Compare commits

...

17 commits

Author SHA1 Message Date
Al Bowles
3507aee0b9 Automation to uninstall openQA on developer hosts 2024-03-22 22:51:47 +00:00
Al Bowles
a66a2925de Refinements to the devbox setup 2024-03-22 22:51:23 +00:00
Al Bowles
4a2d5d9047 Add templates for multivm networking 2024-03-22 22:49:56 +00:00
Al Bowles
cb28454abc Appease the linter 2024-03-22 22:49:56 +00:00
Al Bowles
679181a063 WIP: Automation for configuring multivm networking 2024-03-22 22:49:56 +00:00
Al Bowles
1e6aa33a8d
Merge branch 'main' of ssh://git.resf.org:22220/infrastructure/ansible-openqa-management into worker_host 2023-06-28 11:31:11 -05:00
Al Bowles
a6868ed7a6
Use some more defaulty defaults 2023-02-28 12:55:52 -06:00
Al Bowles
b67107ec77
Add some usages 2023-02-28 12:55:38 -06:00
Al Bowles
7be367f307
It turns out openqa does not like inline comments in its ini files 2023-02-28 12:50:34 -06:00
Al Bowles
f6cb7f343a
Correctly name workers.ini, move worker restart to handler 2023-02-27 21:22:12 -06:00
Al Bowles
fd960f900f
Perform firewalld reload as a handler 2023-02-27 10:07:27 -06:00
Al Bowles
6152baa8ae
Start cache services 2023-02-27 10:03:14 -06:00
Al Bowles
676a3d16c4
Move requirements file to meet convention 2023-02-19 15:23:01 -06:00
Al Bowles
6713c3024c
Add requirements file 2023-02-18 14:43:30 -06:00
Al Bowles
ed3b12a320
Linter fixes 2023-02-18 14:35:36 -06:00
Al Bowles
0f57ce2a83
Update filelist 2023-02-18 13:43:37 -06:00
Al Bowles
af549402d9
Automation for configuring a worker-only host 2023-02-18 13:41:46 -06:00
24 changed files with 632 additions and 104 deletions

View file

@ -1,6 +1,7 @@
---
# .ansible-lint # .ansible-lint
warn_list: warn_list:
- '204' # Lines should be less than 160 characters - '204' # Lines should be less than 160 characters
- '701' # meta/main.yml should contain relevant info - '701' # meta/main.yml should contain relevant info
skip_list: skip_list:
- '106' # Role name must match ^[a-z][a-z0-9_]+$ pattern - '106' # Role name must match ^[a-z][a-z0-9_]+$ pattern

View file

@ -17,27 +17,31 @@ This repository is for openQA operations and management.
├── handlers ├── handlers
│   └── main.yml │   └── main.yml
├── init-rocky-openqa-developer-host.yml ├── init-rocky-openqa-developer-host.yml
├── localhost.yml ├── init-rocky-openqa-worker-host.yml
├── README.md ├── README.md
├── roles ├── roles
│   └── README.md │   └── README.md
├── tasks ├── tasks
│   ├── main.yml │   ├── main.yml
│   ├── openqa-worker.yml
│   └── openqa.yml │   └── openqa.yml
├── templates ├── templates
│   └── etc │   └── etc
│   ├── firewalld │   ├── firewalld
│   │   └── services │   │   └── services
│   │   ├── openqa-socket.xml.j2
│   │   └── openqa-vnc.xml.j2 │   │   └── openqa-vnc.xml.j2
│   └── openqa │   └── openqa
│   ├── client.conf.j2 │   ├── client.conf.j2
│   └── openqa.ini.j2 │   ├── openqa.ini.j2
│   └── workers.conf.j2
├── tests ├── tests
│   ├── README.md │   ├── README.md
│   └── test.yml │   └── test.yml
└── vars └── vars
├── main.yml ├── main.yml
└── openqa.yml ├── openqa-worker.yml
└── openqa.yml
``` ```
## Guidelines ## Guidelines

View file

@ -0,0 +1,3 @@
---
collections:
- ansible.posix

View file

@ -1,2 +1,37 @@
--- ---
# Handlers - name: Reload firewalld
ansible.builtin.systemd:
name: firewalld
state: reloaded
ignore_errors: "{{ ansible_check_mode }}"
- name: Restart openQA workers
ansible.builtin.systemd:
name: "openqa-worker@{{ item }}"
state: restarted
enabled: true
# range "end" parameter is exclusive, so add 1
loop: "{{ range(1, (openqa_worker_count | int + 1)) | list }}"
ignore_errors: "{{ ansible_check_mode }}"
- name: Restart openqa services
ansible.builtin.systemd:
name: "{{ item }}"
state: restarted
loop: "{{ openqa_services }}"
ignore_errors: "{{ ansible_check_mode }}"
- name: Restart os-autoinst-openvswitch
ansible.builtin.systemd:
name: os-autoinst-openvswitch
state: restarted
enabled: true
ignore_errors: "{{ ansible_check_mode }}"
- name: Restart httpd
ansible.builtin.service:
name: httpd
state: restarted
enabled: true
ignore_errors: "{{ ansible_check_mode }}"
...

View file

@ -24,16 +24,17 @@
# This is to try to avoid the handler issue in pre/post tasks # This is to try to avoid the handler issue in pre/post tasks
handlers: handlers:
- import_tasks: handlers/main.yml - name: Import handlers
ansible.builtin.import_tasks: handlers/main.yml
pre_tasks: pre_tasks:
- name: Check if ansible cannot be run here - name: Check if ansible cannot be run here
stat: ansible.builtin.stat:
path: /etc/no-ansible path: /etc/no-ansible
register: no_ansible register: no_ansible
- name: Verify if we can run ansible - name: Verify if we can run ansible
assert: ansible.builtin.assert:
that: that:
- "not no_ansible.stat.exists" - "not no_ansible.stat.exists"
success_msg: "We are able to run on this node" success_msg: "We are able to run on this node"
@ -41,13 +42,11 @@
tasks: tasks:
- name: Install and configure OpenQA - name: Install and configure OpenQA
import_tasks: tasks/openqa.yml ansible.builtin.import_tasks: tasks/openqa.yml
- name: Apply Rocky Linux OpenQA Branding
import_tasks: tasks/openqa_branding.yml
post_tasks: post_tasks:
- name: Touching run file that ansible has ran here - name: Touching run file that ansible has ran here
file: ansible.builtin.file:
path: /var/log/ansible.run path: /var/log/ansible.run
state: touch state: touch
mode: '0644' mode: '0644'

View file

@ -0,0 +1,49 @@
# Configure an openQA worker host
#
# Usages:
# # Install and configure an openQA worker-only host
# ansible-playbook init-rocky-openqa-worker-host.yml
#
# # Install and configure an openQA worker-only host with a parameters file
# ansible-playbook init-rocky-openqa-worker-host.yml -e @my-worker-host.yml
#
# Created: @akatch
---
- name: Rocky openQA Worker Runbook
hosts: openqa_workers
become: true
gather_facts: false
vars_files:
- vars/openqa-worker.yml
# This is to try to avoid the handler issue in pre/post tasks
handlers:
- name: Import handlers
ansible.builtin.import_tasks: handlers/main.yml
pre_tasks:
- name: Check if ansible cannot be run here
ansible.builtin.stat:
path: /etc/no-ansible
register: no_ansible
- name: Verify if we can run ansible
ansible.builtin.assert:
that:
- "not no_ansible.stat.exists"
success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node"
tasks:
- name: Install and configure OpenQA workers
ansible.builtin.import_tasks: tasks/openqa-worker.yml
post_tasks:
- name: Touching run file that ansible has ran here
ansible.builtin.file:
path: /var/log/ansible.run
state: touch
mode: '0644'
owner: root
group: root
...

View file

@ -0,0 +1,41 @@
# Delete local OpenQA testing environment
# This playbook is *NOT* intended for WAN-facing systems!
# Created: @akatch
---
- name: Rocky OpenQA Runbook
hosts: localhost
connection: local
become: true
vars_files:
- vars/openqa.yml
# This is to try to avoid the handler issue in pre/post tasks
handlers:
- name: Import handlers
ansible.builtin.import_tasks: handlers/main.yml
pre_tasks:
- name: Check if ansible cannot be run here
ansible.builtin.stat:
path: /etc/no-ansible
register: no_ansible
- name: Verify if we can run ansible
ansible.builtin.assert:
that:
- "not no_ansible.stat.exists"
success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node"
tasks:
- name: Remove OpenQA installation from this system
ansible.builtin.import_tasks: tasks/remove_openqa.yml
post_tasks:
- name: Touching run file that ansible has ran here
ansible.builtin.file:
path: /var/log/ansible.run
state: touch
mode: '0644'
owner: root
group: root

View file

@ -0,0 +1,54 @@
# Sets up local OpenQA testing environment
# This playbook is *NOT* intended for WAN-facing systems!
#
# Usages:
# # Install and configure an openQA developer host, download all current Rocky ISOs,
# # and POST a test job
# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml
#
# # Only perform ISO download tasks
# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml --tags=download_isos
#
# # Only perform configuration, do not download ISOs or POST a job
# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml --tags=configure
#
# Created: @akatch
---
- name: Rocky OpenQA Runbook
hosts: localhost
connection: local
become: true
vars_files:
- vars/openqa.yml
# This is to try to avoid the handler issue in pre/post tasks
handlers:
- name: Import handlers
ansible.builtin.import_tasks: handlers/main.yml
pre_tasks:
- name: Check if ansible cannot be run here
ansible.builtin.stat:
path: /etc/no-ansible
register: no_ansible
- name: Verify if we can run ansible
ansible.builtin.assert:
that:
- "not no_ansible.stat.exists"
success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node"
tasks:
- name: Remove openqa multivm networking configs
ansible.builtin.import_tasks: tasks/remove_openqa-multivm-networking.yml
post_tasks:
- name: Touching run file that ansible has ran here
ansible.builtin.file:
path: /var/log/ansible.run
state: touch
mode: '0644'
owner: root
group: root
...

View file

@ -1,4 +0,0 @@
---
# No tasks
- debug: msg="No tasks are provided here. Please import the task as needed in your playbook."
...

View file

@ -0,0 +1,111 @@
---
# {{ openqa_multivm_bridge_interface }} should not exist or we should use a different name
- name: Assert bridge interface does not exist
ansible.builtin.assert:
that:
- 'openqa_multivm_bridge_interface not in ansible_interfaces'
success_msg: 'interface does not exist, can proceed'
fail_msg: '{{ openqa_multivm_bridge_interface }} already exists, please supply an alternative'
- name: Install multivm networking packages
ansible.builtin.dnf:
pkg:
- os-autoinst-openvswitch
- tunctl
- name: Create /etc/sysconfig/os-autoinst-openvswitch
ansible.builtin.copy:
src: etc/sysconfig/os-autoinst-openvswitch.j2
dest: /etc/sysconfig/os-autoinst-openvswitch
mode: '0644'
notify: Restart os-autoinst-openvswitch
- name: Create bridge interface configuration
ansible.builtin.copy:
src: etc/sysconfig/network-scripts/ifcfg-br.j2
dest: /etc/sysconfig/network-scripts/ifcfg-{{ openqa_multivm_bridge_interface }}
mode: '0644'
- name: Create worker tap interface configs
ansible.builtin.copy:
src: etc/sysconfig/network-scripts/ifcfg-tap.j2
dest: /etc/sysconfig/network-scripts/ifcfg-tap{{ item }}
mode: '0644'
loop: "{{ range(openqa_worker_count) | list }}"
- name: Update /sbin/ifup-pre-local
ansible.builtin.template:
src: sbin/ifup-pre-local.j2
dest: /sbin/ifup-pre-local
mode: 'ug+x'
- name: Enable bridge interface for internal zone
ansible.posix.firewalld:
permanent: true
interface: '{{ openqa_multivm_bridge_interface }}'
state: enabled
zone: internal
notify: Reload firewalld
- name: Enable masquerade for public and internal zones
ansible.posix.firewalld:
masquerade: true
permanent: true
state: enabled
zone: '{{ item }}'
loop:
- public
- internal
notify: Reload firewalld
- name: Enable ipv4 IP forwarding
ansible.posix.sysctl:
name: net.ipv4.ip_forward
value: '1'
state: present
sysctl_file: /etc/sysctl.d/ip-forward.conf
sysctl_set: true
- name: Set-target ACCEPT on public zone
ansible.posix.firewalld:
permanent: true
state: present
zone: public
target: ACCEPT
notify: Reload firewalld
# Only needed for multi-host setups
- name: Add port for GRE tunnel
ansible.posix.firewalld:
permanent: true
port: 1723/tcp
state: enabled
- name: Enable openvswitch services
ansible.builtin.systemd_service:
name: "{{ item }}"
state: started
enabled: true
loop:
- openvswitch
- os-autoinst-openvswitch
ignore_errors: "{{ ansible_check_mode }}"
- name: Set WORKER_CLASS for tap interfaces
community.general.ini_file:
path: /etc/openqa/workers.ini
section: global
option: WORKER_CLASS
value: qemu_x86_64,tap
state: present
mode: '0644'
notify: Restart openqa services
- name: Enable bridge interface for openvswitch
ansible.builtin.command: ovs-vsctl add-br {{ openqa_multivm_bridge_interface }}
changed_when: true
- name: Enable capability
ansible.builtin.command: setcap CAP_NET_ADMIN=ep /usr/bin/qemu-system-x86_64
changed_when: true
...

57
tasks/openqa-worker.yml Normal file
View file

@ -0,0 +1,57 @@
---
- name: Install OpenQA worker packages
ansible.builtin.dnf:
name: "{{ openqa_worker_packages }}"
state: present
tags:
- packages
- name: Create openQA group
ansible.builtin.group:
name: "{{ openqa_group }}"
system: true
- name: Create openQA user
ansible.builtin.user:
name: "{{ openqa_user }}"
groups: "{{ openqa_group }}"
append: true
system: true
- name: Configure firewalld for openQA worker connections
ansible.builtin.template:
src: etc/firewalld/services/{{ item }}.xml.j2
dest: /etc/firewalld/services/{{ item }}.xml
owner: root
group: root
mode: "0644"
loop:
- openqa-socket
- openqa-vnc
tags:
- configure
notify: Reload firewalld
- name: Write openQA configuration file
ansible.builtin.template:
src: etc/openqa/{{ item }}.j2
dest: /etc/openqa/{{ item }}
owner: "{{ openqa_user }}"
group: "{{ openqa_group }}"
mode: "0444"
loop:
- client.conf
- workers.ini
tags:
- configure
notify: Restart openQA workers
- name: Start openQA cache services
ansible.builtin.systemd:
name: "{{ item }}"
state: started
enabled: true
loop:
- openqa-worker-cacheservice
- openqa-worker-cacheservice-minion
...

View file

@ -1,28 +1,29 @@
--- ---
- name: Install OpenQA packages - name: Install OpenQA packages
yum: ansible.builtin.yum:
name: "{{ openqa_packages }}" name: "{{ openqa_packages }}"
state: present state: present
tags: tags:
- packages - packages
- name: Copy httpd configuration files - name: Copy httpd configuration files
copy: ansible.builtin.copy:
remote_src: true remote_src: true
src: /etc/httpd/conf.d/{{ item }}.template src: /etc/httpd/conf.d/{{ item }}.template
dest: /etc/httpd/conf.d/{{ item }} dest: /etc/httpd/conf.d/{{ item }}
mode: '0644' mode: "0644"
owner: root owner: root
group: root group: root
loop: loop:
- openqa.conf - openqa.conf
- openqa-ssl.conf - openqa-ssl.conf
notify: restart_httpd notify: Restart httpd
tags: tags:
- configure - configure
ignore_errors: "{{ ansible_check_mode }}"
- name: Template OpenQA configuration files - name: Template OpenQA configuration files
template: ansible.builtin.template:
src: etc/openqa/{{ item }}.j2 src: etc/openqa/{{ item }}.j2
dest: /etc/openqa/{{ item }} dest: /etc/openqa/{{ item }}
owner: "{{ openqa_user }}" owner: "{{ openqa_user }}"
@ -33,30 +34,35 @@
- client.conf - client.conf
tags: tags:
- configure - configure
notify: Restart openQA workers
- name: Get service facts - name: Get service facts
service_facts: ansible.builtin.service_facts:
check_mode: false
- name: Check for non-empty postgres data directory - name: Check for non-empty postgres data directory
stat: ansible.builtin.stat:
path: /var/lib/pgsql/data/base path: /var/lib/pgsql/data/base
register: postgres_data_dir register: postgres_data_dir
- name: If postgresql is not already running, initialize database - name: If postgresql is not already running, initialize database
command: postgresql-setup --initdb ansible.builtin.command: postgresql-setup --initdb
when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" ) when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" )
and not postgres_data_dir.stat.exists and not postgres_data_dir.stat.exists
changed_when: true
ignore_errors: "{{ ansible_check_mode }}"
- name: Enable and start postgresql service - name: Enable and start postgresql service
systemd: ansible.builtin.systemd:
name: postgresql name: postgresql
state: started state: started
enabled: true enabled: true
when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" ) when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" )
and not postgres_data_dir.stat.exists and not postgres_data_dir.stat.exists
ignore_errors: "{{ ansible_check_mode }}"
- name: Configure SELinux to allow httpd connection to network - name: Configure SELinux to allow httpd connection to network
seboolean: ansible.posix.seboolean:
name: httpd_can_network_connect name: httpd_can_network_connect
state: true state: true
persistent: true persistent: true
@ -64,16 +70,17 @@
- configure - configure
- name: Enable and start OpenQA services - name: Enable and start OpenQA services
systemd: ansible.builtin.systemd:
name: "{{ item }}" name: "{{ item }}"
state: started state: started
enabled: true enabled: true
loop: "{{ openqa_services }}" loop: "{{ openqa_services }}"
tags: tags:
- configure - configure
ignore_errors: "{{ ansible_check_mode }}"
- name: Create openqa-vnc firewalld service - name: Create openqa-vnc firewalld service
template: ansible.builtin.template:
src: etc/firewalld/services/openqa-vnc.xml.j2 src: etc/firewalld/services/openqa-vnc.xml.j2
dest: /etc/firewalld/services/openqa-vnc.xml dest: /etc/firewalld/services/openqa-vnc.xml
owner: root owner: root
@ -81,15 +88,13 @@
mode: "0644" mode: "0644"
tags: tags:
- configure - configure
notify: Reload firewalld
- name: Load openqa-vnc firewalld service - name: Systemctl daemon-reload
systemd: ansible.builtin.systemd:
name: firewalld daemon_reload: true
state: reloaded
tags:
- configure
- name: Permit traffic for {{ item }} service - name: Permit traffic for http and openqa-vnc services
ansible.posix.firewalld: ansible.posix.firewalld:
service: "{{ item }}" service: "{{ item }}"
permanent: true permanent: true
@ -99,23 +104,17 @@
- openqa-vnc - openqa-vnc
tags: tags:
- configure - configure
notify: Reload firewalld
- name: Reload FirewallD
systemd:
name: firewalld
state: reloaded
tags:
- configure
- name: Check for existing repository - name: Check for existing repository
stat: ansible.builtin.stat:
path: "{{ openqa_homedir }}/share/tests/rocky" path: "{{ openqa_homedir }}/share/tests/rocky"
register: rocky_testing_repo register: rocky_testing_repo
tags: tags:
- configure - configure
- name: Clone repository if it does not already exist - name: Clone repository if it does not already exist
git: ansible.builtin.git:
accept_hostkey: true accept_hostkey: true
dest: "{{ openqa_homedir }}/share/tests/rocky" dest: "{{ openqa_homedir }}/share/tests/rocky"
repo: "{{ openqa_rocky_testing_repo }}" repo: "{{ openqa_rocky_testing_repo }}"
@ -125,68 +124,23 @@
- configure - configure
- name: Set owner/group/permissions on repo contents - name: Set owner/group/permissions on repo contents
file: ansible.builtin.file:
path: "{{ openqa_homedir }}/share/tests/rocky" path: "{{ openqa_homedir }}/share/tests/rocky"
recurse: true recurse: true
owner: "{{ openqa_user }}" owner: "{{ openqa_user }}"
group: "{{ openqa_group }}" group: "{{ openqa_group }}"
mode: "u+rwX,g+rwX,o+rX,o-w" mode: "0775"
tags: tags:
- configure - configure
# fifloader.py will fail if the Demo user is not logged in - name: Create asset directories
- name: Authenticate to web UI the first time ansible.builtin.file:
uri: path: "{{ openqa_homedir }}/share/factory/{{ item }}/fixed"
url: "http://{{ openqa_host }}/login"
- name: Run fifloader.py
command: ./fifloader.py -l -c templates.fif.json templates-updates.fif.json
changed_when: "1 != 1"
args:
chdir: "{{ openqa_homedir }}/share/tests/rocky"
- name: Create ISO directory
file:
path: "{{ openqa_homedir }}/share/factory/iso/fixed"
state: directory state: directory
owner: "{{ openqa_user }}" owner: "{{ openqa_user }}"
group: "{{ openqa_group }}" group: "{{ openqa_group }}"
mode: "0775" mode: "0775"
tags: loop:
- download_isos - iso
- hdd
- name: Download ISOs
get_url:
dest: "{{ openqa_homedir }}/share/factory/iso/fixed/{{ item.name }}"
url: "{{ rocky_iso_download_url }}/{{ item.name }}"
checksum: "{{ item.checksum }}"
owner: "{{ openqa_user }}"
group: "{{ openqa_group }}"
tmp_dest: "/var/tmp"
mode: "0644"
loop: "{{ openqa_isos }}"
tags:
- download_isos
- name: Start {{ openqa_worker_count }} OpenQA workers
ansible.builtin.systemd:
name: "openqa-worker@{{ item }}"
state: started
enabled: true
# range 'end' parameter is exclusive, so add 1
loop: "{{ range(1, (openqa_worker_count|int + 1)) | list }}"
tags:
- start_workers
- configure
- name: POST a job
command: |
openqa-cli api -X POST isos \
ISO=Rocky-{{ rocky_version }}-{{ rocky_arch }}-minimal.iso \
ARCH={{ rocky_arch }} \
DISTRI=rocky \
FLAVOR=minimal-iso \
VERSION={{ rocky_version }} \
BUILD="{{ '%Y%m%d.%H%M%S' | strftime }}.0"
changed_when: "1 != 1"
... ...

View file

@ -0,0 +1,92 @@
---
- name: Remove files
ansible.builtin.file:
path: '{{ item }}'
state: absent
loop:
- /etc/sysconfig/os-autoinst-openvswitch
- /etc/sysconfig/network-scripts/ifcfg-{{ openqa_multivm_bridge_interface }}
- name: Remove tap interface configurations
ansible.builtin.file:
path: /etc/sysconfig/network-scripts/ifcfg-tap{{ item }}
state: absent
loop: "{{ range(openqa_worker_count | int) | list }}"
- name: Delete bridge interface
ansible.builtin.command: ovs-vsctl del-br {{ openqa_multivm_bridge_interface }}
changed_when: true
- name: Disable openvswitch services
ansible.builtin.systemd:
name: "{{ item }}"
state: stopped
enabled: false
loop:
- os-autoinst-openvswitch
- openvswitch
- name: Remove packages
ansible.builtin.dnf:
pkg:
- os-autoinst-openvswitch
- tunctl
- network-scripts
state: absent
- name: Remove /sbin/ifup-pre-local
ansible.builtin.file:
path: /sbin/ifup-pre-local
state: absent
- name: Disable bridge interface for internal zone
ansible.posix.firewalld:
permanent: true
interface: br0
state: disabled
zone: internal
notify: reload_firewalld
- name: Disable masquerade for public and internal zones
ansible.posix.firewalld:
masquerade: true
permanent: true
state: disabled
zone: '{{ item }}'
loop:
- public
- internal
notify: reload_firewalld
- name: Disable ipv4 IP forwarding
ansible.posix.sysctl:
name: net.ipv4.ip_forward
value: '1'
state: absent
sysctl_file: /etc/sysctl.d/ip-forward.conf
sysctl_set: true
- name: Set-target ACCEPT on public zone
ansible.posix.firewalld:
permanent: true
state: absent
zone: public
target: ACCEPT
notify: reload_firewalld
- name: Remove port for GRE tunnel
ansible.posix.firewalld:
permanent: true
port: 1723/tcp
state: disabled
notify: reload_firewalld
- name: Set WORKER_CLASS for tap interfaces
community.general.ini_file:
path: /etc/openqa/workers.ini
section: global
option: WORKER_CLASS
value: qemu_x86_64,tap
state: absent
mode: '0644'
...

42
tasks/remove_openqa.yml Normal file
View file

@ -0,0 +1,42 @@
---
- name: Uninstall OpenQA packages
ansible.builtin.yum:
name: "{{ openqa_packages }}"
state: absent
- name: Delete OpenQA files and directories
ansible.builtin.file:
path: "{{ item }}"
state: absent
loop:
- "{{ openqa_homedir }}"
- /var/lib/pgsql
- /etc/openqa
- /etc/httpd/conf.d/openqa.conf
- /etc/httpd/conf.d/openqa-ssl.conf
- name: Disable httpd_can_network_connect
ansible.posix.seboolean:
name: httpd_can_network_connect
state: false
persistent: true
- name: Deny traffic for services
ansible.posix.firewalld:
service: "{{ item }}"
permanent: true
state: disabled
loop:
- http
- openqa-vnc
- name: Deny VNC traffic for local workers
ansible.posix.firewalld:
port: "{{ openqa_min_vnc_port }}-{{ openqa_max_vnc_port }}/tcp"
permanent: true
state: disabled
- name: Reload FirewallD
ansible.builtin.systemd:
name: firewalld
state: reloaded

View file

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<port port="{{ openqa_min_socket_port }}-{{ openqa_max_socket_port }}" protocol="tcp"/>
</service>

View file

@ -0,0 +1,7 @@
[global]
HOST = https://{{ openqa_host }}
CACHEDIRECTORY = /var/lib/openqa/cache
CACHE_MIN_FREE_PERCENTAGE = 10
[https://{{ openqa_host }}]
TESTPOOLSERVER = rsync://{{ openqa_host }}/tests

View file

@ -0,0 +1,10 @@
DEVICETYPE='ovs'
TYPE='OVSBridge'
BOOTPROTO='static'
IPADDR='172.16.2.2'
NETMASK='255.254.0.0'
DEVICE={{ openqa_multivm_bridge_interface }}
STP=off
ONBOOT='yes'
NAME='{{ openqa_multivm_bridge_interface }}'
HOTPLUG='no'

View file

@ -0,0 +1,7 @@
DEVICETYPE='ovs'
TYPE='OVSPort'
OVS_BRIDGE='{{ openqa_multivm_bridge_interface }}'
DEVICE='tap{{ item }}'
ONBOOT='yes'
BOOTPROTO='none'
HOTPLUG='no'

View file

@ -0,0 +1,3 @@
OS_AUTOINST_BRIDGE_LOCAL_IP=172.16.2.2
OS_AUTOINST_BRIDGE_REWRITE_TARGET=172.17.0.0
OS_AUTOINST_USE_BRIDGE={{ openqa_multivm_bridge_interface }}

View file

@ -0,0 +1,20 @@
#!/bin/sh
if=$(echo "$1" | sed -e 's,ifcfg-,,')
iftype=$(echo "$if" | sed -e 's,[0-9]\+$,,')
# if the interface being brought up is tap[n], create
# the tap device first
if [ "$iftype" == "tap" ]; then
tunctl -u _openqa-worker -p -t "$if"
fi
# if the interface being brough up is {{ openqa_multivm_bridge_interface }}, create
# the gre tunnels
if [ "$if" == "{{ openqa_multivm_bridge_interface }}" ]; then
ovs-vsctl set bridge {{ openqa_multivm_bridge_interface }} stp_enable=true
# This is only needed for multi-host setups
{% for w in range(1, openqa_worker_count+1) %}
#ovs-vsctl --may-exist add-port {{ openqa_multivm_bridge_interface }} gre{{ w }} -- set interface gre{{ w }} type=gre options:remote_ip=172.16.2.{{ 2 + w|int }}
{% endfor %}
fi

View file

@ -1,5 +1,9 @@
--- ---
- hosts: localhost - name: Run tests
hosts: localhost
remote_user: root remote_user: root
tasks: tasks:
- import_tasks: example.yml - name: Ensure required variables are defined
ansible.builtin.assert:
that:
- openqa_host is defined

35
vars/openqa-worker.yml Normal file
View file

@ -0,0 +1,35 @@
---
# The primary openQA host
openqa_host: localhost
openqa_client_key: 1234567890ABCDEF
openqa_client_secret: 1234567890ABCDEF
# Default OpenQA user and group
openqa_user: geekotest
openqa_group: geekotest
# The number of workers to enable on this system
openqa_worker_count: 1
# Port range to open for VNC access to local workers.
# The max port should be 5990 + n where n is the total
# number of workers you want to enable on your system.
openqa_min_vnc_port: 5991
openqa_max_vnc_port: "{{ 5990 + openqa_worker_count | int }}"
# Port range to open for socket connections from the primary host.
openqa_min_socket_port: 20000
openqa_max_socket_port: 20089
# Packages to install
openqa_worker_packages:
- firewalld
- guestfs-tools
- libguestfs-xfs
- libvirt-daemon-config-network
- openqa-worker
- perl-REST-Client
- python3-libguestfs
- virt-install
- withlock
...

View file

@ -45,7 +45,7 @@ openqa_worker_count: 1
# The max port should be 5990 + n where n is the total # The max port should be 5990 + n where n is the total
# number of workers you want to enable on your system. # number of workers you want to enable on your system.
openqa_min_vnc_port: 5991 openqa_min_vnc_port: 5991
openqa_max_vnc_port: "{{ 5990 + openqa_worker_count|int }}" openqa_max_vnc_port: "{{ 5990 + openqa_worker_count | int }}"
# Packages to install # Packages to install
openqa_packages: openqa_packages:

View file

@ -9,6 +9,6 @@ templates_src_dir: "{{ playbook_dir }}/files/usr/share/openqa/templates"
templates_dest_dir: "/usr/share/openqa/templates" templates_dest_dir: "/usr/share/openqa/templates"
branding_patches: branding_patches:
- { path: /usr/share/openqa/assets/assetpack.def, patch: /usr/share/openqa/assets/assetpack.def.patch } - {path: /usr/share/openqa/assets/assetpack.def, patch: /usr/share/openqa/assets/assetpack.def.patch}
- { path: /usr/share/openqa/templates/webapi/main/index.html.ep, patch: /usr/share/openqa/templates/webapi/main/index.html.ep.patch } - {path: /usr/share/openqa/templates/webapi/main/index.html.ep, patch: /usr/share/openqa/templates/webapi/main/index.html.ep.patch}
... ...