From 2a237385efd4c04d6e463bf3042c50e1adcbefe2 Mon Sep 17 00:00:00 2001 From: Al Bowles Date: Sat, 18 Feb 2023 12:46:41 -0600 Subject: [PATCH] Automation for configuring a worker-only host --- init-rocky-openqa-worker-host.yml | 42 ++++++++++++ tasks/openqa-worker.yml | 66 +++++++++++++++++++ .../firewalld/services/openqa-socket.xml.j2 | 4 ++ templates/etc/openqa/workers.conf.j2 | 9 +++ vars/openqa-worker.yml | 36 ++++++++++ 5 files changed, 157 insertions(+) create mode 100644 init-rocky-openqa-worker-host.yml create mode 100644 tasks/openqa-worker.yml create mode 100644 templates/etc/firewalld/services/openqa-socket.xml.j2 create mode 100644 templates/etc/openqa/workers.conf.j2 create mode 100644 vars/openqa-worker.yml diff --git a/init-rocky-openqa-worker-host.yml b/init-rocky-openqa-worker-host.yml new file mode 100644 index 0000000..fb7ad0e --- /dev/null +++ b/init-rocky-openqa-worker-host.yml @@ -0,0 +1,42 @@ +# Configure an openQA worker host +# This playbook is *NOT* intended for WAN-facing systems! +# +# Created: @akatch +--- +- name: Rocky openQA Worker Runbook + hosts: openqa_workers + become: true + gather_facts: false + vars_files: + - vars/openqa-worker.yml + + # This is to try to avoid the handler issue in pre/post tasks + handlers: + - import_tasks: handlers/main.yml + + pre_tasks: + - name: Check if ansible cannot be run here + stat: + path: /etc/no-ansible + register: no_ansible + + - name: Verify if we can run ansible + assert: + that: + - "not no_ansible.stat.exists" + success_msg: "We are able to run on this node" + fail_msg: "/etc/no-ansible exists - skipping run on this node" + + tasks: + - name: Install and configure OpenQA workers + import_tasks: tasks/openqa-worker.yml + + post_tasks: + - name: Touching run file that ansible has ran here + file: + path: /var/log/ansible.run + state: touch + mode: '0644' + owner: root + group: root +... diff --git a/tasks/openqa-worker.yml b/tasks/openqa-worker.yml new file mode 100644 index 0000000..3b47502 --- /dev/null +++ b/tasks/openqa-worker.yml @@ -0,0 +1,66 @@ +--- +- name: Install OpenQA worker packages + dnf: + name: "{{ openqa_worker_packages }}" + state: present + tags: + - packages + +- name: Create openQA group + group: + name: "{{ openqa_group }}" + system: true + +- name: Create openQA user + user: + name: "{{ openqa_user }}" + groups: "{{ openqa_group }}" + append: true + system: true + +- name: Configure firewalld for openQA worker connections + template: + src: etc/firewalld/services/{{ item }}.xml.j2 + dest: /etc/firewalld/services/{{ item }}.xml + owner: root + group: root + mode: "0644" + loop: + - openqa-socket + - openqa-vnc + tags: + - configure + +- name: Reload firewalld + systemd: + name: firewalld + state: reloaded + tags: + - configure + ignore_errors: "{{ ansible_check_mode }}" + +- name: Write openQA configuration file + template: + src: etc/openqa/{{ item }}.j2 + dest: /etc/openqa/{{ item }} + owner: "{{ openqa_user }}" + group: "{{ openqa_group }}" + mode: "0444" + loop: + - client.conf + - workers.conf + tags: + - configure + +- name: Start {{ openqa_worker_count }} openQA workers + ansible.builtin.systemd: + name: "openqa-worker@{{ item }}" + state: started + enabled: true + # range "end" parameter is exclusive, so add 1 + loop: "{{ range(1, (openqa_worker_count|int + 1)) | list }}" + tags: + - start_workers + - configure + ignore_errors: "{{ ansible_check_mode }}" +... diff --git a/templates/etc/firewalld/services/openqa-socket.xml.j2 b/templates/etc/firewalld/services/openqa-socket.xml.j2 new file mode 100644 index 0000000..4cfc146 --- /dev/null +++ b/templates/etc/firewalld/services/openqa-socket.xml.j2 @@ -0,0 +1,4 @@ + + + + diff --git a/templates/etc/openqa/workers.conf.j2 b/templates/etc/openqa/workers.conf.j2 new file mode 100644 index 0000000..1f1a609 --- /dev/null +++ b/templates/etc/openqa/workers.conf.j2 @@ -0,0 +1,9 @@ +[global] +HOST = https://{{ openqa_host }} +CACHEDIRECTORY = /var/lib/openqa/cache # desired cache location +CACHELIMIT = 50 # max. cache size in GiB, defaults to 50 +CACHE_MIN_FREE_PERCENTAGE = 10 # min. free disk space to preserve in percent +CACHEWORKERS = 5 # number of parallel cache minion workers, defaults to 5 + +[https://{{ openqa_host }}] +TESTPOOLSERVER = rsync://{{ openqa_host }}/tests # also cache tests (via rsync) diff --git a/vars/openqa-worker.yml b/vars/openqa-worker.yml new file mode 100644 index 0000000..4a245ba --- /dev/null +++ b/vars/openqa-worker.yml @@ -0,0 +1,36 @@ +--- +# The primary openQA host +openqa_host: openqa.rockylinux.org +openqa_client_key: 1234567890ABCDEF +openqa_client_secret: 1234567890ABCDEF + +# Default OpenQA user and group +openqa_user: geekotest +openqa_group: geekotest + +# The number of workers to enable on this system +openqa_worker_count: 2 + +# Port range to open for VNC access to local workers. +# The max port should be 5990 + n where n is the total +# number of workers you want to enable on your system. +openqa_min_vnc_port: 5991 +openqa_max_vnc_port: "{{ 5990 + openqa_worker_count|int }}" + +# Port range to open for socket connections from the primary host. +openqa_min_socket_port: 20000 +openqa_max_socket_port: 20089 + +# Packages to install +openqa_worker_packages: + - guestfs-tools + - libguestfs-xfs + - libvirt-daemon-config-network + - virt-install + - openqa-worker + - perl-REST-Client + - python3-libguestfs + - virt-install + - withlock + - firewalld +...