From 2a237385efd4c04d6e463bf3042c50e1adcbefe2 Mon Sep 17 00:00:00 2001 From: Al Bowles Date: Sat, 18 Feb 2023 12:46:41 -0600 Subject: [PATCH 01/16] Automation for configuring a worker-only host --- init-rocky-openqa-worker-host.yml | 42 ++++++++++++ tasks/openqa-worker.yml | 66 +++++++++++++++++++ .../firewalld/services/openqa-socket.xml.j2 | 4 ++ templates/etc/openqa/workers.conf.j2 | 9 +++ vars/openqa-worker.yml | 36 ++++++++++ 5 files changed, 157 insertions(+) create mode 100644 init-rocky-openqa-worker-host.yml create mode 100644 tasks/openqa-worker.yml create mode 100644 templates/etc/firewalld/services/openqa-socket.xml.j2 create mode 100644 templates/etc/openqa/workers.conf.j2 create mode 100644 vars/openqa-worker.yml diff --git a/init-rocky-openqa-worker-host.yml b/init-rocky-openqa-worker-host.yml new file mode 100644 index 0000000..fb7ad0e --- /dev/null +++ b/init-rocky-openqa-worker-host.yml @@ -0,0 +1,42 @@ +# Configure an openQA worker host +# This playbook is *NOT* intended for WAN-facing systems! +# +# Created: @akatch +--- +- name: Rocky openQA Worker Runbook + hosts: openqa_workers + become: true + gather_facts: false + vars_files: + - vars/openqa-worker.yml + + # This is to try to avoid the handler issue in pre/post tasks + handlers: + - import_tasks: handlers/main.yml + + pre_tasks: + - name: Check if ansible cannot be run here + stat: + path: /etc/no-ansible + register: no_ansible + + - name: Verify if we can run ansible + assert: + that: + - "not no_ansible.stat.exists" + success_msg: "We are able to run on this node" + fail_msg: "/etc/no-ansible exists - skipping run on this node" + + tasks: + - name: Install and configure OpenQA workers + import_tasks: tasks/openqa-worker.yml + + post_tasks: + - name: Touching run file that ansible has ran here + file: + path: /var/log/ansible.run + state: touch + mode: '0644' + owner: root + group: root +... diff --git a/tasks/openqa-worker.yml b/tasks/openqa-worker.yml new file mode 100644 index 0000000..3b47502 --- /dev/null +++ b/tasks/openqa-worker.yml @@ -0,0 +1,66 @@ +--- +- name: Install OpenQA worker packages + dnf: + name: "{{ openqa_worker_packages }}" + state: present + tags: + - packages + +- name: Create openQA group + group: + name: "{{ openqa_group }}" + system: true + +- name: Create openQA user + user: + name: "{{ openqa_user }}" + groups: "{{ openqa_group }}" + append: true + system: true + +- name: Configure firewalld for openQA worker connections + template: + src: etc/firewalld/services/{{ item }}.xml.j2 + dest: /etc/firewalld/services/{{ item }}.xml + owner: root + group: root + mode: "0644" + loop: + - openqa-socket + - openqa-vnc + tags: + - configure + +- name: Reload firewalld + systemd: + name: firewalld + state: reloaded + tags: + - configure + ignore_errors: "{{ ansible_check_mode }}" + +- name: Write openQA configuration file + template: + src: etc/openqa/{{ item }}.j2 + dest: /etc/openqa/{{ item }} + owner: "{{ openqa_user }}" + group: "{{ openqa_group }}" + mode: "0444" + loop: + - client.conf + - workers.conf + tags: + - configure + +- name: Start {{ openqa_worker_count }} openQA workers + ansible.builtin.systemd: + name: "openqa-worker@{{ item }}" + state: started + enabled: true + # range "end" parameter is exclusive, so add 1 + loop: "{{ range(1, (openqa_worker_count|int + 1)) | list }}" + tags: + - start_workers + - configure + ignore_errors: "{{ ansible_check_mode }}" +... diff --git a/templates/etc/firewalld/services/openqa-socket.xml.j2 b/templates/etc/firewalld/services/openqa-socket.xml.j2 new file mode 100644 index 0000000..4cfc146 --- /dev/null +++ b/templates/etc/firewalld/services/openqa-socket.xml.j2 @@ -0,0 +1,4 @@ + + + + diff --git a/templates/etc/openqa/workers.conf.j2 b/templates/etc/openqa/workers.conf.j2 new file mode 100644 index 0000000..1f1a609 --- /dev/null +++ b/templates/etc/openqa/workers.conf.j2 @@ -0,0 +1,9 @@ +[global] +HOST = https://{{ openqa_host }} +CACHEDIRECTORY = /var/lib/openqa/cache # desired cache location +CACHELIMIT = 50 # max. cache size in GiB, defaults to 50 +CACHE_MIN_FREE_PERCENTAGE = 10 # min. free disk space to preserve in percent +CACHEWORKERS = 5 # number of parallel cache minion workers, defaults to 5 + +[https://{{ openqa_host }}] +TESTPOOLSERVER = rsync://{{ openqa_host }}/tests # also cache tests (via rsync) diff --git a/vars/openqa-worker.yml b/vars/openqa-worker.yml new file mode 100644 index 0000000..4a245ba --- /dev/null +++ b/vars/openqa-worker.yml @@ -0,0 +1,36 @@ +--- +# The primary openQA host +openqa_host: openqa.rockylinux.org +openqa_client_key: 1234567890ABCDEF +openqa_client_secret: 1234567890ABCDEF + +# Default OpenQA user and group +openqa_user: geekotest +openqa_group: geekotest + +# The number of workers to enable on this system +openqa_worker_count: 2 + +# Port range to open for VNC access to local workers. +# The max port should be 5990 + n where n is the total +# number of workers you want to enable on your system. +openqa_min_vnc_port: 5991 +openqa_max_vnc_port: "{{ 5990 + openqa_worker_count|int }}" + +# Port range to open for socket connections from the primary host. +openqa_min_socket_port: 20000 +openqa_max_socket_port: 20089 + +# Packages to install +openqa_worker_packages: + - guestfs-tools + - libguestfs-xfs + - libvirt-daemon-config-network + - virt-install + - openqa-worker + - perl-REST-Client + - python3-libguestfs + - virt-install + - withlock + - firewalld +... From 7d8bd73307af2b853e87331d25fa07ecfd424ed2 Mon Sep 17 00:00:00 2001 From: Al Bowles Date: Sat, 18 Feb 2023 12:49:49 -0600 Subject: [PATCH 02/16] Update filelist --- README.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 9ce5174..9e59a43 100644 --- a/README.md +++ b/README.md @@ -17,27 +17,31 @@ This repository is for openQA operations and management. ├── handlers │   └── main.yml ├── init-rocky-openqa-developer-host.yml -├── localhost.yml +├── init-rocky-openqa-worker-host.yml ├── README.md ├── roles │   └── README.md ├── tasks │   ├── main.yml +│   ├── openqa-worker.yml │   └── openqa.yml ├── templates │   └── etc │   ├── firewalld │   │   └── services +│   │   ├── openqa-socket.xml.j2 │   │   └── openqa-vnc.xml.j2 │   └── openqa │   ├── client.conf.j2 -│   └── openqa.ini.j2 +│   ├── openqa.ini.j2 +│   └── workers.conf.j2 ├── tests │   ├── README.md │   └── test.yml └── vars ├── main.yml - └── openqa.yml + ├── openqa-worker.yml + └── openqa.yml ``` ## Guidelines From b337544f5ff7ad1e1cdaf30f7293a056a94a67fe Mon Sep 17 00:00:00 2001 From: Al Bowles Date: Sat, 18 Feb 2023 14:43:30 -0600 Subject: [PATCH 03/16] Add requirements file --- requirements.yml | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 requirements.yml diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..ad6b4c7 --- /dev/null +++ b/requirements.yml @@ -0,0 +1,3 @@ +--- +collections: + - ansible.posix From 96f68226dca2b447130e29f1aaf4d62d59f65468 Mon Sep 17 00:00:00 2001 From: Al Bowles Date: Sun, 19 Feb 2023 15:23:01 -0600 Subject: [PATCH 04/16] Move requirements file to meet convention --- requirements.yml => collections/requirements.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename requirements.yml => collections/requirements.yml (100%) diff --git a/requirements.yml b/collections/requirements.yml similarity index 100% rename from requirements.yml rename to collections/requirements.yml From d7ab984b4f16b651448aaa89ce3450c66204ffdf Mon Sep 17 00:00:00 2001 From: Al Bowles Date: Mon, 27 Feb 2023 10:03:14 -0600 Subject: [PATCH 05/16] Start cache services --- tasks/openqa-worker.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tasks/openqa-worker.yml b/tasks/openqa-worker.yml index 3b47502..1b10e38 100644 --- a/tasks/openqa-worker.yml +++ b/tasks/openqa-worker.yml @@ -63,4 +63,13 @@ - start_workers - configure ignore_errors: "{{ ansible_check_mode }}" + +- name: Start openQA cache services + ansible.builtin.systemd: + name: "{{ item }}" + state: started + enabled: true + loop: + - openqa-worker-cacheservice + - openqa-worker-cacheservice-minion ... From beb14b7a96ec229d1a1e46c677f40807a54b3dc4 Mon Sep 17 00:00:00 2001 From: Al Bowles Date: Tue, 28 Feb 2023 12:50:34 -0600 Subject: [PATCH 06/16] It turns out openqa does not like inline comments in its ini files --- templates/etc/openqa/workers.conf.j2 | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/templates/etc/openqa/workers.conf.j2 b/templates/etc/openqa/workers.conf.j2 index 1f1a609..bd5ade7 100644 --- a/templates/etc/openqa/workers.conf.j2 +++ b/templates/etc/openqa/workers.conf.j2 @@ -1,9 +1,7 @@ [global] HOST = https://{{ openqa_host }} -CACHEDIRECTORY = /var/lib/openqa/cache # desired cache location -CACHELIMIT = 50 # max. cache size in GiB, defaults to 50 -CACHE_MIN_FREE_PERCENTAGE = 10 # min. free disk space to preserve in percent -CACHEWORKERS = 5 # number of parallel cache minion workers, defaults to 5 +CACHEDIRECTORY = /var/lib/openqa/cache +CACHE_MIN_FREE_PERCENTAGE = 10 [https://{{ openqa_host }}] -TESTPOOLSERVER = rsync://{{ openqa_host }}/tests # also cache tests (via rsync) +TESTPOOLSERVER = rsync://{{ openqa_host }}/tests From ca08f4bb0e0f1d8c194c3550fd5974bfab635a92 Mon Sep 17 00:00:00 2001 From: Al Bowles Date: Tue, 28 Feb 2023 12:55:38 -0600 Subject: [PATCH 07/16] Add some usages --- init-rocky-openqa-worker-host.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/init-rocky-openqa-worker-host.yml b/init-rocky-openqa-worker-host.yml index fb7ad0e..fc35aa3 100644 --- a/init-rocky-openqa-worker-host.yml +++ b/init-rocky-openqa-worker-host.yml @@ -1,5 +1,11 @@ # Configure an openQA worker host -# This playbook is *NOT* intended for WAN-facing systems! +# +# Usages: +# # Install and configure an openQA worker-only host +# ansible-playbook init-rocky-openqa-worker-host.yml +# +# # Install and configure an openQA worker-only host with a parameters file +# ansible-playbook init-rocky-openqa-worker-host.yml -e @my-worker-host.yml # # Created: @akatch --- From 1c26ea706f9de93c200c4d5c0d1c7290533d279c Mon Sep 17 00:00:00 2001 From: Al Bowles Date: Tue, 28 Feb 2023 12:55:52 -0600 Subject: [PATCH 08/16] Use some more defaulty defaults --- vars/openqa-worker.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/openqa-worker.yml b/vars/openqa-worker.yml index 4a245ba..be216d2 100644 --- a/vars/openqa-worker.yml +++ b/vars/openqa-worker.yml @@ -1,6 +1,6 @@ --- # The primary openQA host -openqa_host: openqa.rockylinux.org +openqa_host: localhost openqa_client_key: 1234567890ABCDEF openqa_client_secret: 1234567890ABCDEF @@ -9,7 +9,7 @@ openqa_user: geekotest openqa_group: geekotest # The number of workers to enable on this system -openqa_worker_count: 2 +openqa_worker_count: 1 # Port range to open for VNC access to local workers. # The max port should be 5990 + n where n is the total From 05fb2aa93b08c0bbb121cf2b03d372a57543d474 Mon Sep 17 00:00:00 2001 From: Al Bowles Date: Sat, 18 Feb 2023 14:35:36 -0600 Subject: [PATCH 09/16] Linter fixes --- .ansible-lint | 7 +++-- init-rocky-openqa-developer-host.yml | 14 +++++---- init-rocky-openqa-worker-host.yml | 11 ++++--- tasks/main.yml | 4 --- tasks/openqa-worker.yml | 16 +++++----- tasks/openqa.yml | 47 ++++++++++++++-------------- tests/test.yml | 8 +++-- vars/openqa-worker.yml | 5 ++- vars/openqa.yml | 2 +- 9 files changed, 59 insertions(+), 55 deletions(-) delete mode 100644 tasks/main.yml diff --git a/.ansible-lint b/.ansible-lint index 2394b2a..f1e5c61 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,6 +1,7 @@ +--- # .ansible-lint warn_list: - - '204' # Lines should be less than 160 characters - - '701' # meta/main.yml should contain relevant info + - '204' # Lines should be less than 160 characters + - '701' # meta/main.yml should contain relevant info skip_list: - - '106' # Role name must match ^[a-z][a-z0-9_]+$ pattern + - '106' # Role name must match ^[a-z][a-z0-9_]+$ pattern diff --git a/init-rocky-openqa-developer-host.yml b/init-rocky-openqa-developer-host.yml index b946e2b..d113ea4 100644 --- a/init-rocky-openqa-developer-host.yml +++ b/init-rocky-openqa-developer-host.yml @@ -24,16 +24,17 @@ # This is to try to avoid the handler issue in pre/post tasks handlers: - - import_tasks: handlers/main.yml + - name: Import handlers + ansible.builtin.import_tasks: handlers/main.yml pre_tasks: - name: Check if ansible cannot be run here - stat: + ansible.builtin.stat: path: /etc/no-ansible register: no_ansible - name: Verify if we can run ansible - assert: + ansible.builtin.assert: that: - "not no_ansible.stat.exists" success_msg: "We are able to run on this node" @@ -41,13 +42,14 @@ tasks: - name: Install and configure OpenQA - import_tasks: tasks/openqa.yml + ansible.builtin.import_tasks: tasks/openqa.yml + - name: Apply Rocky Linux OpenQA Branding - import_tasks: tasks/openqa_branding.yml + ansible.builtin.import_tasks: tasks/openqa_branding.yml post_tasks: - name: Touching run file that ansible has ran here - file: + ansible.builtin.file: path: /var/log/ansible.run state: touch mode: '0644' diff --git a/init-rocky-openqa-worker-host.yml b/init-rocky-openqa-worker-host.yml index fc35aa3..74bfb05 100644 --- a/init-rocky-openqa-worker-host.yml +++ b/init-rocky-openqa-worker-host.yml @@ -18,16 +18,17 @@ # This is to try to avoid the handler issue in pre/post tasks handlers: - - import_tasks: handlers/main.yml + - name: Import handlers + ansible.builtin.import_tasks: handlers/main.yml pre_tasks: - name: Check if ansible cannot be run here - stat: + ansible.builtin.stat: path: /etc/no-ansible register: no_ansible - name: Verify if we can run ansible - assert: + ansible.builtin.assert: that: - "not no_ansible.stat.exists" success_msg: "We are able to run on this node" @@ -35,11 +36,11 @@ tasks: - name: Install and configure OpenQA workers - import_tasks: tasks/openqa-worker.yml + ansible.builtin.import_tasks: tasks/openqa-worker.yml post_tasks: - name: Touching run file that ansible has ran here - file: + ansible.builtin.file: path: /var/log/ansible.run state: touch mode: '0644' diff --git a/tasks/main.yml b/tasks/main.yml deleted file mode 100644 index 68a6567..0000000 --- a/tasks/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -# No tasks -- debug: msg="No tasks are provided here. Please import the task as needed in your playbook." -... diff --git a/tasks/openqa-worker.yml b/tasks/openqa-worker.yml index 1b10e38..3024af3 100644 --- a/tasks/openqa-worker.yml +++ b/tasks/openqa-worker.yml @@ -1,25 +1,25 @@ --- - name: Install OpenQA worker packages - dnf: + ansible.builtin.dnf: name: "{{ openqa_worker_packages }}" state: present tags: - packages - name: Create openQA group - group: + ansible.builtin.group: name: "{{ openqa_group }}" system: true - name: Create openQA user - user: + ansible.builtin.user: name: "{{ openqa_user }}" groups: "{{ openqa_group }}" append: true system: true - name: Configure firewalld for openQA worker connections - template: + ansible.builtin.template: src: etc/firewalld/services/{{ item }}.xml.j2 dest: /etc/firewalld/services/{{ item }}.xml owner: root @@ -32,7 +32,7 @@ - configure - name: Reload firewalld - systemd: + ansible.builtin.systemd: name: firewalld state: reloaded tags: @@ -40,7 +40,7 @@ ignore_errors: "{{ ansible_check_mode }}" - name: Write openQA configuration file - template: + ansible.builtin.template: src: etc/openqa/{{ item }}.j2 dest: /etc/openqa/{{ item }} owner: "{{ openqa_user }}" @@ -52,13 +52,13 @@ tags: - configure -- name: Start {{ openqa_worker_count }} openQA workers +- name: Start openQA workers ansible.builtin.systemd: name: "openqa-worker@{{ item }}" state: started enabled: true # range "end" parameter is exclusive, so add 1 - loop: "{{ range(1, (openqa_worker_count|int + 1)) | list }}" + loop: "{{ range(1, (openqa_worker_count | int + 1)) | list }}" tags: - start_workers - configure diff --git a/tasks/openqa.yml b/tasks/openqa.yml index 27d3585..f449fc1 100644 --- a/tasks/openqa.yml +++ b/tasks/openqa.yml @@ -1,13 +1,13 @@ --- - name: Install OpenQA packages - yum: + ansible.builtin.yum: name: "{{ openqa_packages }}" state: present tags: - packages - name: Copy httpd configuration files - copy: + ansible.builtin.copy: remote_src: true src: /etc/httpd/conf.d/{{ item }}.template dest: /etc/httpd/conf.d/{{ item }} @@ -22,7 +22,7 @@ - configure - name: Template OpenQA configuration files - template: + ansible.builtin.template: src: etc/openqa/{{ item }}.j2 dest: /etc/openqa/{{ item }} owner: "{{ openqa_user }}" @@ -35,20 +35,21 @@ - configure - name: Get service facts - service_facts: + ansible.builtin.service_facts: - name: Check for non-empty postgres data directory - stat: + ansible.builtin.stat: path: /var/lib/pgsql/data/base register: postgres_data_dir - name: If postgresql is not already running, initialize database - command: postgresql-setup --initdb + ansible.builtin.command: postgresql-setup --initdb when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" ) and not postgres_data_dir.stat.exists + changed_when: true - name: Enable and start postgresql service - systemd: + ansible.builtin.systemd: name: postgresql state: started enabled: true @@ -56,7 +57,7 @@ and not postgres_data_dir.stat.exists - name: Configure SELinux to allow httpd connection to network - seboolean: + ansible.posix.seboolean: name: httpd_can_network_connect state: true persistent: true @@ -64,7 +65,7 @@ - configure - name: Enable and start OpenQA services - systemd: + ansible.builtin.systemd: name: "{{ item }}" state: started enabled: true @@ -73,7 +74,7 @@ - configure - name: Create openqa-vnc firewalld service - template: + ansible.builtin.template: src: etc/firewalld/services/openqa-vnc.xml.j2 dest: /etc/firewalld/services/openqa-vnc.xml owner: root @@ -83,13 +84,13 @@ - configure - name: Load openqa-vnc firewalld service - systemd: + ansible.builtin.systemd: name: firewalld state: reloaded tags: - configure -- name: Permit traffic for {{ item }} service +- name: Permit traffic for http and openqa-vnc services ansible.posix.firewalld: service: "{{ item }}" permanent: true @@ -101,21 +102,21 @@ - configure - name: Reload FirewallD - systemd: + ansible.builtin.systemd: name: firewalld state: reloaded tags: - configure - name: Check for existing repository - stat: + ansible.builtin.stat: path: "{{ openqa_homedir }}/share/tests/rocky" register: rocky_testing_repo tags: - configure - name: Clone repository if it does not already exist - git: + ansible.builtin.git: accept_hostkey: true dest: "{{ openqa_homedir }}/share/tests/rocky" repo: "{{ openqa_rocky_testing_repo }}" @@ -125,7 +126,7 @@ - configure - name: Set owner/group/permissions on repo contents - file: + ansible.builtin.file: path: "{{ openqa_homedir }}/share/tests/rocky" recurse: true owner: "{{ openqa_user }}" @@ -136,17 +137,17 @@ # fifloader.py will fail if the Demo user is not logged in - name: Authenticate to web UI the first time - uri: + ansible.builtin.uri: url: "http://{{ openqa_host }}/login" - name: Run fifloader.py - command: ./fifloader.py -l -c templates.fif.json templates-updates.fif.json + ansible.builtin.command: ./fifloader.py -l -c templates.fif.json templates-updates.fif.json changed_when: "1 != 1" args: chdir: "{{ openqa_homedir }}/share/tests/rocky" - name: Create ISO directory - file: + ansible.builtin.file: path: "{{ openqa_homedir }}/share/factory/iso/fixed" state: directory owner: "{{ openqa_user }}" @@ -156,7 +157,7 @@ - download_isos - name: Download ISOs - get_url: + ansible.builtin.get_url: dest: "{{ openqa_homedir }}/share/factory/iso/fixed/{{ item.name }}" url: "{{ rocky_iso_download_url }}/{{ item.name }}" checksum: "{{ item.checksum }}" @@ -168,19 +169,19 @@ tags: - download_isos -- name: Start {{ openqa_worker_count }} OpenQA workers +- name: Start OpenQA workers ansible.builtin.systemd: name: "openqa-worker@{{ item }}" state: started enabled: true # range 'end' parameter is exclusive, so add 1 - loop: "{{ range(1, (openqa_worker_count|int + 1)) | list }}" + loop: "{{ range(1, (openqa_worker_count | int + 1)) | list }}" tags: - start_workers - configure - name: POST a job - command: | + ansible.builtin.command: | openqa-cli api -X POST isos \ ISO=Rocky-{{ rocky_version }}-{{ rocky_arch }}-minimal.iso \ ARCH={{ rocky_arch }} \ diff --git a/tests/test.yml b/tests/test.yml index 27fe873..33b2182 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -1,5 +1,9 @@ --- -- hosts: localhost +- name: Run tests + hosts: localhost remote_user: root tasks: - - import_tasks: example.yml + - name: Ensure required variables are defined + ansible.builtin.assert: + that: + - openqa_host is defined diff --git a/vars/openqa-worker.yml b/vars/openqa-worker.yml index be216d2..ddbc3e3 100644 --- a/vars/openqa-worker.yml +++ b/vars/openqa-worker.yml @@ -15,7 +15,7 @@ openqa_worker_count: 1 # The max port should be 5990 + n where n is the total # number of workers you want to enable on your system. openqa_min_vnc_port: 5991 -openqa_max_vnc_port: "{{ 5990 + openqa_worker_count|int }}" +openqa_max_vnc_port: "{{ 5990 + openqa_worker_count | int }}" # Port range to open for socket connections from the primary host. openqa_min_socket_port: 20000 @@ -23,14 +23,13 @@ openqa_max_socket_port: 20089 # Packages to install openqa_worker_packages: + - firewalld - guestfs-tools - libguestfs-xfs - libvirt-daemon-config-network - - virt-install - openqa-worker - perl-REST-Client - python3-libguestfs - virt-install - withlock - - firewalld ... diff --git a/vars/openqa.yml b/vars/openqa.yml index af1ed1b..9a908f3 100644 --- a/vars/openqa.yml +++ b/vars/openqa.yml @@ -45,7 +45,7 @@ openqa_worker_count: 1 # The max port should be 5990 + n where n is the total # number of workers you want to enable on your system. openqa_min_vnc_port: 5991 -openqa_max_vnc_port: "{{ 5990 + openqa_worker_count|int }}" +openqa_max_vnc_port: "{{ 5990 + openqa_worker_count | int }}" # Packages to install openqa_packages: From 2c6f93ff8e16ae11c655e6ccf9a5f6cc93fc6a1c Mon Sep 17 00:00:00 2001 From: Al Bowles Date: Mon, 27 Feb 2023 10:07:27 -0600 Subject: [PATCH 10/16] Perform firewalld reload as a handler --- handlers/main.yml | 6 +++++- tasks/openqa-worker.yml | 9 +-------- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 03692d8..4a3f3c4 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,2 +1,6 @@ --- -# Handlers +- name: Reload firewalld + ansible.builtin.systemd: + name: firewalld + state: reloaded + ignore_errors: "{{ ansible_check_mode }}" diff --git a/tasks/openqa-worker.yml b/tasks/openqa-worker.yml index 3024af3..ac682e1 100644 --- a/tasks/openqa-worker.yml +++ b/tasks/openqa-worker.yml @@ -30,14 +30,7 @@ - openqa-vnc tags: - configure - -- name: Reload firewalld - ansible.builtin.systemd: - name: firewalld - state: reloaded - tags: - - configure - ignore_errors: "{{ ansible_check_mode }}" + notify: Reload firewalld - name: Write openQA configuration file ansible.builtin.template: From 69923813ddf2338c70cd1bae06301fb3f475171d Mon Sep 17 00:00:00 2001 From: Al Bowles Date: Mon, 27 Feb 2023 21:22:12 -0600 Subject: [PATCH 11/16] Correctly name workers.ini, move worker restart to handler --- handlers/main.yml | 9 +++++++++ tasks/openqa-worker.yml | 15 ++------------- .../openqa/{workers.conf.j2 => workers.ini.j2} | 0 3 files changed, 11 insertions(+), 13 deletions(-) rename templates/etc/openqa/{workers.conf.j2 => workers.ini.j2} (100%) diff --git a/handlers/main.yml b/handlers/main.yml index 4a3f3c4..839209c 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -4,3 +4,12 @@ name: firewalld state: reloaded ignore_errors: "{{ ansible_check_mode }}" + +- name: Restart openQA workers + ansible.builtin.systemd: + name: "openqa-worker@{{ item }}" + state: restarted + enabled: true + # range "end" parameter is exclusive, so add 1 + loop: "{{ range(1, (openqa_worker_count | int + 1)) | list }}" + ignore_errors: "{{ ansible_check_mode }}" diff --git a/tasks/openqa-worker.yml b/tasks/openqa-worker.yml index ac682e1..2b4202e 100644 --- a/tasks/openqa-worker.yml +++ b/tasks/openqa-worker.yml @@ -41,21 +41,10 @@ mode: "0444" loop: - client.conf - - workers.conf + - workers.ini tags: - configure - -- name: Start openQA workers - ansible.builtin.systemd: - name: "openqa-worker@{{ item }}" - state: started - enabled: true - # range "end" parameter is exclusive, so add 1 - loop: "{{ range(1, (openqa_worker_count | int + 1)) | list }}" - tags: - - start_workers - - configure - ignore_errors: "{{ ansible_check_mode }}" + notify: Restart openQA workers - name: Start openQA cache services ansible.builtin.systemd: diff --git a/templates/etc/openqa/workers.conf.j2 b/templates/etc/openqa/workers.ini.j2 similarity index 100% rename from templates/etc/openqa/workers.conf.j2 rename to templates/etc/openqa/workers.ini.j2 From 22cdf9dec54f43cb05f1d5be65d11776c9eda4ed Mon Sep 17 00:00:00 2001 From: Al Bowles Date: Thu, 2 Mar 2023 21:38:59 -0600 Subject: [PATCH 12/16] WIP: Automation for configuring multivm networking --- remove-rocky-openqa-multivm-networking.yml | 54 +++++++++ tasks/openqa-multivm-networking.yml | 133 +++++++++++++++++++++ tasks/remove_openqa-multivm-networking.yml | 92 ++++++++++++++ tasks/remove_openqa.yml | 42 +++++++ templates/sbin/ifup-pre-local.j2 | 20 ++++ 5 files changed, 341 insertions(+) create mode 100644 remove-rocky-openqa-multivm-networking.yml create mode 100644 tasks/openqa-multivm-networking.yml create mode 100644 tasks/remove_openqa-multivm-networking.yml create mode 100644 tasks/remove_openqa.yml create mode 100644 templates/sbin/ifup-pre-local.j2 diff --git a/remove-rocky-openqa-multivm-networking.yml b/remove-rocky-openqa-multivm-networking.yml new file mode 100644 index 0000000..1c2d347 --- /dev/null +++ b/remove-rocky-openqa-multivm-networking.yml @@ -0,0 +1,54 @@ +# Sets up local OpenQA testing environment +# This playbook is *NOT* intended for WAN-facing systems! +# +# Usages: +# # Install and configure an openQA developer host, download all current Rocky ISOs, +# # and POST a test job +# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml +# +# # Only perform ISO download tasks +# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml --tags=download_isos +# +# # Only perform configuration, do not download ISOs or POST a job +# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml --tags=configure +# +# Created: @akatch +--- +- name: Rocky OpenQA Runbook + hosts: localhost + connection: local + become: true + vars_files: + - vars/openqa.yml + + # This is to try to avoid the handler issue in pre/post tasks + handlers: + - name: Import handlers + ansible.builtin.import_tasks: handlers/main.yml + + pre_tasks: + - name: Check if ansible cannot be run here + ansible.builtin.stat: + path: /etc/no-ansible + register: no_ansible + + - name: Verify if we can run ansible + ansible.builtin.assert: + that: + - "not no_ansible.stat.exists" + success_msg: "We are able to run on this node" + fail_msg: "/etc/no-ansible exists - skipping run on this node" + + tasks: + - name: Remove openqa multivm networking configs + ansible.builtin.import_tasks: tasks/remove_openqa-multivm-networking.yml + + post_tasks: + - name: Touching run file that ansible has ran here + ansible.builtin.file: + path: /var/log/ansible.run + state: touch + mode: '0644' + owner: root + group: root +... diff --git a/tasks/openqa-multivm-networking.yml b/tasks/openqa-multivm-networking.yml new file mode 100644 index 0000000..15ec7a6 --- /dev/null +++ b/tasks/openqa-multivm-networking.yml @@ -0,0 +1,133 @@ +--- +# {{ openqa_multivm_bridge_interface }} should not exist or we should use a different name +- name: Assert bridge interface does not exist + ansible.builtin.assert: + that: + - 'openqa_multivm_bridge_interface not in ansible_interfaces' + success_msg: 'interface does not exist, can proceed' + fail_msg: '{{ openqa_multivm_bridge_interface }} already exists, please supply an alternative' + +- name: Install multivm networking packages + ansible.builtin.dnf: + pkg: + - os-autoinst-openvswitch + - tunctl + - network-scripts + +- name: Create /etc/sysconfig/os-autoinst-openvswitch + ansible.builtin.copy: + dest: /etc/sysconfig/os-autoinst-openvswitch + mode: '0644' + content: | + OS_AUTOINST_BRIDGE_LOCAL_IP=172.16.2.2 + OS_AUTOINST_BRIDGE_REWRITE_TARGET=172.17.0.0 + OS_AUTOINST_USE_BRIDGE={{ openqa_multivm_bridge_interface }} + notify: restart_os-autoinst-openvswitch + +- name: Create bridge interface configuration + ansible.builtin.copy: + dest: /etc/sysconfig/network-scripts/ifcfg-{{ openqa_multivm_bridge_interface }} + mode: '0644' + content: | + DEVICETYPE='ovs' + TYPE='OVSBridge' + BOOTPROTO='static' + IPADDR='172.16.2.2' + NETMASK='255.254.0.0' + DEVICE={{ openqa_multivm_bridge_interface }} + STP=off + ONBOOT='yes' + NAME='{{ openqa_multivm_bridge_interface }}' + HOTPLUG='no' + +- name: Create worker tap interface configs + ansible.builtin.copy: + dest: /etc/sysconfig/network-scripts/ifcfg-tap{{ item }} + mode: '0644' + content: | + DEVICETYPE='ovs' + TYPE='OVSPort' + OVS_BRIDGE='{{ openqa_multivm_bridge_interface }}' + DEVICE='tap{{ item }}' + ONBOOT='yes' + BOOTPROTO='none' + HOTPLUG='no' + loop: "{{ range(openqa_worker_count) | list }}" + +- name: Update /sbin/ifup-pre-local + ansible.builtin.template: + src: sbin/ifup-pre-local.j2 + dest: /sbin/ifup-pre-local + mode: 'ug+x' + +- name: Enable bridge interface for internal zone + ansible.posix.firewalld: + permanent: true + interface: '{{ openqa_multivm_bridge_interface }}' + state: enabled + zone: internal + notify: reload_firewalld + +- name: Enable masquerade for public and internal zones + ansible.posix.firewalld: + masquerade: true + permanent: true + state: enabled + zone: '{{ item }}' + loop: + - public + - internal + notify: reload_firewalld + +- name: Enable ipv4 IP forwarding + ansible.posix.sysctl: + name: net.ipv4.ip_forward + value: '1' + state: present + sysctl_file: /etc/sysctl.d/ip-forward.conf + sysctl_set: true + +- name: Set-target ACCEPT on public zone + ansible.posix.firewalld: + permanent: true + state: present + zone: public + target: ACCEPT + notify: reload_firewalld + +# Only needed for multi-host setups +- name: Add port for GRE tunnel + ansible.posix.firewalld: + permanent: true + port: 1723/tcp + state: enabled + +- name: Enable openvswitch services + ansible.builtin.systemd_service: + name: "{{ item }}" + state: started + enabled: true + loop: + - openvswitch + - network + - os-autoinst-openvswitch + ignore_errors: "{{ ansible_check_mode }}" + +- name: Set WORKER_CLASS for tap interfaces + community.general.ini_file: + path: /etc/openqa/workers.ini + section: global + option: WORKER_CLASS + value: qemu_x86_64,tap + state: present + mode: '0644' + notify: restart_openqa_services + +- name: Enable bridge interface for openvswitch + ansible.builtin.command: ovs-vsctl add-br {{ openqa_multivm_bridge_interface }} + changed_when: true + +- name: Enable capability + ansible.builtin.command: setcap CAP_NET_ADMIN=ep /usr/bin/qemu-system-x86_64 + changed_when: true +... diff --git a/tasks/remove_openqa-multivm-networking.yml b/tasks/remove_openqa-multivm-networking.yml new file mode 100644 index 0000000..3e46047 --- /dev/null +++ b/tasks/remove_openqa-multivm-networking.yml @@ -0,0 +1,92 @@ +--- +- name: Remove files + ansible.builtin.file: + path: '{{ item }}' + state: absent + loop: + - /etc/sysconfig/os-autoinst-openvswitch + - /etc/sysconfig/network-scripts/ifcfg-{{ openqa_multivm_bridge_interface }} + +- name: Remove tap interface configurations + ansible.builtin.file: + path: /etc/sysconfig/network-scripts/ifcfg-tap{{ item }} + state: absent + loop: "{{ range(openqa_worker_count | int) | list }}" + +- name: Delete bridge interface + ansible.builtin.command: ovs-vsctl del-br {{ openqa_multivm_bridge_interface }} + changed_when: true + +- name: Disable openvswitch services + ansible.builtin.systemd: + name: "{{ item }}" + state: stopped + enabled: false + loop: + - os-autoinst-openvswitch + - openvswitch + +- name: Remove packages + ansible.builtin.dnf: + pkg: + - os-autoinst-openvswitch + - tunctl + - network-scripts + state: absent + +- name: Remove /sbin/ifup-pre-local + ansible.builtin.file: + path: /sbin/ifup-pre-local + state: absent + +- name: Disable bridge interface for internal zone + ansible.posix.firewalld: + permanent: true + interface: br0 + state: disabled + zone: internal + notify: reload_firewalld + +- name: Disable masquerade for public and internal zones + ansible.posix.firewalld: + masquerade: true + permanent: true + state: disabled + zone: '{{ item }}' + loop: + - public + - internal + notify: reload_firewalld + +- name: Disable ipv4 IP forwarding + ansible.posix.sysctl: + name: net.ipv4.ip_forward + value: '1' + state: absent + sysctl_file: /etc/sysctl.d/ip-forward.conf + sysctl_set: true + +- name: Set-target ACCEPT on public zone + ansible.posix.firewalld: + permanent: true + state: absent + zone: public + target: ACCEPT + notify: reload_firewalld + +- name: Remove port for GRE tunnel + ansible.posix.firewalld: + permanent: true + port: 1723/tcp + state: disabled + notify: reload_firewalld + +- name: Set WORKER_CLASS for tap interfaces + community.general.ini_file: + path: /etc/openqa/workers.ini + section: global + option: WORKER_CLASS + value: qemu_x86_64,tap + state: absent + mode: '0644' +... diff --git a/tasks/remove_openqa.yml b/tasks/remove_openqa.yml new file mode 100644 index 0000000..fb5700e --- /dev/null +++ b/tasks/remove_openqa.yml @@ -0,0 +1,42 @@ +--- +- name: Uninstall OpenQA packages + ansible.builtin.yum: + name: "{{ openqa_packages }}" + state: absent + +- name: Delete OpenQA files and directories + ansible.builtin.file: + path: "{{ item }}" + state: absent + loop: + - "{{ openqa_homedir }}" + - /var/lib/pgsql + - /etc/openqa + - /etc/httpd/conf.d/openqa.conf + - /etc/httpd/conf.d/openqa-ssl.conf + +- name: Disable httpd_can_network_connect + ansible.posix.seboolean: + name: httpd_can_network_connect + state: false + persistent: true + +- name: Deny traffic for services + ansible.posix.firewalld: + service: "{{ item }}" + permanent: true + state: disabled + loop: + - http + - openqa-vnc + +- name: Deny VNC traffic for local workers + ansible.posix.firewalld: + port: "{{ openqa_min_vnc_port }}-{{ openqa_max_vnc_port }}/tcp" + permanent: true + state: disabled + +- name: Reload FirewallD + ansible.builtin.systemd: + name: firewalld + state: reloaded diff --git a/templates/sbin/ifup-pre-local.j2 b/templates/sbin/ifup-pre-local.j2 new file mode 100644 index 0000000..02ca74d --- /dev/null +++ b/templates/sbin/ifup-pre-local.j2 @@ -0,0 +1,20 @@ +#!/bin/sh + +if=$(echo "$1" | sed -e 's,ifcfg-,,') +iftype=$(echo "$if" | sed -e 's,[0-9]\+$,,') + +# if the interface being brought up is tap[n], create +# the tap device first +if [ "$iftype" == "tap" ]; then + tunctl -u _openqa-worker -p -t "$if" +fi + +# if the interface being brough up is {{ openqa_multivm_bridge_interface }}, create +# the gre tunnels +if [ "$if" == "{{ openqa_multivm_bridge_interface }}" ]; then + ovs-vsctl set bridge {{ openqa_multivm_bridge_interface }} stp_enable=true + # This is only needed for multi-host setups +{% for w in range(1, openqa_worker_count+1) %} + #ovs-vsctl --may-exist add-port {{ openqa_multivm_bridge_interface }} gre{{ w }} -- set interface gre{{ w }} type=gre options:remote_ip=172.16.2.{{ 2 + w|int }} +{% endfor %} +fi From 95cf46f6d117db669f9faa7cb78f9a0c557a7c67 Mon Sep 17 00:00:00 2001 From: Al Bowles Date: Wed, 28 Jun 2023 11:29:14 -0500 Subject: [PATCH 13/16] Appease the linter --- handlers/main.yml | 14 +++++++++++ tasks/openqa-multivm-networking.yml | 38 ++++++----------------------- 2 files changed, 22 insertions(+), 30 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 839209c..253a14f 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -13,3 +13,17 @@ # range "end" parameter is exclusive, so add 1 loop: "{{ range(1, (openqa_worker_count | int + 1)) | list }}" ignore_errors: "{{ ansible_check_mode }}" + +- name: Restart openqa services + ansible.builtin.systemd: + name: "{{ item }}" + state: restarted + loop: "{{ openqa_services }}" + ignore_errors: "{{ ansible_check_mode }}" + +- name: Restart os-autoinst-openvswitch + ansible.builtin.systemd: + name: os-autoinst-openvswitch + state: restarted + enabled: true + ignore_errors: "{{ ansible_check_mode }}" diff --git a/tasks/openqa-multivm-networking.yml b/tasks/openqa-multivm-networking.yml index 15ec7a6..884b678 100644 --- a/tasks/openqa-multivm-networking.yml +++ b/tasks/openqa-multivm-networking.yml @@ -12,46 +12,25 @@ pkg: - os-autoinst-openvswitch - tunctl - - network-scripts - name: Create /etc/sysconfig/os-autoinst-openvswitch ansible.builtin.copy: + src: etc/sysconfig/os-autoinst-openvswitch.j2 dest: /etc/sysconfig/os-autoinst-openvswitch mode: '0644' - content: | - OS_AUTOINST_BRIDGE_LOCAL_IP=172.16.2.2 - OS_AUTOINST_BRIDGE_REWRITE_TARGET=172.17.0.0 - OS_AUTOINST_USE_BRIDGE={{ openqa_multivm_bridge_interface }} - notify: restart_os-autoinst-openvswitch + notify: Restart os-autoinst-openvswitch - name: Create bridge interface configuration ansible.builtin.copy: + src: etc/sysconfig/network-scripts/ifcfg-br.j2 dest: /etc/sysconfig/network-scripts/ifcfg-{{ openqa_multivm_bridge_interface }} mode: '0644' - content: | - DEVICETYPE='ovs' - TYPE='OVSBridge' - BOOTPROTO='static' - IPADDR='172.16.2.2' - NETMASK='255.254.0.0' - DEVICE={{ openqa_multivm_bridge_interface }} - STP=off - ONBOOT='yes' - NAME='{{ openqa_multivm_bridge_interface }}' - HOTPLUG='no' - name: Create worker tap interface configs ansible.builtin.copy: + src: etc/sysconfig/network-scripts/ifcfg-tap.j2 dest: /etc/sysconfig/network-scripts/ifcfg-tap{{ item }} mode: '0644' - content: | - DEVICETYPE='ovs' - TYPE='OVSPort' - OVS_BRIDGE='{{ openqa_multivm_bridge_interface }}' - DEVICE='tap{{ item }}' - ONBOOT='yes' - BOOTPROTO='none' - HOTPLUG='no' loop: "{{ range(openqa_worker_count) | list }}" - name: Update /sbin/ifup-pre-local @@ -66,7 +45,7 @@ interface: '{{ openqa_multivm_bridge_interface }}' state: enabled zone: internal - notify: reload_firewalld + notify: Reload firewalld - name: Enable masquerade for public and internal zones ansible.posix.firewalld: @@ -77,7 +56,7 @@ loop: - public - internal - notify: reload_firewalld + notify: Reload firewalld - name: Enable ipv4 IP forwarding ansible.posix.sysctl: @@ -93,7 +72,7 @@ state: present zone: public target: ACCEPT - notify: reload_firewalld + notify: Reload firewalld # Only needed for multi-host setups - name: Add port for GRE tunnel @@ -109,7 +88,6 @@ enabled: true loop: - openvswitch - - network - os-autoinst-openvswitch ignore_errors: "{{ ansible_check_mode }}" @@ -121,7 +99,7 @@ value: qemu_x86_64,tap state: present mode: '0644' - notify: restart_openqa_services + notify: Restart openqa services - name: Enable bridge interface for openvswitch ansible.builtin.command: ovs-vsctl add-br {{ openqa_multivm_bridge_interface }} From acbbcace6940e2e89c9ed0b102fd64da890cf007 Mon Sep 17 00:00:00 2001 From: Al Bowles Date: Wed, 28 Jun 2023 13:24:17 -0500 Subject: [PATCH 14/16] Add templates for multivm networking --- templates/etc/sysconfig/network-scripts/ifcfg-br.j2 | 10 ++++++++++ templates/etc/sysconfig/network-scripts/ifcfg-tap.j2 | 7 +++++++ templates/etc/sysconfig/os-autoinst-openvswitch.j2 | 3 +++ 3 files changed, 20 insertions(+) create mode 100644 templates/etc/sysconfig/network-scripts/ifcfg-br.j2 create mode 100644 templates/etc/sysconfig/network-scripts/ifcfg-tap.j2 create mode 100644 templates/etc/sysconfig/os-autoinst-openvswitch.j2 diff --git a/templates/etc/sysconfig/network-scripts/ifcfg-br.j2 b/templates/etc/sysconfig/network-scripts/ifcfg-br.j2 new file mode 100644 index 0000000..b507a85 --- /dev/null +++ b/templates/etc/sysconfig/network-scripts/ifcfg-br.j2 @@ -0,0 +1,10 @@ +DEVICETYPE='ovs' +TYPE='OVSBridge' +BOOTPROTO='static' +IPADDR='172.16.2.2' +NETMASK='255.254.0.0' +DEVICE={{ openqa_multivm_bridge_interface }} +STP=off +ONBOOT='yes' +NAME='{{ openqa_multivm_bridge_interface }}' +HOTPLUG='no' diff --git a/templates/etc/sysconfig/network-scripts/ifcfg-tap.j2 b/templates/etc/sysconfig/network-scripts/ifcfg-tap.j2 new file mode 100644 index 0000000..7b037b4 --- /dev/null +++ b/templates/etc/sysconfig/network-scripts/ifcfg-tap.j2 @@ -0,0 +1,7 @@ +DEVICETYPE='ovs' +TYPE='OVSPort' +OVS_BRIDGE='{{ openqa_multivm_bridge_interface }}' +DEVICE='tap{{ item }}' +ONBOOT='yes' +BOOTPROTO='none' +HOTPLUG='no' diff --git a/templates/etc/sysconfig/os-autoinst-openvswitch.j2 b/templates/etc/sysconfig/os-autoinst-openvswitch.j2 new file mode 100644 index 0000000..ce81e91 --- /dev/null +++ b/templates/etc/sysconfig/os-autoinst-openvswitch.j2 @@ -0,0 +1,3 @@ +OS_AUTOINST_BRIDGE_LOCAL_IP=172.16.2.2 +OS_AUTOINST_BRIDGE_REWRITE_TARGET=172.17.0.0 +OS_AUTOINST_USE_BRIDGE={{ openqa_multivm_bridge_interface }} From c4d9d3ea242f881851ba17380beb1d98399972a1 Mon Sep 17 00:00:00 2001 From: Al Bowles Date: Fri, 17 Mar 2023 01:05:00 -0500 Subject: [PATCH 15/16] Refinements to the devbox setup --- handlers/main.yml | 7 ++++ tasks/openqa.yml | 83 ++++++++++------------------------------------- 2 files changed, 25 insertions(+), 65 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 253a14f..696869e 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -27,3 +27,10 @@ state: restarted enabled: true ignore_errors: "{{ ansible_check_mode }}" + +- name: Restart httpd + ansible.builtin.service: + name: httpd + state: restarted + enabled: true + ignore_errors: "{{ ansible_check_mode }}" diff --git a/tasks/openqa.yml b/tasks/openqa.yml index f449fc1..c3cbf72 100644 --- a/tasks/openqa.yml +++ b/tasks/openqa.yml @@ -11,15 +11,16 @@ remote_src: true src: /etc/httpd/conf.d/{{ item }}.template dest: /etc/httpd/conf.d/{{ item }} - mode: '0644' + mode: "0644" owner: root group: root loop: - openqa.conf - openqa-ssl.conf - notify: restart_httpd + notify: Restart httpd tags: - configure + ignore_errors: "{{ ansible_check_mode }}" - name: Template OpenQA configuration files ansible.builtin.template: @@ -33,9 +34,11 @@ - client.conf tags: - configure + notify: Restart openQA workers - name: Get service facts ansible.builtin.service_facts: + check_mode: false - name: Check for non-empty postgres data directory ansible.builtin.stat: @@ -47,6 +50,7 @@ when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" ) and not postgres_data_dir.stat.exists changed_when: true + ignore_errors: "{{ ansible_check_mode }}" - name: Enable and start postgresql service ansible.builtin.systemd: @@ -55,6 +59,7 @@ enabled: true when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" ) and not postgres_data_dir.stat.exists + ignore_errors: "{{ ansible_check_mode }}" - name: Configure SELinux to allow httpd connection to network ansible.posix.seboolean: @@ -72,6 +77,7 @@ loop: "{{ openqa_services }}" tags: - configure + ignore_errors: "{{ ansible_check_mode }}" - name: Create openqa-vnc firewalld service ansible.builtin.template: @@ -82,13 +88,11 @@ mode: "0644" tags: - configure + notify: Reload firewalld -- name: Load openqa-vnc firewalld service +- name: Systemctl daemon-reload ansible.builtin.systemd: - name: firewalld - state: reloaded - tags: - - configure + daemon_reload: true - name: Permit traffic for http and openqa-vnc services ansible.posix.firewalld: @@ -100,13 +104,7 @@ - openqa-vnc tags: - configure - -- name: Reload FirewallD - ansible.builtin.systemd: - name: firewalld - state: reloaded - tags: - - configure + notify: Reload firewalld - name: Check for existing repository ansible.builtin.stat: @@ -131,63 +129,18 @@ recurse: true owner: "{{ openqa_user }}" group: "{{ openqa_group }}" - mode: "u+rwX,g+rwX,o+rX,o-w" + mode: "0775" tags: - configure -# fifloader.py will fail if the Demo user is not logged in -- name: Authenticate to web UI the first time - ansible.builtin.uri: - url: "http://{{ openqa_host }}/login" - -- name: Run fifloader.py - ansible.builtin.command: ./fifloader.py -l -c templates.fif.json templates-updates.fif.json - changed_when: "1 != 1" - args: - chdir: "{{ openqa_homedir }}/share/tests/rocky" - -- name: Create ISO directory +- name: Create asset directories ansible.builtin.file: - path: "{{ openqa_homedir }}/share/factory/iso/fixed" + path: "{{ openqa_homedir }}/share/factory/{{ item }}/fixed" state: directory owner: "{{ openqa_user }}" group: "{{ openqa_group }}" mode: "0775" - tags: - - download_isos - -- name: Download ISOs - ansible.builtin.get_url: - dest: "{{ openqa_homedir }}/share/factory/iso/fixed/{{ item.name }}" - url: "{{ rocky_iso_download_url }}/{{ item.name }}" - checksum: "{{ item.checksum }}" - owner: "{{ openqa_user }}" - group: "{{ openqa_group }}" - tmp_dest: "/var/tmp" - mode: "0644" - loop: "{{ openqa_isos }}" - tags: - - download_isos - -- name: Start OpenQA workers - ansible.builtin.systemd: - name: "openqa-worker@{{ item }}" - state: started - enabled: true - # range 'end' parameter is exclusive, so add 1 - loop: "{{ range(1, (openqa_worker_count | int + 1)) | list }}" - tags: - - start_workers - - configure - -- name: POST a job - ansible.builtin.command: | - openqa-cli api -X POST isos \ - ISO=Rocky-{{ rocky_version }}-{{ rocky_arch }}-minimal.iso \ - ARCH={{ rocky_arch }} \ - DISTRI=rocky \ - FLAVOR=minimal-iso \ - VERSION={{ rocky_version }} \ - BUILD="{{ '%Y%m%d.%H%M%S' | strftime }}.0" - changed_when: "1 != 1" + loop: + - iso + - hdd ... From 203286d4acac15b66556b34d79ba90b4723b8591 Mon Sep 17 00:00:00 2001 From: Al Bowles Date: Thu, 2 Mar 2023 21:52:16 -0600 Subject: [PATCH 16/16] Automation to uninstall openQA on developer hosts --- handlers/main.yml | 1 + remove-rocky-openqa-developer-host.yml | 41 ++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 remove-rocky-openqa-developer-host.yml diff --git a/handlers/main.yml b/handlers/main.yml index 696869e..75109fa 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -34,3 +34,4 @@ state: restarted enabled: true ignore_errors: "{{ ansible_check_mode }}" +... diff --git a/remove-rocky-openqa-developer-host.yml b/remove-rocky-openqa-developer-host.yml new file mode 100644 index 0000000..18c1aad --- /dev/null +++ b/remove-rocky-openqa-developer-host.yml @@ -0,0 +1,41 @@ +# Delete local OpenQA testing environment +# This playbook is *NOT* intended for WAN-facing systems! +# Created: @akatch +--- +- name: Rocky OpenQA Runbook + hosts: localhost + connection: local + become: true + vars_files: + - vars/openqa.yml + + # This is to try to avoid the handler issue in pre/post tasks + handlers: + - name: Import handlers + ansible.builtin.import_tasks: handlers/main.yml + + pre_tasks: + - name: Check if ansible cannot be run here + ansible.builtin.stat: + path: /etc/no-ansible + register: no_ansible + + - name: Verify if we can run ansible + ansible.builtin.assert: + that: + - "not no_ansible.stat.exists" + success_msg: "We are able to run on this node" + fail_msg: "/etc/no-ansible exists - skipping run on this node" + + tasks: + - name: Remove OpenQA installation from this system + ansible.builtin.import_tasks: tasks/remove_openqa.yml + + post_tasks: + - name: Touching run file that ansible has ran here + ansible.builtin.file: + path: /var/log/ansible.run + state: touch + mode: '0644' + owner: root + group: root