlink is already created 34 | win_stat: 35 | path: 'C:\openjdk\LLVM32' 36 | register: llvm32_symlink 37 | tags: clang_32bit 38 | 39 | - name: Create symlink to C:\openjdk\LLVM32 40 | win_shell: mklink /D "C:\openjdk\LLVM32" "C:\Program Files (x86)\LLVM" 41 | args: 42 | executable: cmd 43 | when: (not llvm32_symlink.stat.exists) 44 | tags: clang_32bit 45 | 46 | - name: Cleanup Clang 32bit zip 47 | win_file: 48 | path: 'c:\temp\LLVM-7.0.0-win32.zip' 49 | state: absent 50 | failed_when: false 51 | tags: clang_32bit 52 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Clang_64bit/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #################### 3 | # LLVM/Clang 64bit # 4 | #################### 5 | # Clang 64bit is an OpenJ9 prerequisite. 6 | # The original source of Clang64 was https://releases.llvm.org/7.0.0/LLVM-7.0.0-win64.exe being executed with the /S parameter 7 | 8 | - name: Test if Clang 64bit is already installed (required by OpenJ9) 9 | win_stat: 10 | path: 'C:\Program Files\LLVM\bin\clang.exe' 11 | register: clang_64bit_installed 12 | tags: clang_64bit 13 | 14 | - name: Download Clang 64bit 15 | win_get_url: 16 | url: https://ci.adoptium.net/userContent/winansible/llvm-7.0.0-win64.zip 17 | dest: 'C:\temp\' 18 | force: no 19 | checksum: e61c3d115778dbb54f91cec8ca7682cbad601d61e2c40a9a97e554aa1f1bb2b6 20 | checksum_algorithm: sha256 21 | when: not clang_64bit_installed.stat.exists 22 | tags: clang_64bit 23 | 24 | - name: Install (unzip) Clang 64bit 25 | win_unzip: 26 | src: C:\temp\llvm-7.0.0-win64.zip 27 | dest: C:\ 28 | creates: 'C:\Program Files\LLVM\bin\clang.exe' 29 | when: not clang_64bit_installed.stat.exists 30 | tags: clang_64bit 31 | 32 | - name: Test if LLVM64 symlink is already created 33 | win_stat: 34 | path: 'C:\openjdk\LLVM64' 35 | register: llvm64_symlink 36 | tags: clang_64bit 37 | 38 | - name: Create symlink to C:\openjdk\LLVM64 39 | win_shell: mklink /D "C:\openjdk\LLVM64" "C:\Program Files\LLVM" 40 | args: 41 | executable: cmd 42 | when: not llvm64_symlink.stat.exists 43 | tags: clang_64bit 44 | 45 | - name: Cleanup Clang 64bit installer 46 | win_file: 47 | path: 'C:\temp\llvm-7.0.0-win64.zip' 48 | state: absent 49 | failed_when: false 50 | tags: clang_64bit 51 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/CodesignCert/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ################ 3 | # CodesignCert # 4 | ################ 5 | 6 | # Since moving to the Eclipse Foundation, we no longer need these steps and so we've changed this role to ensure that no LJC certs exist on the machines. 7 | # See https://github.com/adoptium/infrastructure/blob/cbadc5c45871c22e6a011999bf5ab3a3fdc926cf/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/CodesignCert/tasks/main.yml for the original content. 8 | 9 | - name: Remove windows.p12, if present 10 | win_file: 11 | path: C:\openjdk\windows.p12 12 | state: absent 13 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Debug/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################### 3 | # Debug Information # 4 | ##################### 5 | - name: Display Debug Information 6 | debug: 7 | msg: 8 | - "inventory_hostname: {{ inventory_hostname | default('***Undefined***') }} " 9 | - "ansible_os_family: {{ ansible_os_family | default('***Undefined***') }} " 10 | - "ansible_distribution: {{ ansible_distribution | default('***Undefined***') }} " 11 | - "ansible_distribution_major_version: {{ ansible_distribution_major_version | default('***Undefined***') }} " 12 | - "ansible_architecture: {{ ansible_architecture | default('***Undefined***') }} " 13 | - "ansible_processor_vcpus: {{ ansible_processor_vcpus | default('***Undefined***') }} " 14 | - "ansible_processor_cores: {{ ansible_processor_cores | default('***Undefined***') }} " 15 | - "ansible_version.full: {{ ansible_version.full | default('***Undefined***') }} " 16 | - "Jenkins_Username: {{ Jenkins_Username | default('***Undefined***') }} " 17 | - "Nagios_Plugins: {{ Nagios_Plugins | default('***Undefined***') }} " 18 | - "Superuser_Account: {{ Superuser_Account | default('***Undefined***') }}" 19 | - "Vendor_File: {{ Vendor_File | default('***Undefined***') }}" 20 | tags: Debug 21 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Dragonwell/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ################################################### 3 | # Dragonwell bootstrap image (Currently only an Dragonwell 8 requirement) # 4 | ################################################### 5 | - name: Test if Dragonwell is already installed 6 | win_stat: 7 | path: 'C:\openjdk\dragonwell-bootstrap\jdk8u272-ga' 8 | register: dragonwell_installed 9 | tags: dragonwell 10 | 11 | - name: Check if Dragonwell is already downloaded 12 | win_stat: 13 | path: 'C:\temp\dragonwell.zip' 14 | register: dragonwell_download 15 | tags: dragonwell 16 | 17 | - name: Download Dragonwell 18 | win_get_url: 19 | url: https://github.com/alibaba/dragonwell8/releases/download/dragonwell-8.5.4_jdk8u272-ga/Alibaba_Dragonwell_8.5.4-GA_Experimental_Windows_x64.zip 20 | checksum: 0f04bee12ce1acd70d603759e1c57d8381c08669bdeed743474ce9ecfae51fb3 21 | checksum_algorithm: sha256 22 | dest: 'C:\temp\dragonwell.zip' 23 | when: (not dragonwell_download.stat.exists) 24 | and (not dragonwell_installed.stat.exists) 25 | tags: dragonwell 26 | 27 | - name: Install Dragonwell 28 | win_unzip: 29 | src: C:\temp\dragonwell.zip 30 | dest: C:\openjdk\dragonwell-bootstrap 31 | when: (not dragonwell_installed.stat.exists) 32 | tags: dragonwell 33 | 34 | - name: Clean up Dragonwell 35 | win_file: 36 | path: C:\temp\dragonwell.zip 37 | state: absent 38 | tags: dragonwell 39 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Firefox/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ########### 3 | # Firefox # 4 | ########### 5 | 6 | - name: Test if Firefox is already installed 7 | win_stat: 8 | path: 'C:\Program Files\Mozilla Firefox\firefox.exe' 9 | register: firefox_installed 10 | tags: Firefox 11 | 12 | - name: Check if Firefox is already downloaded 13 | win_stat: 14 | path: 'C:\temp\firefox.exe' 15 | register: firefox_download 16 | tags: Firefox 17 | 18 | - name: Download Firefox 19 | win_get_url: 20 | url: https://ftp.mozilla.org/pub/firefox/releases/54.0/win64/en-GB/Firefox%20Setup%2054.0.exe 21 | dest: 'C:\temp\firefox.exe' 22 | checksum: 9a1fbbb7eb68347decafbf048fc9728777fc213fefc5224119625b1f58a626fc 23 | checksum_algorithm: sha256 24 | when: (not firefox_download.stat.exists) and (not firefox_installed.stat.exists) 25 | tags: Firefox 26 | 27 | - name: Install Firefox 28 | raw: C:\temp\firefox.exe -ms 29 | when: (not firefox_installed.stat.exists) 30 | tags: Firefox 31 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Freemarker/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################### 3 | # Freemarker v2.3.8 # 4 | ##################### 5 | 6 | - name: Test if freemarker is already installed 7 | win_stat: 8 | path: 'C:\openjdk\freemarker.jar' 9 | register: freemarker_installed 10 | tags: Freemarker 11 | 12 | - name: Download freemarker 13 | win_get_url: 14 | url: https://repo.maven.apache.org/maven2/freemarker/freemarker/2.3.8/freemarker-2.3.8.jar 15 | dest: 'C:\openjdk\freemarker.jar' 16 | checksum: 357472da121499a66175af0a4cd5e8be84b8b4d2fdc6bcc974937937ba3003bc 17 | checksum_algorithm: sha256 18 | when: (not freemarker_installed.stat.exists) 19 | tags: Freemarker 20 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/GIT/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ####### 3 | # GIT # 4 | ####### 5 | 6 | - name: Test if GIT is already installed 7 | win_stat: 8 | path: 'C:\Program Files\Git' 9 | register: git_installed 10 | tags: git 11 | 12 | - name: Check if GIT installer is already downloaded 13 | win_stat: 14 | path: 'C:\temp\git.exe' 15 | register: git_download 16 | tags: git 17 | 18 | - name: Download GIT installer 19 | win_get_url: 20 | url: 'https://github.com/git-for-windows/git/releases/download/v2.14.3.windows.1/Git-2.14.3-64-bit.exe' 21 | dest: 'C:\temp\git.exe' 22 | checksum: 9610e082b823beb7f0da91a98d9f73e1f3f2430c21b2c4e15517dea4f981be3f 23 | checksum_algorithm: sha256 24 | when: (not git_download.stat.exists) and (not git_installed.stat.exists) 25 | tags: git 26 | 27 | - name: Create GIT properties file 28 | win_shell: 'New-Item -Path C:\temp -Name git_props.cfg -ItemType file -Value "[Setup]`nCRLFOption=CRLFCommitAsIs"' 29 | when: (not git_installed.stat.exists) 30 | tags: git 31 | 32 | - name: Install GIT 33 | win_command: 'C:\temp\git.exe /SILENT /LOADINF="C:\temp\git_props.cfg" /COMPONENTS="icons,ext\reg\shellhere,assoc,assoc_sh"' 34 | when: (not git_installed.stat.exists) 35 | tags: git 36 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/GPG_signature_verification/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # These tasks can only run once cygwin is installed on the remote machine 3 | 4 | - name: Check if gnupg directory exists 5 | win_stat: 6 | path: 'C:\cygwin64\home\%USERNAME%\.gnupg' 7 | register: gnupg_check 8 | 9 | - name: Create gnupg directory with Cygwin ( if it doesnt exist ) 10 | win_shell: C:/cygwin64/bin/bash.exe -c "mkdir -p ~/.gnupg" 11 | when: (not gnupg_check.stat.exists) 12 | 13 | - name: Fix Permissions 14 | win_shell: C:/cygwin64/bin/bash.exe -c "chmod og-rwx ~/.gnupg" 15 | 16 | - name: Download GPG Signing Key 17 | win_command: curl -sSL "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x{{ GPG_key }}" -o c:\temp\gpgkey.asc 18 | 19 | - name: Temporarily Disable gpgagent 20 | win_shell: C:/cygwin64/bin/bash.exe -c "chmod 400 /usr/bin/gpg-agent" 21 | 22 | - name: Temporarily Disable dirmngr 23 | win_shell: C:/cygwin64/bin/bash.exe -c "chmod 400 /usr/bin/dirmngr" 24 | 25 | - name: Import GPG Signing Key 26 | win_shell: | 27 | C:/cygwin64/bin/bash.exe -c "gpg2 --batch --import c:/temp/gpgkey.asc" 28 | failed_when: false 29 | 30 | - name: Re-enable gpgagent 31 | win_shell: C:/cygwin64/bin/bash.exe -c "chmod 755 /usr/bin/gpg-agent" 32 | when: true 33 | 34 | - name: Re-enable dirmngr 35 | win_shell: C:/cygwin64/bin/bash.exe -c "chmod 755 /usr/bin/dirmngr" 36 | when: true 37 | 38 | - name: Get signature file 39 | win_command: wget -q "{{ signature_link }}" -O sigfile 40 | 41 | - name: Verify binary 42 | win_shell: C:/cygwin64/bin/bash.exe -c "gpg2 --verify sigfile {{ file_path }}" 43 | 44 | - name: Remove gnupg directory with Cygwin ( when it didnt exist previously ) 45 | win_shell: C:/cygwin64/bin/bash.exe -c "rm -rf ~/.gnupg" 46 | when: (not gnupg_check.stat.exists) 47 | 48 | - name: Remove Downloaded GPG Key 49 | win_file: 50 | path: c:\temp\gpgkey.asc 51 | state: absent 52 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/IcedTea-Web/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ############### 3 | # IcedTea-Web # 4 | ############### 5 | 6 | - name: Check if IcedTea-Web 1.8.2 is already downloaded 7 | win_stat: 8 | path: 'C:\temp\icedteaWEB182.msi' 9 | register: icedteaweb_download 10 | tags: IcedTea-Web 11 | 12 | - name: Check if IcedTea-Web 1.8.2 is already installed 13 | win_stat: 14 | path: 'C:\Program Files\IcedTeaWEB' 15 | register: icedteaweb_install 16 | tags: IcedTea-Web 17 | 18 | - name: Download IcedTea-Web 1.8.2 19 | win_get_url: 20 | url: https://github.com/AdoptOpenJDK/IcedTea-Web/releases/download/icedtea-web-1.8.2/icedtea-web-1.8.2.msi 21 | dest: 'C:\temp\icedteaWEB182.msi' 22 | checksum: 7887693462e357e9ea20901066f9cf015e8fd1b47f9eec9d075a5fd155de27ca 23 | checksum_algorithm: sha256 24 | when: (not icedteaweb_download.stat.exists) and (not icedteaweb_install.stat.exists) 25 | tags: IcedTea-Web 26 | 27 | - name: Install IcedTea-Web 1.8.2 28 | win_package: 29 | path: 'C:\temp\icedteaWEB182.msi' 30 | creates_path: 'C:\Program Files\IcedTeaWeb\WebStart\bin\javaws.exe' 31 | state: present 32 | arguments: /l* C:\temp\icedteaweb.log /quiet INSTALLDIR="C:\Program Files\IcedTeaWEB" 33 | when: (not icedteaweb_install.stat.exists) 34 | tags: IcedTea-Web 35 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Incredibuild/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ####################################### 3 | # Incredibuild - Configuration Tasks # 4 | ####################################### 5 | 6 | - name: Check if the ibxbuild service exists 7 | ansible.windows.win_service_info: 8 | name: IBXDashboard 9 | register: service_info 10 | 11 | - name: Stop the IBX Dashboard service if it exists 12 | ansible.windows.win_service: 13 | name: IBXDashboard 14 | state: stopped 15 | when: service_info.exists 16 | 17 | - name: Check if incredibuild.conf file exists 18 | win_stat: 19 | path: 'C:\Program Files (x86)\IncrediBuild\Dashboard\Apache24\conf\incredibuild.conf' 20 | register: incredibuild_conf_file 21 | 22 | - name: Replace APACHE_PORT in incredibuild.conf if file exists 23 | win_lineinfile: 24 | path: 'C:\Program Files (x86)\IncrediBuild\Dashboard\Apache24\conf\incredibuild.conf' 25 | regexp: '^define APACHE_PORT \d+$' 26 | line: 'define APACHE_PORT 31000' 27 | backup: yes 28 | when: incredibuild_conf_file.stat.exists 29 | 30 | - name: Start the IBX Dashboard service if it exists 31 | ansible.windows.win_service: 32 | name: IBXDashboard 33 | state: started 34 | when: service_info.exists 35 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Java7/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ########## 3 | # Java 7 # 4 | ########## 5 | 6 | - name: Test if Java 7 is already installed 7 | win_stat: 8 | path: 'C:\Program Files\Java\java-se-7u75-ri' 9 | register: java7_installed 10 | tags: Java7 11 | 12 | - name: Check if Java 7 is already downloaded 13 | win_stat: 14 | path: 'C:\temp\jdk7u75-b13.zip' 15 | register: java7_download 16 | tags: Java7 17 | 18 | - name: Download Java 7 19 | win_get_url: 20 | url: https://download.java.net/openjdk/jdk7u75/ri/jdk_ri-7u75-b13-windows-i586-18_dec_2014.zip 21 | dest: 'C:\temp\jdk7u75-b13.zip' 22 | checksum: 505a6a2440ae2d48e61a50049f0bb9fce789ab4618953e0c72e07c5987b725ab 23 | checksum_algorithm: sha256 24 | when: (not java7_download.stat.exists) and (not java7_installed.stat.exists) 25 | tags: Java7 26 | 27 | - name: Install Java 7 28 | win_unzip: 29 | src: C:\temp\jdk7u75-b13.zip 30 | dest: C:\Program Files\Java 31 | delete_archive: yes 32 | when: (not java7_installed.stat.exists) 33 | tags: Java7 34 | 35 | - name: Test if Java 7 symlink is already created 36 | win_stat: 37 | path: 'C:\openjdk\jdk-7' 38 | register: java7_symlink 39 | tags: Java7 40 | 41 | - name: Create symlink to Java 7 42 | win_shell: mklink /D "C:\openjdk\jdk-7" "C:\Program Files\Java\java-se-7u75-ri" 43 | args: 44 | executable: cmd 45 | when: (not java7_symlink.stat.exists) 46 | tags: Java7 47 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Java8/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ########## 3 | # Java 8 # 4 | ########## 5 | - name: Test if Java 8 is already installed 6 | win_stat: 7 | path: 'C:\openjdk\jdk-8\bin' 8 | register: java8_installed 9 | tags: Java8 10 | 11 | - name: Check if Java 8 is already downloaded 12 | win_stat: 13 | path: 'C:\temp\jdk-8.zip' 14 | register: java8_download 15 | tags: Java8 16 | 17 | - name: Download Java 8 18 | win_get_url: 19 | url: https://api.adoptopenjdk.net/v3/binary/latest/8/ga/windows/x64/jdk/{{ bootjdk }}/{{ heapsize }}/adoptopenjdk?project=jdk 20 | dest: 'C:\temp\jdk-8.zip' 21 | when: (not java8_download.stat.exists) and (not java8_installed.stat.exists) 22 | tags: Java8 23 | 24 | - name: Install Java 8 25 | win_unzip: 26 | src: C:\temp\jdk-8.zip 27 | dest: C:\Program Files\Java 28 | when: (not java8_installed.stat.exists) 29 | tags: Java8 30 | 31 | - name: Create symlink to directory without spaces if not already there 32 | win_shell: for /D %a in ("C:\Program Files\Java\jdk8*") do IF NOT EXIST "C:\openjdk\jdk-8" MKLINK /D "C:\openjdk\jdk-8" "%a" 33 | args: 34 | executable: cmd.exe 35 | creates: 'C:\openjdk\jdk-8' 36 | tags: Java8 37 | 38 | - name: Set JAVA_HOME to version 8 39 | win_path: 40 | name: JAVA_HOME 41 | elements: C:\openjdk\jdk-8 42 | scope: machine 43 | state: present 44 | when: (not java8_installed.stat.exists) 45 | tags: Java8 46 | 47 | - name: Add JAVA_HOME/bin to Path 48 | win_path: 49 | name: Path 50 | elements: C:\openjdk\jdk-8\bin 51 | scope: machine 52 | state: present 53 | when: (not java8_installed.stat.exists) 54 | tags: Java8 55 | 56 | - name: Clean up jdk-8.zip 57 | win_file: 58 | path: C:\temp\jdk-8.zip 59 | state: absent 60 | tags: Java8 61 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Jenkins/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ################ 3 | # Jenkins user # 4 | ################ 5 | 6 | # Add Jenkins user to Performance Log Users in order to view counter data. 7 | # see https://docs.microsoft.com/en-us/windows/win32/perfctrs/limited-user-access-support 8 | # Required by OpenJ9 tests: testOSMXBean* 9 | 10 | - name: Create Jenkins user 11 | win_user: 12 | name: "{{ Jenkins_Username }}" 13 | fullname: AdoptOpenJDK Jenkins User 14 | password: "{{ Jenkins_Win_Passwd }}" 15 | state: present 16 | password_never_expires: true 17 | groups: 18 | - Users 19 | - Remote Desktop Users 20 | - Performance Log Users 21 | 22 | 23 | ####################################################################### 24 | # This is a workaround for removing left over workspace folders which 25 | # Jenkins fails to remove by itself 26 | ####################################################################### 27 | - name: Create a scheduled task to delete zombie jenkins workspaces 28 | win_scheduled_task: 29 | name: DeleteJenkinsWorkspaces 30 | description: This schedule task recursively deletes all jenkins workspace 31 | folders that are already marked for deletion but failed 32 | (with name ws-cleanup) 33 | actions: 34 | - path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 35 | arguments: -command "Remove-Item -Force -Recurse 36 | -ErrorAction SilentlyContinue 37 | \\?\C:\Users\{{ Jenkins_Username }}\workspace\*ws-cleanup*" 38 | triggers: 39 | - type: daily 40 | start_boundary: '2018-01-01T21:00:00' 41 | username: SYSTEM 42 | state: present 43 | enabled: true 44 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Jenkins_Service_Installation/templates/JenkinsAgentService.xml.j2: -------------------------------------------------------------------------------- 1 | 2 | Jenkins 3 | Jenkins 4 | This service runs an agent for Jenkins automation server. 5 | C:\openjdk\jdk-17\bin\java.exe 6 | -Xrs -jar "%BASE%\agent.jar" -jnlpUrl https://ci.adoptium.net/computer/{{ inventory_hostname }}/jenkins-agent.jnlp -secret {{ jenkins_secret }} -workDir=C:\Users\{{ Jenkins_Username }}\workspace 7 | rotate 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/NTP_TIME/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ################### 3 | # NTP Time Server # 4 | ################### 5 | - name: NTP - regedit - Synchronize with an external time source 6 | win_regedit: 7 | path: HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters 8 | name: Type 9 | data: NTP 10 | type: string 11 | tags: NTP_TIME 12 | 13 | - name: NTP - regedit - Set AnnounceFlags 14 | win_regedit: 15 | path: HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Config 16 | name: AnnounceFlags 17 | data: 5 18 | type: dword 19 | tags: NTP_TIME 20 | 21 | - name: NTP - regedit - Enable 22 | win_regedit: 23 | path: HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer 24 | name: Enabled 25 | data: 1 26 | type: dword 27 | tags: NTP_TIME 28 | 29 | - name: NTP - regedit - Specify time sources 30 | win_regedit: 31 | path: HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters 32 | name: NtpServer 33 | data: 1.pool.ntp.org,0x1 34 | type: string 35 | tags: NTP_TIME 36 | 37 | - name: NTP - regedit - Set MaxPosPhaseCorrection 38 | win_regedit: 39 | path: HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Config 40 | name: MaxNegPhaseCorrection 41 | data: 708 42 | type: dword 43 | tags: NTP_TIME 44 | 45 | - name: NTP - Service w32time restart 46 | win_service: 47 | name: w32time 48 | state: restarted 49 | tags: NTP_TIME 50 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Rust/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ######### 3 | # Rust # 4 | ######### 5 | 6 | - name: Test if Rust is already installed 7 | win_stat: 8 | path: 'C:\rust\bin\rustc.exe' 9 | register: rust_installed 10 | tags: Rust 11 | 12 | - name: Download Rust installer 13 | win_get_url: 14 | url: https://static.rust-lang.org/dist/rust-1.33.0-x86_64-pc-windows-msvc.msi 15 | dest: 'C:\temp\rust.msi' 16 | force: no 17 | checksum: cc27799843a146745d4054afa5de1f1f5ab19d539d8c522a909b3c8119e46f99 18 | checksum_algorithm: sha256 19 | when: (not rust_installed.stat.exists) 20 | tags: Rust 21 | 22 | - name: Install Rust 23 | raw: msiexec /i C:\temp\rust.msi INSTALLDIR="c:\rust" /quiet 24 | failed_when: false 25 | when: (not rust_installed.stat.exists) 26 | tags: Rust 27 | 28 | - name: Cleanup Rust 29 | win_file: 30 | path: C:\temp\rust.msi 31 | state: absent 32 | failed_when: false 33 | tags: Rust 34 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Strawberry_Perl/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ################### 3 | # Strawberry Perl # 4 | ################### 5 | 6 | - name: Test if Strawberry Perl is already installed 7 | win_stat: 8 | path: 'C:\Strawberry\perl' 9 | register: strawberry_perl_installed 10 | tags: Strawberry_Perl 11 | 12 | - name: Check if Strawberry Perl is already downloaded 13 | win_stat: 14 | path: 'C:\temp\strawberry-perl.zip' 15 | register: strawberry_perl_download 16 | tags: Strawberry_Perl 17 | 18 | - name: Download Strawberry Perl 19 | win_get_url: 20 | url: http://strawberryperl.com/download/5.26.0.1/strawberry-perl-5.26.0.1-64bit.zip 21 | dest: C:\temp\strawberry-perl.zip 22 | checksum: 0f89ce99be64679f930e9cca25ccec09de8aff2fc5db3c0dd4158d9606532ad5 23 | checksum_algorithm: sha256 24 | when: (not strawberry_perl_download.stat.exists) and (not strawberry_perl_installed.stat.exists) 25 | tags: Strawberry_Perl 26 | 27 | - name: Unzip Strawberry Perl 28 | win_unzip: 29 | src: C:\temp\strawberry-perl.zip 30 | dest: C:\Strawberry 31 | when: (not strawberry_perl_installed.stat.exists) 32 | tags: Strawberry_Perl 33 | 34 | - name: Add Strawberry Perl to %PATH% 35 | win_path: 36 | elements: 37 | - 'C:\Strawberry\perl\bin' 38 | state: present 39 | when: (not strawberry_perl_installed.stat.exists) 40 | tags: Strawberry_Perl 41 | 42 | - name: Install Text::CSV_XS 43 | win_command: C:\Strawberry\perl\bin\perl -MCPAN -e "install Text::CSV_XS" 44 | when: (not strawberry_perl_installed.stat.exists) 45 | tags: Strawberry_Perl 46 | 47 | - name: Clean up strawberry-perl.zip 48 | win_file: 49 | path: C:\temp\strawberry-perl.zip 50 | state: absent 51 | tags: Strawberry_Perl 52 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Thunderbird/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ############### 3 | # Thunderbird # 4 | ############### 5 | 6 | - name: Test if Thunderbird is already installed 7 | win_stat: 8 | path: 'C:\Program Files\Mozilla Thunderbird\thunderbird.exe' 9 | register: thunderbird_installed 10 | 11 | - name: Check if Thunderbird is already downloaded 12 | win_stat: 13 | path: 'C:\temp\thunderbird.exe' 14 | register: thunderbird_download 15 | 16 | - name: Download Thunderbird 17 | win_get_url: 18 | url: https://ftp.mozilla.org/pub/thunderbird/releases/115.4.1/win64/en-GB/Thunderbird%20Setup%20115.4.1.exe 19 | dest: 'C:\temp\thunderbird.exe' 20 | checksum: 7e68974880164058142491714e3e1c1fb92cef657d84244e2e37ee5c0c1cc909 21 | checksum_algorithm: sha256 22 | when: (not thunderbird_download.stat.exists) and (not thunderbird_installed.stat.exists) 23 | 24 | - name: Install Thunderbird 25 | raw: C:\temp\thunderbird.exe -ms 26 | when: (not thunderbird_installed.stat.exists) 27 | 28 | - name: Set Thunderbird as default 29 | win_regedit: 30 | path: HKCU:\Software\Clients\Mail 31 | name: Default 32 | data: Mozilla Thunderbird 33 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Version/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #################################### 3 | # Verify Ansible Version # 4 | #################################### 5 | - name: Verify if Ansible version is 2.4 or above 6 | assert: 7 | that: 8 | - "{{ ansible_version.string is version_compare('2.4', '>=') }}" 9 | msg: "Ansible 2.4 or above is required" 10 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/WMF_5.1/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ########### 3 | # WMF 5.1 # 4 | ########### 5 | 6 | - name: Check Powershell Major Version 7 | win_shell: $PSVersionTable.PSVersion | select -ExpandProperty Major 8 | args: 9 | executable: powershell 10 | register: powershell_output 11 | changed_when: false 12 | tags: WMF 13 | 14 | - name: Get WMF 5.1 Packages 15 | win_get_url: 16 | # link is specific to Win2012r2. Find others at https://www.microsoft.com/en-us/download/details.aspx?id=54616 17 | url: https://go.microsoft.com/fwlink/?linkid=839516 18 | dest: C:/temp/WMFinstaller.msu 19 | checksum: a8d788fa31b02a999cc676fb546fc782e86c2a0acd837976122a1891ceee42c0 20 | checksum_algorithm: sha256 21 | when: (powershell_output.stdout < '5') 22 | tags: WMF 23 | 24 | - name: Install WMF 5.1 25 | win_hotfix: 26 | source: C:\temp\WMFinstaller.msu 27 | state: present 28 | register: hotfix_install 29 | when: (powershell_output.stdout < '5') 30 | tags: WMF 31 | 32 | - name: Reboot machine for installation to complete 33 | win_reboot: 34 | reboot_timeout: 1800 35 | when: 36 | - (powershell_output.stdout < '5') 37 | - hotfix_install.reboot_required 38 | tags: WMF,reboot 39 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Windows_Updates/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ################### 3 | # Windows Updates # 4 | ################### 5 | 6 | # The following tasks have ignore_errors enabled as some Windows Providers can have issues updating due to the Administrator managed updates 7 | # See https://github.com/adoptium/infrastructure/issues/1469 8 | - name: Download and Install Windows Updates 9 | win_updates: 10 | register: update_result 11 | failed_when: false 12 | tags: Windows_Updates 13 | 14 | - name: Reboot machine if necessary 15 | win_reboot: 16 | reboot_timeout: 3600 17 | failed_when: false 18 | when: update_result.reboot_required 19 | tags: 20 | - Windows_Updates 21 | - reboot 22 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/logs/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Updates $HOME/ansible.log with the date and time of latest ansible playbook run 3 | 4 | - name: Set Log path 5 | set_fact: 6 | log_path: 'C:\Users\{{ ansible_user }}' 7 | 8 | # This task doesn't actually matter, aslong as it runs and is registered. The timestamp for the registered variable is used 9 | - name: Dummy task to get timestamp 10 | win_command: cmd /c echo hello 11 | register: date_output 12 | 13 | # Accounts for cases where playbook executor is windows and its executing on localhost 14 | - name: Get Latest git commit SHA (Windows local container) 15 | win_command: C:\cygwin64\bin\git -C C:/infrastructure rev-parse HEAD 16 | register: git_output 17 | ignore_errors: yes 18 | when: 19 | - git_sha is not defined 20 | - inventory_hostname == "localhost" or inventory_hostname == "127.0.0.1" 21 | 22 | - name: Get Latest git commit SHA (Windows remote) 23 | shell: git rev-parse HEAD 24 | register: git_output 25 | delegate_to: localhost 26 | ignore_errors: yes 27 | when: 28 | - git_sha is not defined 29 | - inventory_hostname != "localhost" and inventory_hostname != "127.0.0.1" 30 | 31 | - name: Set git_output to git_sha 32 | set_fact: 33 | git_sha: "{{ git_output.stdout }}" 34 | when: git_sha is not defined 35 | 36 | - name: Update Log File 37 | win_lineinfile: 38 | create: yes 39 | path: '{{ log_path }}\ansible.log' 40 | insertafter: EOF 41 | line: "{{ position }} {{ date_output.start }} {{ git_sha }}" 42 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/nasm/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ######## 3 | # nasm # 4 | ######## 5 | - name: Check if nasm is installed 6 | win_stat: 7 | path: C:\openjdk\nasm-2.13.03 8 | register: nasm_installed 9 | tags: nasm 10 | 11 | - name: Download nasm 12 | win_get_url: 13 | url: https://www.nasm.us/pub/nasm/releasebuilds/2.13.03/win64/nasm-2.13.03-win64.zip 14 | dest: C:\temp\nasm-2.13.03.zip 15 | checksum: b3a1f896b53d07854884c2e0d6be7defba7ebd09b864bbb9e6d69ada1c3e989f 16 | checksum_algorithm: sha256 17 | when: (not nasm_installed.stat.exists) 18 | tags: nasm 19 | 20 | - name: Unzip nasm 21 | win_unzip: 22 | src: C:\temp\nasm-2.13.03.zip 23 | dest: C:\openjdk 24 | delete_archive: yes 25 | when: (not nasm_installed.stat.exists) 26 | tags: nasm 27 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/shortNames/scripts/shortName.ps1: -------------------------------------------------------------------------------- 1 | # This script checks if an 8dot3 shortname exists for a specified directory in the Program Files (x86) folder 2 | 3 | $dirName=$Args[0] 4 | $shortName=$Args[1] 5 | 6 | $string=(cmd /c dir /x "C:\Program Files (x86)" | grep "$dirName") 7 | 8 | # Skip the directory if it doesn't exist 9 | If ($null -eq $string){ 10 | Write-Output "Directory not found - skipping" 11 | exit 12 | } 13 | 14 | $result=($string.split(" ")[17]) 15 | 16 | If ($result -eq ""){ 17 | Write-Output "Setting Shortname" 18 | fsutil file setshortname "C:\Program Files (x86)\$dirName" $shortName 19 | } 20 | -------------------------------------------------------------------------------- /ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/shortNames/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ############## 3 | # Shortnames # 4 | ############## 5 | 6 | # Ensures that directories have an 8dot3 shortname 7 | 8 | - name: Query to see if shortnames are enabled 9 | win_shell: "fsutil 8dot3name query C: | grep enabled" 10 | register: enabled_shortnames 11 | failed_when: false 12 | tags: 13 | - shortnames 14 | 15 | - name: Enable shortnames in Registry 16 | win_regedit: 17 | path: HKLM:\SYSTEM\CurrentControlSet\Control\Filesystem 18 | name: NtfsDisable8dot3NameCreation 19 | data: 2 20 | type: dword 21 | when: (not enabled_shortnames.stdout) 22 | tags: 23 | - shortnames 24 | 25 | # Note that using "set C: 0" did not work in containers 26 | - name: Enable shortnames 27 | win_shell: "fsutil 8dot3name set 0" 28 | when: (not enabled_shortnames.stdout) 29 | tags: 30 | - shortnames 31 | 32 | - name: Create 8dot3 shortnames 33 | script: scripts/shortName.ps1 "{{ item.name }}" "{{ item.shortname }}" 34 | with_items: 35 | - {name: "Microsoft Visual Studio", shortname: "MIB055~1"} 36 | - {name: "Microsoft Visual Studio 9.0", shortname: "MICROS~2.0"} 37 | - {name: "Microsoft Visual Studio 10.0", shortname: "MICROS~3.0"} 38 | - {name: "Microsoft Visual Studio 11.0", shortname: "MICROS~4.0"} 39 | - {name: "Microsoft Visual Studio 12.0", shortname: "MICROS~1.0"} 40 | - {name: "Microsoft Visual Studio 14.0", shortname: "MI0E91~1.0"} 41 | - {name: "Windows Kits", shortname: "WINDOW~4"} 42 | when: (not enabled_shortnames.stdout) 43 | tags: 44 | - shortnames 45 | -------------------------------------------------------------------------------- /ansible/playbooks/adoptopenjdk_variables.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # AdoptOpenJDK variables file 3 | Jenkins_Username: jenkins 4 | Nagios_Plugins: Enabled 5 | Slack_Notification: Disabled 6 | Superuser_Account: Enabled 7 | jckftp_Username: jckftp 8 | Asian_Locales: Disabled 9 | # Jcktestr User Variables: 10 | Jcktestr_Username: jcktestr 11 | Jcktestr_User_SSHKey: /Vendor_Files/keys/keybox.key 12 | # AIX variable 13 | bootjdk: openj9 14 | -------------------------------------------------------------------------------- /ansible/playbooks/nagios/VagrantFiles/Vagrantfile.Nagios.Server.Ubuntu2204: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | $script = <