DLPX-92522 appliance-build changes for LTS upgrade to 24.04

.ansible-lint-ignore

@@ -0,0 +1,96 @@
+# This file contains ignores rule violations for ansible-lint
+bootstrap/playbook.yml name[play]
+bootstrap/roles/appliance-build.bootstrap role-name
+bootstrap/roles/appliance-build.bootstrap/tasks/main.yml fqcn[action-core]
+bootstrap/roles/appliance-build.bootstrap/tasks/main.yml name[missing]
+bootstrap/roles/appliance-build.bootstrap/tasks/main.yml syntax-check[unknown-module]
+bootstrap/roles/appliance-build.bootstrap/tasks/main.yml yaml[truthy]
+live-build/misc/ansible-roles/appliance-build.buildserver-internal/tasks/main.yml fqcn[action-core]
+live-build/misc/ansible-roles/appliance-build.buildserver-internal/tasks/main.yml name[missing]
+live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml command-instead-of-module
+live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml fqcn[action-core]
+live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml name[missing]
+live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml no-changed-when
+live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml risky-file-permissions
+live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml syntax-check[unknown-module]
+live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml yaml[truthy]
+live-build/misc/ansible-roles/appliance-build.dct-common/tasks/main.yml fqcn[action-core]
+live-build/misc/ansible-roles/appliance-build.dct-common/tasks/main.yml name[missing]
+live-build/misc/ansible-roles/appliance-build.delphix-autofs/tasks/main.yml fqcn[action-core]
+live-build/misc/ansible-roles/appliance-build.delphix-autofs/tasks/main.yml name[missing]
+live-build/misc/ansible-roles/appliance-build.delphix-autofs/tasks/main.yml yaml[octal-values]
+live-build/misc/ansible-roles/appliance-build.delphix-ldap/tasks/main.yml fqcn[action-core]
+live-build/misc/ansible-roles/appliance-build.delphix-ldap/tasks/main.yml literal-compare
+live-build/misc/ansible-roles/appliance-build.delphix-ldap/tasks/main.yml name[missing]
+live-build/misc/ansible-roles/appliance-build.delphix-ldap/tasks/main.yml yaml[octal-values]
+live-build/misc/ansible-roles/appliance-build.delphix-ldap/tasks/main.yml yaml[truthy]
+live-build/misc/ansible-roles/appliance-build.devops-development/tasks/main.yml fqcn[action-core]
+live-build/misc/ansible-roles/appliance-build.devops-development/tasks/main.yml name[missing]
+live-build/misc/ansible-roles/appliance-build.devops-development/tasks/main.yml yaml[truthy]
+live-build/misc/ansible-roles/appliance-build.masking-common/tasks/main.yml fqcn[action-core]
+live-build/misc/ansible-roles/appliance-build.masking-common/tasks/main.yml name[missing]
+live-build/misc/ansible-roles/appliance-build.masking-development/tasks/main.yml fqcn[action-core]
+live-build/misc/ansible-roles/appliance-build.masking-development/tasks/main.yml name[missing]
+live-build/misc/ansible-roles/appliance-build.masking-development/tasks/main.yml risky-file-permissions
+live-build/misc/ansible-roles/appliance-build.masking-development/tasks/main.yml yaml[truthy]
+live-build/misc/ansible-roles/appliance-build.minimal-common/tasks/main.yml command-instead-of-shell
+live-build/misc/ansible-roles/appliance-build.minimal-common/tasks/main.yml fqcn[action-core]
+live-build/misc/ansible-roles/appliance-build.minimal-common/tasks/main.yml name[missing]
+live-build/misc/ansible-roles/appliance-build.minimal-common/tasks/main.yml no-changed-when
+live-build/misc/ansible-roles/appliance-build.minimal-common/tasks/main.yml yaml[octal-values]
+live-build/misc/ansible-roles/appliance-build.minimal-common/tasks/main.yml yaml[truthy]
+live-build/misc/ansible-roles/appliance-build.minimal-development/tasks/main.yml fqcn[action-core]
+live-build/misc/ansible-roles/appliance-build.minimal-development/tasks/main.yml name[missing]
+live-build/misc/ansible-roles/appliance-build.minimal-development/tasks/main.yml yaml[octal-values]
+live-build/misc/ansible-roles/appliance-build.minimal-internal/tasks/main.yml fqcn[action-core]
+live-build/misc/ansible-roles/appliance-build.minimal-internal/tasks/main.yml name[missing]
+live-build/misc/ansible-roles/appliance-build.minimal-internal/tasks/main.yml yaml[octal-values]
+live-build/misc/ansible-roles/appliance-build.qa-internal/handlers/main.yml fqcn[action-core]
+live-build/misc/ansible-roles/appliance-build.qa-internal/handlers/main.yml name[missing]
+live-build/misc/ansible-roles/appliance-build.qa-internal/handlers/main.yml no-changed-when
+live-build/misc/ansible-roles/appliance-build.qa-internal/handlers/main.yml yaml[new-line-at-end-of-file]
+live-build/misc/ansible-roles/appliance-build.qa-internal/tasks/main.yml fqcn[action-core]
+live-build/misc/ansible-roles/appliance-build.qa-internal/tasks/main.yml name[missing]
+live-build/misc/ansible-roles/appliance-build.qa-internal/tasks/main.yml yaml[octal-values]
+live-build/misc/ansible-roles/appliance-build.recovery-environment/tasks/main.yml fqcn[action-core]
+live-build/misc/ansible-roles/appliance-build.recovery-environment/tasks/main.yml name[missing]
+live-build/misc/ansible-roles/appliance-build.recovery-environment/tasks/main.yml yaml[empty-lines]
+live-build/misc/ansible-roles/appliance-build.unittest-internal/tasks/main.yml fqcn[action-core]
+live-build/misc/ansible-roles/appliance-build.unittest-internal/tasks/main.yml name[missing]
+live-build/misc/ansible-roles/appliance-build.unittest-internal/tasks/main.yml syntax-check[unknown-module]
+live-build/misc/ansible-roles/appliance-build.virtualization-common/tasks/main.yml command-instead-of-module
+live-build/misc/ansible-roles/appliance-build.virtualization-common/tasks/main.yml fqcn[action-core]
+live-build/misc/ansible-roles/appliance-build.virtualization-common/tasks/main.yml name[missing]
+live-build/misc/ansible-roles/appliance-build.virtualization-common/tasks/main.yml no-changed-when
+live-build/misc/ansible-roles/appliance-build.virtualization-common/tasks/main.yml risky-file-permissions
+live-build/misc/ansible-roles/appliance-build.virtualization-common/tasks/main.yml yaml[truthy]
+live-build/misc/ansible-roles/appliance-build.virtualization-development/tasks/main.yml fqcn[action-core]
+live-build/misc/ansible-roles/appliance-build.virtualization-development/tasks/main.yml key-order[task]
+live-build/misc/ansible-roles/appliance-build.virtualization-development/tasks/main.yml name[missing]
+live-build/misc/ansible-roles/appliance-build.virtualization-development/tasks/main.yml risky-file-permissions
+live-build/misc/ansible-roles/appliance-build.virtualization-development/tasks/main.yml syntax-check[unknown-module]
+live-build/misc/ansible-roles/appliance-build.virtualization-development/tasks/main.yml yaml[truthy]
+live-build/misc/ansible-roles/appliance-build.zfsonlinux-development/tasks/main.yml fqcn[action-core]
+live-build/misc/ansible-roles/appliance-build.zfsonlinux-development/tasks/main.yml name[missing]
+live-build/misc/ansible-roles/appliance-build.zfsonlinux-development/tasks/main.yml risky-file-permissions
+live-build/misc/ansible-roles/appliance-build.zfsonlinux-development/tasks/main.yml yaml[truthy]
+live-build/variants/external-dct/ansible/playbook.yml name[play]
+live-build/variants/external-dct/ansible/playbook.yml yaml[truthy]
+live-build/variants/external-standard/ansible/playbook.yml name[play]
+live-build/variants/external-standard/ansible/playbook.yml yaml[truthy]
+live-build/variants/internal-buildserver/ansible/playbook.yml name[play]
+live-build/variants/internal-buildserver/ansible/playbook.yml yaml[truthy]
+live-build/variants/internal-dcenter/ansible/playbook.yml name[play]
+live-build/variants/internal-dcenter/ansible/playbook.yml yaml[truthy]
+live-build/variants/internal-dct/ansible/playbook.yml name[play]
+live-build/variants/internal-dct/ansible/playbook.yml yaml[truthy]
+live-build/variants/internal-dev/ansible/playbook.yml name[play]
+live-build/variants/internal-dev/ansible/playbook.yml yaml[truthy]
+live-build/variants/internal-minimal/ansible/playbook.yml name[play]
+live-build/variants/internal-minimal/ansible/playbook.yml yaml[truthy]
+live-build/variants/internal-package-mirror/ansible/playbook.yml name[play]
+live-build/variants/internal-package-mirror/ansible/playbook.yml yaml[truthy]
+live-build/variants/internal-qa/ansible/playbook.yml name[play]
+live-build/variants/internal-qa/ansible/playbook.yml yaml[truthy]
+live-build/variants/internal-unittest/ansible/playbook.yml name[play]
+live-build/variants/internal-unittest/ansible/playbook.yml yaml[truthy]

.github/misc/ansible-lint-requirements.yml

@@ -0,0 +1,6 @@
+#
+# Copyright 2025 Delphix
+#
+---
+collections:
+  - community.general

.github/workflows/main.yml

@@ -2,12 +2,16 @@ on: [push, pull_request]
 
 jobs:
   check-ansible:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v1
-      - run: sudo ./.github/scripts/install-gradle.sh
-      - run: sudo -E ./.github/scripts/install-ansible-lint.sh
-      - run: /opt/gradle-5.1/bin/gradle ansibleCheck
+      - uses: actions/checkout@v4
+      - name: Run ansible-lint
+        uses: ansible/ansible-lint@main
+        with:
+          args: ""
+          setup_python: "true"
+          working_directory: ""
+          requirements_file: ".github/misc/ansible-lint-requirements.yml"
   check-shellcheck:
     runs-on: ubuntu-20.04
     steps:

bootstrap/roles/appliance-build.bootstrap/tasks/main.yml

@@ -15,17 +15,15 @@
 #
 
 ---
-- apt:
-    update_cache: yes
-
-- apt:
+- name: Update apt cache and install apt packages
+  ansible.builtin.apt:
     name:
       - ansible
       - aptly
-      - awscli
       - bc
       - coreutils
       - devscripts
+      - docker.io
       - equivs
       - gdisk
       - git
@@ -36,15 +34,46 @@
       - livecd-rootfs
       - make
       - man
-      - openjdk-8-jre-headless
+      - openjdk-8-jdk-headless
       - pigz
-      - qemu
+      # The VSDK plugin requires python3.11
+      - python3.11
+      - qemu-system
       - rename
       - shellcheck
       - vim
       - zfsutils-linux
     state: present
+    update_cache: true
+
+- name: Stop unattended-upgrades systemd service in preparation for package removal
+  ansible.builtin.systemd:
+    name: unattended-upgrades
+    state: stopped
+  register: result_systemd_stop
+  failed_when: "result_systemd_stop is failed and 'Could not find the requested service' not in result_systemd_stop.msg"
+
+- name: Remove unattended-upgrades package
+  ansible.builtin.apt:
+    name:
+      - unattended-upgrades
+    state: absent
+    purge: true
+
+# aws-cli is distributed via snap on 24.04. While the package is not required by the product,
+# it is required by appliance-build itself.
+- name: Install aws-cli snap package
+  community.general.snap:
+    name: aws-cli
+    classic: true
 
-- modprobe:
+- name: Load ZFS kernel module.
+  community.general.modprobe:
     name: zfs
     state: present
+
+- name: Add delphix user to docker group required by the virtualization package
+  ansible.builtin.user:
+    name: delphix
+    groups: docker
+    append: true

build.gradle

@@ -105,13 +105,7 @@ task shellCheck(type: Exec) {
     commandLine(["shellcheck", "--exclude=SC1090,SC1091"] + shellScripts.getFiles())
 }
 
-task ansibleCheck(type: Exec) {
-    def ansibleFiles = fileTree("bootstrap").include("**/playbook.yml") +
-                       fileTree("live-build/variants").include("**/playbook.yml")
-    commandLine(["ansible-lint", "--exclude=SC1090,SC1091"] + ansibleFiles.getFiles())
-}
-
-tasks.check.dependsOn shellCheck, shfmtCheck, ansibleCheck
+tasks.check.dependsOn shellCheck, shfmtCheck
 
 task format() {
     dependsOn shfmt

live-build/auto/config

@@ -35,7 +35,7 @@ lb config noauto \
 	--bootstrap-flavour minimal \
 	--chroot-filesystem none \
 	--architectures amd64 \
-	--distribution focal \
+	--distribution noble \
 	--binary-images none \
 	--bootloader none \
 	--system normal \

live-build/config/archives/delphix-secondary-mirror.list.in

@@ -1,5 +1,5 @@
 #
-# Copyright 2019 Delphix
+# Copyright 2019, 2024 Delphix
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,6 +14,6 @@
 # limitations under the License.
 #
 
-deb @@URL@@ focal main multiverse universe contrib stable
-deb @@URL@@ focal-updates main multiverse universe
-deb @@URL@@ focal-pgdg main
+deb @@URL@@ noble main multiverse universe contrib stable
+deb @@URL@@ noble-pgdg main
+deb @@URL@@ stable main

live-build/config/archives/localhost.list

@@ -22,4 +22,4 @@
 # used to serve the repository.
 #
 
-deb [trusted=yes] http://localhost:8080 focal main
+deb [trusted=yes] http://localhost:8080 noble main

live-build/config/hooks/configuration/81-upgrade-repository.binary

@@ -47,6 +47,20 @@ if [[ $(ls binary/lib/modules | wc -l) -gt 1 ]]; then
 	exit 1
 fi
 
+#
+# In order for DNS to work when running Ansible chroot-ed in the
+# "binary" directory, we have to copy the host's resolv.conf file into
+# place, and then undo this change when we're done.
+#
+
+if [[ -e binary/etc/resolv.conf || -L binary/etc/resolv.conf ]]; then
+	mv binary/etc/resolv.conf binary/etc/resolv.conf.orig
+fi
+
+if [[ -e /etc/resolv.conf ]]; then
+	cp /etc/resolv.conf binary/etc/resolv.conf
+fi
+
 #
 # Here, we generate a list of all of the packages that have been
 # installed in the "binary" chroot directory, including package version,
@@ -142,3 +156,11 @@ rm -rf "binary/$DEBS_DIRECTORY"
 tar -I pigz -cf "$ARTIFACT_NAME.debs.tar.gz" ./*.deb -C binary/packages .
 
 rm -rf binary/packages
+
+if [[ -e binary/etc/resolv.conf ]]; then
+	rm binary/etc/resolv.conf
+fi
+
+if [[ -e binary/etc/resolv.conf.orig || -L binary/etc/resolv.conf ]]; then
+	mv binary/etc/resolv.conf.orig binary/etc/resolv.conf
+fi

live-build/misc/ansible-roles/appliance-build.buildserver-internal/tasks/main.yml

@@ -15,16 +15,18 @@
 #
 
 ---
-- apt:
+- name: Install apt packages
+  ansible.builtin.apt:
     name:
-      - adoptopenjdk-java8-jdk
+      - openjdk-8-jdk-headless
       - curl
       - docker.io
       - git
       - gnupg
     state: present
 
-- user:
+- name: Add delphix user to docker group required by the virtualization package
+  ansible.builtin.user:
     name: delphix
     groups: docker
     append: true

live-build/misc/ansible-roles/appliance-build.dcenter/tasks/files/etc/nfs.conf.d/12-delphix-dcenter-nfs-overrides.conf

@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2019, 2025 by Delphix. All rights reserved.
+#
+# Configuration drop-in for a dcenter.
+#
+# The default setting for the number of nfs threads is too low. To
+# improve performance we reset the value to 64 which mimics what
+# we use on the delphix engine.
+#
+#
+[nfsd]
+threads=64
+
+[mountd]
+threads=5
+manage-gids=y