ansible: update RHEL 8 container

ansible/roles/docker/meta/argument_specs.yml

@@ -0,0 +1,5 @@
+---
+
+argument_specs:
+  main:
+    short_description: set up hosts for Docker containers

ansible/roles/docker/meta/main.yml

@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - role: read-secrets

ansible/roles/docker/tasks/main.yml

@@ -175,11 +175,26 @@
     - "{{ containers }}"
   when: containers is defined and item.os.find('_arm_cross') != -1
 
-- name: "docker : build image"
+- name: "docker : create RHEL secrets file"
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/rhel_secrets.j2"
+    dest: /root/docker-container-{{ item.name }}/secrets.txt
+    mode: "0600"
+  with_items:
+    - "{{ containers }}"
+  when: containers is defined and (item.os == 'rhel8' or item.os == 'ubi81')
+
+- name: "docker : build images"
   command: docker build -t node-ci:{{ item.name }} /root/docker-container-{{ item.name }}/
   with_items:
     - "{{ containers }}"
-  when: containers is defined
+  when: containers is defined and item.os != 'rhel8' and item.os != 'ubi81'
+
+- name: "docker : build RHEL images"
+  command: docker build --build-arg BUILDKIT_SANDBOX_HOSTNAME={{ item.name | regex_replace('_', '--') }} -t node-ci:{{ item.name }} /root/docker-container-{{ item.name }}/
+  with_items:
+    - "{{ containers }}"
+  when: containers is defined and (item.os == 'rhel8' or item.os == 'ubi81')
 
 - name: "docker : generate and copy init script"
   template:

ansible/roles/docker/templates/jenkins.service.j2

@@ -9,7 +9,7 @@ WantedBy=multi-user.target
 [Service]
 Type=simple
 User=root
-ExecStart=/usr/bin/docker run --init --rm -v /home/{{ server_user }}/{{ item.name }}/:/home/{{ server_user }} -v /home/{{ server_user }}/.ccache/:/home/{{ server_user }}/.ccache --name node-ci-{{ item.name }} --sysctl net.ipv4.ip_unprivileged_port_start=1024 node-ci:{{ item.name }}
+ExecStart=/usr/bin/docker run --init --rm -h {{ item.name | regex_replace('_', '--') }} -v /home/{{ server_user }}/{{ item.name }}/:/home/{{ server_user }} -v /home/{{ server_user }}/.ccache/:/home/{{ server_user }}/.ccache --name node-ci-{{ item.name }} --sysctl net.ipv4.ip_unprivileged_port_start=1024 node-ci:{{ item.name }}
 ExecStop=/usr/bin/docker stop -t 5 node-ci-{{ item.name }}
 Restart=always
 RestartSec=30

ansible/roles/docker/templates/rhel8.Dockerfile.j2

@@ -12,31 +12,32 @@ ENV OSVARIANT docker
 ENV DESTCPU {{ arch }}
 ENV ARCH {{ arch }}
 
+# Register with RHEL subscription to be able to install older versions of packages.
+COPY secrets.txt /secrets.txt
 # ccache is not in the default repositories so get it from EPEL 8.
-RUN dnf install --disableplugin=subscription-manager -y \
-      https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm \
-    && dnf update --disableplugin=subscription-manager -y \
-    && dnf install --disableplugin=subscription-manager -y \
+RUN chmod u+x /secrets.txt && . /secrets.txt \
+    && sed -i 's/\(def in_container():\)/\1\n    return False/g' /usr/lib64/python*/*-packages/rhsm/config.py \
+    && subscription-manager register --org $RH_ORG --activationkey $RH_ACTIVATION_KEY \
+    && rm -rf /secrets.txt \
+    && dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm \
+    && dnf update -y \
+    && dnf install -y \
       ccache \
-      clang \
       gcc-c++ \
+      gcc-toolset-10 \
       gcc-toolset-12 \
+      gcc-toolset-14-libatomic-devel \
       git \
       java-17-openjdk-headless \
+      llvm-toolset-19.1.7 \
       make \
       python3.12 \
       python3.12-pip \
       procps-ng \
+      rust-toolset-1.84.1 \
       xz \
-    && dnf --disableplugin=subscription-manager clean all
-
-RUN dnf install --disableplugin=subscription-manager -y \
-      https://repo.almalinux.org/almalinux/8/AppStream/{{ ansible_architecture }}/os/Packages/gcc-toolset-14-libatomic-devel-14.2.1-1.1.el8_10.{{ ansible_architecture }}.rpm \
-      http://vault.centos.org/centos/8-stream/AppStream/{{ ansible_architecture }}/os/Packages/gcc-toolset-10-binutils-2.35-11.el8.{{ ansible_architecture }}.rpm \
-      http://vault.centos.org/centos/8-stream/AppStream/{{ ansible_architecture }}/os/Packages/gcc-toolset-10-gcc-10.3.1-1.2.el8_5.{{ ansible_architecture }}.rpm \
-      http://vault.centos.org/centos/8-stream/AppStream/{{ ansible_architecture }}/os/Packages/gcc-toolset-10-gcc-c++-10.3.1-1.2.el8_5.{{ ansible_architecture }}.rpm \
-      http://vault.centos.org/centos/8-stream/AppStream/{{ ansible_architecture }}/os/Packages/gcc-toolset-10-libstdc++-devel-10.3.1-1.2.el8_5.{{ ansible_architecture }}.rpm \
-      http://vault.centos.org/centos/8-stream/AppStream/{{ ansible_architecture }}/os/Packages/gcc-toolset-10-runtime-10.1-0.el8.{{ ansible_architecture }}.rpm
+    && dnf clean all \
+    && subscription-manager unregister
 
 RUN groupadd -r -g {{ server_user_gid.stdout_lines[0] }} {{ server_user }} \
     && adduser -r -m -d /home/{{ server_user }}/ \

ansible/roles/docker/templates/rhel_secrets.j2

@@ -0,0 +1,2 @@
+RH_ACTIVATION_KEY={{ secrets.rh_activationkey }}
+RH_ORG={{ secrets.rh_org }}

ansible/roles/docker/templates/ubi81.Dockerfile.j2

@@ -12,31 +12,32 @@ ENV OSVARIANT docker
 ENV DESTCPU {{ arch }}
 ENV ARCH {{ arch }}
 
+# Register with RHEL subscription to be able to install older versions of packages.
+COPY secrets.txt /secrets.txt
 # ccache is not in the default repositories so get it from EPEL 8.
-RUN dnf install --disableplugin=subscription-manager -y \
-      https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm \
-    && dnf update --disableplugin=subscription-manager -y \
-    && dnf install --disableplugin=subscription-manager -y \
+RUN chmod u+x /secrets.txt && . /secrets.txt \
+    && sed -i 's/\(def in_container():\)/\1\n    return False/g' /usr/lib64/python*/*-packages/rhsm/config.py \
+    && subscription-manager register --org $RH_ORG --activationkey $RH_ACTIVATION_KEY \
+    && rm -rf /secrets.txt \
+    && dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm \
+    && dnf update -y \
+    && dnf install -y \
       ccache \
-      clang \
       gcc-c++ \
+      gcc-toolset-10 \
       gcc-toolset-12 \
+      gcc-toolset-14-libatomic-devel \
       git \
       java-17-openjdk-headless \
+      llvm-toolset-19.1.7 \
       make \
       python3.12 \
       python3.12-pip \
       openssl-devel \
       procps-ng \
-    && dnf --disableplugin=subscription-manager clean all
-
-RUN dnf install --disableplugin=subscription-manager -y \
-      https://repo.almalinux.org/almalinux/8/AppStream/{{ ansible_architecture }}/os/Packages/gcc-toolset-14-libatomic-devel-14.2.1-1.1.el8_10.{{ ansible_architecture }}.rpm \
-      http://vault.centos.org/centos/8-stream/AppStream/{{ ansible_architecture }}/os/Packages/gcc-toolset-10-binutils-2.35-11.el8.{{ ansible_architecture }}.rpm \
-      http://vault.centos.org/centos/8-stream/AppStream/{{ ansible_architecture }}/os/Packages/gcc-toolset-10-gcc-10.3.1-1.2.el8_5.{{ ansible_architecture }}.rpm \
-      http://vault.centos.org/centos/8-stream/AppStream/{{ ansible_architecture }}/os/Packages/gcc-toolset-10-gcc-c++-10.3.1-1.2.el8_5.{{ ansible_architecture }}.rpm \
-      http://vault.centos.org/centos/8-stream/AppStream/{{ ansible_architecture }}/os/Packages/gcc-toolset-10-libstdc++-devel-10.3.1-1.2.el8_5.{{ ansible_architecture }}.rpm \
-      http://vault.centos.org/centos/8-stream/AppStream/{{ ansible_architecture }}/os/Packages/gcc-toolset-10-runtime-10.1-0.el8.{{ ansible_architecture }}.rpm
+      rust-toolset-1.84.1 \
+    && dnf clean all \
+    && subscription-manager unregister
 
 RUN groupadd -r -g {{ server_user_gid.stdout_lines[0] }} {{ server_user }} \
     && adduser -r -m -d /home/{{ server_user }}/ \