Implement dockerhost.yml playbook for systems running static docker containers for test

[sxa]

Checklist

• commit message has one of the standard prefixes
• FAQ.md updated if appropriate
• other documentation is changed or added (if applicable)
• playbook changes run through VPC or QPC (if you have access): VPC VPC
• for inventory.yml changes, bastillion/nagios/jenkins updated accordingly

This adds in a new playbook for creating a "Docker-only" host which holds statically built containers used to run testing (Formalises what was prototyped in issue 1809). It contains:

• New "DockerStatic" role to create and start one container on each of Ubuntu 16.04/18.04/20.04/20.10, Fedora 33 and CentOS 8
• New adopt_etc role which contains the items from Common which make changes to the system hostname etc. (Since we don't want all of the Common things in the dockerhost.yml
• Move of the definitions of the crontab_patching things from Common to the Crontab role so that it doesn't require Common to be executed first (makes the role self-sufficient)

To be addressed (potentially later - these would be good "introductory" things for new people to resolve):

• CentOS8 Dockerfile does not yet work so is excluded from the full process
• Core file creation needs permanent fix - probably in the new adopt_etc role. Related: Investigate and fix openj9 sanity functional test failures when run in docker containers aqa-tests#791 test-aws-rhel8-x64-1 - tests which create core files fail #1829 (comment)
• Locale-related failures need a solution (TEST: java/util/Locale/LocaleCategory.java failed with jdk_util_j9: ubuntu, openj9, 11 |15 run-aqa#59, TEST: java/util/Locale/LocaleCategory.java failed with jdk_util_j9: ubuntu, openj9, 11 |15  eclipse-openj9/openj9#11620 closed, but AArch64 openjdk LambdaFileEncodingSerialization assertion failure eclipse-openj9/openj9#11915 still outstanding)
• Switch download of java (for Jenkins agent) to V3 API and potentially move the JDK to 11 from 8
• Potentially have an optional "force rebuild/restart" option (Not default as it may be in use!)

[sxa]

Not quite sure yet what it's complaining about - ansible-lint does not object in the same way when run on my local machine.

[sxa]

With updates to the core file settings ought to fix #1817 but it doesn't as it's not taking effect, so I'll do that in a follow-on PR, which will hopefully end up in adopt_etc to help with #1817 if we put more guards on it :-)

[sxa]

NOTE TO REVIEWERS:

• Does not contain NTP_TIME role because the requisite packages are not installed since we don't run Common at present
• Nagios plugins do not work on the hosts I'm using. That can be resolved laster
• Because of the way I've put the jenkins ssh key in, I can't also have the bastillion ssh key along with it as well from Vendor_Files, so this breaks the ability for bastillion to administer up the jenkins user (Can fix separately)

[aahlenst]

My comments regarding the Ubuntu Docker file apply to all to Ubuntu/Debian Docker files.

[aahlenst]

We should predefine a UID/GID that does ideally not collide with a host UID/GID. One popular recommendation is to use 10000.

[sxa]

Since these containers are fully isolated and not sharing the file system with the host (unlike the build ones) that shouldn't be a concern for these.

[aahlenst]

According to my understanding, you can still escape from the container and end up with the same UID on the host as in the container as long as Docker user namespacing isn't active and configured. If I read the Dockerfile correctly, sshd is run as root, anyway, so it might make sense to tackle this in a separate PR if we really need sshd.