unixPB: macos ansible setup improvement

This PR is amed to add Xcode_offline which installs xcode without need to use any other 3rd party resource. Also some minor code changes and improvement added (e.g. install brew)

Author: mahdipub

ansible/playbooks/AdoptOpenJDK_Unix_Playbook/macos-setup.yml

@@ -0,0 +1,54 @@
+---
+
+- name: Ansible MacOS playbook
+  hosts: "all"
+  gather_facts: yes
+  become_method: sudo
+  vars:
+    ansible_python_interpreter: /Library/Frameworks/Python.framework/Versions/3.11/bin/python3
+    Ant_Download_URL: https://archive.apache.org/dist/ant/binaries/apache-ant-1.10.12-bin.zip
+    known_keys:
+      - {name: "github.com", value: "github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"}
+    xcode_version: '15.0.1'
+    ansible_user: adminuser
+    jdk_version: 17
+
+
+  #########
+  # Roles #
+  #########
+  roles:
+    - role: brew
+      tags: [build_tools, xcode, adoptopenjdk]
+    - role: Xcode_offline
+      tags: [build_tools, xcode, adoptopenjdk]
+    - role: Common  
+      tags: [build_tools, build_tools_openj9]
+    - role: Jenkins_User  
+      tags: [build_tools, build_tools_openj9, jenkins]
+    - role: Semeru_install
+      tags: [build_tools, build_tools_openj9, semeru]
+    - role: ant
+      tags: [build_tools, build_tools_openj9]
+    - role: Ant-Contrib  
+      tags: [build_tools, build_tools_openj9]
+
+# Macos do not let any Ansible activity before you install python manually. So you need to do a workaround before running this PB. 
+# 1- download python from https://www.python.org/ftp/python/3.11.4/python-3.11.4-macos11.pkg
+# 2- scp downloaded file to macos (example: scp ~/Downloads/python-3.11.4-macos11.pkg [email protected]:~/)
+# 3- ssh to mac machine and run this to install python:
+#  sudo installer -pkg ~/python-3.11.4-macos11.pkg -target /Applications  && /Applications/Python\ 3.11/Install\ Certificates.command && /Applications/Python\ 3.11/Update\ Shell\ Profile.command
+# 
+# 4- then you can start using the PB as normal like other machine types:
+# example: ansible-playbook -i hosts.yml macos-setup.yml -Kk
+#
+# sample host.yml file:
+
+# all:
+#  children:
+#     hosts:
+#        macXXXXXX.yourdomain.com:
+
+
+
+    

ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Ant-Contrib/tasks/main.yml

@@ -1,21 +1,21 @@
 ---
-###############
-# Ant-Contrib #
-###############
+
 
 # ANT_HOME/lib is: /usr/local/apache-ant-*/lib
+# Use the following variables:
+#  antContribVersion: default('1.0b2')
+- name: set ant binary file name to variable
+  set_fact:
+    ant_binary_file_name: "{{ Ant_Download_URL.split('/')[-1].split('-bin')[0] }}"
+  tags: ant-contrib
 
 - name: Set ant-contrib version
-  set_fact: antContribVersion=1.0b2
+  set_fact: antContribVersion={{ antContribVersion | default('1.0b2') }}
   tags: ant-contrib
 
 - name: Set ant_lib_dir variable for on {{ ansible_distribution }} {{ ansible_architecture }}
   set_fact:
-    ant_lib_dir: /usr/local/apache-ant-1.10.5/lib
-  tags: ant-contrib
-
-- name: "Print ant_lib_dir variable"
-  debug: var=ant_lib_dir
+    ant_lib_dir: /usr/local/{{ ant_binary_file_name }}/lib
   tags: ant-contrib
 
 - name: Check if ant-contrib is already installed
@@ -25,79 +25,96 @@
   tags: ant-contrib
 
 - name: Download ant-contrib
-  get_url:
-    url: https://sourceforge.net/projects/ant-contrib/files/ant-contrib/ant-contrib-{{ antContribVersion }}/ant-contrib-{{ antContribVersion }}-bin.tar.gz
-    dest: /tmp/
-    mode: 0440
-    timeout: 25
-    validate_certs: no
-    checksum: sha256:c9b8b1ca18b13e293688cafbd8990c940ca49104dbeefc242e5c3f8de271abdf
-  retries: 3
-  delay: 5
-  register: antContrib_download
-  until: antContrib_download is not failed
-  when:
-    - not antcontrib_status.stat.exists
-    - ansible_distribution != "MacOSX"
-    - ansible_distribution != "Solaris"
-    - not (ansible_distribution == "CentOS" and ansible_distribution_major_version == "6")
-  tags: ant-contrib
+  block:
 
-# Use wget instead of ansible's get_url for Centos 6 https://github.com/adoptium/infrastructure/issues/2486
+  - name: Download ant-contrib
+    get_url:
+      url: https://sourceforge.net/projects/ant-contrib/files/ant-contrib/ant-contrib-{{ antContribVersion }}/ant-contrib-{{ antContribVersion }}-bin.tar.gz
+      dest: /tmp/
+      mode: 0440
+      timeout: 25
+      validate_certs: no
+      checksum: sha256:c9b8b1ca18b13e293688cafbd8990c940ca49104dbeefc242e5c3f8de271abdf
+    retries: 3
+    delay: 5
+    register: antContrib_download
+    until: antContrib_download is not failed
+    when:
+      - ansible_distribution != "MacOSX"
+      - ansible_distribution != "Solaris"
+      - not (ansible_distribution == "CentOS" and ansible_distribution_major_version == "6")
 
-- name: Download ant-contrib (CentOS 6)
-  command: wget https://sourceforge.net/projects/ant-contrib/files/ant-contrib/ant-contrib-{{ antContribVersion }}/ant-contrib-{{ antContribVersion }}-bin.tar.gz -O /tmp/ant-contrib-{{ antContribVersion }}-bin.tar.gz
-  retries: 3
-  delay: 5
-  register: antContrib_download
-  until: antContrib_download is not failed
-  when:
-    - not antcontrib_status.stat.exists
-    - ansible_distribution == "CentOS" and ansible_distribution_major_version == "6"
-  tags: ant-contrib
+  # Use wget instead of ansible's get_url for Centos 6 https://github.com/adoptium/infrastructure/issues/2486
 
-- name: Verify sha256 checksum of download (CentOS 6)
-  stat:
-    path: /tmp/ant-contrib-{{ antContribVersion }}-bin.tar.gz
-    checksum_algorithm: sha256
-    get_checksum: yes
-  register: antcontrib_checksum
-  failed_when: antcontrib_checksum.stat.checksum != 'c9b8b1ca18b13e293688cafbd8990c940ca49104dbeefc242e5c3f8de271abdf'
-  when:
-    - not antcontrib_status.stat.exists
-    - ansible_distribution == "CentOS" and ansible_distribution_major_version == "6"
-  tags: ant-contrib
+  - name: Download ant-contrib (CentOS 6)
+    command: wget https://sourceforge.net/projects/ant-contrib/files/ant-contrib/ant-contrib-{{ antContribVersion }}/ant-contrib-{{ antContribVersion }}-bin.tar.gz -O /tmp/ant-contrib-{{ antContribVersion }}-bin.tar.gz
+    retries: 3
+    delay: 5
+    register: antContrib_download
+    until: antContrib_download is not failed
+    when:
+      - ansible_distribution == "CentOS" and ansible_distribution_major_version == "6"
 
-- name: Download ant-contrib (macOS) and (Solaris)
-  command: wget https://sourceforge.net/projects/ant-contrib/files/ant-contrib/ant-contrib-{{ antContribVersion }}/ant-contrib-{{ antContribVersion }}-bin.tar.gz -O /tmp/ant-contrib-{{ antContribVersion }}-bin.tar.gz
-  retries: 3
-  delay: 5
-  register: antContrib_download
-  until: antContrib_download is not failed
-  when:
-    - not antcontrib_status.stat.exists
-    - ansible_distribution == "MacOSX" or ansible_distribution == "Solaris"
-  tags: ant-contrib
+  - name: Verify sha256 checksum of download (CentOS 6)
+    stat:
+      path: /tmp/ant-contrib-{{ antContribVersion }}-bin.tar.gz
+      checksum_algorithm: sha256
+      get_checksum: yes
+    register: antcontrib_checksum
+    failed_when: antcontrib_checksum.stat.checksum != 'c9b8b1ca18b13e293688cafbd8990c940ca49104dbeefc242e5c3f8de271abdf'
+    when:
+      - ansible_distribution == "CentOS" and ansible_distribution_major_version == "6"
 
-- name: Extract ant-contrib
-  unarchive:
-    src: /tmp/ant-contrib-{{ antContribVersion }}-bin.tar.gz
-    dest: /tmp/
-    copy: False
-  when: not antcontrib_status.stat.exists
-  tags: ant-contrib
+  - name: Download ant-contrib (macOS) and (Solaris)
+    get_url: 
+      url: "https://sourceforge.net/projects/ant-contrib/files/ant-contrib/ant-contrib-{{ antContribVersion }}/ant-contrib-{{ antContribVersion }}-bin.tar.gz" 
+      dest: "/tmp"
+    retries: 3
+    delay: 5
+    register: antContrib_download
+    until: antContrib_download is not failed
+    when:
+      - ansible_distribution == "MacOSX" or ansible_distribution == "Solaris"
 
-- name: Move ant-contrib.jar to ant lib folder
-  command: mv /tmp/ant-contrib/lib/ant-contrib.jar {{ ant_lib_dir }}
-  when: not antcontrib_status.stat.exists
-  tags: ant-contrib
+  - name: Creates directory {{ ant_lib_dir }}
+    file:
+      path: "{{ ant_lib_dir }}"
+      state: directory
+    become: true
+
+  - name: Extract ant-contrib
+    unarchive:
+      src: /tmp/ant-contrib-{{ antContribVersion }}-bin.tar.gz
+      dest: /tmp
+      copy: False
+    when: 
+      - ansible_distribution != "MacOSX"   
+
+  - name: Extract ant-contrib tar -xf /tmp/ant-contrib-{{ antContribVersion }}-bin.tar.gz -C /tmp
+    command: tar -xf /tmp/ant-contrib-{{ antContribVersion }}-bin.tar.gz -C /tmp
+    register: antcontrib_unpack
+    become: true
+    until: antcontrib_unpack is not failed
+    when:
+      - ansible_distribution == "MacOSX" 
 
-- name: Remove downloaded packages for ant-contrib
-  file:
-    path: "{{ item }}"
-    state: absent
-  with_items:
-    - /tmp/ant-contrib
-    - /tmp/ant-contrib-{{ antContribVersion }}-bin.tar.gz
-  failed_when: false
+  - name: copy ant-contrib /tmp/ant-contrib/lib/ant-contrib.jar into /usr/local/{{ ant_binary_file_name }}/lib
+    copy:
+      src: /tmp/ant-contrib/lib/ant-contrib.jar
+      dest: "/usr/local/{{ant_binary_file_name }}/lib/"
+      remote_src: true
+    become: true
+
+  - name: Cleanup after ant-contrib installed
+    file:
+      path: "{{ item }}"
+      state: absent
+    with_items:
+      - /tmp/ant-contrib/
+      - /tmp/ant-contrib-{{ antContribVersion }}-bin.tar.gz
+    failed_when: false
+    become: true
+  
   tags: ant-contrib
+  when:
+    - not antcontrib_status.stat.exists

ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Jenkins_User/files/authorized_key.pub

@@ -0,0 +1 @@
+#authorized key(s) here:

ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Jenkins_User/tasks/main.yml

@@ -39,6 +39,7 @@
   action: user name={{ Jenkins_Username }} group=staff state=present home={{ home_folder }} shell=/bin/bash
   when: ansible_distribution == "MacOSX"
   tags: [jenkins_user, adoptopenjdk]
+  become: true
 
 - name: Enable SSH login for Jenkins user (macOS)
   command: dseditgroup -o edit -a {{ Jenkins_Username }} -t staff com.apple.access_ssh
@@ -78,23 +79,20 @@
   authorized_key:
     user: "{{ Jenkins_Username }}"
     state: present
-    key: "{{ Jenkins_User_SSHKey }}"
+    key: "{{ lookup('file', 'authorized_key.pub') }}"
   tags: [jenkins_user, jenkins_authorized_key, adoptopenjdk]
+  become: true
 
-- name: Add github.com to known_hosts
+- name: Add needed items to "{{ home_folder }}/.ssh/known_hosts"
   known_hosts:
-    name: github.com
-    key: github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
+    name: "{{ item.name }}"
+    key: "{{ item.value }}"
     path: "{{ home_folder }}/.ssh/known_hosts"
     state: present
+  with_items: "{{known_keys}}"
   tags: [jenkins_user, adoptopenjdk]
-
-- name: Change ownership of jenkins' ~/.ssh/known_hosts
-  file:
-    path: "{{ home_folder }}/.ssh/known_hosts"
-    owner: "{{ Jenkins_Username }}"
-    mode: 0644
-  tags: [jenkins_user, adoptopenjdk]
+  become: true
+  become_user: '{{ Jenkins_Username }}'
 
 - name: Add Jenkins user to the audio group
   user: name={{ Jenkins_Username }}
@@ -104,6 +102,7 @@
     - (ansible_distribution == "Ubuntu" or ansible_distribution == "SLES")
     - ansible_architecture != "armv7l"
   tags: [jenkins_user, adoptopenjdk]
+  become: true
 
 - name: Unset expiry on user account for Redhat for Jenkins user
   command: chage -M -1 -E -1 {{ Jenkins_Username }}
@@ -138,3 +137,49 @@
     - ansible_distribution_major_version == "6" or ansible_distribution_major_version == "7"
   tags:
     - jenkins_user
+
+#additional settings for user jenkins
+- name: check if bin paths are exist before add them to {{ home_folder }}/.bashrc
+  stat: path={{item}}
+  with_items: 
+    - /opt/homebrew/bin/
+    - /usr/local/bin/
+  register: mac_bin_paths
+  tags:
+    - jenkins_user
+
+- name: configure {{ home_folder }}/.bashrc
+  copy:
+    dest: "{{ home_folder }}/.bashrc"
+    content: "export PATH={{ mac_bin_paths | join(':') }}:{{ lookup('ansible.builtin.env', 'PATH') }}"
+    owner: "{{ Jenkins_Username }}"
+    mode: 0700
+  become: true
+  tags:
+    - jenkins_user
+
+- name: create folder "{{ home_folder }}/openjdk_cache"
+  file: 
+    path: "{{ home_folder }}/openjdk_cache"
+    state: directory
+    owner: "{{ Jenkins_Username }}"
+    mode: 0755
+  become: true
+  tags:
+    - jenkins_user
+
+- name: fetch required JDK repo into {{ home_folder }}/openjdk_cache
+  shell: 
+    cmd: |
+      git init --bare
+      git remote -v | grep jdk8   || git remote add jdk8 https://github.com/ibmruntimes/openj9-openjdk-jdk8.git
+      git remote -v | grep jdk11  || git remote add jdk11 https://github.com/ibmruntimes/openj9-openjdk-jdk11.git 
+      git remote -v | grep jdk    || git remote add jdk https://github.com/ibmruntimes/openj9-openjdk-jdk.git 
+      git remote -v | grep openj9 || git remote add openj9 https://github.com/eclipse-openj9/openj9.git 
+      git remote -v | grep omr    || git remote add omr https://github.com/eclipse-openj9/openj9-omr.git
+      git fetch --all
+    chdir: "{{ home_folder }}/openjdk_cache"
+  become: true
+  become_user:  "{{ Jenkins_Username }}"
+  tags:
+    - jenkins_user

ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Semeru_install/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+#####################
+# install Semeru OE #
+#####################
+
+- name: install Semeru OE
+  include_tasks: semeru-install.yml
+  tags: semeru_install