From f4dfd9ddf3c7ed00bbfbf52256b0d06d911a3b3f Mon Sep 17 00:00:00 2001 From: Martijn Verburg Date: Thu, 3 Dec 2020 12:23:53 +0000 Subject: [PATCH 1/9] Fixes from Markdown and Yaml linters + spelling typos --- .github/ISSUE_TEMPLATE/ansible.md | 2 +- .github/ISSUE_TEMPLATE/machineaccess.md | 3 +- .github/ISSUE_TEMPLATE/newmachine.md | 4 +- .github/ISSUE_TEMPLATE/testcasefail.md | 4 +- .github/workflows/build_vagrant.yml | 2 +- .gitignore | 1 + CHAOS_MONKEY.md | 6 +- CONTRIBUTING.md | 23 ++-- FAQ.md | 19 ++- ONBOARDING.md | 10 +- README.md | 176 +++++++++++++----------- docs/README.md | 4 +- docs/Setup-QEMU-Images.md | 91 ++++++++---- docs/Setup-RISCV-VMs.md | 104 ++++++++------ 14 files changed, 266 insertions(+), 183 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/ansible.md b/.github/ISSUE_TEMPLATE/ansible.md index 3752522350..57eee750f1 100644 --- a/.github/ISSUE_TEMPLATE/ansible.md +++ b/.github/ISSUE_TEMPLATE/ansible.md @@ -6,7 +6,7 @@ labels: 'ansible' assignees: '' --- -Please put the name of the software product (and affectred platforms if relevant) in the title of this issue +Please put the name of the software product (and affected platforms if relevant) in the title of this issue - [ ] Missing install - [ ] Bug in ansible playbook diff --git a/.github/ISSUE_TEMPLATE/machineaccess.md b/.github/ISSUE_TEMPLATE/machineaccess.md index bd6d402468..a03b9d87fb 100644 --- a/.github/ISSUE_TEMPLATE/machineaccess.md +++ b/.github/ISSUE_TEMPLATE/machineaccess.md @@ -7,11 +7,12 @@ assignees: 'sxa' --- Access level: + - [ ] Non-privileged - [ ] jenkins user - [ ] root/Administrative - [ ] other (Please specify): -System for which access is needed: +System for which access is needed: Please explain why you need this access including whether it is a temporary or permanent request: diff --git a/.github/ISSUE_TEMPLATE/newmachine.md b/.github/ISSUE_TEMPLATE/newmachine.md index 7ef0ba8250..2fd655dd98 100644 --- a/.github/ISSUE_TEMPLATE/newmachine.md +++ b/.github/ISSUE_TEMPLATE/newmachine.md @@ -10,9 +10,9 @@ I need to request a new machine: - New machine operating system (e.g. linux/windows/macos/solaris/aix): - New machine architecture (e.g. x64/aarch32/arm32/ppc64/ppc64le/sparc): -- Provider (leave blank if it does not matter): +- Provider (leave blank if it does not matter): - Desired usage: -- Any unusual specification/setup required: +- Any unusual specification/setup required: - How many of them are required: 1 Please explain what this machine is needed for: diff --git a/.github/ISSUE_TEMPLATE/testcasefail.md b/.github/ISSUE_TEMPLATE/testcasefail.md index e0947f7635..a0927f7e4d 100644 --- a/.github/ISSUE_TEMPLATE/testcasefail.md +++ b/.github/ISSUE_TEMPLATE/testcasefail.md @@ -10,9 +10,9 @@ Please set the title to indicate the test name and machine name where known. To make it easy for the infrastructure team to repeat and diagnose, please answer the following questions: -- test suite/name? +- test suite/name? - Is there an existing issue elsewhere covering this? -- Which machine(s) does it work on? +- Which machine(s) does it work on? - Which machine(s) does it fail on? - Do you have a link to a Grinder re-run if the test with the failure? diff --git a/.github/workflows/build_vagrant.yml b/.github/workflows/build_vagrant.yml index 481724a606..bdf441ccd6 100644 --- a/.github/workflows/build_vagrant.yml +++ b/.github/workflows/build_vagrant.yml @@ -35,7 +35,7 @@ jobs: sed -i -e "s/.*hosts:.*/- hosts: all/g" playbooks/AdoptOpenJDK_Unix_Playbook/main.yml awk '{print}/^\[defaults\]$/{print "private_key_file = id_rsa"; print "timeout = 30"; print "remote_tmp = $HOME/.ansible/tmp"}' < ansible.cfg > ansible.cfg.tmp && mv ansible.cfg.tmp ansible.cfg - - name: Run Asible Playbook + - name: Run Ansible Playbook run: | cd ansible ansible-playbook -i playbooks/AdoptOpenJDK_Unix_Playbook/hosts.unx -u vagrant -b --skip-tags adoptopenjdk,cups playbooks/AdoptOpenJDK_Unix_Playbook/main.yml diff --git a/.gitignore b/.gitignore index 27f9c3eb9f..6fb6b1b87e 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ ansible/playbooks/*.retry *.pyc ansible/host_vars/* **/vendor_files +.vscode/ diff --git a/CHAOS_MONKEY.md b/CHAOS_MONKEY.md index a68dc0d63f..fbbcb6a4eb 100644 --- a/CHAOS_MONKEY.md +++ b/CHAOS_MONKEY.md @@ -1,11 +1,11 @@ -# Can we Chaos Monkey it? +# Can we Chaos Monkey it -A goal for the project is to be able to tear down any of our build or test hosts +A goal for the project is to be able to tear down any of our build or test hosts and recreate it completely from our Ansible playbooks. ## Security and Patching -Ansible must ensure that the underlying O/S is patched as well as any firewalls, +Ansible must ensure that the underlying O/S is patched as well as any firewalls, VPN and other security configured before making the host available. ## Core Infrastructure diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5904447306..77c2dd37c3 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -8,8 +8,8 @@ reproducing issues and more. ## Mission Statement -To provide **secure**, **consistent**, **repeatable**, and **auditable** -infrastructure for the AdoptOpenJDK farm. See our full [Mission Statement]() for more details. +To provide **secure**, **consistent**, **repeatable**, and **auditable** +infrastructure for the AdoptOpenJDK farm. See our full [Mission Statement] for more details. ## Infrastructure Manifesto @@ -34,7 +34,7 @@ Following these guidelines will help us merge your pull requests smoothly: pulled in, but also _why_ you'd like them added. Providing clarity on why you want changes makes it easier to accept, and provides valuable context to review. If there is a link to an issue in the PR that contains these details - that is sufficient. + that is sufficient. 2. Follow the commit guidelines found below. @@ -62,10 +62,10 @@ that the commit message is always going to be rendered in plain text. When a commit has related issues or commits, explain the relation in the message body. When appropriate, use the keywords described in the following help article to automatically close issues. -https://help.github.com/articles/closing-issues-using-keywords/ +[Closing Issues Using Keywords](https://help.github.com/articles/closing-issues-using-keywords/) For example: -``` +```md Install OpenSSL in windows playbook OpenSSL is required to compile java on windows, so the OpenSSL role will @@ -75,19 +75,18 @@ Fixes: #1234 ``` All changes should be made to a personal fork of AdoptOpenJDK/infrastructure for making changes. - + 1. Fork this repository 1. Create a branch off your fork 1. Make the change 1. Test it (see below) 1. Submit a Pull Request -Only reviewers in the [admin_infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/admin_infrastructure) team have permission to merge requests for this `openjdk-infrastructure` repo, -so please ask one of those team members to review your Pull Request. +Only reviewers in the [admin_infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/admin_infrastructure) team have permission to merge requests for this `openjdk-infrastructure` repo, so please ask one of those team members to review your Pull Request. -# Using Vagrant to test your Ansible scripts (Ubuntu based) +## Using Vagrant to test your Ansible scripts (Ubuntu based) -**TODO** This has bit rotteed somewhat and needs to be looked at again. +**TODO** This has bit rotted somewhat and needs to be looked at again. We expect developers to test their Ansible changes in a test environment. A default one for Ubuntu based systems is provided for you via VirtualBox / Vagrant. @@ -95,7 +94,7 @@ See the guide below. [Ansible Scripts Guide](ansible/README.md) -# Docs +## Docs -Project documentation in permanent form (e.g. Build Farm architecture) is stored +Project documentation in permanent form (e.g. Build Farm architecture) is stored in the [docs](docs) folder. diff --git a/FAQ.md b/FAQ.md index 68861039e8..b890c33237 100644 --- a/FAQ.md +++ b/FAQ.md @@ -7,7 +7,7 @@ won't necessarily have access to see these links): - [adoptopenjdk-infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/adoptopenjdk-infrastructure) - write access to the repository which lets you be an official approver of PRs (triage doesn't) - [infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/infrastructure) - higher level of access for system administrators only -- [admin_infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/admin_infrastructure) - The Admin team - can force through changes without approval etc. +- [admin_infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/admin_infrastructure) - The Admin team - can force through changes without approval etc. ## Commit messages @@ -41,7 +41,7 @@ assuming you have ansible installed on your UNIX-based machine, clone this repository, create an `inventory` text file with the word `localhost` and run this from the `ansible` directory: -``` +```sh ansible-playbook -b -i inventory_file --skip-tags adoptopenjdk,jenkins_user playbooks/AdoptOpenJDK_Unix_Playbook/main.yml ``` @@ -51,7 +51,7 @@ run natively on Windows ## Running the ansible scripts remotely on another machine Create an inventory file with the list of machines you want to set up, then -from the `ansible` directory in this repository run somethig like this: +from the `ansible` directory in this repository run something like this: `ansible-playbook -i inventory_file --skip-tags=adoptopenjdk,jenkins playbooks/AdoptOpenJDK_Unix_Playbook/main.yml --skip-tags=adoptopenjdk,jenkins` @@ -63,14 +63,13 @@ To do this you ideally need to be using key-based ssh logins. If you use a passphrase on your ssh key use the following to hold the credentials in the shell: -``` +```sh eval `` `ssh-agent` `` ssh-add ``` and if using the `-b` option, ensure that your user has access to `sudo` -without a password to -the `root` account (often done by adding it to the `wheel` group) +without a password to the `root` account (often done by adding it to the `wheel` group) ## Adding a new role to the ansible scripts @@ -86,8 +85,8 @@ can either be skipped if someone doesn't want it, or run on its own if desired. If something is specific to the adoptopenjdk infrastructure (e.g. setting -hostnames, or configuring things specific to our setup but aren't required -to be able to run build/test operations) then give the enitries in that role +host names, or configuring things specific to our setup but aren't required +to be able to run build/test operations) then give the entries in that role an `adoptopenjdk` tag as well. If you need to do something potentially adjusting the users' system, use the `dont_remove_system` tag. This is occasionally required if, for example, we need a specific version of a tool @@ -110,7 +109,7 @@ to validate them. ## Jenkins access -The AdoptOpenJDK Jenkins server at https://ci.adoptopenjdk.net is used for all the +The AdoptOpenJDK Jenkins server at [https://ci.adoptopenjdk.net](https://ci.adoptopenjdk.net) is used for all the builds and testing automation. Since we're as open as possible, general read access is enabled. For others, access is controlled via github teams (via the Jenkins `Github Authentication Plugin` as follows. (Links here won't work for @@ -118,7 +117,7 @@ most people as the teams are restricted access) - [release](https://github.com/orgs/AdoptOpenJDK/teams/jenkins-admins/members) can run and configure jobs and views - [build](https://github.com/orgs/AdoptOpenJDK/teams/build/members) has the access for `release` plus the ability to create new jobs -- [testing]https://github.com/orgs/AdoptOpenJDK/teams/testing/members has the same access as `build` +- [testing](https://github.com/orgs/AdoptOpenJDK/teams/testing/members) has the same access as `build` - [infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/infrastructure/members) has the same as `build`/`testing` plus can manage agent machines - [jenkins-admins](https://github.com/orgs/AdoptOpenJDK/teams/jenkins-admins/members) as you might expect has access to Administer anything diff --git a/ONBOARDING.md b/ONBOARDING.md index b73556f670..2697f3469d 100644 --- a/ONBOARDING.md +++ b/ONBOARDING.md @@ -6,17 +6,17 @@ Assuming the PR is approved -- Create Pull Request to add user to https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/README.md#infrastructure. +- Create Pull Request to add user to [Infrastructure](https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/README.md#infrastructure). - Ideally request users public GPG key as well as their public SSH key. ## GitHub Add the user to the correct Infrastructure team: -* [@admin_infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/admin_infrastructure) - Super Users -* [@infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/infrastructure) - Core Infra Team -* [@adoptopenjdk-infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/adoptopenjdk-infrastructure) - Can be assigned Infra Issues -* [@jenkins-admins](https://github.com/orgs/AdoptOpenJDK/teams/jenkins-admins) - Super users on Jenkins +- [@admin_infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/admin_infrastructure) - Super Users +- [@infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/infrastructure) - Core Infra Team +- [@adoptopenjdk-infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/adoptopenjdk-infrastructure) - Can be assigned Infra Issues +- [@jenkins-admins](https://github.com/orgs/AdoptOpenJDK/teams/jenkins-admins) - Super users on Jenkins ### [Secrets](https://github.com/AdoptOpenJDK/secrets) diff --git a/README.md b/README.md index 3fa137256f..1ba89a929d 100644 --- a/README.md +++ b/README.md @@ -1,29 +1,32 @@ -[![Build Status](https://travis-ci.org/AdoptOpenJDK/openjdk-infrastructure.svg?branch=master)](https://travis-ci.org/AdoptOpenJDK/openjdk-infrastructure) +# Infrastructure + +## Build Status +[![Build Status](https://travis-ci.org/AdoptOpenJDK/openjdk-infrastructure.svg?branch=master)](https://travis-ci.org/AdoptOpenJDK/openjdk-infrastructure) -# Mission Statement +## Mission Statement To provide infrastructure for the AdoptOpenJDK farm that is: -* **Secure** - Infrastructure is private by default and access is granted in a +* **Secure** - Infrastructure is private by default and access is granted in a time and access control limited manner. -* **Consistent** - Infrastructure is consistent in order to produce consistent +* **Consistent** - Infrastructure is consistent in order to produce consistent AdoptOpenJDK binaries. -* **Repeatable** - Infrastructure can be reproduced by our _infrastrucure as code_. +* **Repeatable** - Infrastructure can be reproduced by our _infrastructure as code_. We embrace the Chaos Monkey. -* **Auditable** - What each host/platform is made up of is publicly accessible +* **Auditable** - What each host/platform is made up of is publicly accessible _infrastructure as code_. -The end result should be **immutable** hosts, which can be destroyed and reproduced from Ansible playbooks. See +The end result should be **immutable** hosts, which can be destroyed and reproduced from Ansible playbooks. See our [Contribution -Guidelines](https://www.github.com/adoptopenjdk/openjdk-infrastructure/CONTRIBUTING.md) +Guidelines](https://www.github.com/adoptopenjdk/openjdk-infrastructure/CONTRIBUTING.md) on how we implement these goals. -## Can we Chaos Monkey it? +## Can we Chaos Monkey it See our current [Chaos Monkey Status](CHAOS_MONKEY.md). -# Related Repos +## Related Repositories * [email](https://www.github.com/adoptopenjdk/email/) - A repo containing configuration for our email aliases etc. * [secrets](https://www.github.com/adoptopenjdk/secrets/) - A private repo containing encrypted secrets. @@ -31,87 +34,89 @@ See our current [Chaos Monkey Status](CHAOS_MONKEY.md). ## Important Documentation -* [hosts](https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/ansible/inventory.yml) - Our inventory, [visualised](https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/docs/adoptopenjdk.pdf). -* [Ansible at AdoptOpenJDK](https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/ansible/README.md) - Our hosts are built using Ansible Playbooks. +* [hosts](https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/ansible/inventory.yml) - Our inventory, [visualized](https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/docs/adoptopenjdk.pdf). +* [Ansible at AdoptOpenJDK](https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/ansible/README.md) - Our hosts are built using Ansible Playbooks. -# Contributing +## Contributing -Please visit our `#infrastructure` [Slack Channel](https://www.adoptopenjdk.net/slack.html) and say hello. +Please visit our `#infrastructure` [Slack Channel](https://www.adoptopenjdk.net/slack.html) and say hello. Please read our [Contribution -Guidelines](https://www.github.com/adoptopenjdk/openjdk-infrastructure/CONTRIBUTING.md) before +Guidelines](https://www.github.com/adoptopenjdk/openjdk-infrastructure/CONTRIBUTING.md) before submitting Pull Requests. -# Members +## Members -We list members and their organisation affiliation for maximum transparency. Want to add -a new member? Please follow our [Onboarding Process](ONBOARDING.md). +We list members and their organisation affiliation for maximum transparency. Want to add +a new member? Please follow our [Onboarding Process](ONBOARDING.md). -* - Indicates access to the secrets repo +`*` Indicates access to the secrets repo ## [@admin_infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/admin_infrastructure) Team that holds super user access to Infrastructure -- [@gdams](https://github.com/gdams) - George Adams (Microsoft) - * -- [@johnoliver](https://github.com/johnoliver) - John Oliver (Microsoft / LJC) - * -- [@sxa555](https://github.com/sxa555) - Stewart X Addison (Red Hat) - * +* [@gdams](https://github.com/gdams) - George Adams (Microsoft) - * +* [@johnoliver](https://github.com/johnoliver) - John Oliver (Microsoft / LJC) - * +* [@sxa555](https://github.com/sxa555) - Stewart X Addison (Red Hat) - * ## [@infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/infrastructure) Core infrastructure team - granted access to hosts on a case by case basis -- [@ali-ince](https://github.com/ali-ince) - Ali Ince (LJC) -- [@gdams](https://github.com/gdams) - George Adams (Microsoft) -- [@geraintwjones](https://github.com/geraintwjones) - Geraint Jones (IBM) - * -- [@jdekonin](https://github.com/jdekonin) - Joe deKoning (IBM) -- [@johnoliver](https://github.com/johnoliver) - John Oliver (Microsoft / LJC) -- [@karianna](https://github.com/karianna) - Martijn Verburg (Microsoft / LJC) - * -- [@mwornast](https://github.com/mwornast) - Marcus Wornast (IBM) - * -- [@pnstanton](https://github.com/pnstanton) - Peter Stanton (IBM) - * -- [@sej-jackson](https://github.com/sej-jackson) - Sej Jackson (IBM) -- [@sxa555](https://github.com/sxa555) - Stewart X Addison (IBM) - * -- [@tellison](https://github.com/tellison) - Tim Ellison (Red Hat) - * -- [@vsebe](https://github.com/vsebe) - Violeta Sebe (IBM) -- [@Willsparker](https://github.com/Willsparker) - William Parker (AdoptOpenJDK) - * +* [@ali-ince](https://github.com/ali-ince) - Ali Ince (LJC) +* [@gdams](https://github.com/gdams) - George Adams (Microsoft) +* [@geraintwjones](https://github.com/geraintwjones) - Geraint Jones (IBM) - * +* [@jdekonin](https://github.com/jdekonin) - Joe deKoning (IBM) +* [@johnoliver](https://github.com/johnoliver) - John Oliver (Microsoft / LJC) +* [@karianna](https://github.com/karianna) - Martijn Verburg (Microsoft / LJC) - * +* [@mwornast](https://github.com/mwornast) - Marcus Wornast (IBM) - * +* [@pnstanton](https://github.com/pnstanton) - Peter Stanton (IBM) - * +* [@sej-jackson](https://github.com/sej-jackson) - Sej Jackson (IBM) +* [@sxa555](https://github.com/sxa555) - Stewart X Addison (IBM) - * +* [@tellison](https://github.com/tellison) - Tim Ellison (Red Hat) - * +* [@vsebe](https://github.com/vsebe) - Violeta Sebe (IBM) +* [@Willsparker](https://github.com/Willsparker) - William Parker (AdoptOpenJDK) - * ## [@adoptopenjdk-infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/adoptopenjdk-infrastructure) Issues can be assigned to these folks -- [@AdamBrousseau](https://github.com/AdamBrousseau) - Adam Brousseau (IBM) -- [@CJKwork](https://github.com/CJKwork) - Clive Kennedy (IBM) -- [@cwesMills](https://github.com/cwesMills) - Colton Mills (IBM) -- [@cwillhelm](https://github.com/cwillhelm) - Connor Willhelm (IBM) -- [@Haroon-Khel](https://github.com/Haroon-Khel) - Haroon Khel (Red Hat) -- [@HusainYusafali](https://github.com/HusainYusufali) - Husain Yusufali (IBM) -- [@jdekonin](https://github.com/jdekonin) - Joe deKoning (IBM) -- [@karianna](https://github.com/karianna) - Martijn Verburg (Microsoft / LJC) -- [@sej-jackson](https://github.com/sej-jackson) - Sej Jackson (IBM) -- [@vsebe](https://github.com/vsebe) - Violeta Sebe (IBM) -- [@Willsparker](https://github.com/Willsparker) - William Parker (AdoptOpenJDK) - -## [@jenkins-admins](https://github.com/orgs/AdoptOpenJDK/teams/jenkins-admins) -- [@ali-ince](https://github.com/ali-ince) Ali Ince (LJC) -- [@andrew-m-leonard](https://github.com/andrew-m-leonard) Andrew M Leonard (Red Hat) -- [@gdams](https://github.com/gdams) - George Adams (Microsoft) -- [@geraintwjones](https://github.com/geraintwjones) - Geraint Jones (IBM) -- [@johnoliver](https://github.com/johnoliver) - John Oliver (Microsoft / LJC) -- [@karianna](https://github.com/karianna) - Martijn Verburg (Microsoft / LJC) -- [@mwornast](https://github.com/mwornast) - Marcus Wornast (IBM) -- [@neomatrix369](https://github.com/neomatrix369) - Mani Sarkar (LJC) -- [@smlambert](https://github.com/smlambert) - Shelley Lambert (Red Hat) -- [@sxa555](https://github.com/sxa555) - Stewart X Addison (Red Hat) -- [@tellison](https://github.com/tellison) - Tim Ellison (Red Hat) -- [@VermaSh](https://github.com/VermaSh) Shubham Verma (IBM) - -# Host Information -Most information about our machines can be found at https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/ansible/inventory.yml - -# Maintenance Information: +* [@AdamBrousseau](https://github.com/AdamBrousseau) - Adam Brousseau (IBM) +* [@CJKwork](https://github.com/CJKwork) - Clive Kennedy (IBM) +* [@cwesMills](https://github.com/cwesMills) - Colton Mills (IBM) +* [@cwillhelm](https://github.com/cwillhelm) - Connor Willhelm (IBM) +* [@Haroon-Khel](https://github.com/Haroon-Khel) - Haroon Khel (Red Hat) +* [@HusainYusafali](https://github.com/HusainYusufali) - Husain Yusufali (IBM) +* [@jdekonin](https://github.com/jdekonin) - Joe deKoning (IBM) +* [@karianna](https://github.com/karianna) - Martijn Verburg (Microsoft / LJC) +* [@sej-jackson](https://github.com/sej-jackson) - Sej Jackson (IBM) +* [@vsebe](https://github.com/vsebe) - Violeta Sebe (IBM) +* [@Willsparker](https://github.com/Willsparker) - William Parker (AdoptOpenJDK) + +### [@jenkins-admins](https://github.com/orgs/AdoptOpenJDK/teams/jenkins-admins) + +* [@ali-ince](https://github.com/ali-ince) Ali Ince (LJC) +* [@andrew-m-leonard](https://github.com/andrew-m-leonard) Andrew M Leonard (Red Hat) +* [@gdams](https://github.com/gdams) - George Adams (Microsoft) +* [@geraintwjones](https://github.com/geraintwjones) - Geraint Jones (IBM) +* [@johnoliver](https://github.com/johnoliver) - John Oliver (Microsoft / LJC) +* [@karianna](https://github.com/karianna) - Martijn Verburg (Microsoft / LJC) +* [@mwornast](https://github.com/mwornast) - Marcus Wornast (IBM) +* [@neomatrix369](https://github.com/neomatrix369) - Mani Sarkar (LJC) +* [@smlambert](https://github.com/smlambert) - Shelley Lambert (Red Hat) +* [@sxa555](https://github.com/sxa555) - Stewart X Addison (Red Hat) +* [@tellison](https://github.com/tellison) - Tim Ellison (Red Hat) +* [@VermaSh](https://github.com/VermaSh) Shubham Verma (IBM) + +### Host Information + +Most information about our machines can be found at [Inventory](https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/ansible/inventory.yml) + +### Maintenance Information TODO Need to check all of this -## Quarterly Maintenance Window Schedule +### Quarterly Maintenance Window Schedule ***\*\*Proposed Schedule\*\**** @@ -124,12 +129,15 @@ TODO Need to check all of this | January 17, 2018 | 3pm - 5pm - Standard Time (UTC - 5) | 20:00 - 22:00 - Greenwich Mean Time (UTC + 0) | ### Standard Action Items -- Apply non-security patches to infrastructure systems. -- Apply Application patches to: Nagios, Jenkins, AWX, etc. -## Backups: +* Apply non-security patches to infrastructure systems. +* Apply Application patches to: Nagios, Jenkins, AWX, etc. + +### Backups + The following items are stored in GitHub. -- Source code, System deployment scripts (Ansible), Instructions/How to Information + +* Source code, System deployment scripts (Ansible), Instructions/How to Information | Description | Storage Location | Frequency | |---|---|---| @@ -138,29 +146,35 @@ The following items are stored in GitHub. | AWX - Configuration and Settings | not currently backed up | N/A | ### Questions + Backup schedule: -- How often should be backup? -- Where should it be stored? + +* How often should be backup? +* Where should it be stored? Backup retention: -- How long should be keep it? -- How many copies? -## OS Patch Management -**WARNING:** Several of our hosts are internet facing and we need to stay vigilant +* How long should be keep it? +* How many copies? + +### OS Patch Management + +**WARNING:** Several of our hosts are internet facing and we need to stay vigilant of the potential security risks this presents. ### Patch Management / Minimum Time Frame + | Vulnerability Type | Time Frame| |---|---| | Critical severity | 24 hours or less | | High severity | 7 days | | Moderate and low severity | 30 days| -- Nagios is configured to monitor each system and report on the status of OS patches required. -- Non-infrastructure systems are configured to automatically apply all patches. (Sundays at 5am local host time) -- Infrastructure systems are configured to automatically apply security patches only. (Sundays at 5am local host time) This information is logged on the localhost: /var/log/apt-security-updates +* Nagios is configured to monitor each system and report on the status of OS patches required. +* Non-infrastructure systems are configured to automatically apply all patches. (Sundays at 5am local host time) +* Infrastructure systems are configured to automatically apply security patches only. (Sundays at 5am local host time) This information is logged on the localhost: /var/log/apt-security-updates ### Application Updates -- During our quarterly maintenance window application patches will be applied manually. -- When a critical or high severity vulnerability is announced patching will take place within the time frame stated above. + +* During our quarterly maintenance window application patches will be applied manually. +* When a critical or high severity vulnerability is announced patching will take place within the time frame stated above. diff --git a/docs/README.md b/docs/README.md index 03262b1964..bc1100bcea 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,3 +1,3 @@ -## To edit the infrastructure diagram: +# To edit the infrastructure diagram -Download yEd Graph Editor: https://www.yworks.com/products/yed +Download [yEd Graph Editor](https://www.yworks.com/products/yed) diff --git a/docs/Setup-QEMU-Images.md b/docs/Setup-QEMU-Images.md index 8eead43ddf..b2532082c7 100644 --- a/docs/Setup-QEMU-Images.md +++ b/docs/Setup-QEMU-Images.md @@ -1,7 +1,9 @@ # Recreating QEMU images + This is a document how to rebuild the images used in the [QEMUPlaybookCheck](https://ci.adoptopenjdk.net/job/QEMUPlaybookCheck/) (QPC) Jenkins job, in the event of having to migrate the machine that runs QPC. In this document, the **host machine** refers to the machine running QPC and the **guest machine** refers to the QEMU VM. -## Standarised rules: +## Standardized rules + Regardless of the architecture that QEMU is emulating, all of the disk images mentioned here will follow rules to ensure the QPC script still works on the machines. | Rule | Explanation | @@ -13,86 +15,117 @@ User: `linux`, Password: `password` | This is allow for `sshpass` to add the ge In addition to these guest machine rules, all images must be stored in _/qemu_base_images/_ on the host machine, compressed using `xz` , under the name `$ARCHITECTURE.dsk.xz`. -### Extending the disk image: +### Extending the disk image + Irrespective of the file used for the the disk image- i.e. `qcow2` or `DOS/MBR boot sector` , the disk images can be resized using: + ```bash # Making $ARCHITECTURE.dsk 5Gb larger $ qemu-img resize $ARCHITECTURE.dsk +5G ``` + This is executed on the host machine. The QEMU VM using this disk image must not be running when you do this. **Note:** Once you've done this, you'll need to extend the partition within the VM. Alternatively creating a new partition and mount it at `/home/linux` for extra space to build the JDK. -### Password-less `sudo`: -This is only applicable once `sudo` is installed. This is required to allow for the `linux` user to use `sudo` without requiring a password to be input, so [qemuPlaybookCheck.sh](https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/ansible/pbTestScripts/qemuPlaybookCheck.sh) can use the `-b` option in `ansible-playbook` without user interaction. + +### Password-less `sudo` + +This is only applicable once `sudo` is installed. This is required to allow for the `linux` user to use `sudo` without requiring a password to be input, so [qemuPlaybookCheck.sh](https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/ansible/pbTestScripts/qemuPlaybookCheck.sh) can use the `-b` option in `ansible-playbook` without user interaction. + ```bash sudo sh -c "echo 'linux ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers" ``` + This can also be done with whichever file editor you tend to use. This is executed on the guest machine. ## Disk Images -### Ubuntu18.04 PPC64LE: +### Ubuntu18.04 PPC64LE + The Ubuntu18.04 disk was created manually, as opposed to getting a pre-made one from a guide. The first step is to find a PPC64LE ISO. At the time of creating the image, Ubuntu 18.04 could be found on the [Ubuntu website](https://ubuntu.com/download/server/power), however this has been updated with the newest LTS. Alternatively Ubuntu18.04 PPC64LE ISOs can be found at [cloud-images.ubuntu](https://cloud-images.ubuntu.com/releases/bionic/release/) -After this we need to create a large file to put the disk image on. The current U18 PPC64le disk image uses a `raw` format, created by doing the following: +After this we need to create a large file to put the disk image on. The current U18 PPC64le disk image uses a `raw` format, created by doing the following: + ```bash fallocate -l 15GB PPC64LE.dsk ``` + However, this could be created in QEMU's `qcow2` format + ```bash qemu-img create -f qcow2 PPC64LE.dsk 15G ``` + The iso then needs to be installed on the created disk. To do this, a QEMU VM needs to be created that boots from the iso, to install on the disk: + ```bash qemu-system-ppc64 -M pseries -m 1024 -cdrom U18-ppc64el.iso -boot d -hda PPC64LE.dsk ``` -Run through the installation as normal, and the disk image should be ready. To then run the machine to add the `linux` user and other config, run the following: + +Run through the installation as normal, and the disk image should be ready. To then run the machine to add the `linux` user and other config, run the following: + ```bash qemu-system-ppc64 -M pseries -m 1024 -hda PPC64LE.dsk ``` -### Ubuntu18.04 S390x: -This was setup very much like the above Ubuntu18.04 PPC64LE disk- i.e, an Iso found [here](https://cloud-images.ubuntu.com/releases/bionic/release/) was used to install Ubuntu18.04 on a 15GB `qcow` image. -Run this to start the installation: + +### Ubuntu18.04 S390x + +This was setup very much like the above Ubuntu18.04 PPC64LE disk- i.e, an Iso found [here](https://cloud-images.ubuntu.com/releases/bionic/release/) was used to install Ubuntu18.04 on a 15GB `qcow` image. +Run this to start the installation: + ```bash qemu-system-s390x -M s390-ccw-virtio -m 1024 -cdrom U18-S390x.iso -drive file=S390X.dsk,if=none,format=raw,id=hd0 -device virtio-blk-ccw,drive=hd0,id=virtio-disk0 -boot d ``` -And to run the QEMU machine as normal: + +And to run the QEMU machine as normal: + ```bash qemu-system-s390x -M s390-ccw-virtio -m 1024 -drive file=S390X.dsk,if=none,format=raw,id=hd0 -device virtio-blk-ccw,drive=hd0,id=virtio-disk0 ``` + If for whatever reason these don't work, there is another process that can produce a working `s390x` QEMU VM, which would be to use the separate `-kernel` and `-init` options in the `qemu-system-s390x` command. These aren't currently supported in the `qemuPlaybookCheck.sh` script, but wouldn't be too difficult to alter if required. A link to a guide to build a **Debian** S390x image can be found [here](https://wiki.qemu.org/Documentation/Platforms/S390X#Minimal_command-line), with a link to where the `kernel` and `initrd` can be downloaded. Alternatively, these can be extracted from an iso. -A link to a guide to build an **Ubuntu19.04 Server** S390x image, as well as how to extract `kernel` and `initrd` files from an iso, can be found [here](https://astr0baby.wordpress.com/2019/05/09/testing-bleeding-edge-ubuntu-server-19-10-s390x-in-qemu/). -### Debian Buster ARM64: +A link to a guide to build an **Ubuntu19.04 Server** S390x image, as well as how to extract `kernel` and `initrd` files from an iso, can be found [here](https://astr0baby.wordpress.com/2019/05/09/testing-bleeding-edge-ubuntu-server-19-10-s390x-in-qemu/). + +### Debian Buster ARM64 + This architecture was setup using the instructions [here](https://wiki.debian.org/Arm64Qemu), with the disk image found [here](https://cdimage.debian.org/cdimage/openstack/current/). When setting up the images for QPC, the `debian-10.4.3-*-arm64.qcow2` image was used, however new images are being released fairly frequently. With this architecture, an extra QEMU package has to be installed to provide the file used for `-bios` option in the `qemu-system-aarch64` command: + ```bash -$ apt install qemu-efi-aarch64 +apt install qemu-efi-aarch64 ``` + The setup instructions also suggests installing `qemu-system-arm` and `qemu-utils`, however `qemu-system-arm` isn't required if `QEMU 5.0.0` has been built on the system, and `qemu-utils` just wasn't used. ### Ubuntu 18 ARM64 + This disk image was setup using the instructions [here](https://futurewei-cloud.github.io/ARM-Datacenter/qemu/how-to-launch-aarch64-vm/) -To summarise the instructions in the link: +To summarize the instructions in the link: The packages `qemu-system-arm`, `qemu-efi-aarch64` and `qemu-utils` are installed. Two flash images are created using the commands + ```bash dd if=/dev/zero of=flash1.img bs=1M count=64 dd if=/dev/zero of=flash0.img bs=1M count=64 dd if=/usr/share/qemu-efi-aarch64/QEMU_EFI.fd of=flash0.img conv=notrunc ``` + An empty disk image is created, using the command + ```bash qemu-img create ubuntu-image.img 20G ``` -Then the disk image can be booted up using an installer. The instructions use a Ubuntu 18 installer http://ports.ubuntu.com/ubuntu-ports/dists/bionic-updates/main/installer-arm64/current/images/netboot/mini.iso -The image is booted up the first time using +Then the disk image can be booted up using an installer. The instructions use a [Ubuntu 18 installer](http://ports.ubuntu.com/ubuntu-ports/dists/bionic-updates/main/installer-arm64/current/images/netboot/mini.iso). + +The image is booted up the first time using: + ```bash qemu-system-aarch64 -nographic -machine virt,gic-version=max -m 512M -cpu max -smp 4 \ -netdev user,id=vnet,hostfwd=:127.0.0.1:0-:22 -device virtio-net-pci,netdev=vnet \ @@ -100,7 +133,9 @@ qemu-system-aarch64 -nographic -machine virt,gic-version=max -m 512M -cpu max -s -drive file=mini.iso,if=none,id=drive1,cache=writeback -device virtio-blk,drive=drive1,bootindex=1 \ -drive file=flash0.img,format=raw,if=pflash -drive file=flash1.img,format=raw,if=pflash ``` + Once the OS is installed, the disk image can be booted on subsequent use without the installer + ```bash qemu-system-aarch64 -nographic -machine virt,gic-version=max -m 512M -cpu max -smp 4 \ -netdev user,id=vnet,hostfwd=:127.0.0.1:0-:22 -device virtio-net-pci,netdev=vnet \ @@ -109,26 +144,31 @@ qemu-system-aarch64 -nographic -machine virt,gic-version=max -m 512M -cpu max -s ``` ### Debian 8 ARM32 + This disk image was setup using the instructions [here](https://translatedcode.wordpress.com/2016/11/03/installing-debian-on-qemus-32-bit-arm-virt-board/) -To summarise the instructions in the link: +To summarize the instructions in the link: The packages `qemu-system-arm, libguestfs-tools` and `qemu-utils` are installed. `libguestfs-tools` is a tool package used for reading and writing to the disk image. Create an empty disk image + ```bash qemu-img create -f qcow2 debian8.arm32 20G ``` + `qcow2` is the format of the image. -The instructions recommend using an initrd and a kernel from the Debain website +The instructions recommend using an initrd and a kernel from the Debian website + ```bash wget -O installer-vmlinuz http://http.us.debian.org/debian/dists/jessie/main/installer-armhf/current/images/netboot/vmlinuz wget -O installer-initrd.gz http://http.us.debian.org/debian/dists/jessie/main/installer-armhf/current/images/netboot/initrd.gz ``` Then boot up the disk image for the first time and install the OS + ```bash qemu-system-arm -M virt -m 2G \ -kernel installer-vmlinuz \ @@ -140,12 +180,13 @@ qemu-system-arm -M virt -m 2G \ -nographic -no-reboot ``` -During the installation, you will recieve a message complaining about no bootloader installed. Disregard this and continue the installation. +During the installation, you will receive a message complaining about no bootloader installed. Disregard this and continue the installation. After the installation, the VM should exit since we have used the `-no-reboot` option. The installer places the initrd and kernel files onto the disk image in the `/boot` directory. These need to be copied out of the disk image and passed as command line parameters to the VM. Using `libguestfs-tools` installed earlier (the VM MUST not be running when using `libguestfs-tools`), we can see inside the `/boot` directory of the disk image. + ```bash virt-ls -a debian8.arm32 /boot/ @@ -159,11 +200,13 @@ vmlinuz-3.16.0-4-armmp-lpae ``` Copy out the appropriate files + ```bash virt-copy-out -a debian8.arm32 /boot/vmlinuz-3.16.0-4-armmp-lpae /boot/initrd.img-3.16.0-4-armmp-lpae . ``` Finally, boot up the VM + ```bash qemu-system-arm -M virt -m 2G \ -kernel vmlinuz-3.16.0-4-armmp-lpae \ @@ -175,13 +218,15 @@ qemu-system-arm -M virt -m 2G \ -nographic ``` -### RISC-V Images: +### RISC-V Images + For information on how to setup several different kind of RISC-V VMs, see [https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/docs/Setup-RISCV-VMs.md](https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/docs/Setup-RISCV-VMs.md) -Of the three that are listed in that document, only the Debian Bullseye RISC-V VM is used in QPC. +Of the three that are listed in that document, only the Debian Bullseye RISC-V VM is used in QPC. The document also gives a broader overview of QEMU, for instance; how to build `QEMU 5.0.0` on an Ubuntu Host machine, explanation for the `qemu-system-$arch` command options and how to add additional disks to a QEMU VM. -## Useful Links: +## Useful Links + QEMU Documentation: [https://wiki.qemu.org/Documentation](https://wiki.qemu.org/Documentation) Overview of QEMU emulating different architectures on different OSs: [https://gmplib.org/~tege/qemu.html](https://gmplib.org/~tege/qemu.html) diff --git a/docs/Setup-RISCV-VMs.md b/docs/Setup-RISCV-VMs.md index 8f2abb4aa7..809b3c7ae4 100644 --- a/docs/Setup-RISCV-VMs.md +++ b/docs/Setup-RISCV-VMs.md @@ -2,16 +2,17 @@ This is a document outlining how to setup multiple different versions of RISC-V QEMU VMs, for Ubuntu 18.04 CLI, using prebuilt images. Whilst this guide uses prebuilt images, information on how to build your own images can be found under the 'Useful Links' section of each version of the VM. -## Install QEMU (version 5.0.0): +## Install QEMU (version 5.0.0) -Install a few package pre-requisistes: +Install a few package pre-requisites: -``` +```sh sudo apt-get install git libglib2.0-dev libfdt-dev libpixman-1-dev zlib1g-dev ``` To build the correct version of QEMU: -``` + +```sh wget https://download.qemu.org/qemu-5.0.0.tar.xz tar xvJf qemu-5.0.0.tar.xz cd qemu-5.0.0 @@ -19,6 +20,7 @@ cd qemu-5.0.0 make make install ``` + Note: The version has to be `>5.0.0`, otherwise you can't `ssh` into the Fedora Rawhide VM. ## Common arguments @@ -38,21 +40,21 @@ All of these VMs are going to be started with several common arguments passed in | `-device virtio-rng-device,rng=rng` | Add an rng 'device' to the VM, using the rng source with ID "rng". | | `-append "console=ttyS0 ro root=/dev/vda"` | A way of passing options to the linux kernel. | -For more information on the QEMU RNG device, see https://wiki.qemu.org/Features/VirtIORNG +For more information on the QEMU RNG device, see [VirtIORNG](https://wiki.qemu.org/Features/VirtIORNG) -## Fedora 'Stage4': +## Fedora 'Stage4' Retrieve the prebuilt kernel and disk image from Fedora, and extract the image: -``` +```sh wget https://fedorapeople.org/groups/risc-v/disk-images/bbl wget https://fedorapeople.org/groups/risc-v/disk-images/stage4-disk.img.xz tar xvf stage4-disk.img.xz ``` -Run the following from a folder with the disk image and `bbl`: +Run the following from a folder with the disk image and `bbl`: -``` +```sh qemu-system-riscv64 -nographic \ -machine virt \ -smp 4 \ @@ -60,36 +62,42 @@ qemu-system-riscv64 -nographic \ -kernel bbl \ -append "console=ttyS0 ro root=/dev/vda" \ -device virtio-blk-device,drive=hd0 \ --drive file=stage4-disk.img,format=raw,id=hd0 \ +-drive file=stage4-disk.img,format=raw,id=hd0 \ -device virtio-net-device,netdev=usernet \ -netdev user,id=usernet,hostfwd=tcp::10000-:22 ``` Alternatively, this can be ran in a `screen` session. -You're also able to `ssh` into the machine by running: -``` +You're also able to `ssh` into the machine by running: + +```sh ssh -p 10000 root@localhost ``` + The root user's password is `riscv` , it's suggested you change that if the machine you're running on has an IP open to the internet. -### Useful links: -- The kernel/disk image repository: https://fedorapeople.org/groups/risc-v/disk-images/ -- Extra information of disk images: https://fedoraproject.org/wiki/Architectures/RISC-V/Disk_images -- Source / extra info for building the kernel : https://github.com/rwmjones/fedora-riscv-kernel +### Fedora Stage4 Useful links -## Fedora 'Rawhide': +- The kernel/disk image repository: [https://fedorapeople.org/groups/risc-v/disk-images/](https://fedorapeople.org/groups/risc-v/disk-images/) +- Extra information of disk images: [https://fedoraproject.org/wiki/Architectures/RISC-V/Disk_images](https://fedoraproject.org/wiki/Architectures/RISC-V/Disk_images) +- Source / extra info for building the kernel: [https://github.com/rwmjones/fedora-riscv-kernel](https://github.com/rwmjones/fedora-riscv-kernel) + +## Fedora 'Rawhide' Retrieve the prebuilt image/Kernel for Fedora-Rawhide: -``` + +```sh wget https://dl.fedoraproject.org/pub/alt/risc-v/repo/virt-builder-images/images/Fedora-Developer-Rawhide-20191123.n.0-fw_payload-uboot-qemu-virt-smode.elf wget https://dl.fedoraproject.org/pub/alt/risc-v/repo/virt-builder-images/images/Fedora-Developer-Rawhide-20191123.n.0-sda.raw.xz tar xvf Fedora-Developer-Rawhide-20191123.n.0-sda.raw.xz ``` + If preferred, you can build your own images. See 'Info on building the images manually' under the 'Useful Links' section. Run the following, from a folder containing the disk image and kernel: -``` + +```sh qemu-system-riscv64 -nographic \ -machine virt \ -smp 4 \ @@ -102,48 +110,56 @@ qemu-system-riscv64 -nographic \ -device virtio-net-device,netdev=usernet \ -netdev user,id=usernet,hostfwd=tcp::10005-:22 ``` + To login, use the `riscv` user, password `Fedora_Rocks!`. The root user is unavailable. To `ssh` into the machine run the following: -``` + +```sh ssh -p 10005 riscv@localhost ``` -### Useful links: -- Info on building the images manually: https://fedoraproject.org/wiki/Architectures/RISC-V/Installing -- The prebuilt image repository: https://dl.fedoraproject.org/pub/alt/risc-v/repo/virt-builder-images/images/ -- List of nightly build Rawhide images: http://fedora.riscv.rocks/koji/tasks?state=closed&view=flat&method=createAppliance&order=-id +### Fedora Rawhide Useful links + +- Info on building the images manually: [https://fedoraproject.org/wiki/Architectures/RISC-V/Installing](https://fedoraproject.org/wiki/Architectures/RISC-V/Installing) +- The prebuilt image repository: [https://dl.fedoraproject.org/pub/alt/risc-v/repo/virt-builder-images/images/](https://dl.fedoraproject.org/pub/alt/risc-v/repo/virt-builder-images/images/) +- List of nightly build Rawhide images: [http://fedora.riscv.rocks/koji/tasks?state=closed&view=flat&method=createAppliance&order=-id](http://fedora.riscv.rocks/koji/tasks?state=closed&view=flat&method=createAppliance&order=-id) ## Debian -To run a RISC-V Debian VM, some additional packages need to be installed on Ubuntu. This can be done by adding the following to `/etc/apt/sources.list` : -``` +To run a RISC-V Debian VM, some additional packages need to be installed on Ubuntu. This can be done by adding the following to `/etc/apt/sources.list`: + +```sh deb [trusted=yes] http://ftp.uk.debian.org/debian sid main deb [trusted=yes] http://ftp.uk.debian.org/debian experimental main ``` + The `[trusted=yes]` has to be put in as without it, a GPG error occurs stating: `The following signatures couldn't be verified because the public key is not available` -``` +```sh apt update apt install opensbi u-boot-qemu ``` These packages are to provide the kernel and bootloader for QEMU. Once installed, these will be at: -``` +```sh /usr/lib/riscv64-linux-gnu/opensbi/qemu/virt/fw_jump.elf /usr/lib/u-boot/qemu-riscv64_smode/u-boot.bin ``` Then retrieve a prebuilt image and `unzip` it: -``` + +```sh wget https://gitlab.com/api/v4/projects/giomasce%2Fdqib/jobs/artifacts/master/download?job=convert_riscv64-virt -O deb_riscv.zip unzip deb_riscv.zip ``` + Within the `artifacts` directory will be `image.qcow2`. This is the Debian image that needs to be used. Run the following, from the `artifacts` folder: -``` + +```sh qemu-system-riscv64 -nographic \ -machine virt \ -cpu rv64 \ @@ -163,28 +179,35 @@ qemu-system-riscv64 -nographic \ The `-cpu` option refers to which CPU QEMU is to emulate. The `-device loader...` option is to pass the bootloader to the VM. You're able to ssh to the machine by running: -``` + +```sh ssh -p 10010 root@localhost ``` + The `root` user's password is set by default to `Debian` -### Useful Links: -- Extra information about Debian on RISC-V: https://wiki.debian.org/RISC-V -- Prebuilt image repository: https://people.debian.org/~gio/dqib/ +### Useful Links -## Adding Additional Storage to the VM +- Extra information about Debian on RISC-V: [https://wiki.debian.org/RISC-V](https://wiki.debian.org/RISC-V) +- Prebuilt image repository: [https://people.debian.org/~gio/dqib/](https://people.debian.org/~gio/dqib/) + +### Adding Additional Storage to the VM With all of these VMs, the only secondary storage they have are the virtual disks that the boot image is on. Often these don't don't suffice and additional storage is required. `fallocate` can be used to create a suitably large file to mount to the VM. In this example, a 10GB file is made. -``` + +```sh fallocate -l 10GB second_disk.img ``` + Once the file is made, it needs to be added to the VM on booting. To do this, take the `qemu-system-riscv64` command above, and add the following lines: -``` + +```sh -device virtio-blk-device,drive=hd1 \ --drive file=second_disk.img,format=raw,if=none,id=hd1 +-drive file=second_disk.img,format=raw,if=none,id=hd1 ``` + **Note:** The `id` field in the `-drive` option must be unique. Once the machine has booted, the unmounted disk can be found by using `fdisk -l`. If this is the only extra disk being added to the VM, it will be `/dev/vdb`. @@ -192,6 +215,7 @@ Once the machine has booted, the unmounted disk can be found by using `fdisk -l` From here, a partition will need to be made using `fdisk /dev/vdb`, and a filesystem made on that partition: `mkfs.ext4 /dev/vdb1`. The partition can then be mounted: `mount -t auto /dev/vdb1 /mount/point`. If you want this disk to be mounted automatically on booting the VM, add the following to `/etc/fstab` : -``` + +```sh /dev/vdb1 /home/jenkins ext4 defaults 0 1 -``` \ No newline at end of file +``` From 2d01b8ae86c904f82e0b790d7592c2b8471b1b91 Mon Sep 17 00:00:00 2001 From: George Adams Date: Thu, 3 Dec 2020 12:50:56 +0000 Subject: [PATCH 2/9] ansible: refresh macOS test machines + playbook patches (#1665) * Ansible: refresh macOS test machines + playbook patches * linter fixes * Update main.yml * Update MacOSX.yml * Update main.yml * Update main.yml * Update main.yml * Update main.yml * Update MacOSX.yml * Update MacOSX.yml --- .github/workflows/build_mac.yml | 4 +- ansible/inventory.yml | 13 ++- .../AdoptOpenJDK_Unix_Playbook/main.yml | 11 ++- .../roles/Ant-Contrib/tasks/main.yml | 11 ++- .../roles/Common/tasks/MacOSX.yml | 25 +++++ .../roles/Common/vars/MacOSX.yml | 4 +- .../roles/Jenkins_User/tasks/main.yml | 13 +++ .../roles/Superuser/tasks/main.yml | 19 +++- .../roles/Xcode10/tasks/main.yml | 94 +++++++++++++++++++ .../roles/ant/tasks/main.yml | 9 +- .../roles/macos_codesign/tasks/main.yml | 4 +- .../plugins/inventory/adoptopenjdk_yaml.py | 2 + 12 files changed, 188 insertions(+), 21 deletions(-) create mode 100644 ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Xcode10/tasks/main.yml diff --git a/.github/workflows/build_mac.yml b/.github/workflows/build_mac.yml index df88f4e351..ea8537ce91 100644 --- a/.github/workflows/build_mac.yml +++ b/.github/workflows/build_mac.yml @@ -4,7 +4,7 @@ on: pull_request: paths: - .github/workflows/build_mac.yml - - ansible/** + - ansible/playbooks/AdoptOpenJDK_Unix_Playbook/** branches: - master @@ -36,4 +36,4 @@ jobs: echo "localhost ansible_user=runner ansible_connection=local" > ansible/hosts set -eux cd ansible - sudo ansible-playbook -i hosts playbooks/AdoptOpenJDK_Unix_Playbook/main.yml --skip-tags="hosts_file,hostname,brew_cu,kernel_tuning,adoptopenjdk,jenkins,nagios,superuser,swap_file,crontab" + sudo ansible-playbook -i hosts playbooks/AdoptOpenJDK_Unix_Playbook/main.yml --skip-tags="hosts_file,hostname,brew_upgrade,brew_cu,kernel_tuning,adoptopenjdk,jenkins,nagios,superuser,swap_file,crontab" diff --git a/ansible/inventory.yml b/ansible/inventory.yml index a00523889c..a2c7a43af5 100644 --- a/ansible/inventory.yml +++ b/ansible/inventory.yml @@ -51,7 +51,6 @@ hosts: - macstadium: macos1010-x64-1: {ip: 207.254.50.138, user: Administrator} - macos1012-x64-1: {ip: 207.254.28.22, user: Administrator} macos1014-x64-1: {ip: 208.83.1.170, user: Administrator} macos1014-x64-2: {ip: 207.254.28.76, user: Administrator} @@ -169,14 +168,14 @@ hosts: - macincloud: macos1010-x64-1: {ip: 74.80.250.151, user: admin, description: TBD} macos1010-x64-2: {ip: 74.80.250.173, user: admin, description: TBD} - macos1012-x64-1: {ip: 92.63.141.139, user: admin, description: DE139} - macos1013-x64-1: {ip: 46.20.235.28, user: admin, description: DE328} - macos1013-x64-2: {ip: 92.63.134.23, user: admin, description: DE923} - macos1014-x64-1: {ip: 87.237.62.57, user: admin, description: DE657} - macos1014-x64-2: {ip: 92.63.134.40, user: admin, description: DE940} - macos1014-x64-3: {ip: 74.80.249.207, user: admin, description: DU807} - macstadium: + macos1012-x64-1: {ip: 208.83.1.46, user: administrator} + macos1013-x64-1: {ip: 208.83.1.19, user: administrator} + macos1014-x64-1: {ip: 207.254.29.43, user: administrator} + macos1014-x64-2: {ip: 207.254.29.44, user: administrator} + macos1014-x64-3: {ip: 207.254.28.237, user: administrator} + macos1015-x64-1: {ip: 207.254.28.171, user: administrator} macos11-arm64-1: {ip: 199.7.163.51, user: Administrator} macos11-arm64-2: {ip: 199.7.163.52, user: Administrator} diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml index 9be3681b4f..2d9c078651 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml @@ -44,13 +44,20 @@ tags: [build_tools, build_tools_openj9] - Superuser # AdoptOpenJDK Infrastructure - role: Swap_File - when: ansible_distribution != "Solaris" # These steps fail on Solaris - - Crontab + when: + - ansible_distribution != "MacOSX" + - ansible_distribution != "Solaris" # These steps fail on Solaris + - role: Crontab + when: + - ansible_distribution != "MacOSX" - role: NTP_TIME when: ansible_distribution != "MacOSX" - gcc_48 - role: gcc_7 # OpenJ9 tags: [build_tools, build_tools_openj9] + - role: Xcode10 + when: ansible_distribution == "MacOSX" + tags: [build_tools, xcode10, adoptopenjdk] - role: cmake # OpenJ9 / OpenJFX when: ansible_distribution != "Solaris" # Compile fails on Solaris tags: [build_tools, build_tools_openj9, build_tools_openjfx] diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Ant-Contrib/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Ant-Contrib/tasks/main.yml index 7ce8a83600..5f7406a3a5 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Ant-Contrib/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Ant-Contrib/tasks/main.yml @@ -36,16 +36,21 @@ delay: 5 register: antContrib_download until: antContrib_download is not failed - when: not antcontrib_status.stat.exists and ansible_distribution != "Solaris" + when: + - not antcontrib_status.stat.exists + - ansible_distribution != "MacOSX" + - ansible_distribution != "Solaris" tags: ant-contrib -- name: Download ant-contrib (Solaris) +- name: Download ant-contrib (macOS) and (Solaris) command: wget https://sourceforge.net/projects/ant-contrib/files/ant-contrib/ant-contrib-{{ antContribVersion }}/ant-contrib-{{ antContribVersion }}-bin.tar.gz -O /tmp/ant-contrib-{{ antContribVersion }}-bin.tar.gz retries: 3 delay: 5 register: antContrib_download until: antContrib_download is not failed - when: not antcontrib_status.stat.exists and ansible_distribution == "Solaris" + when: + - not antcontrib_status.stat.exists + - ansible_distribution == "MacOSX" or ansible_distribution == "Solaris" tags: ant-contrib - name: Extract ant-contrib diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/MacOSX.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/MacOSX.yml index 1d52b2cdec..129be5f1a9 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/MacOSX.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/MacOSX.yml @@ -4,6 +4,14 @@ # Updates all packages for macos-based distributions # +- name: Get macOS version + shell: sw_vers -productVersion + register: macos_version + +- name: Display macOS Version + debug: + var: macos_version + # Skipping linting as no situation where this can't run (lint error 301) - name: Check for xcode-tools raw: xcode-select --print-path &> /dev/null @@ -40,6 +48,8 @@ become_user: "{{ ansible_user }}" homebrew: upgrade_all: yes + tags: + - brew_upgrade - name: Install brew cu become: yes @@ -49,6 +59,12 @@ tags: - brew_cu +- name: Add AdoptOpenJDK Java Repo + become: yes + become_user: "{{ ansible_user }}" + homebrew_tap: + name: AdoptOpenJDK/openjdk + # Skipping linting as no situation where this can't run (lint error 301) - name: Update Casks become: yes @@ -74,6 +90,15 @@ - ansible_architecture != "arm64" tags: build_tools +- name: Install Build Tool Packages NOT macOS 10.12 + become: yes + become_user: "{{ ansible_user }}" + homebrew: "name={{ item }} state=present" + with_items: "{{ Build_Tool_Packages_NOT_10_12 }}" + when: + - not macos_version | regex_search("10.12") + tags: build_tools + - name: Install Build Tool Casks become: yes become_user: "{{ ansible_user }}" diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/MacOSX.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/MacOSX.yml index 17030b7fd5..64140703ce 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/MacOSX.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/MacOSX.yml @@ -7,7 +7,6 @@ Build_Tool_Packages: - autoconf - - ccache - cmake # OpenJ9 - coreutils - gnu-sed @@ -18,6 +17,9 @@ Build_Tool_Packages: Build_Tool_Packages_NOT_arm64: - bash # OpenJ9 needs bash v4 or later +Build_Tool_Packages_NOT_10_12: + - ccache # ccache is no longer working on macOS 10.12 + Build_Tool_Casks: - adoptopenjdk10 - packages diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Jenkins_User/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Jenkins_User/tasks/main.yml index 27560c2d74..1d6804e9bc 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Jenkins_User/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Jenkins_User/tasks/main.yml @@ -23,6 +23,19 @@ - name: Create Jenkins user action: user name={{ Jenkins_Username }} state=present home={{ home_folder }} shell=/bin/bash + ignore_errors: yes + when: ansible_distribution != "MacOSX" + tags: [jenkins_user, adoptopenjdk] + +- name: Create Jenkins user (macOS) + action: user name={{ Jenkins_Username }} group=staff state=present home={{ home_folder }} shell=/bin/bash + when: ansible_distribution == "MacOSX" + tags: [jenkins_user, adoptopenjdk] + +- name: Enable SSH login for Jenkins user (macOS) + command: dseditgroup -o edit -a {{ Jenkins_Username }} -t staff com.apple.access_ssh + ignore_errors: yes + when: ansible_distribution == "MacOSX" tags: [jenkins_user, adoptopenjdk] - name: Create Jenkins user's home folder diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Superuser/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Superuser/tasks/main.yml index 8b2c165945..e930f8b7c2 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Superuser/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Superuser/tasks/main.yml @@ -23,7 +23,24 @@ - name: Create Superuser account - zeus action: user name=zeus state=present home={{ home_folder }} shell=/bin/bash - when: Superuser_Account == "Enabled" + when: + - Superuser_Account == "Enabled" + - ansible_distribution != "MacOSX" + tags: [superuser, adoptopenjdk] + +- name: Create Superuser user (macOS) - zeus + action: user name=zeus group=staff state=present home={{ home_folder }} shell=/bin/bash + when: + - Superuser_Account == "Enabled" + - ansible_distribution == "MacOSX" + tags: [superuser, adoptopenjdk] + +- name: Enable SSH login for Superuser user (macOS) + command: dseditgroup -o edit -a zeus -t staff com.apple.access_ssh + ignore_errors: yes + when: + - Superuser_Account == "Enabled" + - ansible_distribution == "MacOSX" tags: [superuser, adoptopenjdk] - name: Create Superuser account home folder for s390x diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Xcode10/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Xcode10/tasks/main.yml new file mode 100644 index 0000000000..c6161a66d9 --- /dev/null +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Xcode10/tasks/main.yml @@ -0,0 +1,94 @@ +--- +########### +# Xcode10 # +########### +- name: Get macOS version + shell: sw_vers -productVersion + register: macos_version + +- name: Set xcode_needed to false + set_fact: + xcode_needed: false + +- name: Check if Xcode is needed on this machine + set_fact: + xcode_needed: true + when: + - inventory_hostname | regex_search("test-") + # We only want to install on test-*macos.14 or test-*macos10.15 + - macos_version | regex_search("10.14") or macos_version | regex_search("10.15") + +- name: Check if Xcode is installed + stat: + path: /Applications/Xcode.app/ + when: xcode_needed == true + register: xcode_installed + +- name: Check if Xcode is downloaded + stat: + path: /tmp/xcode10.xip + get_attributes: no + get_checksum: no + get_mime: no + register: xcode_downloaded + when: + - xcode_needed == true + - not xcode_installed.stat.exists + +- name: Check if Xcode is extracted + stat: + path: Xcode.app + get_attributes: no + get_checksum: no + get_mime: no + register: xcode_extracted + when: + - xcode_needed == true + - not xcode_installed.stat.exists + +# Stored in Azure Blob Storage (SAS URL set to expire in 2030) +- name: Download Xcode_10.3.xip (very slow) + get_url: + url: "https://ansiblestorageadopt.blob.core.windows.net/xcode10/Xcode_10.3.xip?{{ Xcode10_SAS_TOKEN }}" + dest: /tmp/xcode10.xip + force: no + mode: 0755 + checksum: sha256:7a3fd9dc1b0a95d6179c44a92e3f108a928f62a122782671ef1575ed75ea6e9d + when: + - xcode_needed == true + - not xcode_installed.stat.exists + - not xcode_extracted.stat.exists + - not xcode_downloaded.stat.exists + +- name: Extract Xcode10 + command: xip -x /tmp/xcode10.xip + when: + - xcode_needed == true + - not xcode_installed.stat.exists + - not xcode_extracted.stat.exists + +- name: Move Xcode10 to /Applications + command: mv Xcode.app /Applications/ + when: + - xcode_needed == true + - not xcode_installed.stat.exists + +- name: Set Xcode 10 as default keychain + command: xcode-select -s /Applications/Xcode.app + when: + - xcode_needed == true + - not xcode_installed.stat.exists + +- name: Accept Xcode 10 License + command: xcodebuild -license accept + when: + - xcode_needed == true + - not xcode_installed.stat.exists + +- name: Remove downloaded packages for Xcode10 + file: + path: "{{ item }}" + state: absent + with_items: + - /tmp/xcode10.xip + ignore_errors: yes diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/ant/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/ant/tasks/main.yml index 1f1508b69c..8211449396 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/ant/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/ant/tasks/main.yml @@ -22,13 +22,16 @@ validate_certs: no checksum: sha512:2e48f9e429d67708f5690bc307232f08440d01ebe414059292b6543971da9c7cd259c21533b9163b4dd753321c17bd917adf8407d03245a0945fc30a4e633163 when: - - ant_installed.rc != 0 and ansible_distribution != "Solaris" + - ant_installed.rc != 0 + - ansible_distribution != "MacOSX" + - ansible_distribution != "Solaris" tags: ant -- name: Download Apache Ant binaries (Solaris) +- name: Download Apache Ant binaries (macOS) and (Solaris) command: wget https://archive.apache.org/dist/ant/binaries/apache-ant-1.10.5-bin.zip -O /tmp/apache-ant-1.10.5-bin.zip when: - - ant_installed.rc != 0 and ansible_distribution == "Solaris" + - ant_installed.rc != 0 + - ansible_distribution == "MacOSX" or ansible_distribution == "Solaris" tags: ant - name: Create /usr/local if it doesn't exist diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/macos_codesign/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/macos_codesign/tasks/main.yml index 116aed86da..24fc1949a4 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/macos_codesign/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/macos_codesign/tasks/main.yml @@ -92,7 +92,7 @@ dest: /Users/jenkins/installer.p12 when: - not macos_version | regex_search("10.10") - - installer_cert.stderr | regex_search("no identity found") + - installer_cert.stderr | regex_search("no identity found") or installer_cert.stderr | regex_search("Could not find appropriate signing identity for") - name: Install Installer Certificate shell: | @@ -101,7 +101,7 @@ become_user: jenkins when: - not macos_version | regex_search("10.10") - - installer_cert.stderr | regex_search("no identity found") + - installer_cert.stderr | regex_search("no identity found") or installer_cert.stderr | regex_search("Could not find appropriate signing identity for") - name: Allow codesign via ssh shell: | diff --git a/ansible/plugins/inventory/adoptopenjdk_yaml.py b/ansible/plugins/inventory/adoptopenjdk_yaml.py index e3a3fcabe6..e8e8d04bf3 100755 --- a/ansible/plugins/inventory/adoptopenjdk_yaml.py +++ b/ansible/plugins/inventory/adoptopenjdk_yaml.py @@ -148,6 +148,8 @@ def parse_yaml(hosts, config): if 'user' in metadata: hostvars.update({'ansible_user': metadata['user']}) + if 'win' not in hostname: + hostvars.update({'ansible_become': True}) del metadata['user'] if 'password' in metadata: From 14272c35b38fe04a54759ba3425d181b5d975390 Mon Sep 17 00:00:00 2001 From: Stewart X Addison <6487691+sxa@users.noreply.github.com> Date: Fri, 4 Dec 2020 10:02:15 +0000 Subject: [PATCH 3/9] pbTests: Fix -nh option on the VPC help screen (#1735) Signed-off-by: Stewart X Addison --- ansible/pbTestScripts/vagrantPlaybookCheck.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/pbTestScripts/vagrantPlaybookCheck.sh b/ansible/pbTestScripts/vagrantPlaybookCheck.sh index f5fa1b9e2b..299f352f0f 100755 --- a/ansible/pbTestScripts/vagrantPlaybookCheck.sh +++ b/ansible/pbTestScripts/vagrantPlaybookCheck.sh @@ -74,7 +74,7 @@ usage() --clean-workspace | -c Remove the old work folder if detected --URL | -u The URL of the git repository --test | -t Runs a quick test on the built JDK - --no-halt | -n Option to stop the vagrant VMs halting + --no-halt | -nh Option to stop the vagrant VMs halting --new-vagrant-files | -nv Use vagrantfiles from the the specified git repository --skip-more | -sm Run playbook faster by excluding things not required by buildJDK --help | -h Displays this help message" From 7d0b03094ce663c90c02edbf48ea130cc4de9ca0 Mon Sep 17 00:00:00 2001 From: Will Parker <52783864+Willsparker@users.noreply.github.com> Date: Fri, 4 Dec 2020 11:12:22 +0000 Subject: [PATCH 4/9] Set remote_tmp for Ansible (#1736) --- ansible/pbTestScripts/vagrantPlaybookCheck.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/pbTestScripts/vagrantPlaybookCheck.sh b/ansible/pbTestScripts/vagrantPlaybookCheck.sh index 299f352f0f..ea298f5e82 100755 --- a/ansible/pbTestScripts/vagrantPlaybookCheck.sh +++ b/ansible/pbTestScripts/vagrantPlaybookCheck.sh @@ -238,7 +238,7 @@ startVMPlaybook() ssh-keygen -R $(cat playbooks/AdoptOpenJDK_Unix_Playbook/hosts.unx) sed -i -e "s/.*hosts:.*/- hosts: all/g" playbooks/AdoptOpenJDK_Unix_Playbook/main.yml - awk '{print}/^\[defaults\]$/{print "private_key_file = id_rsa"; print "timeout = 30"}' < ansible.cfg > ansible.cfg.tmp && mv ansible.cfg.tmp ansible.cfg + awk '{print}/^\[defaults\]$/{print "private_key_file = id_rsa"; print "remote_tmp = $HOME/.ansible/tmp"; print "timeout = 30"}' < ansible.cfg > ansible.cfg.tmp && mv ansible.cfg.tmp ansible.cfg ansible-playbook -i playbooks/AdoptOpenJDK_Unix_Playbook/hosts.unx -u vagrant -b --skip-tags adoptopenjdk,jenkins${skipFullSetup} playbooks/AdoptOpenJDK_Unix_Playbook/main.yml 2>&1 | tee $WORKSPACE/adoptopenjdkPBTests/logFiles/$folderName.$branchName.$OS.log echo The playbook finished at : `date +%T` From a6986acb1cee26023211881660d8268187994b60 Mon Sep 17 00:00:00 2001 From: Michael Felt Date: Fri, 4 Dec 2020 12:15:21 +0100 Subject: [PATCH 5/9] aixPB: Remove packages already installed by yum (#1704) * aixPB: Remove packages already installed via yum: statements * aixPB: Add additional tag 'yum' to a task * aixPB: Add additional tag 'yum' to a task --- .../roles/yum/tasks/main.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/yum/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/yum/tasks/main.yml index 0a3be5986a..d02523197b 100644 --- a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/yum/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/yum/tasks/main.yml @@ -94,13 +94,14 @@ - name: Install yum package support yum: name={{ item }} state=present update_cache=yes with_items: - - http://www.bullfreeware.com/download/bin/2328/libiconv-1.14-22.aix6.1.ppc.rpm - - http://www.bullfreeware.com/download/bin/2591/libunistring-0.9.6-2.aix6.1.ppc.rpm - - http://www.bullfreeware.com/download/bin/3944/perl-5.24.0-3.aix6.1.ppc.rpm - http://www.oss4aix.org/download/RPMS/cmake/cmake-3.7.2-1.aix6.1.ppc.rpm - tags: rpm_install + tags: + - rpm_install + - yum - name: Ensure perl from /opt/freeware/bin is the default in /usr/bin shell: mv /usr/bin/perl /usr/bin/perl.old && ln -s /opt/freeware/bin/perl /usr/bin/ ignore_errors: True - tags: rpm_install + tags: + - rpm_install + - yum From 0bf2053fcc61f0d294257f3c81b90589c4d3350c Mon Sep 17 00:00:00 2001 From: Michael Felt Date: Fri, 4 Dec 2020 17:31:04 +0100 Subject: [PATCH 6/9] aixPB: Modify order of executition to have requirements first (#1695) * aixPB: Modify order of so-called role executition to have requirements first * aixPB: GNU software needed for some of the Ansible modules used in other plays * aixPB: Remove spurious comments * aixPB: Organize (and document/motivate) six groups of roles. * move aixfs configuration to precede yum - to ensure sufficient FS space for the yum installed packages. * move XLC installation to after yum processing to ensure Ansible unarchive module requirements are available. * aixPB: Remove trailing space * aixPB: move X11 (AIX BOS) installation check to after OSS core installation because it might need the Ansible unarchive: module. Also, number the role grouping to imporve recognition of 'sections' --- .../AdoptOpenJDK_AIX_Playbook/main.yml | 64 ++++++++++++++++--- 1 file changed, 55 insertions(+), 9 deletions(-) diff --git a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/main.yml b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/main.yml index aebf1a42ab..7844318e36 100644 --- a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/main.yml @@ -15,14 +15,64 @@ swap_size: 4096 roles: - - aixfs + # Roles are put into 6 groups + ## AIX BOS install requirements + ## AIX BOS configuration + ## Core OSS (bash, unzip, gtar) + ## AIX User Admin + ## Additional Software + ## OJDK Bootstraps + + # 1. AIX BOS install requirements + + # These packages are installed using installp - which can enlarge + # filesystem space, as needed, on demand + - openssl + + # 2. AIX BOS configuration + - syslogs + # TBD: additional tasks below that need to be promoted to + # or migrated into an AIX setup role - in paritcular - + # the tasks that setup the legal shells needed for user configuration + # may need to be performed AFTER yum processing - rather than before + + # 3. Core OSS installation + + ## Note: this may actually already be performed - partially + ## depending on how python - to use Ansible - has been prepared + # yum based installation of additional software + # installs some gnu packages required by ansible modules + # Note: AIX File system configuration must be run now as RPM based software + # cannot expand filesystem space on demand + - aixfs + - yum + + # 4. AIX User Admin + + # users needed - wait until here to be sure bash is installed + # tbd: Need other actions performed first - mainly adding /usr/bin/bash + # to the list of legal shells. + - jenkins_user + - zeus_user + + # 5. Additional Software: both licensed and OSS + + # Note: although X11 is AIX BOS software - there is a chance that the + # Ansible module unarchive: may be called - and that requires, + # at a minimum, gtar and unzip to be available - regardless of need. + # Likewise, the xlc files may also need the Ansible unarchive and + # need to be evaluated after the CORE OSS software has been installed. - X11 + ## verify/install licensed IBM compilers - xlc_v13 - xlc_v16 - - openssl - - yum + ## additional OSS packages + - ant + - ant_contrib + + # 6. Install OJDK Bootstraps - bootjdk7 - bootjdk8 @@ -31,13 +81,9 @@ - bootjdk11 - bootjdk12 - - ant - - ant_contrib - - - jenkins_user - - zeus_user - tasks: + # TBD: as much as possible reorganize the tasks here into a appropriate role + # And place it in one of the logical areas described above under roles: ###################################### # Add bash to available login shells # ###################################### From 2c0dc9801b8a1065580de1c16c5ef838f3a2b10a Mon Sep 17 00:00:00 2001 From: Michael Felt Date: Fri, 4 Dec 2020 17:44:49 +0100 Subject: [PATCH 7/9] doc: typo corrections and header modifications (#1734) --- FAQ.md | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/FAQ.md b/FAQ.md index 68861039e8..f698dea858 100644 --- a/FAQ.md +++ b/FAQ.md @@ -34,10 +34,13 @@ then a repository admin may override that requirement to push through a change if no reviewers are available, but in such cases a comment explaining why must be added to the Pull Request. -## Running the ansible scripts on your local machine +## Running the ansible scripts on local machines -The full documentation for running locally is at [ansible/README.md] but -assuming you have ansible installed on your UNIX-based machine, clone this +The full documentation for running locally is at [ansible/README.md]. + +### Running the ansible scripts on your current machine + +Assuming you have ansible installed on your UNIX-based machine, clone this repository, create an `inventory` text file with the word `localhost` and run this from the `ansible` directory: @@ -45,15 +48,17 @@ and run this from the `ansible` directory: ansible-playbook -b -i inventory_file --skip-tags adoptopenjdk,jenkins_user playbooks/AdoptOpenJDK_Unix_Playbook/main.yml ``` -NOTE: For windows machines you cannot use this method as ansible does not +NOTE: For windows machines you cannot use this method (i.e., as localhost) as ansible does not run natively on Windows -## Running the ansible scripts remotely on another machine +## Running the ansible scripts on another machine or machines (including Windows) -Create an inventory file with the list of machines you want to set up, then +On an Ansible Control Node create an inventory file with the list of machines you want to set up, then from the `ansible` directory in this repository run somethig like this: -`ansible-playbook -i inventory_file --skip-tags=adoptopenjdk,jenkins playbooks/AdoptOpenJDK_Unix_Playbook/main.yml --skip-tags=adoptopenjdk,jenkins` +``` +ansible-playbook -b -i inventory_file --skip-tags adoptopenjdk,jenkins_user playbooks/AdoptOpenJDK_Unix_Playbook/main.yml +``` If you don't have ssh logins enabled as root, add `-b -u myusername` to the command line which will ssh into the target machine as `myusername` and use @@ -77,11 +82,11 @@ the `root` account (often done by adding it to the `wheel` group) Other than the dependencies on the machines which come from packages shipped with the operating system, we generally use individual roles for each piece of software which we install on the machines. For the main Unix and Windows -playbooks each rol has it's own directory and is called from the top level +playbooks each role has it's own directory and is called from the top level `main.yml` playbook. They are fairly easy to add and in most cases you can look at an existing one and copy it. -As far as possibly, give each operation within the role a tags so that it +As far as possibly, give each operation within the role a tag so that it can either be skipped if someone doesn't want it, or run on its own if desired. From 919dbdf4a635c4fd2a1cd52268c4c1a948aaeeb8 Mon Sep 17 00:00:00 2001 From: Martijn Verburg Date: Thu, 3 Dec 2020 12:23:53 +0000 Subject: [PATCH 8/9] Fixes from Markdown and Yaml linters + spelling typos --- .github/ISSUE_TEMPLATE/ansible.md | 2 +- .github/ISSUE_TEMPLATE/machineaccess.md | 3 +- .github/ISSUE_TEMPLATE/newmachine.md | 4 +- .github/ISSUE_TEMPLATE/testcasefail.md | 4 +- .github/workflows/build_vagrant.yml | 2 +- .gitignore | 1 + CHAOS_MONKEY.md | 6 +- CONTRIBUTING.md | 23 ++-- FAQ.md | 21 ++- ONBOARDING.md | 10 +- README.md | 176 +++++++++++++----------- docs/README.md | 4 +- docs/Setup-QEMU-Images.md | 91 ++++++++---- docs/Setup-RISCV-VMs.md | 104 ++++++++------ 14 files changed, 267 insertions(+), 184 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/ansible.md b/.github/ISSUE_TEMPLATE/ansible.md index 3752522350..57eee750f1 100644 --- a/.github/ISSUE_TEMPLATE/ansible.md +++ b/.github/ISSUE_TEMPLATE/ansible.md @@ -6,7 +6,7 @@ labels: 'ansible' assignees: '' --- -Please put the name of the software product (and affectred platforms if relevant) in the title of this issue +Please put the name of the software product (and affected platforms if relevant) in the title of this issue - [ ] Missing install - [ ] Bug in ansible playbook diff --git a/.github/ISSUE_TEMPLATE/machineaccess.md b/.github/ISSUE_TEMPLATE/machineaccess.md index bd6d402468..a03b9d87fb 100644 --- a/.github/ISSUE_TEMPLATE/machineaccess.md +++ b/.github/ISSUE_TEMPLATE/machineaccess.md @@ -7,11 +7,12 @@ assignees: 'sxa' --- Access level: + - [ ] Non-privileged - [ ] jenkins user - [ ] root/Administrative - [ ] other (Please specify): -System for which access is needed: +System for which access is needed: Please explain why you need this access including whether it is a temporary or permanent request: diff --git a/.github/ISSUE_TEMPLATE/newmachine.md b/.github/ISSUE_TEMPLATE/newmachine.md index 7ef0ba8250..2fd655dd98 100644 --- a/.github/ISSUE_TEMPLATE/newmachine.md +++ b/.github/ISSUE_TEMPLATE/newmachine.md @@ -10,9 +10,9 @@ I need to request a new machine: - New machine operating system (e.g. linux/windows/macos/solaris/aix): - New machine architecture (e.g. x64/aarch32/arm32/ppc64/ppc64le/sparc): -- Provider (leave blank if it does not matter): +- Provider (leave blank if it does not matter): - Desired usage: -- Any unusual specification/setup required: +- Any unusual specification/setup required: - How many of them are required: 1 Please explain what this machine is needed for: diff --git a/.github/ISSUE_TEMPLATE/testcasefail.md b/.github/ISSUE_TEMPLATE/testcasefail.md index e0947f7635..a0927f7e4d 100644 --- a/.github/ISSUE_TEMPLATE/testcasefail.md +++ b/.github/ISSUE_TEMPLATE/testcasefail.md @@ -10,9 +10,9 @@ Please set the title to indicate the test name and machine name where known. To make it easy for the infrastructure team to repeat and diagnose, please answer the following questions: -- test suite/name? +- test suite/name? - Is there an existing issue elsewhere covering this? -- Which machine(s) does it work on? +- Which machine(s) does it work on? - Which machine(s) does it fail on? - Do you have a link to a Grinder re-run if the test with the failure? diff --git a/.github/workflows/build_vagrant.yml b/.github/workflows/build_vagrant.yml index 481724a606..bdf441ccd6 100644 --- a/.github/workflows/build_vagrant.yml +++ b/.github/workflows/build_vagrant.yml @@ -35,7 +35,7 @@ jobs: sed -i -e "s/.*hosts:.*/- hosts: all/g" playbooks/AdoptOpenJDK_Unix_Playbook/main.yml awk '{print}/^\[defaults\]$/{print "private_key_file = id_rsa"; print "timeout = 30"; print "remote_tmp = $HOME/.ansible/tmp"}' < ansible.cfg > ansible.cfg.tmp && mv ansible.cfg.tmp ansible.cfg - - name: Run Asible Playbook + - name: Run Ansible Playbook run: | cd ansible ansible-playbook -i playbooks/AdoptOpenJDK_Unix_Playbook/hosts.unx -u vagrant -b --skip-tags adoptopenjdk,cups playbooks/AdoptOpenJDK_Unix_Playbook/main.yml diff --git a/.gitignore b/.gitignore index 27f9c3eb9f..6fb6b1b87e 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ ansible/playbooks/*.retry *.pyc ansible/host_vars/* **/vendor_files +.vscode/ diff --git a/CHAOS_MONKEY.md b/CHAOS_MONKEY.md index a68dc0d63f..fbbcb6a4eb 100644 --- a/CHAOS_MONKEY.md +++ b/CHAOS_MONKEY.md @@ -1,11 +1,11 @@ -# Can we Chaos Monkey it? +# Can we Chaos Monkey it -A goal for the project is to be able to tear down any of our build or test hosts +A goal for the project is to be able to tear down any of our build or test hosts and recreate it completely from our Ansible playbooks. ## Security and Patching -Ansible must ensure that the underlying O/S is patched as well as any firewalls, +Ansible must ensure that the underlying O/S is patched as well as any firewalls, VPN and other security configured before making the host available. ## Core Infrastructure diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5904447306..77c2dd37c3 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -8,8 +8,8 @@ reproducing issues and more. ## Mission Statement -To provide **secure**, **consistent**, **repeatable**, and **auditable** -infrastructure for the AdoptOpenJDK farm. See our full [Mission Statement]() for more details. +To provide **secure**, **consistent**, **repeatable**, and **auditable** +infrastructure for the AdoptOpenJDK farm. See our full [Mission Statement] for more details. ## Infrastructure Manifesto @@ -34,7 +34,7 @@ Following these guidelines will help us merge your pull requests smoothly: pulled in, but also _why_ you'd like them added. Providing clarity on why you want changes makes it easier to accept, and provides valuable context to review. If there is a link to an issue in the PR that contains these details - that is sufficient. + that is sufficient. 2. Follow the commit guidelines found below. @@ -62,10 +62,10 @@ that the commit message is always going to be rendered in plain text. When a commit has related issues or commits, explain the relation in the message body. When appropriate, use the keywords described in the following help article to automatically close issues. -https://help.github.com/articles/closing-issues-using-keywords/ +[Closing Issues Using Keywords](https://help.github.com/articles/closing-issues-using-keywords/) For example: -``` +```md Install OpenSSL in windows playbook OpenSSL is required to compile java on windows, so the OpenSSL role will @@ -75,19 +75,18 @@ Fixes: #1234 ``` All changes should be made to a personal fork of AdoptOpenJDK/infrastructure for making changes. - + 1. Fork this repository 1. Create a branch off your fork 1. Make the change 1. Test it (see below) 1. Submit a Pull Request -Only reviewers in the [admin_infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/admin_infrastructure) team have permission to merge requests for this `openjdk-infrastructure` repo, -so please ask one of those team members to review your Pull Request. +Only reviewers in the [admin_infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/admin_infrastructure) team have permission to merge requests for this `openjdk-infrastructure` repo, so please ask one of those team members to review your Pull Request. -# Using Vagrant to test your Ansible scripts (Ubuntu based) +## Using Vagrant to test your Ansible scripts (Ubuntu based) -**TODO** This has bit rotteed somewhat and needs to be looked at again. +**TODO** This has bit rotted somewhat and needs to be looked at again. We expect developers to test their Ansible changes in a test environment. A default one for Ubuntu based systems is provided for you via VirtualBox / Vagrant. @@ -95,7 +94,7 @@ See the guide below. [Ansible Scripts Guide](ansible/README.md) -# Docs +## Docs -Project documentation in permanent form (e.g. Build Farm architecture) is stored +Project documentation in permanent form (e.g. Build Farm architecture) is stored in the [docs](docs) folder. diff --git a/FAQ.md b/FAQ.md index f698dea858..410ef0b0cb 100644 --- a/FAQ.md +++ b/FAQ.md @@ -7,7 +7,7 @@ won't necessarily have access to see these links): - [adoptopenjdk-infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/adoptopenjdk-infrastructure) - write access to the repository which lets you be an official approver of PRs (triage doesn't) - [infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/infrastructure) - higher level of access for system administrators only -- [admin_infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/admin_infrastructure) - The Admin team - can force through changes without approval etc. +- [admin_infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/admin_infrastructure) - The Admin team - can force through changes without approval etc. ## Commit messages @@ -44,7 +44,7 @@ Assuming you have ansible installed on your UNIX-based machine, clone this repository, create an `inventory` text file with the word `localhost` and run this from the `ansible` directory: -``` +```sh ansible-playbook -b -i inventory_file --skip-tags adoptopenjdk,jenkins_user playbooks/AdoptOpenJDK_Unix_Playbook/main.yml ``` @@ -54,9 +54,9 @@ run natively on Windows ## Running the ansible scripts on another machine or machines (including Windows) On an Ansible Control Node create an inventory file with the list of machines you want to set up, then -from the `ansible` directory in this repository run somethig like this: +from the `ansible` directory in this repository run something like this: -``` +```sh ansible-playbook -b -i inventory_file --skip-tags adoptopenjdk,jenkins_user playbooks/AdoptOpenJDK_Unix_Playbook/main.yml ``` @@ -68,14 +68,13 @@ To do this you ideally need to be using key-based ssh logins. If you use a passphrase on your ssh key use the following to hold the credentials in the shell: -``` +```sh eval `` `ssh-agent` `` ssh-add ``` and if using the `-b` option, ensure that your user has access to `sudo` -without a password to -the `root` account (often done by adding it to the `wheel` group) +without a password to the `root` account (often done by adding it to the `wheel` group) ## Adding a new role to the ansible scripts @@ -91,8 +90,8 @@ can either be skipped if someone doesn't want it, or run on its own if desired. If something is specific to the adoptopenjdk infrastructure (e.g. setting -hostnames, or configuring things specific to our setup but aren't required -to be able to run build/test operations) then give the enitries in that role +host names, or configuring things specific to our setup but aren't required +to be able to run build/test operations) then give the entries in that role an `adoptopenjdk` tag as well. If you need to do something potentially adjusting the users' system, use the `dont_remove_system` tag. This is occasionally required if, for example, we need a specific version of a tool @@ -115,7 +114,7 @@ to validate them. ## Jenkins access -The AdoptOpenJDK Jenkins server at https://ci.adoptopenjdk.net is used for all the +The AdoptOpenJDK Jenkins server at [https://ci.adoptopenjdk.net](https://ci.adoptopenjdk.net) is used for all the builds and testing automation. Since we're as open as possible, general read access is enabled. For others, access is controlled via github teams (via the Jenkins `Github Authentication Plugin` as follows. (Links here won't work for @@ -123,7 +122,7 @@ most people as the teams are restricted access) - [release](https://github.com/orgs/AdoptOpenJDK/teams/jenkins-admins/members) can run and configure jobs and views - [build](https://github.com/orgs/AdoptOpenJDK/teams/build/members) has the access for `release` plus the ability to create new jobs -- [testing]https://github.com/orgs/AdoptOpenJDK/teams/testing/members has the same access as `build` +- [testing](https://github.com/orgs/AdoptOpenJDK/teams/testing/members) has the same access as `build` - [infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/infrastructure/members) has the same as `build`/`testing` plus can manage agent machines - [jenkins-admins](https://github.com/orgs/AdoptOpenJDK/teams/jenkins-admins/members) as you might expect has access to Administer anything diff --git a/ONBOARDING.md b/ONBOARDING.md index b73556f670..2697f3469d 100644 --- a/ONBOARDING.md +++ b/ONBOARDING.md @@ -6,17 +6,17 @@ Assuming the PR is approved -- Create Pull Request to add user to https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/README.md#infrastructure. +- Create Pull Request to add user to [Infrastructure](https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/README.md#infrastructure). - Ideally request users public GPG key as well as their public SSH key. ## GitHub Add the user to the correct Infrastructure team: -* [@admin_infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/admin_infrastructure) - Super Users -* [@infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/infrastructure) - Core Infra Team -* [@adoptopenjdk-infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/adoptopenjdk-infrastructure) - Can be assigned Infra Issues -* [@jenkins-admins](https://github.com/orgs/AdoptOpenJDK/teams/jenkins-admins) - Super users on Jenkins +- [@admin_infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/admin_infrastructure) - Super Users +- [@infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/infrastructure) - Core Infra Team +- [@adoptopenjdk-infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/adoptopenjdk-infrastructure) - Can be assigned Infra Issues +- [@jenkins-admins](https://github.com/orgs/AdoptOpenJDK/teams/jenkins-admins) - Super users on Jenkins ### [Secrets](https://github.com/AdoptOpenJDK/secrets) diff --git a/README.md b/README.md index 3fa137256f..1ba89a929d 100644 --- a/README.md +++ b/README.md @@ -1,29 +1,32 @@ -[![Build Status](https://travis-ci.org/AdoptOpenJDK/openjdk-infrastructure.svg?branch=master)](https://travis-ci.org/AdoptOpenJDK/openjdk-infrastructure) +# Infrastructure + +## Build Status +[![Build Status](https://travis-ci.org/AdoptOpenJDK/openjdk-infrastructure.svg?branch=master)](https://travis-ci.org/AdoptOpenJDK/openjdk-infrastructure) -# Mission Statement +## Mission Statement To provide infrastructure for the AdoptOpenJDK farm that is: -* **Secure** - Infrastructure is private by default and access is granted in a +* **Secure** - Infrastructure is private by default and access is granted in a time and access control limited manner. -* **Consistent** - Infrastructure is consistent in order to produce consistent +* **Consistent** - Infrastructure is consistent in order to produce consistent AdoptOpenJDK binaries. -* **Repeatable** - Infrastructure can be reproduced by our _infrastrucure as code_. +* **Repeatable** - Infrastructure can be reproduced by our _infrastructure as code_. We embrace the Chaos Monkey. -* **Auditable** - What each host/platform is made up of is publicly accessible +* **Auditable** - What each host/platform is made up of is publicly accessible _infrastructure as code_. -The end result should be **immutable** hosts, which can be destroyed and reproduced from Ansible playbooks. See +The end result should be **immutable** hosts, which can be destroyed and reproduced from Ansible playbooks. See our [Contribution -Guidelines](https://www.github.com/adoptopenjdk/openjdk-infrastructure/CONTRIBUTING.md) +Guidelines](https://www.github.com/adoptopenjdk/openjdk-infrastructure/CONTRIBUTING.md) on how we implement these goals. -## Can we Chaos Monkey it? +## Can we Chaos Monkey it See our current [Chaos Monkey Status](CHAOS_MONKEY.md). -# Related Repos +## Related Repositories * [email](https://www.github.com/adoptopenjdk/email/) - A repo containing configuration for our email aliases etc. * [secrets](https://www.github.com/adoptopenjdk/secrets/) - A private repo containing encrypted secrets. @@ -31,87 +34,89 @@ See our current [Chaos Monkey Status](CHAOS_MONKEY.md). ## Important Documentation -* [hosts](https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/ansible/inventory.yml) - Our inventory, [visualised](https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/docs/adoptopenjdk.pdf). -* [Ansible at AdoptOpenJDK](https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/ansible/README.md) - Our hosts are built using Ansible Playbooks. +* [hosts](https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/ansible/inventory.yml) - Our inventory, [visualized](https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/docs/adoptopenjdk.pdf). +* [Ansible at AdoptOpenJDK](https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/ansible/README.md) - Our hosts are built using Ansible Playbooks. -# Contributing +## Contributing -Please visit our `#infrastructure` [Slack Channel](https://www.adoptopenjdk.net/slack.html) and say hello. +Please visit our `#infrastructure` [Slack Channel](https://www.adoptopenjdk.net/slack.html) and say hello. Please read our [Contribution -Guidelines](https://www.github.com/adoptopenjdk/openjdk-infrastructure/CONTRIBUTING.md) before +Guidelines](https://www.github.com/adoptopenjdk/openjdk-infrastructure/CONTRIBUTING.md) before submitting Pull Requests. -# Members +## Members -We list members and their organisation affiliation for maximum transparency. Want to add -a new member? Please follow our [Onboarding Process](ONBOARDING.md). +We list members and their organisation affiliation for maximum transparency. Want to add +a new member? Please follow our [Onboarding Process](ONBOARDING.md). -* - Indicates access to the secrets repo +`*` Indicates access to the secrets repo ## [@admin_infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/admin_infrastructure) Team that holds super user access to Infrastructure -- [@gdams](https://github.com/gdams) - George Adams (Microsoft) - * -- [@johnoliver](https://github.com/johnoliver) - John Oliver (Microsoft / LJC) - * -- [@sxa555](https://github.com/sxa555) - Stewart X Addison (Red Hat) - * +* [@gdams](https://github.com/gdams) - George Adams (Microsoft) - * +* [@johnoliver](https://github.com/johnoliver) - John Oliver (Microsoft / LJC) - * +* [@sxa555](https://github.com/sxa555) - Stewart X Addison (Red Hat) - * ## [@infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/infrastructure) Core infrastructure team - granted access to hosts on a case by case basis -- [@ali-ince](https://github.com/ali-ince) - Ali Ince (LJC) -- [@gdams](https://github.com/gdams) - George Adams (Microsoft) -- [@geraintwjones](https://github.com/geraintwjones) - Geraint Jones (IBM) - * -- [@jdekonin](https://github.com/jdekonin) - Joe deKoning (IBM) -- [@johnoliver](https://github.com/johnoliver) - John Oliver (Microsoft / LJC) -- [@karianna](https://github.com/karianna) - Martijn Verburg (Microsoft / LJC) - * -- [@mwornast](https://github.com/mwornast) - Marcus Wornast (IBM) - * -- [@pnstanton](https://github.com/pnstanton) - Peter Stanton (IBM) - * -- [@sej-jackson](https://github.com/sej-jackson) - Sej Jackson (IBM) -- [@sxa555](https://github.com/sxa555) - Stewart X Addison (IBM) - * -- [@tellison](https://github.com/tellison) - Tim Ellison (Red Hat) - * -- [@vsebe](https://github.com/vsebe) - Violeta Sebe (IBM) -- [@Willsparker](https://github.com/Willsparker) - William Parker (AdoptOpenJDK) - * +* [@ali-ince](https://github.com/ali-ince) - Ali Ince (LJC) +* [@gdams](https://github.com/gdams) - George Adams (Microsoft) +* [@geraintwjones](https://github.com/geraintwjones) - Geraint Jones (IBM) - * +* [@jdekonin](https://github.com/jdekonin) - Joe deKoning (IBM) +* [@johnoliver](https://github.com/johnoliver) - John Oliver (Microsoft / LJC) +* [@karianna](https://github.com/karianna) - Martijn Verburg (Microsoft / LJC) - * +* [@mwornast](https://github.com/mwornast) - Marcus Wornast (IBM) - * +* [@pnstanton](https://github.com/pnstanton) - Peter Stanton (IBM) - * +* [@sej-jackson](https://github.com/sej-jackson) - Sej Jackson (IBM) +* [@sxa555](https://github.com/sxa555) - Stewart X Addison (IBM) - * +* [@tellison](https://github.com/tellison) - Tim Ellison (Red Hat) - * +* [@vsebe](https://github.com/vsebe) - Violeta Sebe (IBM) +* [@Willsparker](https://github.com/Willsparker) - William Parker (AdoptOpenJDK) - * ## [@adoptopenjdk-infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/adoptopenjdk-infrastructure) Issues can be assigned to these folks -- [@AdamBrousseau](https://github.com/AdamBrousseau) - Adam Brousseau (IBM) -- [@CJKwork](https://github.com/CJKwork) - Clive Kennedy (IBM) -- [@cwesMills](https://github.com/cwesMills) - Colton Mills (IBM) -- [@cwillhelm](https://github.com/cwillhelm) - Connor Willhelm (IBM) -- [@Haroon-Khel](https://github.com/Haroon-Khel) - Haroon Khel (Red Hat) -- [@HusainYusafali](https://github.com/HusainYusufali) - Husain Yusufali (IBM) -- [@jdekonin](https://github.com/jdekonin) - Joe deKoning (IBM) -- [@karianna](https://github.com/karianna) - Martijn Verburg (Microsoft / LJC) -- [@sej-jackson](https://github.com/sej-jackson) - Sej Jackson (IBM) -- [@vsebe](https://github.com/vsebe) - Violeta Sebe (IBM) -- [@Willsparker](https://github.com/Willsparker) - William Parker (AdoptOpenJDK) - -## [@jenkins-admins](https://github.com/orgs/AdoptOpenJDK/teams/jenkins-admins) -- [@ali-ince](https://github.com/ali-ince) Ali Ince (LJC) -- [@andrew-m-leonard](https://github.com/andrew-m-leonard) Andrew M Leonard (Red Hat) -- [@gdams](https://github.com/gdams) - George Adams (Microsoft) -- [@geraintwjones](https://github.com/geraintwjones) - Geraint Jones (IBM) -- [@johnoliver](https://github.com/johnoliver) - John Oliver (Microsoft / LJC) -- [@karianna](https://github.com/karianna) - Martijn Verburg (Microsoft / LJC) -- [@mwornast](https://github.com/mwornast) - Marcus Wornast (IBM) -- [@neomatrix369](https://github.com/neomatrix369) - Mani Sarkar (LJC) -- [@smlambert](https://github.com/smlambert) - Shelley Lambert (Red Hat) -- [@sxa555](https://github.com/sxa555) - Stewart X Addison (Red Hat) -- [@tellison](https://github.com/tellison) - Tim Ellison (Red Hat) -- [@VermaSh](https://github.com/VermaSh) Shubham Verma (IBM) - -# Host Information -Most information about our machines can be found at https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/ansible/inventory.yml - -# Maintenance Information: +* [@AdamBrousseau](https://github.com/AdamBrousseau) - Adam Brousseau (IBM) +* [@CJKwork](https://github.com/CJKwork) - Clive Kennedy (IBM) +* [@cwesMills](https://github.com/cwesMills) - Colton Mills (IBM) +* [@cwillhelm](https://github.com/cwillhelm) - Connor Willhelm (IBM) +* [@Haroon-Khel](https://github.com/Haroon-Khel) - Haroon Khel (Red Hat) +* [@HusainYusafali](https://github.com/HusainYusufali) - Husain Yusufali (IBM) +* [@jdekonin](https://github.com/jdekonin) - Joe deKoning (IBM) +* [@karianna](https://github.com/karianna) - Martijn Verburg (Microsoft / LJC) +* [@sej-jackson](https://github.com/sej-jackson) - Sej Jackson (IBM) +* [@vsebe](https://github.com/vsebe) - Violeta Sebe (IBM) +* [@Willsparker](https://github.com/Willsparker) - William Parker (AdoptOpenJDK) + +### [@jenkins-admins](https://github.com/orgs/AdoptOpenJDK/teams/jenkins-admins) + +* [@ali-ince](https://github.com/ali-ince) Ali Ince (LJC) +* [@andrew-m-leonard](https://github.com/andrew-m-leonard) Andrew M Leonard (Red Hat) +* [@gdams](https://github.com/gdams) - George Adams (Microsoft) +* [@geraintwjones](https://github.com/geraintwjones) - Geraint Jones (IBM) +* [@johnoliver](https://github.com/johnoliver) - John Oliver (Microsoft / LJC) +* [@karianna](https://github.com/karianna) - Martijn Verburg (Microsoft / LJC) +* [@mwornast](https://github.com/mwornast) - Marcus Wornast (IBM) +* [@neomatrix369](https://github.com/neomatrix369) - Mani Sarkar (LJC) +* [@smlambert](https://github.com/smlambert) - Shelley Lambert (Red Hat) +* [@sxa555](https://github.com/sxa555) - Stewart X Addison (Red Hat) +* [@tellison](https://github.com/tellison) - Tim Ellison (Red Hat) +* [@VermaSh](https://github.com/VermaSh) Shubham Verma (IBM) + +### Host Information + +Most information about our machines can be found at [Inventory](https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/ansible/inventory.yml) + +### Maintenance Information TODO Need to check all of this -## Quarterly Maintenance Window Schedule +### Quarterly Maintenance Window Schedule ***\*\*Proposed Schedule\*\**** @@ -124,12 +129,15 @@ TODO Need to check all of this | January 17, 2018 | 3pm - 5pm - Standard Time (UTC - 5) | 20:00 - 22:00 - Greenwich Mean Time (UTC + 0) | ### Standard Action Items -- Apply non-security patches to infrastructure systems. -- Apply Application patches to: Nagios, Jenkins, AWX, etc. -## Backups: +* Apply non-security patches to infrastructure systems. +* Apply Application patches to: Nagios, Jenkins, AWX, etc. + +### Backups + The following items are stored in GitHub. -- Source code, System deployment scripts (Ansible), Instructions/How to Information + +* Source code, System deployment scripts (Ansible), Instructions/How to Information | Description | Storage Location | Frequency | |---|---|---| @@ -138,29 +146,35 @@ The following items are stored in GitHub. | AWX - Configuration and Settings | not currently backed up | N/A | ### Questions + Backup schedule: -- How often should be backup? -- Where should it be stored? + +* How often should be backup? +* Where should it be stored? Backup retention: -- How long should be keep it? -- How many copies? -## OS Patch Management -**WARNING:** Several of our hosts are internet facing and we need to stay vigilant +* How long should be keep it? +* How many copies? + +### OS Patch Management + +**WARNING:** Several of our hosts are internet facing and we need to stay vigilant of the potential security risks this presents. ### Patch Management / Minimum Time Frame + | Vulnerability Type | Time Frame| |---|---| | Critical severity | 24 hours or less | | High severity | 7 days | | Moderate and low severity | 30 days| -- Nagios is configured to monitor each system and report on the status of OS patches required. -- Non-infrastructure systems are configured to automatically apply all patches. (Sundays at 5am local host time) -- Infrastructure systems are configured to automatically apply security patches only. (Sundays at 5am local host time) This information is logged on the localhost: /var/log/apt-security-updates +* Nagios is configured to monitor each system and report on the status of OS patches required. +* Non-infrastructure systems are configured to automatically apply all patches. (Sundays at 5am local host time) +* Infrastructure systems are configured to automatically apply security patches only. (Sundays at 5am local host time) This information is logged on the localhost: /var/log/apt-security-updates ### Application Updates -- During our quarterly maintenance window application patches will be applied manually. -- When a critical or high severity vulnerability is announced patching will take place within the time frame stated above. + +* During our quarterly maintenance window application patches will be applied manually. +* When a critical or high severity vulnerability is announced patching will take place within the time frame stated above. diff --git a/docs/README.md b/docs/README.md index 03262b1964..bc1100bcea 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,3 +1,3 @@ -## To edit the infrastructure diagram: +# To edit the infrastructure diagram -Download yEd Graph Editor: https://www.yworks.com/products/yed +Download [yEd Graph Editor](https://www.yworks.com/products/yed) diff --git a/docs/Setup-QEMU-Images.md b/docs/Setup-QEMU-Images.md index 8eead43ddf..b2532082c7 100644 --- a/docs/Setup-QEMU-Images.md +++ b/docs/Setup-QEMU-Images.md @@ -1,7 +1,9 @@ # Recreating QEMU images + This is a document how to rebuild the images used in the [QEMUPlaybookCheck](https://ci.adoptopenjdk.net/job/QEMUPlaybookCheck/) (QPC) Jenkins job, in the event of having to migrate the machine that runs QPC. In this document, the **host machine** refers to the machine running QPC and the **guest machine** refers to the QEMU VM. -## Standarised rules: +## Standardized rules + Regardless of the architecture that QEMU is emulating, all of the disk images mentioned here will follow rules to ensure the QPC script still works on the machines. | Rule | Explanation | @@ -13,86 +15,117 @@ User: `linux`, Password: `password` | This is allow for `sshpass` to add the ge In addition to these guest machine rules, all images must be stored in _/qemu_base_images/_ on the host machine, compressed using `xz` , under the name `$ARCHITECTURE.dsk.xz`. -### Extending the disk image: +### Extending the disk image + Irrespective of the file used for the the disk image- i.e. `qcow2` or `DOS/MBR boot sector` , the disk images can be resized using: + ```bash # Making $ARCHITECTURE.dsk 5Gb larger $ qemu-img resize $ARCHITECTURE.dsk +5G ``` + This is executed on the host machine. The QEMU VM using this disk image must not be running when you do this. **Note:** Once you've done this, you'll need to extend the partition within the VM. Alternatively creating a new partition and mount it at `/home/linux` for extra space to build the JDK. -### Password-less `sudo`: -This is only applicable once `sudo` is installed. This is required to allow for the `linux` user to use `sudo` without requiring a password to be input, so [qemuPlaybookCheck.sh](https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/ansible/pbTestScripts/qemuPlaybookCheck.sh) can use the `-b` option in `ansible-playbook` without user interaction. + +### Password-less `sudo` + +This is only applicable once `sudo` is installed. This is required to allow for the `linux` user to use `sudo` without requiring a password to be input, so [qemuPlaybookCheck.sh](https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/ansible/pbTestScripts/qemuPlaybookCheck.sh) can use the `-b` option in `ansible-playbook` without user interaction. + ```bash sudo sh -c "echo 'linux ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers" ``` + This can also be done with whichever file editor you tend to use. This is executed on the guest machine. ## Disk Images -### Ubuntu18.04 PPC64LE: +### Ubuntu18.04 PPC64LE + The Ubuntu18.04 disk was created manually, as opposed to getting a pre-made one from a guide. The first step is to find a PPC64LE ISO. At the time of creating the image, Ubuntu 18.04 could be found on the [Ubuntu website](https://ubuntu.com/download/server/power), however this has been updated with the newest LTS. Alternatively Ubuntu18.04 PPC64LE ISOs can be found at [cloud-images.ubuntu](https://cloud-images.ubuntu.com/releases/bionic/release/) -After this we need to create a large file to put the disk image on. The current U18 PPC64le disk image uses a `raw` format, created by doing the following: +After this we need to create a large file to put the disk image on. The current U18 PPC64le disk image uses a `raw` format, created by doing the following: + ```bash fallocate -l 15GB PPC64LE.dsk ``` + However, this could be created in QEMU's `qcow2` format + ```bash qemu-img create -f qcow2 PPC64LE.dsk 15G ``` + The iso then needs to be installed on the created disk. To do this, a QEMU VM needs to be created that boots from the iso, to install on the disk: + ```bash qemu-system-ppc64 -M pseries -m 1024 -cdrom U18-ppc64el.iso -boot d -hda PPC64LE.dsk ``` -Run through the installation as normal, and the disk image should be ready. To then run the machine to add the `linux` user and other config, run the following: + +Run through the installation as normal, and the disk image should be ready. To then run the machine to add the `linux` user and other config, run the following: + ```bash qemu-system-ppc64 -M pseries -m 1024 -hda PPC64LE.dsk ``` -### Ubuntu18.04 S390x: -This was setup very much like the above Ubuntu18.04 PPC64LE disk- i.e, an Iso found [here](https://cloud-images.ubuntu.com/releases/bionic/release/) was used to install Ubuntu18.04 on a 15GB `qcow` image. -Run this to start the installation: + +### Ubuntu18.04 S390x + +This was setup very much like the above Ubuntu18.04 PPC64LE disk- i.e, an Iso found [here](https://cloud-images.ubuntu.com/releases/bionic/release/) was used to install Ubuntu18.04 on a 15GB `qcow` image. +Run this to start the installation: + ```bash qemu-system-s390x -M s390-ccw-virtio -m 1024 -cdrom U18-S390x.iso -drive file=S390X.dsk,if=none,format=raw,id=hd0 -device virtio-blk-ccw,drive=hd0,id=virtio-disk0 -boot d ``` -And to run the QEMU machine as normal: + +And to run the QEMU machine as normal: + ```bash qemu-system-s390x -M s390-ccw-virtio -m 1024 -drive file=S390X.dsk,if=none,format=raw,id=hd0 -device virtio-blk-ccw,drive=hd0,id=virtio-disk0 ``` + If for whatever reason these don't work, there is another process that can produce a working `s390x` QEMU VM, which would be to use the separate `-kernel` and `-init` options in the `qemu-system-s390x` command. These aren't currently supported in the `qemuPlaybookCheck.sh` script, but wouldn't be too difficult to alter if required. A link to a guide to build a **Debian** S390x image can be found [here](https://wiki.qemu.org/Documentation/Platforms/S390X#Minimal_command-line), with a link to where the `kernel` and `initrd` can be downloaded. Alternatively, these can be extracted from an iso. -A link to a guide to build an **Ubuntu19.04 Server** S390x image, as well as how to extract `kernel` and `initrd` files from an iso, can be found [here](https://astr0baby.wordpress.com/2019/05/09/testing-bleeding-edge-ubuntu-server-19-10-s390x-in-qemu/). -### Debian Buster ARM64: +A link to a guide to build an **Ubuntu19.04 Server** S390x image, as well as how to extract `kernel` and `initrd` files from an iso, can be found [here](https://astr0baby.wordpress.com/2019/05/09/testing-bleeding-edge-ubuntu-server-19-10-s390x-in-qemu/). + +### Debian Buster ARM64 + This architecture was setup using the instructions [here](https://wiki.debian.org/Arm64Qemu), with the disk image found [here](https://cdimage.debian.org/cdimage/openstack/current/). When setting up the images for QPC, the `debian-10.4.3-*-arm64.qcow2` image was used, however new images are being released fairly frequently. With this architecture, an extra QEMU package has to be installed to provide the file used for `-bios` option in the `qemu-system-aarch64` command: + ```bash -$ apt install qemu-efi-aarch64 +apt install qemu-efi-aarch64 ``` + The setup instructions also suggests installing `qemu-system-arm` and `qemu-utils`, however `qemu-system-arm` isn't required if `QEMU 5.0.0` has been built on the system, and `qemu-utils` just wasn't used. ### Ubuntu 18 ARM64 + This disk image was setup using the instructions [here](https://futurewei-cloud.github.io/ARM-Datacenter/qemu/how-to-launch-aarch64-vm/) -To summarise the instructions in the link: +To summarize the instructions in the link: The packages `qemu-system-arm`, `qemu-efi-aarch64` and `qemu-utils` are installed. Two flash images are created using the commands + ```bash dd if=/dev/zero of=flash1.img bs=1M count=64 dd if=/dev/zero of=flash0.img bs=1M count=64 dd if=/usr/share/qemu-efi-aarch64/QEMU_EFI.fd of=flash0.img conv=notrunc ``` + An empty disk image is created, using the command + ```bash qemu-img create ubuntu-image.img 20G ``` -Then the disk image can be booted up using an installer. The instructions use a Ubuntu 18 installer http://ports.ubuntu.com/ubuntu-ports/dists/bionic-updates/main/installer-arm64/current/images/netboot/mini.iso -The image is booted up the first time using +Then the disk image can be booted up using an installer. The instructions use a [Ubuntu 18 installer](http://ports.ubuntu.com/ubuntu-ports/dists/bionic-updates/main/installer-arm64/current/images/netboot/mini.iso). + +The image is booted up the first time using: + ```bash qemu-system-aarch64 -nographic -machine virt,gic-version=max -m 512M -cpu max -smp 4 \ -netdev user,id=vnet,hostfwd=:127.0.0.1:0-:22 -device virtio-net-pci,netdev=vnet \ @@ -100,7 +133,9 @@ qemu-system-aarch64 -nographic -machine virt,gic-version=max -m 512M -cpu max -s -drive file=mini.iso,if=none,id=drive1,cache=writeback -device virtio-blk,drive=drive1,bootindex=1 \ -drive file=flash0.img,format=raw,if=pflash -drive file=flash1.img,format=raw,if=pflash ``` + Once the OS is installed, the disk image can be booted on subsequent use without the installer + ```bash qemu-system-aarch64 -nographic -machine virt,gic-version=max -m 512M -cpu max -smp 4 \ -netdev user,id=vnet,hostfwd=:127.0.0.1:0-:22 -device virtio-net-pci,netdev=vnet \ @@ -109,26 +144,31 @@ qemu-system-aarch64 -nographic -machine virt,gic-version=max -m 512M -cpu max -s ``` ### Debian 8 ARM32 + This disk image was setup using the instructions [here](https://translatedcode.wordpress.com/2016/11/03/installing-debian-on-qemus-32-bit-arm-virt-board/) -To summarise the instructions in the link: +To summarize the instructions in the link: The packages `qemu-system-arm, libguestfs-tools` and `qemu-utils` are installed. `libguestfs-tools` is a tool package used for reading and writing to the disk image. Create an empty disk image + ```bash qemu-img create -f qcow2 debian8.arm32 20G ``` + `qcow2` is the format of the image. -The instructions recommend using an initrd and a kernel from the Debain website +The instructions recommend using an initrd and a kernel from the Debian website + ```bash wget -O installer-vmlinuz http://http.us.debian.org/debian/dists/jessie/main/installer-armhf/current/images/netboot/vmlinuz wget -O installer-initrd.gz http://http.us.debian.org/debian/dists/jessie/main/installer-armhf/current/images/netboot/initrd.gz ``` Then boot up the disk image for the first time and install the OS + ```bash qemu-system-arm -M virt -m 2G \ -kernel installer-vmlinuz \ @@ -140,12 +180,13 @@ qemu-system-arm -M virt -m 2G \ -nographic -no-reboot ``` -During the installation, you will recieve a message complaining about no bootloader installed. Disregard this and continue the installation. +During the installation, you will receive a message complaining about no bootloader installed. Disregard this and continue the installation. After the installation, the VM should exit since we have used the `-no-reboot` option. The installer places the initrd and kernel files onto the disk image in the `/boot` directory. These need to be copied out of the disk image and passed as command line parameters to the VM. Using `libguestfs-tools` installed earlier (the VM MUST not be running when using `libguestfs-tools`), we can see inside the `/boot` directory of the disk image. + ```bash virt-ls -a debian8.arm32 /boot/ @@ -159,11 +200,13 @@ vmlinuz-3.16.0-4-armmp-lpae ``` Copy out the appropriate files + ```bash virt-copy-out -a debian8.arm32 /boot/vmlinuz-3.16.0-4-armmp-lpae /boot/initrd.img-3.16.0-4-armmp-lpae . ``` Finally, boot up the VM + ```bash qemu-system-arm -M virt -m 2G \ -kernel vmlinuz-3.16.0-4-armmp-lpae \ @@ -175,13 +218,15 @@ qemu-system-arm -M virt -m 2G \ -nographic ``` -### RISC-V Images: +### RISC-V Images + For information on how to setup several different kind of RISC-V VMs, see [https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/docs/Setup-RISCV-VMs.md](https://github.com/AdoptOpenJDK/openjdk-infrastructure/blob/master/docs/Setup-RISCV-VMs.md) -Of the three that are listed in that document, only the Debian Bullseye RISC-V VM is used in QPC. +Of the three that are listed in that document, only the Debian Bullseye RISC-V VM is used in QPC. The document also gives a broader overview of QEMU, for instance; how to build `QEMU 5.0.0` on an Ubuntu Host machine, explanation for the `qemu-system-$arch` command options and how to add additional disks to a QEMU VM. -## Useful Links: +## Useful Links + QEMU Documentation: [https://wiki.qemu.org/Documentation](https://wiki.qemu.org/Documentation) Overview of QEMU emulating different architectures on different OSs: [https://gmplib.org/~tege/qemu.html](https://gmplib.org/~tege/qemu.html) diff --git a/docs/Setup-RISCV-VMs.md b/docs/Setup-RISCV-VMs.md index 8f2abb4aa7..809b3c7ae4 100644 --- a/docs/Setup-RISCV-VMs.md +++ b/docs/Setup-RISCV-VMs.md @@ -2,16 +2,17 @@ This is a document outlining how to setup multiple different versions of RISC-V QEMU VMs, for Ubuntu 18.04 CLI, using prebuilt images. Whilst this guide uses prebuilt images, information on how to build your own images can be found under the 'Useful Links' section of each version of the VM. -## Install QEMU (version 5.0.0): +## Install QEMU (version 5.0.0) -Install a few package pre-requisistes: +Install a few package pre-requisites: -``` +```sh sudo apt-get install git libglib2.0-dev libfdt-dev libpixman-1-dev zlib1g-dev ``` To build the correct version of QEMU: -``` + +```sh wget https://download.qemu.org/qemu-5.0.0.tar.xz tar xvJf qemu-5.0.0.tar.xz cd qemu-5.0.0 @@ -19,6 +20,7 @@ cd qemu-5.0.0 make make install ``` + Note: The version has to be `>5.0.0`, otherwise you can't `ssh` into the Fedora Rawhide VM. ## Common arguments @@ -38,21 +40,21 @@ All of these VMs are going to be started with several common arguments passed in | `-device virtio-rng-device,rng=rng` | Add an rng 'device' to the VM, using the rng source with ID "rng". | | `-append "console=ttyS0 ro root=/dev/vda"` | A way of passing options to the linux kernel. | -For more information on the QEMU RNG device, see https://wiki.qemu.org/Features/VirtIORNG +For more information on the QEMU RNG device, see [VirtIORNG](https://wiki.qemu.org/Features/VirtIORNG) -## Fedora 'Stage4': +## Fedora 'Stage4' Retrieve the prebuilt kernel and disk image from Fedora, and extract the image: -``` +```sh wget https://fedorapeople.org/groups/risc-v/disk-images/bbl wget https://fedorapeople.org/groups/risc-v/disk-images/stage4-disk.img.xz tar xvf stage4-disk.img.xz ``` -Run the following from a folder with the disk image and `bbl`: +Run the following from a folder with the disk image and `bbl`: -``` +```sh qemu-system-riscv64 -nographic \ -machine virt \ -smp 4 \ @@ -60,36 +62,42 @@ qemu-system-riscv64 -nographic \ -kernel bbl \ -append "console=ttyS0 ro root=/dev/vda" \ -device virtio-blk-device,drive=hd0 \ --drive file=stage4-disk.img,format=raw,id=hd0 \ +-drive file=stage4-disk.img,format=raw,id=hd0 \ -device virtio-net-device,netdev=usernet \ -netdev user,id=usernet,hostfwd=tcp::10000-:22 ``` Alternatively, this can be ran in a `screen` session. -You're also able to `ssh` into the machine by running: -``` +You're also able to `ssh` into the machine by running: + +```sh ssh -p 10000 root@localhost ``` + The root user's password is `riscv` , it's suggested you change that if the machine you're running on has an IP open to the internet. -### Useful links: -- The kernel/disk image repository: https://fedorapeople.org/groups/risc-v/disk-images/ -- Extra information of disk images: https://fedoraproject.org/wiki/Architectures/RISC-V/Disk_images -- Source / extra info for building the kernel : https://github.com/rwmjones/fedora-riscv-kernel +### Fedora Stage4 Useful links -## Fedora 'Rawhide': +- The kernel/disk image repository: [https://fedorapeople.org/groups/risc-v/disk-images/](https://fedorapeople.org/groups/risc-v/disk-images/) +- Extra information of disk images: [https://fedoraproject.org/wiki/Architectures/RISC-V/Disk_images](https://fedoraproject.org/wiki/Architectures/RISC-V/Disk_images) +- Source / extra info for building the kernel: [https://github.com/rwmjones/fedora-riscv-kernel](https://github.com/rwmjones/fedora-riscv-kernel) + +## Fedora 'Rawhide' Retrieve the prebuilt image/Kernel for Fedora-Rawhide: -``` + +```sh wget https://dl.fedoraproject.org/pub/alt/risc-v/repo/virt-builder-images/images/Fedora-Developer-Rawhide-20191123.n.0-fw_payload-uboot-qemu-virt-smode.elf wget https://dl.fedoraproject.org/pub/alt/risc-v/repo/virt-builder-images/images/Fedora-Developer-Rawhide-20191123.n.0-sda.raw.xz tar xvf Fedora-Developer-Rawhide-20191123.n.0-sda.raw.xz ``` + If preferred, you can build your own images. See 'Info on building the images manually' under the 'Useful Links' section. Run the following, from a folder containing the disk image and kernel: -``` + +```sh qemu-system-riscv64 -nographic \ -machine virt \ -smp 4 \ @@ -102,48 +110,56 @@ qemu-system-riscv64 -nographic \ -device virtio-net-device,netdev=usernet \ -netdev user,id=usernet,hostfwd=tcp::10005-:22 ``` + To login, use the `riscv` user, password `Fedora_Rocks!`. The root user is unavailable. To `ssh` into the machine run the following: -``` + +```sh ssh -p 10005 riscv@localhost ``` -### Useful links: -- Info on building the images manually: https://fedoraproject.org/wiki/Architectures/RISC-V/Installing -- The prebuilt image repository: https://dl.fedoraproject.org/pub/alt/risc-v/repo/virt-builder-images/images/ -- List of nightly build Rawhide images: http://fedora.riscv.rocks/koji/tasks?state=closed&view=flat&method=createAppliance&order=-id +### Fedora Rawhide Useful links + +- Info on building the images manually: [https://fedoraproject.org/wiki/Architectures/RISC-V/Installing](https://fedoraproject.org/wiki/Architectures/RISC-V/Installing) +- The prebuilt image repository: [https://dl.fedoraproject.org/pub/alt/risc-v/repo/virt-builder-images/images/](https://dl.fedoraproject.org/pub/alt/risc-v/repo/virt-builder-images/images/) +- List of nightly build Rawhide images: [http://fedora.riscv.rocks/koji/tasks?state=closed&view=flat&method=createAppliance&order=-id](http://fedora.riscv.rocks/koji/tasks?state=closed&view=flat&method=createAppliance&order=-id) ## Debian -To run a RISC-V Debian VM, some additional packages need to be installed on Ubuntu. This can be done by adding the following to `/etc/apt/sources.list` : -``` +To run a RISC-V Debian VM, some additional packages need to be installed on Ubuntu. This can be done by adding the following to `/etc/apt/sources.list`: + +```sh deb [trusted=yes] http://ftp.uk.debian.org/debian sid main deb [trusted=yes] http://ftp.uk.debian.org/debian experimental main ``` + The `[trusted=yes]` has to be put in as without it, a GPG error occurs stating: `The following signatures couldn't be verified because the public key is not available` -``` +```sh apt update apt install opensbi u-boot-qemu ``` These packages are to provide the kernel and bootloader for QEMU. Once installed, these will be at: -``` +```sh /usr/lib/riscv64-linux-gnu/opensbi/qemu/virt/fw_jump.elf /usr/lib/u-boot/qemu-riscv64_smode/u-boot.bin ``` Then retrieve a prebuilt image and `unzip` it: -``` + +```sh wget https://gitlab.com/api/v4/projects/giomasce%2Fdqib/jobs/artifacts/master/download?job=convert_riscv64-virt -O deb_riscv.zip unzip deb_riscv.zip ``` + Within the `artifacts` directory will be `image.qcow2`. This is the Debian image that needs to be used. Run the following, from the `artifacts` folder: -``` + +```sh qemu-system-riscv64 -nographic \ -machine virt \ -cpu rv64 \ @@ -163,28 +179,35 @@ qemu-system-riscv64 -nographic \ The `-cpu` option refers to which CPU QEMU is to emulate. The `-device loader...` option is to pass the bootloader to the VM. You're able to ssh to the machine by running: -``` + +```sh ssh -p 10010 root@localhost ``` + The `root` user's password is set by default to `Debian` -### Useful Links: -- Extra information about Debian on RISC-V: https://wiki.debian.org/RISC-V -- Prebuilt image repository: https://people.debian.org/~gio/dqib/ +### Useful Links -## Adding Additional Storage to the VM +- Extra information about Debian on RISC-V: [https://wiki.debian.org/RISC-V](https://wiki.debian.org/RISC-V) +- Prebuilt image repository: [https://people.debian.org/~gio/dqib/](https://people.debian.org/~gio/dqib/) + +### Adding Additional Storage to the VM With all of these VMs, the only secondary storage they have are the virtual disks that the boot image is on. Often these don't don't suffice and additional storage is required. `fallocate` can be used to create a suitably large file to mount to the VM. In this example, a 10GB file is made. -``` + +```sh fallocate -l 10GB second_disk.img ``` + Once the file is made, it needs to be added to the VM on booting. To do this, take the `qemu-system-riscv64` command above, and add the following lines: -``` + +```sh -device virtio-blk-device,drive=hd1 \ --drive file=second_disk.img,format=raw,if=none,id=hd1 +-drive file=second_disk.img,format=raw,if=none,id=hd1 ``` + **Note:** The `id` field in the `-drive` option must be unique. Once the machine has booted, the unmounted disk can be found by using `fdisk -l`. If this is the only extra disk being added to the VM, it will be `/dev/vdb`. @@ -192,6 +215,7 @@ Once the machine has booted, the unmounted disk can be found by using `fdisk -l` From here, a partition will need to be made using `fdisk /dev/vdb`, and a filesystem made on that partition: `mkfs.ext4 /dev/vdb1`. The partition can then be mounted: `mount -t auto /dev/vdb1 /mount/point`. If you want this disk to be mounted automatically on booting the VM, add the following to `/etc/fstab` : -``` + +```sh /dev/vdb1 /home/jenkins ext4 defaults 0 1 -``` \ No newline at end of file +``` From e5acd3d6702f85a0f64991fcb40f633e7d33c088 Mon Sep 17 00:00:00 2001 From: Martijn Verburg Date: Fri, 4 Dec 2020 17:28:08 +0000 Subject: [PATCH 9/9] fix to URL from Stewart review --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 77c2dd37c3..b47320e7e9 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -82,7 +82,7 @@ All changes should be made to a personal fork of AdoptOpenJDK/infrastructure for 1. Test it (see below) 1. Submit a Pull Request -Only reviewers in the [admin_infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/admin_infrastructure) team have permission to merge requests for this `openjdk-infrastructure` repo, so please ask one of those team members to review your Pull Request. +Only reviewers in the [admin_infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/infrastructure) team have permission to merge requests for this `openjdk-infrastructure` repo, so please ask one of those team members to review your Pull Request. ## Using Vagrant to test your Ansible scripts (Ubuntu based)