Automation for configuring a worker-only host

init-rocky-openqa-worker-host.yml

@@ -0,0 +1,42 @@
+# Configure an openQA worker host
+# This playbook is *NOT* intended for WAN-facing systems!
+#
+# Created: @akatch
+---
+- name: Rocky openQA Worker Runbook
+  hosts: openqa_workers
+  become: true
+  gather_facts: false
+  vars_files:
+    - vars/openqa-worker.yml
+
+  # This is to try to avoid the handler issue in pre/post tasks
+  handlers:
+    - import_tasks: handlers/main.yml
+
+  pre_tasks:
+    - name: Check if ansible cannot be run here
+      stat:
+        path: /etc/no-ansible
+      register: no_ansible
+
+    - name: Verify if we can run ansible
+      assert:
+        that:
+          - "not no_ansible.stat.exists"
+        success_msg: "We are able to run on this node"
+        fail_msg: "/etc/no-ansible exists - skipping run on this node"
+
+  tasks:
+    - name: Install and configure OpenQA workers
+      import_tasks: tasks/openqa-worker.yml
+
+  post_tasks:
+    - name: Touching run file that ansible has ran here
+      file:
+        path: /var/log/ansible.run
+        state: touch
+        mode: '0644'
+        owner: root
+        group: root
+...

tasks/openqa-worker.yml

@@ -0,0 +1,66 @@
+---
+- name: Install OpenQA worker packages
+  dnf:
+    name: "{{ openqa_worker_packages }}"
+    state: present
+  tags:
+    - packages
+
+- name: Create openQA group
+  group:
+    name: "{{ openqa_group }}"
+    system: true
+
+- name: Create openQA user
+  user:
+    name: "{{ openqa_user }}"
+    groups: "{{ openqa_group }}"
+    append: true
+    system: true
+
+- name: Configure firewalld for openQA worker connections
+  template:
+    src: etc/firewalld/services/{{ item }}.xml.j2
+    dest: /etc/firewalld/services/{{ item }}.xml
+    owner: root
+    group: root
+    mode: "0644"
+  loop:
+    - openqa-socket
+    - openqa-vnc
+  tags:
+    - configure
+
+- name: Reload firewalld
+  systemd:
+    name: firewalld
+    state: reloaded
+  tags:
+    - configure
+  ignore_errors: "{{ ansible_check_mode }}"
+
+- name: Write openQA configuration file
+  template:
+    src: etc/openqa/{{ item }}.j2
+    dest: /etc/openqa/{{ item }}
+    owner: "{{ openqa_user }}"
+    group: "{{ openqa_group }}"
+    mode: "0444"
+  loop:
+    - client.conf
+    - workers.conf
+  tags:
+    - configure
+
+- name: Start {{ openqa_worker_count }} openQA workers
+  ansible.builtin.systemd:
+    name: "openqa-worker@{{ item }}"
+    state: started
+    enabled: true
+  # range "end" parameter is exclusive, so add 1
+  loop: "{{ range(1, (openqa_worker_count|int + 1)) | list }}"
+  tags:
+    - start_workers
+    - configure
+  ignore_errors: "{{ ansible_check_mode }}"
+...

templates/etc/firewalld/services/openqa-socket.xml.j2

@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <port port="{{ openqa_min_socket_port }}-{{ openqa_max_socket_port }}" protocol="tcp"/>
+</service>

templates/etc/openqa/workers.conf.j2

@@ -0,0 +1,9 @@
+[global]
+HOST = https://{{ openqa_host }}
+CACHEDIRECTORY = /var/lib/openqa/cache  # desired cache location
+CACHELIMIT = 50                         # max. cache size in GiB, defaults to 50
+CACHE_MIN_FREE_PERCENTAGE = 10          # min. free disk space to preserve in percent
+CACHEWORKERS = 5                        # number of parallel cache minion workers, defaults to 5
+
+[https://{{ openqa_host }}]
+TESTPOOLSERVER = rsync://{{ openqa_host }}/tests # also cache tests (via rsync)

vars/openqa-worker.yml

@@ -0,0 +1,36 @@
+---
+# The primary openQA host
+openqa_host: openqa.rockylinux.org
+openqa_client_key: 1234567890ABCDEF
+openqa_client_secret: 1234567890ABCDEF
+
+# Default OpenQA user and group
+openqa_user: geekotest
+openqa_group: geekotest
+
+# The number of workers to enable on this system
+openqa_worker_count: 2
+
+# Port range to open for VNC access to local workers.
+# The max port should be 5990 + n where n is the total
+# number of workers you want to enable on your system.
+openqa_min_vnc_port: 5991
+openqa_max_vnc_port: "{{ 5990 + openqa_worker_count|int }}"
+
+# Port range to open for socket connections from the primary host.
+openqa_min_socket_port: 20000
+openqa_max_socket_port: 20089
+
+# Packages to install
+openqa_worker_packages:
+  - guestfs-tools
+  - libguestfs-xfs
+  - libvirt-daemon-config-network
+  - virt-install
+  - openqa-worker
+  - perl-REST-Client
+  - python3-libguestfs
+  - virt-install
+  - withlock
+  - firewalld
+...