chore: Switch SS1 to RHEL in LXD environment (#2640)

nordic-institute · Feb 14, 2025 · 29be8e8 · 29be8e8
1 parent 2ddc923
commit 29be8e8
Show file tree

Hide file tree

Showing 13 changed files with 70 additions and 101 deletions.
diff --git a/ansible/README.md b/ansible/README.md
@@ -27,8 +27,7 @@ You determine which servers are initialized by filling in the groups
 you can leave that group empty.
 
 **Note:** Study the structure of the example host files carefully and model the group hierarchies that you wish to implement in your own
-inventory files. For example, the group `[centos_ss]` for CentOS-based security server LXD-containers is a child group to the security server group `[ss_servers]` and can be omitted entirely if you have no use for CentOS containers or are using the ee-variant.
-
+inventory files. For example, the group `[rhel_ss]` for RHEL-based security server LXD-containers is a child group to the security server group `[ss_servers]` and can be omitted entirely if you have no use for RHEL containers or are using the ee-variant.
 #### Variant
 
 When installing security servers, the Ansible playbooks use the configuration variable `variant`
@@ -190,8 +189,7 @@ ansible-playbook  -i hosts/lxd_hosts.txt xroad_dev_partial.yml -e selected_modul
 
 #### Controlling the LXD operating system versions
 
-By default `xroad_dev.yml` creates Ubuntu 22.04 and CentOS 8 containers. It is also possible to configure it to create other versions of operating systems. To do this, in `groups_vars/all/vars.yml` set variables `centos_releasever` and `ubuntu_releasever`. Out of the box there is support for CentOS 7 and 8, and Ubuntu 20.04 and 22.04. Other versions may need additional tweaking of the Ansible scripts.
-
+By default `xroad_dev.yml` creates Ubuntu 24.04 and RockyLinux 9 containers. It is also possible to configure it to create other versions of operating systems. To do this, in `groups_vars/all/vars.yml` set variables `rhel_releasever` and `ubuntu_releasever`. Out of the box there is support for RHEL 8 and 9 based distro, and Ubuntu 22.04 and 24.04. Other versions may need additional tweaking of the Ansible scripts.
 ## 5. Test CA, TSA, and OCSP
 
 While not themselves components provided by X-Road, certification and time stamping authorities are crucial to messaging within the system. More information on creating development-use CA, TSA and OCSP services [here.](TESTCA.md)
diff --git a/ansible/group_vars/all/vars.yml b/ansible/group_vars/all/vars.yml
@@ -1,4 +1,4 @@
 ---
 #controls lxd versions, if changed, check epel version and repo urls
-centos_releasever: 9
+rhel_releasever: 9
 ubuntu_releasever: noble
diff --git a/ansible/hosts/lxd_hosts.txt b/ansible/hosts/lxd_hosts.txt
@@ -17,10 +17,10 @@ xroad-lxd-ss1 ansible_connection=lxd
 #xroad-lxd-ss2 ansible_connection=lxd
 
 [ss_servers:children]
-centos_ss
+rhel_ss
 
 #security servers (centos lxd containers, not supported in variant ee)
-[centos_ss]
+[rhel_ss]
 #xroad-lxd-rh-ss1 ansible_connection=lxd
 
 #container host

diff --git a/ansible/roles/build-packages/tasks/main.yml b/ansible/roles/build-packages/tasks/main.yml
@@ -26,19 +26,19 @@
           - /etc/group:/etc/group:ro
         command: "/workspace/src/packages/build-deb.sh {{ ubuntu_releasever }}"
 
-- name: "build RHEL {{ centos_releasever }} packages"
+- name: "build RHEL {{ rhel_releasever }} packages"
   tags: rpm
   vars:
-    rpm_version_suffix: "{{ (centos_releasever|int > 7) | ternary('-el' + centos_releasever|string, '') }}"
+    rpm_version_suffix: "-el{{ rhel_releasever }}"
   block:
-    - name: "build docker image for building RHEL {{ centos_releasever }} packages"
+    - name: "build docker image for building RHEL {{ rhel_releasever }} packages"
       docker_image:
         name: xroad-rpm{{ rpm_version_suffix }}
         source: build
         build:
           path: ../src/packages/docker/rpm{{ rpm_version_suffix }}
 
-    - name: "build RHEL {{ centos_releasever }} packages in docker"
+    - name: "build RHEL {{ rhel_releasever }} packages in docker"
       docker_container:
         name: xroad-rpm{{ rpm_version_suffix }}
         image: xroad-rpm{{ rpm_version_suffix }}

diff --git a/ansible/roles/init-lxd/tasks/main.yml b/ansible/roles/init-lxd/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: Ready all Ubuntu {{ubuntu_releasever}} containers
-  with_inventory_hostnames: all:!lxd_servers:!centos_ss:!localhost
+  with_inventory_hostnames: all:!lxd_servers:!rhel_ss:!localhost
   become: "{{ onMacOs | default(true) }}"
   community.general.lxd_container:
     name: "{{item}}"
@@ -19,8 +19,9 @@
   tags:
     - ubuntu-container-init
 
-- name: Ready all CentOS {{centos_releasever}} containers
-  with_inventory_hostnames: centos_ss
+- name: Ready all Rocky Linux {{rhel_releasever}} containers
+  become: "{{ onMacOs | default(true) }}"
+  with_inventory_hostnames: rhel_ss
   community.general.lxd_container:
     name: "{{item}}"
     url: "{{ lxd_url | default(omit) }}"
@@ -30,12 +31,13 @@
       mode: pull
       server: https://images.lxd.canonical.com
       protocol: simplestreams
-      alias: centos/{{centos_releasever}}{{ (centos_releasever|int > 7) | ternary('-Stream', '') }}/{{ arch[ansible_architecture] }}
+      alias: "rockylinux/{{ rhel_releasever }}"
     profiles: [ "default" ]
     wait_for_ipv4_addresses: true
+    devices: "{{ hostvars[item].container_ports | default({}) }}"
     timeout: 600
   tags:
-    - centos-container-init
+    - rhel-container-init
   vars:
     arch:
       aarch64: arm64

diff --git a/ansible/roles/packages-to-local-repo/tasks/main.yml b/ansible/roles/packages-to-local-repo/tasks/main.yml
@@ -5,7 +5,7 @@
       - "Connection type: {{ ansible_connection }}"
       - "LXD URL: {{ lxd_url | default('not set') }}"
   delegate_to: "{{ item }}"
-  with_inventory_hostnames: all:!lxd_servers:!centos_ss:!localhost
+  with_inventory_hostnames: all:!lxd_servers:!rhel_ss:!localhost
 - include_tasks: ubuntu.yml
   when: ansible_os_family == "Debian"
 

diff --git a/ansible/roles/xroad-base/tasks/rhel.yml b/ansible/roles/xroad-base/tasks/rhel.yml
@@ -12,33 +12,7 @@
 - name: Install EPEL repository (RHEL)
   yum:
     name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ansible_distribution_major_version}}.noarch.rpm"
-  when: not epel.stat.exists and ansible_distribution_major_version != "7"
-
-- name: Install EPEL repository (RHEL 7 only)
-  yum_repository:
-    name: epel
-    description: EPEL repository
-    baseurl: "https://dl.fedoraproject.org/pub/archive/epel/7/$basearch"
-  when: not epel.stat.exists and ansible_distribution_major_version == "7"
-
-- name: Setup the Adoptium repo (RHEL 7 only)
-  yum_repository:
-    name: "Adoptium"
-    file: "adoptium"
-    description: "Adoptium repository"
-    baseurl: "https://artifactory.niis.org/artifactory/rpm-adoptium-remote/rhel/7/x86_64"
-    enabled: yes
-    gpgcheck: no
-    repo_gpgcheck: no
-    state: present
-  when: ansible_distribution_major_version == "7"
-
-- name: Install Temurin JDK 21 (RHEL 7 only)
-  become: yes
-  yum:
-    name: "temurin-21-jdk"
-    state: present
-  when: ansible_distribution_major_version == "7"
+  when: not epel.stat.exists
 
 - name: X-Road repo key
   rpm_key:

diff --git a/ansible/ss_cluster/roles/node/tasks/main.yml b/ansible/ss_cluster/roles/node/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 - assert:
       that:
-          - "{{ ( ansible_distribution | lower ) in ['ubuntu','redhat','centos'] }}"
+          - "{{ ( ansible_distribution | lower ) in ['ubuntu','redhat','rocky'] }}"
 
 - name: test postgres version
   become_user: postgres

diff --git a/...le/ss_cluster/roles/node/tasks/centos.yml → ...ble/ss_cluster/roles/node/tasks/rocky.yml b/...le/ss_cluster/roles/node/tasks/centos.yml → ...ble/ss_cluster/roles/node/tasks/rocky.yml
diff --git a/ansible/ss_cluster/roles/ssh_server/tasks/main.yml b/ansible/ss_cluster/roles/ssh_server/tasks/main.yml
@@ -10,7 +10,7 @@
       ssh_server:
           ubuntu: ssh
           redhat: sshd
-          centos: sshd              
+          rocky: sshd
   service: 
       name: "{{ ssh_server[ansible_distribution|lower] }}"
       state: started

diff --git a/development/native-lxd-stack/config/ansible_hosts.txt b/development/native-lxd-stack/config/ansible_hosts.txt
@@ -10,6 +10,12 @@ xrd-ca ansible_connection=lxd
 
 [ss_servers]
 xrd-ss0 ansible_connection=lxd
+#xrd-ss1 ansible_connection=lxd
+
+[ss_servers:children]
+rhel_ss
+
+[rhel_ss]
 xrd-ss1 ansible_connection=lxd
 
 [is_servers]

diff --git a/development/native-lxd-stack/start-env.sh b/development/native-lxd-stack/start-env.sh
@@ -92,7 +92,7 @@ function handleBuild() {
       build_args+="--skip-tests "
     fi
 
-    ./../../src/build_packages.sh -r noble $build_args
+    ./../../src/build_packages.sh -r noble -r rpm-el9 $build_args
   fi
 }
 

diff --git a/src/build_packages.sh b/src/build_packages.sh
@@ -9,8 +9,7 @@ HAS_DOCKER=""
 PACKAGE_ONLY=false
 BUILD_LOCALLY=true
 BUILD_IN_DOCKER=false
-BUILD_ALL_PACKAGES=true
-BUILD_PACKAGES_FOR_RELEASE=""
+BUILD_PACKAGES_FOR_RELEASES=()
 # Global variable to determine if text coloring is enabled
 isTextColoringEnabled=$(command -v tput >/dev/null && tput setaf 1 &>/dev/null && echo true || echo false)
 
@@ -32,17 +31,20 @@ warn() {
 }
 
 usage() {
-  echo "Usage: $0 [option for $0...] [other options]"
-  echo "Options for $0:"
-  echo " -p, --package-only    Skip compilation, just build packages"
-  echo " -d, --docker-compile  Compile in docker container instead of native gradle build"
-  echo " -h, --help            This help text."
-  echo " -r release-name       Builds packages of given release only. Supported values are:"
-  echo "                          noble, jammy for debian packages"
-  echo "                          rpm-el9, rpm-el8, or rpm for redhat packages"
-  echo "                       For example, -r jammy"
-  echo "The option for $0, if present, must come fist, before other options."
-  echo "Other options are passed on to compile_code.sh"
+  echo "Usage: [options] [additional arguments]"
+  echo ""
+  echo "Options:"
+  echo " -p, --package-only     Skip compilation and build only the packages."
+  echo " -d, --docker-compile   Compile inside a Docker container instead of native Gradle build."
+  echo " -h, --help             Display this help message and exit."
+  echo " -r release-name        Specify one or more releases to build packages for. Supported values:"
+  echo "                          - noble, jammy   (Debian packages)"
+  echo "                          - rpm-el9, rpm-el8 (Red Hat packages)"
+  echo "                        Example: -r noble -r rpm-el9"
+  echo ""
+  echo "Options can be used individually or in combination."
+  echo "If provided, options must precede any additional arguments."
+  echo "Additional arguments are passed on to compile_code.sh"
   test -z "$1" || exit "$1"
 }
 
@@ -61,11 +63,11 @@ currentBuildPlan() {
     if $BUILD_IN_DOCKER; then
       echo "-- Compile/build in Docker"
     fi
-    if [ -n "$BUILD_PACKAGES_FOR_RELEASE" ]; then
-      echo "-- Building $BUILD_PACKAGES_FOR_RELEASE packages only"
-    else
-      echo "-- Building all supported packages"
+    if [ ${#BUILD_PACKAGES_FOR_RELEASES[@]} -eq 0 ]; then
+      echo "-- No specific release(s) provided -> Building all supported packages"
+      BUILD_PACKAGES_FOR_RELEASES+=("noble" "jammy" "rpm-el9" "rpm-el8")
     fi
+    echo "-- Building following packages: ${BUILD_PACKAGES_FOR_RELEASES[*]}"
   fi
   echo ""
   if $isTextColoringEnabled; then
@@ -99,7 +101,7 @@ buildBuilderImage() {
 
 runInBuilderImage() {
   local release="$1"
-  shift;
+  shift
   test -n "$release" || errorExit "Error, release not specified."
   local image="xroad-$release"
 
@@ -112,62 +114,49 @@ runInBuilderImage() {
 }
 
 prepareDebianPackagesBuilderImages() {
-  if $BUILD_ALL_PACKAGES || [ "$BUILD_PACKAGES_FOR_RELEASE" == "noble" ]; then
-    buildBuilderImage deb-noble
-  fi
-  if $BUILD_ALL_PACKAGES || [ "$BUILD_PACKAGES_FOR_RELEASE" == "jammy" ]; then
-    buildBuilderImage deb-jammy
-  fi
+  for release in "${BUILD_PACKAGES_FOR_RELEASES[@]}"; do
+    if [[ "$release" == "noble" || "$release" == "jammy" ]]; then
+      buildBuilderImage "deb-$release"
+    fi
+  done
 }
 
 prepareRedhatPackagesBuilderImages() {
-  if [ "$(uname)" != "Darwin" ]; then
-    if $BUILD_ALL_PACKAGES || [ "$BUILD_PACKAGES_FOR_RELEASE" == "rpm-el9" ]; then
-      buildBuilderImage rpm-el9
-    fi
-    if $BUILD_ALL_PACKAGES || [ "$BUILD_PACKAGES_FOR_RELEASE" == "rpm-el8" ]; then
-      buildBuilderImage rpm-el8
-    fi
-    if $BUILD_ALL_PACKAGES || [ "$BUILD_PACKAGES_FOR_RELEASE" == "rpm" ]; then
-      buildBuilderImage rpm
+  for release in "${BUILD_PACKAGES_FOR_RELEASES[@]}"; do
+    if [[ "$release" == "rpm-el9" || "$release" == "rpm-el8" ]]; then
+      buildBuilderImage "$release"
     fi
-  fi
+  done
 }
 
 buildDebianPackages() {
-  if $BUILD_ALL_PACKAGES || [ "$BUILD_PACKAGES_FOR_RELEASE" == "noble" ]; then
-    runInBuilderImage deb-noble /workspace/src/packages/build-deb.sh noble "$PACKAGE_VERSION" || errorExit "Error building deb-noble packages."
-  fi
-  if $BUILD_ALL_PACKAGES || [ "$BUILD_PACKAGES_FOR_RELEASE" == "jammy" ]; then
-    runInBuilderImage deb-jammy /workspace/src/packages/build-deb.sh jammy "$PACKAGE_VERSION" || errorExit "Error building deb-jammy packages."
-  fi
+  for release in "${BUILD_PACKAGES_FOR_RELEASES[@]}"; do
+    if [[ "$release" == "noble" || "$release" == "jammy" ]]; then
+      runInBuilderImage "deb-$release" /workspace/src/packages/build-deb.sh "$release" "$PACKAGE_VERSION" || errorExit "Error building deb-$release packages."
+    fi
+  done
 }
 
 buildRedhatPackages() {
-  if [ "$(uname)" != "Darwin" ]; then
-    if $BUILD_ALL_PACKAGES || [ "$BUILD_PACKAGES_FOR_RELEASE" == "rpm-el9" ]; then
-      runInBuilderImage rpm-el9 /workspace/src/packages/build-rpm.sh "$PACKAGE_VERSION" || errorExit "Error building rpm-el9 packages."
+  for release in "${BUILD_PACKAGES_FOR_RELEASES[@]}"; do
+    if [[ "$release" == "rpm-el9" || "$release" == "rpm-el8" ]]; then
+      runInBuilderImage "$release" /workspace/src/packages/build-rpm.sh "$PACKAGE_VERSION" || errorExit "Error building $release packages."
     fi
-    if $BUILD_ALL_PACKAGES || [ "$BUILD_PACKAGES_FOR_RELEASE" == "rpm-el8" ]; then
-      runInBuilderImage rpm-el8 /workspace/src/packages/build-rpm.sh "$PACKAGE_VERSION" || errorExit "Error building rpm-el8 packages."
-    fi
-  else
-    warn "rhel8, and rhel9 packages cannot be built under MacOS. Skipping.."
-  fi
+  done
 }
 
 if command -v docker &>/dev/null; then
   HAS_DOCKER=true
 fi
 
-for i in "$@"; do
-  case "$i" in
+while [[ $# -gt 0 ]]; do
+  case $1 in
       --package-only|-p) shift; PACKAGE_ONLY=true; BUILD_LOCALLY=false; BUILD_IN_DOCKER=false;;
       --docker-compile|-d) shift; PACKAGE_ONLY=false; BUILD_LOCALLY=false; BUILD_IN_DOCKER=true;;
       --help|-h) usage 0;;
-      -r) case "$2" in
-        noble|jammy) BUILD_ALL_PACKAGES=false; BUILD_PACKAGES_FOR_RELEASE="$2";;
-        rpm-el9|rpm-el8|rpm) BUILD_ALL_PACKAGES=false; BUILD_PACKAGES_FOR_RELEASE="$2";;
+      -r) case $2 in
+        noble|jammy) BUILD_PACKAGES_FOR_RELEASES+=("$2");;
+        rpm-el9|rpm-el8) BUILD_PACKAGES_FOR_RELEASES+=("$2");;
         *) errorExit "Unknown/unsupported release $2. Exiting..."
         esac;
         shift 2;;
-Original file line number
+Diff line change
@@ Expand Up / @@ -92,7 +92,7 @@ function handleBuild() { @@
           build_args+="--skip-tests "
         fi
-        ./../../src/build_packages.sh -r noble $build_args
+        ./../../src/build_packages.sh -r noble -r rpm-el9 $build_args
       fi
     }
@@ Expand Down @@