diff --git a/.ansible-lint b/.ansible-lint index 2394b2a..f1e5c61 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,6 +1,7 @@ +--- # .ansible-lint warn_list: - - '204' # Lines should be less than 160 characters - - '701' # meta/main.yml should contain relevant info + - '204' # Lines should be less than 160 characters + - '701' # meta/main.yml should contain relevant info skip_list: - - '106' # Role name must match ^[a-z][a-z0-9_]+$ pattern + - '106' # Role name must match ^[a-z][a-z0-9_]+$ pattern diff --git a/handlers/main.yml b/handlers/main.yml index 03692d8..75109fa 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,2 +1,37 @@ --- -# Handlers +- name: Reload firewalld + ansible.builtin.systemd: + name: firewalld + state: reloaded + ignore_errors: "{{ ansible_check_mode }}" + +- name: Restart openQA workers + ansible.builtin.systemd: + name: "openqa-worker@{{ item }}" + state: restarted + enabled: true + # range "end" parameter is exclusive, so add 1 + loop: "{{ range(1, (openqa_worker_count | int + 1)) | list }}" + ignore_errors: "{{ ansible_check_mode }}" + +- name: Restart openqa services + ansible.builtin.systemd: + name: "{{ item }}" + state: restarted + loop: "{{ openqa_services }}" + ignore_errors: "{{ ansible_check_mode }}" + +- name: Restart os-autoinst-openvswitch + ansible.builtin.systemd: + name: os-autoinst-openvswitch + state: restarted + enabled: true + ignore_errors: "{{ ansible_check_mode }}" + +- name: Restart httpd + ansible.builtin.service: + name: httpd + state: restarted + enabled: true + ignore_errors: "{{ ansible_check_mode }}" +... diff --git a/init-rocky-openqa-developer-host.yml b/init-rocky-openqa-developer-host.yml index b946e2b..9f1ff4f 100644 --- a/init-rocky-openqa-developer-host.yml +++ b/init-rocky-openqa-developer-host.yml @@ -20,20 +20,21 @@ become: true vars_files: - vars/openqa.yml - - vars/openqa_branding.yml + - vars/openqa-branding.yml # This is to try to avoid the handler issue in pre/post tasks handlers: - - import_tasks: handlers/main.yml + - name: Import handlers + ansible.builtin.import_tasks: handlers/main.yml pre_tasks: - name: Check if ansible cannot be run here - stat: + ansible.builtin.stat: path: /etc/no-ansible register: no_ansible - name: Verify if we can run ansible - assert: + ansible.builtin.assert: that: - "not no_ansible.stat.exists" success_msg: "We are able to run on this node" @@ -41,13 +42,14 @@ tasks: - name: Install and configure OpenQA - import_tasks: tasks/openqa.yml + ansible.builtin.import_tasks: tasks/openqa.yml + - name: Apply Rocky Linux OpenQA Branding - import_tasks: tasks/openqa_branding.yml + ansible.builtin.import_tasks: tasks/openqa-branding.yml post_tasks: - name: Touching run file that ansible has ran here - file: + ansible.builtin.file: path: /var/log/ansible.run state: touch mode: '0644' diff --git a/init-rocky-openqa-worker-host.yml b/init-rocky-openqa-worker-host.yml index fc35aa3..74bfb05 100644 --- a/init-rocky-openqa-worker-host.yml +++ b/init-rocky-openqa-worker-host.yml @@ -18,16 +18,17 @@ # This is to try to avoid the handler issue in pre/post tasks handlers: - - import_tasks: handlers/main.yml + - name: Import handlers + ansible.builtin.import_tasks: handlers/main.yml pre_tasks: - name: Check if ansible cannot be run here - stat: + ansible.builtin.stat: path: /etc/no-ansible register: no_ansible - name: Verify if we can run ansible - assert: + ansible.builtin.assert: that: - "not no_ansible.stat.exists" success_msg: "We are able to run on this node" @@ -35,11 +36,11 @@ tasks: - name: Install and configure OpenQA workers - import_tasks: tasks/openqa-worker.yml + ansible.builtin.import_tasks: tasks/openqa-worker.yml post_tasks: - name: Touching run file that ansible has ran here - file: + ansible.builtin.file: path: /var/log/ansible.run state: touch mode: '0644' diff --git a/remove-rocky-openqa-developer-host.yml b/remove-rocky-openqa-developer-host.yml new file mode 100644 index 0000000..18c1aad --- /dev/null +++ b/remove-rocky-openqa-developer-host.yml @@ -0,0 +1,41 @@ +# Delete local OpenQA testing environment +# This playbook is *NOT* intended for WAN-facing systems! +# Created: @akatch +--- +- name: Rocky OpenQA Runbook + hosts: localhost + connection: local + become: true + vars_files: + - vars/openqa.yml + + # This is to try to avoid the handler issue in pre/post tasks + handlers: + - name: Import handlers + ansible.builtin.import_tasks: handlers/main.yml + + pre_tasks: + - name: Check if ansible cannot be run here + ansible.builtin.stat: + path: /etc/no-ansible + register: no_ansible + + - name: Verify if we can run ansible + ansible.builtin.assert: + that: + - "not no_ansible.stat.exists" + success_msg: "We are able to run on this node" + fail_msg: "/etc/no-ansible exists - skipping run on this node" + + tasks: + - name: Remove OpenQA installation from this system + ansible.builtin.import_tasks: tasks/remove_openqa.yml + + post_tasks: + - name: Touching run file that ansible has ran here + ansible.builtin.file: + path: /var/log/ansible.run + state: touch + mode: '0644' + owner: root + group: root diff --git a/remove-rocky-openqa-multivm-networking.yml b/remove-rocky-openqa-multivm-networking.yml new file mode 100644 index 0000000..1c2d347 --- /dev/null +++ b/remove-rocky-openqa-multivm-networking.yml @@ -0,0 +1,54 @@ +# Sets up local OpenQA testing environment +# This playbook is *NOT* intended for WAN-facing systems! +# +# Usages: +# # Install and configure an openQA developer host, download all current Rocky ISOs, +# # and POST a test job +# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml +# +# # Only perform ISO download tasks +# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml --tags=download_isos +# +# # Only perform configuration, do not download ISOs or POST a job +# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml --tags=configure +# +# Created: @akatch +--- +- name: Rocky OpenQA Runbook + hosts: localhost + connection: local + become: true + vars_files: + - vars/openqa.yml + + # This is to try to avoid the handler issue in pre/post tasks + handlers: + - name: Import handlers + ansible.builtin.import_tasks: handlers/main.yml + + pre_tasks: + - name: Check if ansible cannot be run here + ansible.builtin.stat: + path: /etc/no-ansible + register: no_ansible + + - name: Verify if we can run ansible + ansible.builtin.assert: + that: + - "not no_ansible.stat.exists" + success_msg: "We are able to run on this node" + fail_msg: "/etc/no-ansible exists - skipping run on this node" + + tasks: + - name: Remove openqa multivm networking configs + ansible.builtin.import_tasks: tasks/remove_openqa-multivm-networking.yml + + post_tasks: + - name: Touching run file that ansible has ran here + ansible.builtin.file: + path: /var/log/ansible.run + state: touch + mode: '0644' + owner: root + group: root +... diff --git a/tasks/main.yml b/tasks/main.yml deleted file mode 100644 index 68a6567..0000000 --- a/tasks/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -# No tasks -- debug: msg="No tasks are provided here. Please import the task as needed in your playbook." -... diff --git a/tasks/openqa_branding.yml b/tasks/openqa-branding.yml similarity index 89% rename from tasks/openqa_branding.yml rename to tasks/openqa-branding.yml index 29f6e6e..bdc1be8 100644 --- a/tasks/openqa_branding.yml +++ b/tasks/openqa-branding.yml @@ -23,6 +23,7 @@ # strip: 1 backup: true with_items: "{{ branding_patches }}" + ignore_errors: "{{ ansible_check_mode }}" tags: - branding @@ -30,6 +31,7 @@ ansible.builtin.systemd: name: openqa-webui state: restarted + ignore_errors: "{{ ansible_check_mode }}" tags: - branding ... diff --git a/tasks/openqa-multivm-networking.yml b/tasks/openqa-multivm-networking.yml new file mode 100644 index 0000000..884b678 --- /dev/null +++ b/tasks/openqa-multivm-networking.yml @@ -0,0 +1,111 @@ +--- +# {{ openqa_multivm_bridge_interface }} should not exist or we should use a different name +- name: Assert bridge interface does not exist + ansible.builtin.assert: + that: + - 'openqa_multivm_bridge_interface not in ansible_interfaces' + success_msg: 'interface does not exist, can proceed' + fail_msg: '{{ openqa_multivm_bridge_interface }} already exists, please supply an alternative' + +- name: Install multivm networking packages + ansible.builtin.dnf: + pkg: + - os-autoinst-openvswitch + - tunctl + +- name: Create /etc/sysconfig/os-autoinst-openvswitch + ansible.builtin.copy: + src: etc/sysconfig/os-autoinst-openvswitch.j2 + dest: /etc/sysconfig/os-autoinst-openvswitch + mode: '0644' + notify: Restart os-autoinst-openvswitch + +- name: Create bridge interface configuration + ansible.builtin.copy: + src: etc/sysconfig/network-scripts/ifcfg-br.j2 + dest: /etc/sysconfig/network-scripts/ifcfg-{{ openqa_multivm_bridge_interface }} + mode: '0644' + +- name: Create worker tap interface configs + ansible.builtin.copy: + src: etc/sysconfig/network-scripts/ifcfg-tap.j2 + dest: /etc/sysconfig/network-scripts/ifcfg-tap{{ item }} + mode: '0644' + loop: "{{ range(openqa_worker_count) | list }}" + +- name: Update /sbin/ifup-pre-local + ansible.builtin.template: + src: sbin/ifup-pre-local.j2 + dest: /sbin/ifup-pre-local + mode: 'ug+x' + +- name: Enable bridge interface for internal zone + ansible.posix.firewalld: + permanent: true + interface: '{{ openqa_multivm_bridge_interface }}' + state: enabled + zone: internal + notify: Reload firewalld + +- name: Enable masquerade for public and internal zones + ansible.posix.firewalld: + masquerade: true + permanent: true + state: enabled + zone: '{{ item }}' + loop: + - public + - internal + notify: Reload firewalld + +- name: Enable ipv4 IP forwarding + ansible.posix.sysctl: + name: net.ipv4.ip_forward + value: '1' + state: present + sysctl_file: /etc/sysctl.d/ip-forward.conf + sysctl_set: true + +- name: Set-target ACCEPT on public zone + ansible.posix.firewalld: + permanent: true + state: present + zone: public + target: ACCEPT + notify: Reload firewalld + +# Only needed for multi-host setups +- name: Add port for GRE tunnel + ansible.posix.firewalld: + permanent: true + port: 1723/tcp + state: enabled + +- name: Enable openvswitch services + ansible.builtin.systemd_service: + name: "{{ item }}" + state: started + enabled: true + loop: + - openvswitch + - os-autoinst-openvswitch + ignore_errors: "{{ ansible_check_mode }}" + +- name: Set WORKER_CLASS for tap interfaces + community.general.ini_file: + path: /etc/openqa/workers.ini + section: global + option: WORKER_CLASS + value: qemu_x86_64,tap + state: present + mode: '0644' + notify: Restart openqa services + +- name: Enable bridge interface for openvswitch + ansible.builtin.command: ovs-vsctl add-br {{ openqa_multivm_bridge_interface }} + changed_when: true + +- name: Enable capability + ansible.builtin.command: setcap CAP_NET_ADMIN=ep /usr/bin/qemu-system-x86_64 + changed_when: true +... diff --git a/tasks/openqa-worker.yml b/tasks/openqa-worker.yml index 1b10e38..2b4202e 100644 --- a/tasks/openqa-worker.yml +++ b/tasks/openqa-worker.yml @@ -1,25 +1,25 @@ --- - name: Install OpenQA worker packages - dnf: + ansible.builtin.dnf: name: "{{ openqa_worker_packages }}" state: present tags: - packages - name: Create openQA group - group: + ansible.builtin.group: name: "{{ openqa_group }}" system: true - name: Create openQA user - user: + ansible.builtin.user: name: "{{ openqa_user }}" groups: "{{ openqa_group }}" append: true system: true - name: Configure firewalld for openQA worker connections - template: + ansible.builtin.template: src: etc/firewalld/services/{{ item }}.xml.j2 dest: /etc/firewalld/services/{{ item }}.xml owner: root @@ -30,17 +30,10 @@ - openqa-vnc tags: - configure - -- name: Reload firewalld - systemd: - name: firewalld - state: reloaded - tags: - - configure - ignore_errors: "{{ ansible_check_mode }}" + notify: Reload firewalld - name: Write openQA configuration file - template: + ansible.builtin.template: src: etc/openqa/{{ item }}.j2 dest: /etc/openqa/{{ item }} owner: "{{ openqa_user }}" @@ -48,21 +41,10 @@ mode: "0444" loop: - client.conf - - workers.conf + - workers.ini tags: - configure - -- name: Start {{ openqa_worker_count }} openQA workers - ansible.builtin.systemd: - name: "openqa-worker@{{ item }}" - state: started - enabled: true - # range "end" parameter is exclusive, so add 1 - loop: "{{ range(1, (openqa_worker_count|int + 1)) | list }}" - tags: - - start_workers - - configure - ignore_errors: "{{ ansible_check_mode }}" + notify: Restart openQA workers - name: Start openQA cache services ansible.builtin.systemd: diff --git a/tasks/openqa.yml b/tasks/openqa.yml index 27d3585..09fa746 100644 --- a/tasks/openqa.yml +++ b/tasks/openqa.yml @@ -1,28 +1,29 @@ --- - name: Install OpenQA packages - yum: + ansible.builtin.yum: name: "{{ openqa_packages }}" state: present tags: - packages - name: Copy httpd configuration files - copy: + ansible.builtin.copy: remote_src: true src: /etc/httpd/conf.d/{{ item }}.template dest: /etc/httpd/conf.d/{{ item }} - mode: '0644' + mode: "0644" owner: root group: root loop: - openqa.conf - openqa-ssl.conf - notify: restart_httpd + notify: Restart httpd tags: - configure + ignore_errors: "{{ ansible_check_mode }}" - name: Template OpenQA configuration files - template: + ansible.builtin.template: src: etc/openqa/{{ item }}.j2 dest: /etc/openqa/{{ item }} owner: "{{ openqa_user }}" @@ -33,30 +34,35 @@ - client.conf tags: - configure + notify: Restart openQA workers - name: Get service facts - service_facts: + ansible.builtin.service_facts: + check_mode: false - name: Check for non-empty postgres data directory - stat: + ansible.builtin.stat: path: /var/lib/pgsql/data/base register: postgres_data_dir - name: If postgresql is not already running, initialize database - command: postgresql-setup --initdb + ansible.builtin.command: postgresql-setup --initdb when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" ) and not postgres_data_dir.stat.exists + changed_when: true + ignore_errors: "{{ ansible_check_mode }}" - name: Enable and start postgresql service - systemd: + ansible.builtin.systemd: name: postgresql state: started enabled: true when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" ) and not postgres_data_dir.stat.exists + ignore_errors: "{{ ansible_check_mode }}" - name: Configure SELinux to allow httpd connection to network - seboolean: + ansible.posix.seboolean: name: httpd_can_network_connect state: true persistent: true @@ -64,16 +70,17 @@ - configure - name: Enable and start OpenQA services - systemd: + ansible.builtin.systemd: name: "{{ item }}" state: started enabled: true loop: "{{ openqa_services }}" tags: - configure + ignore_errors: "{{ ansible_check_mode }}" - name: Create openqa-vnc firewalld service - template: + ansible.builtin.template: src: etc/firewalld/services/openqa-vnc.xml.j2 dest: /etc/firewalld/services/openqa-vnc.xml owner: root @@ -81,15 +88,20 @@ mode: "0644" tags: - configure + notify: Reload firewalld + +- name: Systemctl daemon-reload + ansible.builtin.systemd: + daemon_reload: true - name: Load openqa-vnc firewalld service - systemd: + ansible.builtin.systemd: name: firewalld state: reloaded tags: - configure -- name: Permit traffic for {{ item }} service +- name: Permit traffic for http and openqa-vnc services ansible.posix.firewalld: service: "{{ item }}" permanent: true @@ -101,21 +113,21 @@ - configure - name: Reload FirewallD - systemd: + ansible.builtin.systemd: name: firewalld state: reloaded tags: - configure - name: Check for existing repository - stat: + ansible.builtin.stat: path: "{{ openqa_homedir }}/share/tests/rocky" register: rocky_testing_repo tags: - configure - name: Clone repository if it does not already exist - git: + ansible.builtin.git: accept_hostkey: true dest: "{{ openqa_homedir }}/share/tests/rocky" repo: "{{ openqa_rocky_testing_repo }}" @@ -125,68 +137,23 @@ - configure - name: Set owner/group/permissions on repo contents - file: + ansible.builtin.file: path: "{{ openqa_homedir }}/share/tests/rocky" recurse: true owner: "{{ openqa_user }}" group: "{{ openqa_group }}" - mode: "u+rwX,g+rwX,o+rX,o-w" + mode: "0775" tags: - configure -# fifloader.py will fail if the Demo user is not logged in -- name: Authenticate to web UI the first time - uri: - url: "http://{{ openqa_host }}/login" - -- name: Run fifloader.py - command: ./fifloader.py -l -c templates.fif.json templates-updates.fif.json - changed_when: "1 != 1" - args: - chdir: "{{ openqa_homedir }}/share/tests/rocky" - -- name: Create ISO directory - file: - path: "{{ openqa_homedir }}/share/factory/iso/fixed" +- name: Create asset directories + ansible.builtin.file: + path: "{{ openqa_homedir }}/share/factory/{{ item }}/fixed" state: directory owner: "{{ openqa_user }}" group: "{{ openqa_group }}" mode: "0775" - tags: - - download_isos - -- name: Download ISOs - get_url: - dest: "{{ openqa_homedir }}/share/factory/iso/fixed/{{ item.name }}" - url: "{{ rocky_iso_download_url }}/{{ item.name }}" - checksum: "{{ item.checksum }}" - owner: "{{ openqa_user }}" - group: "{{ openqa_group }}" - tmp_dest: "/var/tmp" - mode: "0644" - loop: "{{ openqa_isos }}" - tags: - - download_isos - -- name: Start {{ openqa_worker_count }} OpenQA workers - ansible.builtin.systemd: - name: "openqa-worker@{{ item }}" - state: started - enabled: true - # range 'end' parameter is exclusive, so add 1 - loop: "{{ range(1, (openqa_worker_count|int + 1)) | list }}" - tags: - - start_workers - - configure - -- name: POST a job - command: | - openqa-cli api -X POST isos \ - ISO=Rocky-{{ rocky_version }}-{{ rocky_arch }}-minimal.iso \ - ARCH={{ rocky_arch }} \ - DISTRI=rocky \ - FLAVOR=minimal-iso \ - VERSION={{ rocky_version }} \ - BUILD="{{ '%Y%m%d.%H%M%S' | strftime }}.0" - changed_when: "1 != 1" + loop: + - iso + - hdd ... diff --git a/tasks/remove_openqa-multivm-networking.yml b/tasks/remove_openqa-multivm-networking.yml new file mode 100644 index 0000000..3e46047 --- /dev/null +++ b/tasks/remove_openqa-multivm-networking.yml @@ -0,0 +1,92 @@ +--- +- name: Remove files + ansible.builtin.file: + path: '{{ item }}' + state: absent + loop: + - /etc/sysconfig/os-autoinst-openvswitch + - /etc/sysconfig/network-scripts/ifcfg-{{ openqa_multivm_bridge_interface }} + +- name: Remove tap interface configurations + ansible.builtin.file: + path: /etc/sysconfig/network-scripts/ifcfg-tap{{ item }} + state: absent + loop: "{{ range(openqa_worker_count | int) | list }}" + +- name: Delete bridge interface + ansible.builtin.command: ovs-vsctl del-br {{ openqa_multivm_bridge_interface }} + changed_when: true + +- name: Disable openvswitch services + ansible.builtin.systemd: + name: "{{ item }}" + state: stopped + enabled: false + loop: + - os-autoinst-openvswitch + - openvswitch + +- name: Remove packages + ansible.builtin.dnf: + pkg: + - os-autoinst-openvswitch + - tunctl + - network-scripts + state: absent + +- name: Remove /sbin/ifup-pre-local + ansible.builtin.file: + path: /sbin/ifup-pre-local + state: absent + +- name: Disable bridge interface for internal zone + ansible.posix.firewalld: + permanent: true + interface: br0 + state: disabled + zone: internal + notify: reload_firewalld + +- name: Disable masquerade for public and internal zones + ansible.posix.firewalld: + masquerade: true + permanent: true + state: disabled + zone: '{{ item }}' + loop: + - public + - internal + notify: reload_firewalld + +- name: Disable ipv4 IP forwarding + ansible.posix.sysctl: + name: net.ipv4.ip_forward + value: '1' + state: absent + sysctl_file: /etc/sysctl.d/ip-forward.conf + sysctl_set: true + +- name: Set-target ACCEPT on public zone + ansible.posix.firewalld: + permanent: true + state: absent + zone: public + target: ACCEPT + notify: reload_firewalld + +- name: Remove port for GRE tunnel + ansible.posix.firewalld: + permanent: true + port: 1723/tcp + state: disabled + notify: reload_firewalld + +- name: Set WORKER_CLASS for tap interfaces + community.general.ini_file: + path: /etc/openqa/workers.ini + section: global + option: WORKER_CLASS + value: qemu_x86_64,tap + state: absent + mode: '0644' +... diff --git a/tasks/remove_openqa.yml b/tasks/remove_openqa.yml new file mode 100644 index 0000000..fb5700e --- /dev/null +++ b/tasks/remove_openqa.yml @@ -0,0 +1,42 @@ +--- +- name: Uninstall OpenQA packages + ansible.builtin.yum: + name: "{{ openqa_packages }}" + state: absent + +- name: Delete OpenQA files and directories + ansible.builtin.file: + path: "{{ item }}" + state: absent + loop: + - "{{ openqa_homedir }}" + - /var/lib/pgsql + - /etc/openqa + - /etc/httpd/conf.d/openqa.conf + - /etc/httpd/conf.d/openqa-ssl.conf + +- name: Disable httpd_can_network_connect + ansible.posix.seboolean: + name: httpd_can_network_connect + state: false + persistent: true + +- name: Deny traffic for services + ansible.posix.firewalld: + service: "{{ item }}" + permanent: true + state: disabled + loop: + - http + - openqa-vnc + +- name: Deny VNC traffic for local workers + ansible.posix.firewalld: + port: "{{ openqa_min_vnc_port }}-{{ openqa_max_vnc_port }}/tcp" + permanent: true + state: disabled + +- name: Reload FirewallD + ansible.builtin.systemd: + name: firewalld + state: reloaded diff --git a/templates/etc/openqa/workers.conf.j2 b/templates/etc/openqa/workers.ini.j2 similarity index 100% rename from templates/etc/openqa/workers.conf.j2 rename to templates/etc/openqa/workers.ini.j2 diff --git a/templates/etc/sysconfig/network-scripts/ifcfg-br.j2 b/templates/etc/sysconfig/network-scripts/ifcfg-br.j2 new file mode 100644 index 0000000..b507a85 --- /dev/null +++ b/templates/etc/sysconfig/network-scripts/ifcfg-br.j2 @@ -0,0 +1,10 @@ +DEVICETYPE='ovs' +TYPE='OVSBridge' +BOOTPROTO='static' +IPADDR='172.16.2.2' +NETMASK='255.254.0.0' +DEVICE={{ openqa_multivm_bridge_interface }} +STP=off +ONBOOT='yes' +NAME='{{ openqa_multivm_bridge_interface }}' +HOTPLUG='no' diff --git a/templates/etc/sysconfig/network-scripts/ifcfg-tap.j2 b/templates/etc/sysconfig/network-scripts/ifcfg-tap.j2 new file mode 100644 index 0000000..7b037b4 --- /dev/null +++ b/templates/etc/sysconfig/network-scripts/ifcfg-tap.j2 @@ -0,0 +1,7 @@ +DEVICETYPE='ovs' +TYPE='OVSPort' +OVS_BRIDGE='{{ openqa_multivm_bridge_interface }}' +DEVICE='tap{{ item }}' +ONBOOT='yes' +BOOTPROTO='none' +HOTPLUG='no' diff --git a/templates/etc/sysconfig/os-autoinst-openvswitch.j2 b/templates/etc/sysconfig/os-autoinst-openvswitch.j2 new file mode 100644 index 0000000..ce81e91 --- /dev/null +++ b/templates/etc/sysconfig/os-autoinst-openvswitch.j2 @@ -0,0 +1,3 @@ +OS_AUTOINST_BRIDGE_LOCAL_IP=172.16.2.2 +OS_AUTOINST_BRIDGE_REWRITE_TARGET=172.17.0.0 +OS_AUTOINST_USE_BRIDGE={{ openqa_multivm_bridge_interface }} diff --git a/templates/sbin/ifup-pre-local.j2 b/templates/sbin/ifup-pre-local.j2 new file mode 100644 index 0000000..02ca74d --- /dev/null +++ b/templates/sbin/ifup-pre-local.j2 @@ -0,0 +1,20 @@ +#!/bin/sh + +if=$(echo "$1" | sed -e 's,ifcfg-,,') +iftype=$(echo "$if" | sed -e 's,[0-9]\+$,,') + +# if the interface being brought up is tap[n], create +# the tap device first +if [ "$iftype" == "tap" ]; then + tunctl -u _openqa-worker -p -t "$if" +fi + +# if the interface being brough up is {{ openqa_multivm_bridge_interface }}, create +# the gre tunnels +if [ "$if" == "{{ openqa_multivm_bridge_interface }}" ]; then + ovs-vsctl set bridge {{ openqa_multivm_bridge_interface }} stp_enable=true + # This is only needed for multi-host setups +{% for w in range(1, openqa_worker_count+1) %} + #ovs-vsctl --may-exist add-port {{ openqa_multivm_bridge_interface }} gre{{ w }} -- set interface gre{{ w }} type=gre options:remote_ip=172.16.2.{{ 2 + w|int }} +{% endfor %} +fi diff --git a/tests/test.yml b/tests/test.yml index 27fe873..33b2182 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -1,5 +1,9 @@ --- -- hosts: localhost +- name: Run tests + hosts: localhost remote_user: root tasks: - - import_tasks: example.yml + - name: Ensure required variables are defined + ansible.builtin.assert: + that: + - openqa_host is defined diff --git a/vars/openqa_branding.yml b/vars/openqa-branding.yml similarity index 58% rename from vars/openqa_branding.yml rename to vars/openqa-branding.yml index e294070..ad577d8 100644 --- a/vars/openqa_branding.yml +++ b/vars/openqa-branding.yml @@ -9,6 +9,6 @@ templates_src_dir: "{{ playbook_dir }}/files/usr/share/openqa/templates" templates_dest_dir: "/usr/share/openqa/templates" branding_patches: - - { path: /usr/share/openqa/assets/assetpack.def, patch: /usr/share/openqa/assets/assetpack.def.patch } - - { path: /usr/share/openqa/templates/webapi/main/index.html.ep, patch: /usr/share/openqa/templates/webapi/main/index.html.ep.patch } + - {path: /usr/share/openqa/assets/assetpack.def, patch: /usr/share/openqa/assets/assetpack.def.patch} + - {path: /usr/share/openqa/templates/webapi/main/index.html.ep, patch: /usr/share/openqa/templates/webapi/main/index.html.ep.patch} ... diff --git a/vars/openqa-worker.yml b/vars/openqa-worker.yml index be216d2..ddbc3e3 100644 --- a/vars/openqa-worker.yml +++ b/vars/openqa-worker.yml @@ -15,7 +15,7 @@ openqa_worker_count: 1 # The max port should be 5990 + n where n is the total # number of workers you want to enable on your system. openqa_min_vnc_port: 5991 -openqa_max_vnc_port: "{{ 5990 + openqa_worker_count|int }}" +openqa_max_vnc_port: "{{ 5990 + openqa_worker_count | int }}" # Port range to open for socket connections from the primary host. openqa_min_socket_port: 20000 @@ -23,14 +23,13 @@ openqa_max_socket_port: 20089 # Packages to install openqa_worker_packages: + - firewalld - guestfs-tools - libguestfs-xfs - libvirt-daemon-config-network - - virt-install - openqa-worker - perl-REST-Client - python3-libguestfs - virt-install - withlock - - firewalld ... diff --git a/vars/openqa.yml b/vars/openqa.yml index af1ed1b..9a908f3 100644 --- a/vars/openqa.yml +++ b/vars/openqa.yml @@ -45,7 +45,7 @@ openqa_worker_count: 1 # The max port should be 5990 + n where n is the total # number of workers you want to enable on your system. openqa_min_vnc_port: 5991 -openqa_max_vnc_port: "{{ 5990 + openqa_worker_count|int }}" +openqa_max_vnc_port: "{{ 5990 + openqa_worker_count | int }}" # Packages to install openqa_packages: