raktajino/ansible-openqa-management
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: raktajino:02295c1b32d3626bd3cd4d2023ea20aa88fe6597
Branches Tags
raktajino:worker_host
raktajino:devbox_refinements
...
compare: raktajino:2d2ef95f0aac3bfb58d4eda34350ff2cdc87f0b0
Branches Tags
raktajino:devbox_refinements
raktajino:worker_host

10 Commits
02295c1b32 ... 2d2ef95f0a

Author SHA1 Message Date
Al Bowles
2d2ef95f0a
Update filelist 2023-02-18 12:51:51 -06:00
Al Bowles
6911a4c8a7
Initial commit 2023-02-18 12:45:36 -06:00
Louis Abel
59c82413e2
corrections to pre-commit 2023-02-15 16:49:12 -07:00
Louis Abel
4c45c3f335
update pre-commit config 2023-02-15 16:43:05 -07:00
Louis Abel
cc58d6f788
update readme 2023-02-15 16:39:28 -07:00
nazunalika
af593e4ea4
add .gitignore 2022-03-27 22:02:31 -07:00
nazunalika
8272aa8b1b
add gitignore file for inventory 2022-03-23 15:22:22 -07:00
nazunalika
167e42f24d
Update readme 2022-03-08 00:48:28 -07:00
nazunalika
883e8487c3
adding lint configs 2021-02-11 01:56:38 -07:00
nazunalika
3df9ac9359
adding because of our names 2021-02-11 01:37:39 -07:00
12 changed files with 383 additions and 103 deletions
Show Stats Expand all files Collapse all files

6
.ansible-lint Normal file
View File

@ -0,0 +1,6 @@
# .ansible-lint
warn_list:
- '204' # Lines should be less than 160 characters
- '701' # meta/main.yml should contain relevant info
skip_list:
- '106' # Role name must match ^[a-z][a-z0-9_]+$ pattern

7
.gitignore vendored Normal file
View File

@ -0,0 +1,7 @@
inventory
roles/*
collections/*
!roles/README.md
!roles/requirements.yml
!collections/README.md
!collections/requirements.yml

8
.pre-commit-config.yaml
View File

@ -1,7 +1,7 @@
--- ---
repos: repos:
- repo: https://github.com/pre-commit/pre-commit-hooks - repo: https://github.com/pre-commit/pre-commit-hooks
rev: v3.4.0 rev: v4.4.0
hooks: hooks:
- id: trailing-whitespace - id: trailing-whitespace
- id: end-of-file-fixer - id: end-of-file-fixer
@ -17,15 +17,17 @@ repos:
- id: ansible-lint - id: ansible-lint
name: Ansible-lint name: Ansible-lint
description: This hook runs ansible-lint. description: This hook runs ansible-lint.
entry: ansible-lint --force-color entry: ansible-lint -v --force-color
language: python language: python
# do not pass files to ansible-lint, see: # do not pass files to ansible-lint, see:
# https://github.com/ansible/ansible-lint/issues/611 # https://github.com/ansible/ansible-lint/issues/611
pass_filenames: false pass_filenames: false
always_run: true always_run: true
additional_dependencies:
- ansible-core>=2.13.3
- repo: https://github.com/adrienverge/yamllint.git - repo: https://github.com/adrienverge/yamllint.git
rev: v1.26.0 rev: v1.29.0
hooks: hooks:
- id: yamllint - id: yamllint
files: \.(yaml|yml)$ files: \.(yaml|yml)$

7
.yamllint Normal file
View File

@ -0,0 +1,7 @@
---
extends: default
rules:
line-length:
max: 140
level: warning

122
README.md
View File

@ -1,121 +1,45 @@
# Ansible AWX Template: Template # Ansible AWX Template: openQA Management
Ansible AWX is the method used for the Rocky Linux infrastructure, as a replacement for using the CLI. This template should be copied, as to manage playbooks and tasks into reproducible, repeatable, and organized manner. Ansible AWX is the method used for the Rocky Linux infrastructure, as a replacement for using the CLI.
## Provides / Information ## Provides / Information
This repository is for AWX templates. This repository is for openQA operations and management.
``` ```
. .
├── README.md ├── collections
│   └── README.md
├── defaults ├── defaults
│   └── main.yml │   └── main.yml
├── files ├── files
│   └── README.md │   └── README.md
├── handlers ├── handlers
│   └── main.yml │   └── main.yml
├── tasks ├── init-rocky-openqa-developer-host.yml
│   └── main.yml ├── localhost.yml
├── templates ├── README.md
├── roles
│   └── README.md │   └── README.md
├── tasks
│   ├── main.yml
│   └── openqa.yml
├── templates
│   └── etc
│   ├── firewalld
│   │   └── services
│   │   └── openqa-vnc.xml.j2
│   └── openqa
│   ├── client.conf.j2
│   └── openqa.ini.j2
├── tests ├── tests
│   ├── README.md │   ├── README.md
│   ├── inventory
│   └── test.yml │   └── test.yml
└── vars └── vars
└── main.yml ├── main.yml
└── openqa.yml
``` ```
## Guidelines ## Guidelines
These are the general guidelines for creating and maintaining these repositories. Please read carefully to ensure that you are meeting the criteria. These guidelines can be found either on the Rocky Linux Wiki or the Infrastructure Wiki.
1. Copy this template into a new repository with the format `ansible-type-usage`. For example, if this is for ipa management, you could use a name like `ansible-ipa-management`.
2. Change the top of the `README.md` from "Template" to an appropriate name for your repo.
3. Modify the `README.md` file at the Provides/Information section of what these tasks do. Please be descriptive and list all of the playbooks and accompanying tasks (see the example). Hint: Use the `tree` command.
4. List any requirements to run the playbooks, such as vars, mandatory or optional in playbooks. Optionally, you may list them in the `README.md` here.
5. Run `pre-commit install` - There is already a provided `.pre-commit-config.yaml` with some default settings.
6. (Optional) Remove everything starting at "Guidelines" in this README to reduce clutter.
## GitLab Steps
1. Create a new project
2. Click "import project"
3. Click "Repo by URL"
4. Put in the URL: https://git.rockylinux.org/infrastructure/public/ansible/ansible-awx-template.git
5. Type in the project name as outlined in `Guidelines` above
6. Ensure your project URL and slug are appropriate
## Designing Playbooks
Generally, your playbooks should be doing the following:
1. Checking if ansible can be ran on a specific host
2. Asserting if variables are filled and are correctly formed
3. Importing tasks from the `./tasks` directory
4. Importing roles, if necessary
5. Post tasks, if necessary
**Note**: At no point should you be using `./tasks/main.yml`
### Pre-flight and Post-flight tasks
```
pre_tasks:
- name: Check if ansible cannot be run here
stat:
path: /etc/no-ansible
register: no_ansible
- name: Verify if we can run ansible
assert:
that:
- "not no_ansible.stat.exists"
success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node"
# Assertions and other checks here
# Import roles/tasks here
post_tasks:
- name: Touching run file that ansible has ran here
file:
path: /var/log/ansible.run
state: touch
mode: '0644'
owner: root
group: root
```
### Comments
Each playbook should have comments or a name descriptor that explains what the playbook does or how it is used. If not available, README-... files can be used in place, especially in the case of adhoc playbooks that take input. Documentation for each playbook/role does not have to be on this wiki. Comments or README's should be sufficient.
### Tags
Ensure that you use relevant tags where necessary for your tasks.
### Playbook naming
```
init-* -> Starting infrastructure playbooks that run solo or import other
playbooks that start with import-
adhoc -> These playbooks are one-off playbooks that can be used on the CLI or
in AWX. These are typically for basic tasks.
import -> Playbooks that should be imported from the top level playbooks
role-* -> These playbooks call roles specifically for infrastructure tasks.
Playbooks that do not call a role should be named init or adhoc based
on their usage.
```
### Pre-commits / linting
When pushing to your own forked version of this repository, pre-commit must run to verify your changes. They must be passing to be pushed up. This is an absolute requirement, even for roles.
When the linter passes, the push will complete and you will be able to open a PR.
## How are these repositories used?
These repositories are generally cloned/pulled into AWX for the latest version, so they can be called within AWX either by hand or at a scheduled time.

53
init-rocky-openqa-developer-host.yml Normal file
View File

@ -0,0 +1,53 @@
# Sets up local OpenQA testing environment
# This playbook is *NOT* intended for WAN-facing systems!
#
# Usages:
# # Install and configure an openQA developer host, download all current Rocky ISOs,
# # and POST a test job
# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml
#
# # Only perform ISO download tasks
# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml --tags=download_isos
#
# # Only perform configuration, do not download ISOs or POST a job
# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml --tags=configure
#
# Created: @akatch
---
- name: Rocky OpenQA Runbook
hosts: localhost
connection: local
become: true
vars_files:
- vars/openqa.yml
# This is to try to avoid the handler issue in pre/post tasks
handlers:
- import_tasks: handlers/main.yml
pre_tasks:
- name: Check if ansible cannot be run here
stat:
path: /etc/no-ansible
register: no_ansible
- name: Verify if we can run ansible
assert:
that:
- "not no_ansible.stat.exists"
success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node"
tasks:
- name: Install and configure OpenQA
import_tasks: tasks/openqa.yml
post_tasks:
- name: Touching run file that ansible has ran here
file:
path: /var/log/ansible.run
state: touch
mode: '0644'
owner: root
group: root
...

192
tasks/openqa.yml Normal file
View File

@ -0,0 +1,192 @@
---
- name: Install OpenQA packages
yum:
name: "{{ openqa_packages }}"
state: present
tags:
- packages
- name: Copy httpd configuration files
copy:
remote_src: true
src: /etc/httpd/conf.d/{{ item }}.template
dest: /etc/httpd/conf.d/{{ item }}
mode: '0644'
owner: root
group: root
loop:
- openqa.conf
- openqa-ssl.conf
notify: restart_httpd
tags:
- configure
- name: Template OpenQA configuration files
template:
src: etc/openqa/{{ item }}.j2
dest: /etc/openqa/{{ item }}
owner: "{{ openqa_user }}"
group: "{{ openqa_group }}"
mode: "0444"
loop:
- openqa.ini
- client.conf
tags:
- configure
- name: Get service facts
service_facts:
- name: Check for non-empty postgres data directory
stat:
path: /var/lib/pgsql/data/base
register: postgres_data_dir
- name: If postgresql is not already running, initialize database
command: postgresql-setup --initdb
when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" )
and not postgres_data_dir.stat.exists
- name: Enable and start postgresql service
systemd:
name: postgresql
state: started
enabled: true
when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" )
and not postgres_data_dir.stat.exists
- name: Configure SELinux to allow httpd connection to network
seboolean:
name: httpd_can_network_connect
state: true
persistent: true
tags:
- configure
- name: Enable and start OpenQA services
systemd:
name: "{{ item }}"
state: started
enabled: true
loop: "{{ openqa_services }}"
tags:
- configure
- name: Create openqa-vnc firewalld service
template:
src: etc/firewalld/services/openqa-vnc.xml.j2
dest: /etc/firewalld/services/openqa-vnc.xml
owner: root
group: root
mode: "0644"
tags:
- configure
- name: Load openqa-vnc firewalld service
systemd:
name: firewalld
state: reloaded
tags:
- configure
- name: Permit traffic for {{ item }} service
ansible.posix.firewalld:
service: "{{ item }}"
permanent: true
state: enabled
loop:
- http
- openqa-vnc
tags:
- configure
- name: Reload FirewallD
systemd:
name: firewalld
state: reloaded
tags:
- configure
- name: Check for existing repository
stat:
path: "{{ openqa_homedir }}/share/tests/rocky"
register: rocky_testing_repo
tags:
- configure
- name: Clone repository if it does not already exist
git:
accept_hostkey: true
dest: "{{ openqa_homedir }}/share/tests/rocky"
repo: "{{ openqa_rocky_testing_repo }}"
version: develop
when: not rocky_testing_repo.stat.exists
tags:
- configure
- name: Set owner/group/permissions on repo contents
file:
path: "{{ openqa_homedir }}/share/tests/rocky"
recurse: true
owner: "{{ openqa_user }}"
group: "{{ openqa_group }}"
mode: "u+rwX,g+rwX,o+rX,o-w"
tags:
- configure
# fifloader.py will fail if the Demo user is not logged in
- name: Authenticate to web UI the first time
uri:
url: "http://{{ openqa_host }}/login"
- name: Run fifloader.py
command: ./fifloader.py -l -c templates.fif.json templates-updates.fif.json
changed_when: "1 != 1"
args:
chdir: "{{ openqa_homedir }}/share/tests/rocky"
- name: Create ISO directory
file:
path: "{{ openqa_homedir }}/share/factory/iso/fixed"
state: directory
owner: "{{ openqa_user }}"
group: "{{ openqa_group }}"
mode: "0775"
tags:
- download_isos
- name: Download ISOs
get_url:
dest: "{{ openqa_homedir }}/share/factory/iso/fixed/{{ item.name }}"
url: "{{ rocky_iso_download_url }}/{{ item.name }}"
checksum: "{{ item.checksum }}"
owner: "{{ openqa_user }}"
group: "{{ openqa_group }}"
tmp_dest: "/var/tmp"
mode: "0644"
loop: "{{ openqa_isos }}"
tags:
- download_isos
- name: Start {{ openqa_worker_count }} OpenQA workers
ansible.builtin.systemd:
name: "openqa-worker@{{ item }}"
state: started
enabled: true
# range 'end' parameter is exclusive, so add 1
loop: "{{ range(1, (openqa_worker_count|int + 1)) | list }}"
tags:
- start_workers
- configure
- name: POST a job
command: |
openqa-cli api -X POST isos \
ISO=Rocky-{{ rocky_version }}-{{ rocky_arch }}-minimal.iso \
ARCH={{ rocky_arch }} \
DISTRI=rocky \
FLAVOR=minimal-iso \
VERSION={{ rocky_version }} \
BUILD="{{ '%Y%m%d.%H%M%S' | strftime }}.0"
changed_when: "1 != 1"
...

1
templates/README.md
View File

@ -1 +0,0 @@
Templates go here

4
templates/etc/firewalld/services/openqa-vnc.xml.j2 Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<port port="{{ openqa_min_vnc_port }}-{{ openqa_max_vnc_port }}" protocol="tcp"/>
</service>

3
templates/etc/openqa/client.conf.j2 Normal file
View File

@ -0,0 +1,3 @@
[{{ openqa_host }}]
key = {{ openqa_client_key }}
secret = {{ openqa_client_secret }}

6
templates/etc/openqa/openqa.ini.j2 Normal file
View File

@ -0,0 +1,6 @@
[global]
branding=plain
download_domains = rockylinux.org fedoraproject.org opensuse.org
[auth]
method = Fake

77
vars/openqa.yml Normal file
View File

@ -0,0 +1,77 @@
---
# Default OpenQA user and group
openqa_user: geekotest
openqa_group: geekotest
# OpenQA data directory
openqa_homedir: /var/lib/openqa
# URL for the repository containing the RockyLinux test automation
openqa_rocky_testing_repo: "https://github.com/rocky-linux/os-autoinst-distri-rocky.git"
# The RockyLinux version to fetch for testing
rocky_version: 8.6
# The RockyLinux architecture to fetch for testing
rocky_arch: x86_64
# Public download URL for RockyLinux ISOs
rocky_iso_download_url: "https://download.rockylinux.org/pub/rocky/{{ rocky_version }}/isos/{{ rocky_arch }}"
# Rocky Linux ISOs
openqa_isos:
- name: "Rocky-{{ rocky_version }}-{{ rocky_arch }}-boot.iso"
checksum: "sha256:fe77cc293a2f2fe6ddbf5d4bc2b5c820024869bc7ea274c9e55416d215db0cc5"
- name: "Rocky-{{ rocky_version }}-{{ rocky_arch }}-dvd1.iso"
checksum: "sha256:1d48e0af63d07ff4e582a1819348e714c694e7fd33207f48879c2bc806960786"
- name: "Rocky-{{ rocky_version }}-{{ rocky_arch }}-minimal.iso"
checksum: "sha256:a9ece0e810275e881abfd66bb0e59ac05d567a5ec0bc2f108b9a3e90bef5bf94"
# The host the openqa-cli should access when it runs.
# Change this if you want to access your OpenQA via an
# alternative URL
openqa_host: localhost
# These are the default client credentials.
# They will expire 24 hours after installation and must
# be replaced with new ones.
openqa_client_key: 1234567890ABCDEF
openqa_client_secret: 1234567890ABCDEF
# The number of workers to enable on this system
openqa_worker_count: 1
# Port range to open for VNC access to local workers.
# The max port should be 5990 + n where n is the total
# number of workers you want to enable on your system.
openqa_min_vnc_port: 5991
openqa_max_vnc_port: "{{ 5990 + openqa_worker_count|int }}"
# Packages to install
openqa_packages:
- git
- vim-enhanced
- openqa
- openqa-httpd
- openqa-worker
- fedora-messaging
- guestfs-tools
- libguestfs-xfs
- python3-fedfind
- python3-libguestfs
- libvirt-daemon-config-network
- virt-install
- withlock
- postgresql-server
- perl-REST-Client
# Services to start and enable
openqa_services:
- sshd
- httpd
- openqa-gru
- openqa-scheduler
- openqa-websockets
- openqa-webui
- fm-consumer@fedora_openqa_scheduler
...