Compare commits

...

13 Commits

Author SHA1 Message Date
Al Bowles
1ff3f8e194
Add deployment of Rocky-specific branding to automation 2023-06-28 10:25:51 -05:00
Al Bowles
e1544e9789
WIP: Automation for configuring multivm networking 2023-03-02 21:38:59 -06:00
Al Bowles
a6868ed7a6
Use some more defaulty defaults 2023-02-28 12:55:52 -06:00
Al Bowles
b67107ec77
Add some usages 2023-02-28 12:55:38 -06:00
Al Bowles
7be367f307
It turns out openqa does not like inline comments in its ini files 2023-02-28 12:50:34 -06:00
Al Bowles
f6cb7f343a
Correctly name workers.ini, move worker restart to handler 2023-02-27 21:22:12 -06:00
Al Bowles
fd960f900f
Perform firewalld reload as a handler 2023-02-27 10:07:27 -06:00
Al Bowles
6152baa8ae
Start cache services 2023-02-27 10:03:14 -06:00
Al Bowles
676a3d16c4
Move requirements file to meet convention 2023-02-19 15:23:01 -06:00
Al Bowles
6713c3024c
Add requirements file 2023-02-18 14:43:30 -06:00
Al Bowles
ed3b12a320
Linter fixes 2023-02-18 14:35:36 -06:00
Al Bowles
0f57ce2a83
Update filelist 2023-02-18 13:43:37 -06:00
Al Bowles
af549402d9
Automation for configuring a worker-only host 2023-02-18 13:41:46 -06:00
28 changed files with 665 additions and 43 deletions

View File

@ -1,3 +1,4 @@
---
# .ansible-lint # .ansible-lint
warn_list: warn_list:
- '204' # Lines should be less than 160 characters - '204' # Lines should be less than 160 characters

View File

@ -17,26 +17,30 @@ This repository is for openQA operations and management.
├── handlers ├── handlers
│   └── main.yml │   └── main.yml
├── init-rocky-openqa-developer-host.yml ├── init-rocky-openqa-developer-host.yml
├── localhost.yml ├── init-rocky-openqa-worker-host.yml
├── README.md ├── README.md
├── roles ├── roles
│   └── README.md │   └── README.md
├── tasks ├── tasks
│   ├── main.yml │   ├── main.yml
│   ├── openqa-worker.yml
│   └── openqa.yml │   └── openqa.yml
├── templates ├── templates
│   └── etc │   └── etc
│   ├── firewalld │   ├── firewalld
│   │   └── services │   │   └── services
│   │   ├── openqa-socket.xml.j2
│   │   └── openqa-vnc.xml.j2 │   │   └── openqa-vnc.xml.j2
│   └── openqa │   └── openqa
│   ├── client.conf.j2 │   ├── client.conf.j2
│   └── openqa.ini.j2 │   ├── openqa.ini.j2
│   └── workers.conf.j2
├── tests ├── tests
│   ├── README.md │   ├── README.md
│   └── test.yml │   └── test.yml
└── vars └── vars
├── main.yml ├── main.yml
├── openqa-worker.yml
└── openqa.yml └── openqa.yml
``` ```

View File

@ -0,0 +1,3 @@
---
collections:
- ansible.posix

View File

@ -0,0 +1,14 @@
--- assetpack.def.orig 2023-01-24 03:37:58.521562449 +0000
+++ assetpack.def 2023-01-24 03:38:14.488517673 +0000
@@ -246,6 +246,12 @@
! terminal.svg
< images/terminal.svg
+! rocky.png
+< images/rocky.png
+
+! rocky.svg
+< images/rocky.svg
+
! suse.png
< images/suse.png

Binary file not shown.

After

Width:  |  Height:  |  Size: 34 KiB

View File

@ -0,0 +1,12 @@
<svg width="1101" height="193" viewBox="0 0 1101 193" fill="none" xmlns="http://www.w3.org/2000/svg">
<g clip-path="url(#clip0_1_30)">
<path fill-rule="evenodd" clip-rule="evenodd" d="M186.658 128.658C190.119 118.746 192 108.093 192 97C192 43.9807 149.019 1 96 1C42.9807 1 0 43.9807 0 97C0 123.234 10.523 147.011 27.5783 164.338L124.958 66.9584L149 91L186.658 128.658ZM169.122 159.205L124.958 115.042L55.7978 184.202C68.0269 189.849 81.6455 193 96 193C125.288 193 151.514 179.884 169.122 159.205Z" fill="#10B981"/>
<path d="M251.072 147V46.2H300.32C305.408 46.2 310.064 46.968 314.288 48.504C318.608 50.04 322.304 52.2 325.376 54.984C328.448 57.672 330.848 60.936 332.576 64.776C334.304 68.616 335.168 72.84 335.168 77.448C335.168 83.784 333.344 89.448 329.696 94.44C326.144 99.432 321.392 103.128 315.44 105.528L337.76 147H314.432L294.704 108.408H271.952V147H251.072ZM298.448 64.2H271.952V91.272H298.448C303.152 91.272 306.896 90.024 309.68 87.528C312.56 85.032 314 81.768 314 77.736C314 73.704 312.56 70.44 309.68 67.944C306.896 65.448 303.152 64.2 298.448 64.2ZM339.695 109.56C339.695 104.088 340.703 99 342.719 94.296C344.831 89.496 347.663 85.368 351.215 81.912C354.863 78.36 359.135 75.576 364.031 73.56C368.927 71.544 374.159 70.536 379.727 70.536C385.295 70.536 390.527 71.544 395.423 73.56C400.319 75.576 404.543 78.36 408.095 81.912C411.743 85.368 414.575 89.496 416.591 94.296C418.703 99 419.759 104.088 419.759 109.56C419.759 115.032 418.703 120.168 416.591 124.968C414.575 129.672 411.743 133.752 408.095 137.208C404.543 140.664 400.319 143.4 395.423 145.416C390.527 147.432 385.295 148.44 379.727 148.44C374.159 148.44 368.927 147.432 364.031 145.416C359.135 143.4 354.863 140.664 351.215 137.208C347.663 133.752 344.831 129.672 342.719 124.968C340.703 120.168 339.695 115.032 339.695 109.56ZM379.727 131.304C385.487 131.304 390.383 129.192 394.415 124.968C398.447 120.744 400.463 115.608 400.463 109.56C400.463 103.416 398.447 98.232 394.415 94.008C390.383 89.784 385.487 87.672 379.727 87.672C373.967 87.672 369.071 89.784 365.039 94.008C361.007 98.232 358.991 103.416 358.991 109.56C358.991 115.608 361.007 120.744 365.039 124.968C369.071 129.192 373.967 131.304 379.727 131.304ZM469.168 131.16C472.528 131.16 475.648 130.488 478.528 129.144C481.504 127.8 484.336 125.688 487.024 122.808L498.832 135.048C494.992 139.272 490.384 142.584 485.008 144.984C479.632 147.288 474.064 148.44 468.304 148.44C462.832 148.44 457.648 147.432 452.752 145.416C447.952 143.4 443.776 140.664 440.224 137.208C436.768 133.752 434.032 129.672 432.016 124.968C430 120.168 428.992 115.032 428.992 109.56C428.992 104.088 430 99 432.016 94.296C434.032 89.496 436.768 85.368 440.224 81.912C443.776 78.36 447.952 75.576 452.752 73.56C457.648 71.544 462.832 70.536 468.304 70.536C474.256 70.536 479.968 71.736 485.44 74.136C490.912 76.44 495.568 79.704 499.408 83.928L487.312 96.744C484.624 93.768 481.744 91.512 478.672 89.976C475.6 88.44 472.288 87.672 468.736 87.672C463.072 87.672 458.272 89.784 454.336 94.008C450.496 98.232 448.576 103.416 448.576 109.56C448.576 115.704 450.544 120.84 454.48 124.968C458.512 129.096 463.408 131.16 469.168 131.16ZM509.089 147V46.2L528.817 41.88V103.656L561.217 71.976H583.537L548.401 106.392L585.697 147H560.497L528.817 112.728V147H509.089ZM612.643 150.456L613.795 147.72L584.562 71.976H606.307L624.883 123.096L646.195 71.976H667.507L632.947 152.904C629.107 161.928 624.643 168.36 619.555 172.2C614.467 176.04 607.843 177.96 599.683 177.96C597.955 177.96 596.275 177.864 594.643 177.672C593.107 177.576 591.859 177.384 590.899 177.096V160.104C591.859 160.296 592.867 160.44 593.923 160.536C594.979 160.632 596.275 160.68 597.811 160.68C601.363 160.68 604.339 159.816 606.739 158.088C609.235 156.36 611.203 153.816 612.643 150.456ZM706.744 147V46.2H717.832V137.064H777.88V147H706.744ZM796.963 61.032C795.043 61.032 793.363 60.312 791.923 58.872C790.483 57.432 789.763 55.752 789.763 53.832C789.763 51.816 790.483 50.136 791.923 48.792C793.363 47.352 795.043 46.632 796.963 46.632C798.979 46.632 800.659 47.352 802.003 48.792C803.443 50.136 804.163 51.816 804.163 53.832C804.163 55.752 803.443 57.432 802.003 58.872C800.659 60.312 798.979 61.032 796.963 61.032ZM802.291 74.856V147H791.635V74.856H802.291ZM820.463 147V74.856H831.119V83.352C833.903 80.088 837.215 77.64 841.055 76.008C844.895 74.28 849.167 73.416 853.871 73.416C862.031 73.416 868.703 76.008 873.887 81.192C879.071 86.376 881.663 93.096 881.663 101.352V147H871.151V103.512C871.151 97.176 869.327 92.136 865.679 88.392C862.031 84.648 857.135 82.776 850.991 82.776C846.671 82.776 842.783 83.736 839.327 85.656C835.967 87.576 833.231 90.312 831.119 93.864V147H820.463ZM909.015 74.856V118.344C909.015 124.68 910.839 129.72 914.487 133.464C918.135 137.208 923.031 139.08 929.175 139.08C933.495 139.08 937.335 138.12 940.695 136.2C944.151 134.184 946.935 131.4 949.047 127.848V74.856H959.703V147H949.047V138.648C946.263 141.912 942.951 144.36 939.111 145.992C935.367 147.624 931.143 148.44 926.439 148.44C918.183 148.44 911.463 145.848 906.279 140.664C901.095 135.48 898.503 128.76 898.503 120.504V74.856H909.015ZM969.47 147L997.838 109.848L970.91 74.856H983.582L1004.03 101.928L1024.48 74.856H1036.72L1010.08 109.704L1038.59 147H1025.92L1003.89 117.624L981.566 147H969.47Z" fill="black"/>
<path d="M1048 70.624V54.976H1042.82V51.952H1048V45.856L1051.5 44.944V51.952H1058.75V54.976H1051.5V69.712C1051.5 70.992 1051.79 71.92 1052.37 72.496C1052.94 73.04 1053.89 73.312 1055.2 73.312C1055.87 73.312 1056.46 73.264 1056.98 73.168C1057.52 73.072 1058.1 72.912 1058.7 72.688V75.808C1058.1 76.032 1057.41 76.192 1056.64 76.288C1055.9 76.384 1055.18 76.432 1054.48 76.432C1052.4 76.432 1050.8 75.936 1049.68 74.944C1048.56 73.952 1048 72.512 1048 70.624ZM1062.56 76V51.952H1066.11V54.592C1067 53.568 1068.04 52.8 1069.23 52.288C1070.41 51.744 1071.72 51.472 1073.16 51.472C1074.83 51.472 1076.32 51.872 1077.63 52.672C1078.97 53.44 1080.01 54.496 1080.75 55.84C1081.74 54.368 1082.92 53.28 1084.3 52.576C1085.71 51.84 1087.28 51.472 1089 51.472C1091.6 51.472 1093.71 52.336 1095.34 54.064C1097 55.792 1097.84 58.032 1097.84 60.784V76H1094.33V61.504C1094.33 59.392 1093.77 57.712 1092.65 56.464C1091.53 55.216 1090.01 54.592 1088.09 54.592C1086.78 54.592 1085.58 54.928 1084.49 55.6C1083.4 56.272 1082.48 57.248 1081.71 58.528C1081.77 58.88 1081.82 59.248 1081.85 59.632C1081.92 59.984 1081.95 60.368 1081.95 60.784V76H1078.44V61.504C1078.44 59.392 1077.88 57.712 1076.76 56.464C1075.64 55.216 1074.14 54.592 1072.25 54.592C1070.97 54.592 1069.8 54.896 1068.75 55.504C1067.72 56.08 1066.84 56.944 1066.11 58.096V76H1062.56Z" fill="black"/>
</g>
<defs>
<clipPath id="clip0_1_30">
<rect width="1101" height="193" fill="white"/>
</clipPath>
</defs>
</svg>

After

Width:  |  Height:  |  Size: 6.6 KiB

View File

@ -0,0 +1 @@
%=include 'branding/plain/docbox'

View File

@ -0,0 +1,5 @@
<div class="text-right" id="sponsorbox">
<a href="https://www.rockylinux.org" title="Rocky Linux">
<img alt="sponsor_rocky_linux" width="100%" src="<%= icon_url 'rocky.svg' %>" />
</a>
</div>

View File

@ -0,0 +1,15 @@
--- index.html.ep 2023-01-24 03:34:10.861205160 +0000
+++ index.html.ep 2023-01-24 03:34:44.364110582 +0000
@@ -10,10 +10,10 @@
<div class="jumbotron">
<div class='container'>
<div class="row">
- <div class="col-md-9">
+ <div class="col-md-6">
%= include_branding 'docbox'
</div>
- <div class="col-md-3 hidden-sm-down">
+ <div class="col-md-6 hidden-sm-down">
%= include_branding 'sponsorbox'
</div>
</div>

View File

@ -1,2 +1,15 @@
--- ---
# Handlers - name: Reload firewalld
ansible.builtin.systemd:
name: firewalld
state: reloaded
ignore_errors: "{{ ansible_check_mode }}"
- name: Restart openQA workers
ansible.builtin.systemd:
name: "openqa-worker@{{ item }}"
state: restarted
enabled: true
# range "end" parameter is exclusive, so add 1
loop: "{{ range(1, (openqa_worker_count | int + 1)) | list }}"
ignore_errors: "{{ ansible_check_mode }}"

View File

@ -20,19 +20,21 @@
become: true become: true
vars_files: vars_files:
- vars/openqa.yml - vars/openqa.yml
- vars/openqa_branding.yml
# This is to try to avoid the handler issue in pre/post tasks # This is to try to avoid the handler issue in pre/post tasks
handlers: handlers:
- import_tasks: handlers/main.yml - name: Import handlers
ansible.builtin.import_tasks: handlers/main.yml
pre_tasks: pre_tasks:
- name: Check if ansible cannot be run here - name: Check if ansible cannot be run here
stat: ansible.builtin.stat:
path: /etc/no-ansible path: /etc/no-ansible
register: no_ansible register: no_ansible
- name: Verify if we can run ansible - name: Verify if we can run ansible
assert: ansible.builtin.assert:
that: that:
- "not no_ansible.stat.exists" - "not no_ansible.stat.exists"
success_msg: "We are able to run on this node" success_msg: "We are able to run on this node"
@ -40,11 +42,20 @@
tasks: tasks:
- name: Install and configure OpenQA - name: Install and configure OpenQA
import_tasks: tasks/openqa.yml ansible.builtin.import_tasks: tasks/openqa.yml
- name: Apply Rocky Linux OpenQA Branding
ansible.builtin.import_tasks: tasks/openqa_branding.yml
- name: Configure multivm networking
ansible.builtin.import_tasks: tasks/openqa-multivm-networking.yml
vars:
openqa_multivm_bridge_interface: br0
tags: multivm
post_tasks: post_tasks:
- name: Touching run file that ansible has ran here - name: Touching run file that ansible has ran here
file: ansible.builtin.file:
path: /var/log/ansible.run path: /var/log/ansible.run
state: touch state: touch
mode: '0644' mode: '0644'

View File

@ -0,0 +1,49 @@
# Configure an openQA worker host
#
# Usages:
# # Install and configure an openQA worker-only host
# ansible-playbook init-rocky-openqa-worker-host.yml
#
# # Install and configure an openQA worker-only host with a parameters file
# ansible-playbook init-rocky-openqa-worker-host.yml -e @my-worker-host.yml
#
# Created: @akatch
---
- name: Rocky openQA Worker Runbook
hosts: openqa_workers
become: true
gather_facts: false
vars_files:
- vars/openqa-worker.yml
# This is to try to avoid the handler issue in pre/post tasks
handlers:
- name: Import handlers
ansible.builtin.import_tasks: handlers/main.yml
pre_tasks:
- name: Check if ansible cannot be run here
ansible.builtin.stat:
path: /etc/no-ansible
register: no_ansible
- name: Verify if we can run ansible
ansible.builtin.assert:
that:
- "not no_ansible.stat.exists"
success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node"
tasks:
- name: Install and configure OpenQA workers
ansible.builtin.import_tasks: tasks/openqa-worker.yml
post_tasks:
- name: Touching run file that ansible has ran here
ansible.builtin.file:
path: /var/log/ansible.run
state: touch
mode: '0644'
owner: root
group: root
...

View File

@ -0,0 +1,54 @@
# Sets up local OpenQA testing environment
# This playbook is *NOT* intended for WAN-facing systems!
#
# Usages:
# # Install and configure an openQA developer host, download all current Rocky ISOs,
# # and POST a test job
# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml
#
# # Only perform ISO download tasks
# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml --tags=download_isos
#
# # Only perform configuration, do not download ISOs or POST a job
# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml --tags=configure
#
# Created: @akatch
---
- name: Rocky OpenQA Runbook
hosts: localhost
connection: local
become: true
vars_files:
- vars/openqa.yml
# This is to try to avoid the handler issue in pre/post tasks
handlers:
- name: Import handlers
ansible.builtin.import_tasks: handlers/main.yml
pre_tasks:
- name: Check if ansible cannot be run here
ansible.builtin.stat:
path: /etc/no-ansible
register: no_ansible
- name: Verify if we can run ansible
ansible.builtin.assert:
that:
- "not no_ansible.stat.exists"
success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node"
tasks:
- name: Remove openqa multivm networking configs
ansible.builtin.import_tasks: tasks/remove_openqa-multivm-networking.yml
post_tasks:
- name: Touching run file that ansible has ran here
ansible.builtin.file:
path: /var/log/ansible.run
state: touch
mode: '0644'
owner: root
group: root
...

View File

@ -1,4 +0,0 @@
---
# No tasks
- debug: msg="No tasks are provided here. Please import the task as needed in your playbook."
...

View File

@ -0,0 +1,133 @@
---
# {{ openqa_multivm_bridge_interface }} should not exist or we should use a different name
- name: Assert bridge interface does not exist
ansible.builtin.assert:
that:
- 'openqa_multivm_bridge_interface not in ansible_interfaces'
success_msg: 'interface does not exist, can proceed'
fail_msg: '{{ openqa_multivm_bridge_interface }} already exists, please supply an alternative'
- name: Install multivm networking packages
ansible.builtin.dnf:
pkg:
- os-autoinst-openvswitch
- tunctl
- network-scripts
- name: Create /etc/sysconfig/os-autoinst-openvswitch
ansible.builtin.copy:
dest: /etc/sysconfig/os-autoinst-openvswitch
mode: '0644'
content: |
OS_AUTOINST_BRIDGE_LOCAL_IP=172.16.2.2
OS_AUTOINST_BRIDGE_REWRITE_TARGET=172.17.0.0
OS_AUTOINST_USE_BRIDGE={{ openqa_multivm_bridge_interface }}
notify: restart_os-autoinst-openvswitch
- name: Create bridge interface configuration
ansible.builtin.copy:
dest: /etc/sysconfig/network-scripts/ifcfg-{{ openqa_multivm_bridge_interface }}
mode: '0644'
content: |
DEVICETYPE='ovs'
TYPE='OVSBridge'
BOOTPROTO='static'
IPADDR='172.16.2.2'
NETMASK='255.254.0.0'
DEVICE={{ openqa_multivm_bridge_interface }}
STP=off
ONBOOT='yes'
NAME='{{ openqa_multivm_bridge_interface }}'
HOTPLUG='no'
- name: Create worker tap interface configs
ansible.builtin.copy:
dest: /etc/sysconfig/network-scripts/ifcfg-tap{{ item }}
mode: '0644'
content: |
DEVICETYPE='ovs'
TYPE='OVSPort'
OVS_BRIDGE='{{ openqa_multivm_bridge_interface }}'
DEVICE='tap{{ item }}'
ONBOOT='yes'
BOOTPROTO='none'
HOTPLUG='no'
loop: "{{ range(openqa_worker_count) | list }}"
- name: Update /sbin/ifup-pre-local
ansible.builtin.template:
src: sbin/ifup-pre-local.j2
dest: /sbin/ifup-pre-local
mode: 'ug+x'
- name: Enable bridge interface for internal zone
ansible.posix.firewalld:
permanent: true
interface: '{{ openqa_multivm_bridge_interface }}'
state: enabled
zone: internal
notify: reload_firewalld
- name: Enable masquerade for public and internal zones
ansible.posix.firewalld:
masquerade: true
permanent: true
state: enabled
zone: '{{ item }}'
loop:
- public
- internal
notify: reload_firewalld
- name: Enable ipv4 IP forwarding
ansible.posix.sysctl:
name: net.ipv4.ip_forward
value: '1'
state: present
sysctl_file: /etc/sysctl.d/ip-forward.conf
sysctl_set: true
- name: Set-target ACCEPT on public zone
ansible.posix.firewalld:
permanent: true
state: present
zone: public
target: ACCEPT
notify: reload_firewalld
# Only needed for multi-host setups
- name: Add port for GRE tunnel
ansible.posix.firewalld:
permanent: true
port: 1723/tcp
state: enabled
- name: Enable openvswitch services
ansible.builtin.systemd_service:
name: "{{ item }}"
state: started
enabled: true
loop:
- openvswitch
- network
- os-autoinst-openvswitch
ignore_errors: "{{ ansible_check_mode }}"
- name: Set WORKER_CLASS for tap interfaces
community.general.ini_file:
path: /etc/openqa/workers.ini
section: global
option: WORKER_CLASS
value: qemu_x86_64,tap
state: present
mode: '0644'
notify: restart_openqa_services
- name: Enable bridge interface for openvswitch
ansible.builtin.command: ovs-vsctl add-br {{ openqa_multivm_bridge_interface }}
changed_when: true
- name: Enable capability
ansible.builtin.command: setcap CAP_NET_ADMIN=ep /usr/bin/qemu-system-x86_64
changed_when: true
...

57
tasks/openqa-worker.yml Normal file
View File

@ -0,0 +1,57 @@
---
- name: Install OpenQA worker packages
ansible.builtin.dnf:
name: "{{ openqa_worker_packages }}"
state: present
tags:
- packages
- name: Create openQA group
ansible.builtin.group:
name: "{{ openqa_group }}"
system: true
- name: Create openQA user
ansible.builtin.user:
name: "{{ openqa_user }}"
groups: "{{ openqa_group }}"
append: true
system: true
- name: Configure firewalld for openQA worker connections
ansible.builtin.template:
src: etc/firewalld/services/{{ item }}.xml.j2
dest: /etc/firewalld/services/{{ item }}.xml
owner: root
group: root
mode: "0644"
loop:
- openqa-socket
- openqa-vnc
tags:
- configure
notify: Reload firewalld
- name: Write openQA configuration file
ansible.builtin.template:
src: etc/openqa/{{ item }}.j2
dest: /etc/openqa/{{ item }}
owner: "{{ openqa_user }}"
group: "{{ openqa_group }}"
mode: "0444"
loop:
- client.conf
- workers.ini
tags:
- configure
notify: Restart openQA workers
- name: Start openQA cache services
ansible.builtin.systemd:
name: "{{ item }}"
state: started
enabled: true
loop:
- openqa-worker-cacheservice
- openqa-worker-cacheservice-minion
...

View File

@ -1,13 +1,13 @@
--- ---
- name: Install OpenQA packages - name: Install OpenQA packages
yum: ansible.builtin.yum:
name: "{{ openqa_packages }}" name: "{{ openqa_packages }}"
state: present state: present
tags: tags:
- packages - packages
- name: Copy httpd configuration files - name: Copy httpd configuration files
copy: ansible.builtin.copy:
remote_src: true remote_src: true
src: /etc/httpd/conf.d/{{ item }}.template src: /etc/httpd/conf.d/{{ item }}.template
dest: /etc/httpd/conf.d/{{ item }} dest: /etc/httpd/conf.d/{{ item }}
@ -22,7 +22,7 @@
- configure - configure
- name: Template OpenQA configuration files - name: Template OpenQA configuration files
template: ansible.builtin.template:
src: etc/openqa/{{ item }}.j2 src: etc/openqa/{{ item }}.j2
dest: /etc/openqa/{{ item }} dest: /etc/openqa/{{ item }}
owner: "{{ openqa_user }}" owner: "{{ openqa_user }}"
@ -35,20 +35,21 @@
- configure - configure
- name: Get service facts - name: Get service facts
service_facts: ansible.builtin.service_facts:
- name: Check for non-empty postgres data directory - name: Check for non-empty postgres data directory
stat: ansible.builtin.stat:
path: /var/lib/pgsql/data/base path: /var/lib/pgsql/data/base
register: postgres_data_dir register: postgres_data_dir
- name: If postgresql is not already running, initialize database - name: If postgresql is not already running, initialize database
command: postgresql-setup --initdb ansible.builtin.command: postgresql-setup --initdb
when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" ) when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" )
and not postgres_data_dir.stat.exists and not postgres_data_dir.stat.exists
changed_when: true
- name: Enable and start postgresql service - name: Enable and start postgresql service
systemd: ansible.builtin.systemd:
name: postgresql name: postgresql
state: started state: started
enabled: true enabled: true
@ -56,7 +57,7 @@
and not postgres_data_dir.stat.exists and not postgres_data_dir.stat.exists
- name: Configure SELinux to allow httpd connection to network - name: Configure SELinux to allow httpd connection to network
seboolean: ansible.posix.seboolean:
name: httpd_can_network_connect name: httpd_can_network_connect
state: true state: true
persistent: true persistent: true
@ -64,7 +65,7 @@
- configure - configure
- name: Enable and start OpenQA services - name: Enable and start OpenQA services
systemd: ansible.builtin.systemd:
name: "{{ item }}" name: "{{ item }}"
state: started state: started
enabled: true enabled: true
@ -73,7 +74,7 @@
- configure - configure
- name: Create openqa-vnc firewalld service - name: Create openqa-vnc firewalld service
template: ansible.builtin.template:
src: etc/firewalld/services/openqa-vnc.xml.j2 src: etc/firewalld/services/openqa-vnc.xml.j2
dest: /etc/firewalld/services/openqa-vnc.xml dest: /etc/firewalld/services/openqa-vnc.xml
owner: root owner: root
@ -83,13 +84,13 @@
- configure - configure
- name: Load openqa-vnc firewalld service - name: Load openqa-vnc firewalld service
systemd: ansible.builtin.systemd:
name: firewalld name: firewalld
state: reloaded state: reloaded
tags: tags:
- configure - configure
- name: Permit traffic for {{ item }} service - name: Permit traffic for http and openqa-vnc services
ansible.posix.firewalld: ansible.posix.firewalld:
service: "{{ item }}" service: "{{ item }}"
permanent: true permanent: true
@ -101,21 +102,21 @@
- configure - configure
- name: Reload FirewallD - name: Reload FirewallD
systemd: ansible.builtin.systemd:
name: firewalld name: firewalld
state: reloaded state: reloaded
tags: tags:
- configure - configure
- name: Check for existing repository - name: Check for existing repository
stat: ansible.builtin.stat:
path: "{{ openqa_homedir }}/share/tests/rocky" path: "{{ openqa_homedir }}/share/tests/rocky"
register: rocky_testing_repo register: rocky_testing_repo
tags: tags:
- configure - configure
- name: Clone repository if it does not already exist - name: Clone repository if it does not already exist
git: ansible.builtin.git:
accept_hostkey: true accept_hostkey: true
dest: "{{ openqa_homedir }}/share/tests/rocky" dest: "{{ openqa_homedir }}/share/tests/rocky"
repo: "{{ openqa_rocky_testing_repo }}" repo: "{{ openqa_rocky_testing_repo }}"
@ -125,7 +126,7 @@
- configure - configure
- name: Set owner/group/permissions on repo contents - name: Set owner/group/permissions on repo contents
file: ansible.builtin.file:
path: "{{ openqa_homedir }}/share/tests/rocky" path: "{{ openqa_homedir }}/share/tests/rocky"
recurse: true recurse: true
owner: "{{ openqa_user }}" owner: "{{ openqa_user }}"
@ -136,17 +137,17 @@
# fifloader.py will fail if the Demo user is not logged in # fifloader.py will fail if the Demo user is not logged in
- name: Authenticate to web UI the first time - name: Authenticate to web UI the first time
uri: ansible.builtin.uri:
url: "http://{{ openqa_host }}/login" url: "http://{{ openqa_host }}/login"
- name: Run fifloader.py - name: Run fifloader.py
command: ./fifloader.py -l -c templates.fif.json templates-updates.fif.json ansible.builtin.command: ./fifloader.py -l -c templates.fif.json templates-updates.fif.json
changed_when: "1 != 1" changed_when: "1 != 1"
args: args:
chdir: "{{ openqa_homedir }}/share/tests/rocky" chdir: "{{ openqa_homedir }}/share/tests/rocky"
- name: Create ISO directory - name: Create ISO directory
file: ansible.builtin.file:
path: "{{ openqa_homedir }}/share/factory/iso/fixed" path: "{{ openqa_homedir }}/share/factory/iso/fixed"
state: directory state: directory
owner: "{{ openqa_user }}" owner: "{{ openqa_user }}"
@ -156,7 +157,7 @@
- download_isos - download_isos
- name: Download ISOs - name: Download ISOs
get_url: ansible.builtin.get_url:
dest: "{{ openqa_homedir }}/share/factory/iso/fixed/{{ item.name }}" dest: "{{ openqa_homedir }}/share/factory/iso/fixed/{{ item.name }}"
url: "{{ rocky_iso_download_url }}/{{ item.name }}" url: "{{ rocky_iso_download_url }}/{{ item.name }}"
checksum: "{{ item.checksum }}" checksum: "{{ item.checksum }}"
@ -168,19 +169,19 @@
tags: tags:
- download_isos - download_isos
- name: Start {{ openqa_worker_count }} OpenQA workers - name: Start OpenQA workers
ansible.builtin.systemd: ansible.builtin.systemd:
name: "openqa-worker@{{ item }}" name: "openqa-worker@{{ item }}"
state: started state: started
enabled: true enabled: true
# range 'end' parameter is exclusive, so add 1 # range 'end' parameter is exclusive, so add 1
loop: "{{ range(1, (openqa_worker_count|int + 1)) | list }}" loop: "{{ range(1, (openqa_worker_count | int + 1)) | list }}"
tags: tags:
- start_workers - start_workers
- configure - configure
- name: POST a job - name: POST a job
command: | ansible.builtin.command: |
openqa-cli api -X POST isos \ openqa-cli api -X POST isos \
ISO=Rocky-{{ rocky_version }}-{{ rocky_arch }}-minimal.iso \ ISO=Rocky-{{ rocky_version }}-{{ rocky_arch }}-minimal.iso \
ARCH={{ rocky_arch }} \ ARCH={{ rocky_arch }} \

35
tasks/openqa_branding.yml Normal file
View File

@ -0,0 +1,35 @@
---
- name: Copy assets hierarchy
ansible.posix.synchronize:
src: "{{ assets_src_dir }}/"
dest: "{{ assets_dest_dir }}"
recursive: true
tags:
- branding
- name: Copy templates hierarchy
ansible.posix.synchronize:
src: "{{ templates_src_dir }}/"
dest: "{{ templates_dest_dir }}"
recursive: true
tags:
- branding
- name: Apply patches to specific assets, template and config files
ansible.posix.patch:
src: "{{ item.patch }}"
dest: "{{ item.path }}"
# optional parameters, see documentation for details
# strip: 1
backup: true
with_items: "{{ branding_patches }}"
tags:
- branding
- name: Restart openqa-webui service
ansible.builtin.systemd:
name: openqa-webui
state: restarted
tags:
- branding
...

View File

@ -0,0 +1,92 @@
---
- name: Remove files
ansible.builtin.file:
path: '{{ item }}'
state: absent
loop:
- /etc/sysconfig/os-autoinst-openvswitch
- /etc/sysconfig/network-scripts/ifcfg-{{ openqa_multivm_bridge_interface }}
- name: Remove tap interface configurations
ansible.builtin.file:
path: /etc/sysconfig/network-scripts/ifcfg-tap{{ item }}
state: absent
loop: "{{ range(openqa_worker_count | int) | list }}"
- name: Delete bridge interface
ansible.builtin.command: ovs-vsctl del-br {{ openqa_multivm_bridge_interface }}
changed_when: true
- name: Disable openvswitch services
ansible.builtin.systemd:
name: "{{ item }}"
state: stopped
enabled: false
loop:
- os-autoinst-openvswitch
- openvswitch
- name: Remove packages
ansible.builtin.dnf:
pkg:
- os-autoinst-openvswitch
- tunctl
- network-scripts
state: absent
- name: Remove /sbin/ifup-pre-local
ansible.builtin.file:
path: /sbin/ifup-pre-local
state: absent
- name: Disable bridge interface for internal zone
ansible.posix.firewalld:
permanent: true
interface: br0
state: disabled
zone: internal
notify: reload_firewalld
- name: Disable masquerade for public and internal zones
ansible.posix.firewalld:
masquerade: true
permanent: true
state: disabled
zone: '{{ item }}'
loop:
- public
- internal
notify: reload_firewalld
- name: Disable ipv4 IP forwarding
ansible.posix.sysctl:
name: net.ipv4.ip_forward
value: '1'
state: absent
sysctl_file: /etc/sysctl.d/ip-forward.conf
sysctl_set: true
- name: Set-target ACCEPT on public zone
ansible.posix.firewalld:
permanent: true
state: absent
zone: public
target: ACCEPT
notify: reload_firewalld
- name: Remove port for GRE tunnel
ansible.posix.firewalld:
permanent: true
port: 1723/tcp
state: disabled
notify: reload_firewalld
- name: Set WORKER_CLASS for tap interfaces
community.general.ini_file:
path: /etc/openqa/workers.ini
section: global
option: WORKER_CLASS
value: qemu_x86_64,tap
state: absent
mode: '0644'
...

42
tasks/remove_openqa.yml Normal file
View File

@ -0,0 +1,42 @@
---
- name: Uninstall OpenQA packages
ansible.builtin.yum:
name: "{{ openqa_packages }}"
state: absent
- name: Delete OpenQA files and directories
ansible.builtin.file:
path: "{{ item }}"
state: absent
loop:
- "{{ openqa_homedir }}"
- /var/lib/pgsql
- /etc/openqa
- /etc/httpd/conf.d/openqa.conf
- /etc/httpd/conf.d/openqa-ssl.conf
- name: Disable httpd_can_network_connect
ansible.posix.seboolean:
name: httpd_can_network_connect
state: false
persistent: true
- name: Deny traffic for services
ansible.posix.firewalld:
service: "{{ item }}"
permanent: true
state: disabled
loop:
- http
- openqa-vnc
- name: Deny VNC traffic for local workers
ansible.posix.firewalld:
port: "{{ openqa_min_vnc_port }}-{{ openqa_max_vnc_port }}/tcp"
permanent: true
state: disabled
- name: Reload FirewallD
ansible.builtin.systemd:
name: firewalld
state: reloaded

View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<port port="{{ openqa_min_socket_port }}-{{ openqa_max_socket_port }}" protocol="tcp"/>
</service>

View File

@ -1,5 +1,5 @@
[global] [global]
branding=plain branding = {{ openqa_branding }}
download_domains = rockylinux.org fedoraproject.org opensuse.org download_domains = rockylinux.org fedoraproject.org opensuse.org
[auth] [auth]

View File

@ -0,0 +1,7 @@
[global]
HOST = https://{{ openqa_host }}
CACHEDIRECTORY = /var/lib/openqa/cache
CACHE_MIN_FREE_PERCENTAGE = 10
[https://{{ openqa_host }}]
TESTPOOLSERVER = rsync://{{ openqa_host }}/tests

View File

@ -0,0 +1,20 @@
#!/bin/sh
if=$(echo "$1" | sed -e 's,ifcfg-,,')
iftype=$(echo "$if" | sed -e 's,[0-9]\+$,,')
# if the interface being brought up is tap[n], create
# the tap device first
if [ "$iftype" == "tap" ]; then
tunctl -u _openqa-worker -p -t "$if"
fi
# if the interface being brough up is {{ openqa_multivm_bridge_interface }}, create
# the gre tunnels
if [ "$if" == "{{ openqa_multivm_bridge_interface }}" ]; then
ovs-vsctl set bridge {{ openqa_multivm_bridge_interface }} stp_enable=true
# This is only needed for multi-host setups
{% for w in range(1, openqa_worker_count+1) %}
#ovs-vsctl --may-exist add-port {{ openqa_multivm_bridge_interface }} gre{{ w }} -- set interface gre{{ w }} type=gre options:remote_ip=172.16.2.{{ 2 + w|int }}
{% endfor %}
fi

View File

@ -1,5 +1,9 @@
--- ---
- hosts: localhost - name: Run tests
hosts: localhost
remote_user: root remote_user: root
tasks: tasks:
- import_tasks: example.yml - name: Ensure required variables are defined
ansible.builtin.assert:
that:
- openqa_host is defined

35
vars/openqa-worker.yml Normal file
View File

@ -0,0 +1,35 @@
---
# The primary openQA host
openqa_host: localhost
openqa_client_key: 1234567890ABCDEF
openqa_client_secret: 1234567890ABCDEF
# Default OpenQA user and group
openqa_user: geekotest
openqa_group: geekotest
# The number of workers to enable on this system
openqa_worker_count: 1
# Port range to open for VNC access to local workers.
# The max port should be 5990 + n where n is the total
# number of workers you want to enable on your system.
openqa_min_vnc_port: 5991
openqa_max_vnc_port: "{{ 5990 + openqa_worker_count | int }}"
# Port range to open for socket connections from the primary host.
openqa_min_socket_port: 20000
openqa_max_socket_port: 20089
# Packages to install
openqa_worker_packages:
- firewalld
- guestfs-tools
- libguestfs-xfs
- libvirt-daemon-config-network
- openqa-worker
- perl-REST-Client
- python3-libguestfs
- virt-install
- withlock
...

View File

@ -45,7 +45,7 @@ openqa_worker_count: 1
# The max port should be 5990 + n where n is the total # The max port should be 5990 + n where n is the total
# number of workers you want to enable on your system. # number of workers you want to enable on your system.
openqa_min_vnc_port: 5991 openqa_min_vnc_port: 5991
openqa_max_vnc_port: "{{ 5990 + openqa_worker_count|int }}" openqa_max_vnc_port: "{{ 5990 + openqa_worker_count | int }}"
# Packages to install # Packages to install
openqa_packages: openqa_packages:

14
vars/openqa_branding.yml Normal file
View File

@ -0,0 +1,14 @@
---
# Branding type used, default is plain but we are rocky
openqa_branding: "rocky"
assets_src_dir: "{{ playbook_dir }}/files/usr/share/openqa/assets"
assets_dest_dir: "/usr/share/openqa/assets"
templates_src_dir: "{{ playbook_dir }}/files/usr/share/openqa/templates"
templates_dest_dir: "/usr/share/openqa/templates"
branding_patches:
- {path: /usr/share/openqa/assets/assetpack.def, patch: /usr/share/openqa/assets/assetpack.def.patch}
- {path: /usr/share/openqa/templates/webapi/main/index.html.ep, patch: /usr/share/openqa/templates/webapi/main/index.html.ep.patch}
...