Compare commits
No commits in common. "2d2ef95f0aac3bfb58d4eda34350ff2cdc87f0b0" and "02295c1b32d3626bd3cd4d2023ea20aa88fe6597" have entirely different histories.
2d2ef95f0a
...
02295c1b32
@ -1,6 +0,0 @@
|
||||
# .ansible-lint
|
||||
warn_list:
|
||||
- '204' # Lines should be less than 160 characters
|
||||
- '701' # meta/main.yml should contain relevant info
|
||||
skip_list:
|
||||
- '106' # Role name must match ^[a-z][a-z0-9_]+$ pattern
|
7
.gitignore
vendored
7
.gitignore
vendored
@ -1,7 +0,0 @@
|
||||
inventory
|
||||
roles/*
|
||||
collections/*
|
||||
!roles/README.md
|
||||
!roles/requirements.yml
|
||||
!collections/README.md
|
||||
!collections/requirements.yml
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
repos:
|
||||
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||
rev: v4.4.0
|
||||
rev: v3.4.0
|
||||
hooks:
|
||||
- id: trailing-whitespace
|
||||
- id: end-of-file-fixer
|
||||
@ -17,17 +17,15 @@ repos:
|
||||
- id: ansible-lint
|
||||
name: Ansible-lint
|
||||
description: This hook runs ansible-lint.
|
||||
entry: ansible-lint -v --force-color
|
||||
entry: ansible-lint --force-color
|
||||
language: python
|
||||
# do not pass files to ansible-lint, see:
|
||||
# https://github.com/ansible/ansible-lint/issues/611
|
||||
pass_filenames: false
|
||||
always_run: true
|
||||
additional_dependencies:
|
||||
- ansible-core>=2.13.3
|
||||
|
||||
- repo: https://github.com/adrienverge/yamllint.git
|
||||
rev: v1.29.0
|
||||
rev: v1.26.0
|
||||
hooks:
|
||||
- id: yamllint
|
||||
files: \.(yaml|yml)$
|
||||
|
@ -1,7 +0,0 @@
|
||||
---
|
||||
extends: default
|
||||
|
||||
rules:
|
||||
line-length:
|
||||
max: 140
|
||||
level: warning
|
120
README.md
120
README.md
@ -1,45 +1,121 @@
|
||||
# Ansible AWX Template: openQA Management
|
||||
# Ansible AWX Template: Template
|
||||
|
||||
Ansible AWX is the method used for the Rocky Linux infrastructure, as a replacement for using the CLI.
|
||||
Ansible AWX is the method used for the Rocky Linux infrastructure, as a replacement for using the CLI. This template should be copied, as to manage playbooks and tasks into reproducible, repeatable, and organized manner.
|
||||
|
||||
## Provides / Information
|
||||
|
||||
This repository is for openQA operations and management.
|
||||
This repository is for AWX templates.
|
||||
|
||||
```
|
||||
.
|
||||
├── collections
|
||||
│ └── README.md
|
||||
├── README.md
|
||||
├── defaults
|
||||
│ └── main.yml
|
||||
├── files
|
||||
│ └── README.md
|
||||
├── handlers
|
||||
│ └── main.yml
|
||||
├── init-rocky-openqa-developer-host.yml
|
||||
├── localhost.yml
|
||||
├── README.md
|
||||
├── roles
|
||||
│ └── README.md
|
||||
├── tasks
|
||||
│ ├── main.yml
|
||||
│ └── openqa.yml
|
||||
│ └── main.yml
|
||||
├── templates
|
||||
│ └── etc
|
||||
│ ├── firewalld
|
||||
│ │ └── services
|
||||
│ │ └── openqa-vnc.xml.j2
|
||||
│ └── openqa
|
||||
│ ├── client.conf.j2
|
||||
│ └── openqa.ini.j2
|
||||
│ └── README.md
|
||||
├── tests
|
||||
│ ├── README.md
|
||||
│ ├── inventory
|
||||
│ └── test.yml
|
||||
└── vars
|
||||
├── main.yml
|
||||
└── openqa.yml
|
||||
└── main.yml
|
||||
```
|
||||
|
||||
## Guidelines
|
||||
|
||||
These guidelines can be found either on the Rocky Linux Wiki or the Infrastructure Wiki.
|
||||
These are the general guidelines for creating and maintaining these repositories. Please read carefully to ensure that you are meeting the criteria.
|
||||
|
||||
1. Copy this template into a new repository with the format `ansible-type-usage`. For example, if this is for ipa management, you could use a name like `ansible-ipa-management`.
|
||||
2. Change the top of the `README.md` from "Template" to an appropriate name for your repo.
|
||||
3. Modify the `README.md` file at the Provides/Information section of what these tasks do. Please be descriptive and list all of the playbooks and accompanying tasks (see the example). Hint: Use the `tree` command.
|
||||
4. List any requirements to run the playbooks, such as vars, mandatory or optional in playbooks. Optionally, you may list them in the `README.md` here.
|
||||
5. Run `pre-commit install` - There is already a provided `.pre-commit-config.yaml` with some default settings.
|
||||
6. (Optional) Remove everything starting at "Guidelines" in this README to reduce clutter.
|
||||
|
||||
## GitLab Steps
|
||||
|
||||
1. Create a new project
|
||||
2. Click "import project"
|
||||
3. Click "Repo by URL"
|
||||
4. Put in the URL: https://git.rockylinux.org/infrastructure/public/ansible/ansible-awx-template.git
|
||||
5. Type in the project name as outlined in `Guidelines` above
|
||||
6. Ensure your project URL and slug are appropriate
|
||||
|
||||
## Designing Playbooks
|
||||
|
||||
Generally, your playbooks should be doing the following:
|
||||
|
||||
1. Checking if ansible can be ran on a specific host
|
||||
2. Asserting if variables are filled and are correctly formed
|
||||
3. Importing tasks from the `./tasks` directory
|
||||
4. Importing roles, if necessary
|
||||
5. Post tasks, if necessary
|
||||
|
||||
**Note**: At no point should you be using `./tasks/main.yml`
|
||||
|
||||
### Pre-flight and Post-flight tasks
|
||||
|
||||
```
|
||||
pre_tasks:
|
||||
- name: Check if ansible cannot be run here
|
||||
stat:
|
||||
path: /etc/no-ansible
|
||||
register: no_ansible
|
||||
|
||||
- name: Verify if we can run ansible
|
||||
assert:
|
||||
that:
|
||||
- "not no_ansible.stat.exists"
|
||||
success_msg: "We are able to run on this node"
|
||||
fail_msg: "/etc/no-ansible exists - skipping run on this node"
|
||||
|
||||
# Assertions and other checks here
|
||||
|
||||
# Import roles/tasks here
|
||||
|
||||
post_tasks:
|
||||
- name: Touching run file that ansible has ran here
|
||||
file:
|
||||
path: /var/log/ansible.run
|
||||
state: touch
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
```
|
||||
|
||||
### Comments
|
||||
|
||||
Each playbook should have comments or a name descriptor that explains what the playbook does or how it is used. If not available, README-... files can be used in place, especially in the case of adhoc playbooks that take input. Documentation for each playbook/role does not have to be on this wiki. Comments or README's should be sufficient.
|
||||
|
||||
### Tags
|
||||
|
||||
Ensure that you use relevant tags where necessary for your tasks.
|
||||
|
||||
### Playbook naming
|
||||
|
||||
```
|
||||
init-* -> Starting infrastructure playbooks that run solo or import other
|
||||
playbooks that start with import-
|
||||
adhoc -> These playbooks are one-off playbooks that can be used on the CLI or
|
||||
in AWX. These are typically for basic tasks.
|
||||
import -> Playbooks that should be imported from the top level playbooks
|
||||
role-* -> These playbooks call roles specifically for infrastructure tasks.
|
||||
Playbooks that do not call a role should be named init or adhoc based
|
||||
on their usage.
|
||||
```
|
||||
|
||||
### Pre-commits / linting
|
||||
|
||||
When pushing to your own forked version of this repository, pre-commit must run to verify your changes. They must be passing to be pushed up. This is an absolute requirement, even for roles.
|
||||
|
||||
When the linter passes, the push will complete and you will be able to open a PR.
|
||||
|
||||
## How are these repositories used?
|
||||
|
||||
These repositories are generally cloned/pulled into AWX for the latest version, so they can be called within AWX either by hand or at a scheduled time.
|
||||
|
@ -1,53 +0,0 @@
|
||||
# Sets up local OpenQA testing environment
|
||||
# This playbook is *NOT* intended for WAN-facing systems!
|
||||
#
|
||||
# Usages:
|
||||
# # Install and configure an openQA developer host, download all current Rocky ISOs,
|
||||
# # and POST a test job
|
||||
# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml
|
||||
#
|
||||
# # Only perform ISO download tasks
|
||||
# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml --tags=download_isos
|
||||
#
|
||||
# # Only perform configuration, do not download ISOs or POST a job
|
||||
# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml --tags=configure
|
||||
#
|
||||
# Created: @akatch
|
||||
---
|
||||
- name: Rocky OpenQA Runbook
|
||||
hosts: localhost
|
||||
connection: local
|
||||
become: true
|
||||
vars_files:
|
||||
- vars/openqa.yml
|
||||
|
||||
# This is to try to avoid the handler issue in pre/post tasks
|
||||
handlers:
|
||||
- import_tasks: handlers/main.yml
|
||||
|
||||
pre_tasks:
|
||||
- name: Check if ansible cannot be run here
|
||||
stat:
|
||||
path: /etc/no-ansible
|
||||
register: no_ansible
|
||||
|
||||
- name: Verify if we can run ansible
|
||||
assert:
|
||||
that:
|
||||
- "not no_ansible.stat.exists"
|
||||
success_msg: "We are able to run on this node"
|
||||
fail_msg: "/etc/no-ansible exists - skipping run on this node"
|
||||
|
||||
tasks:
|
||||
- name: Install and configure OpenQA
|
||||
import_tasks: tasks/openqa.yml
|
||||
|
||||
post_tasks:
|
||||
- name: Touching run file that ansible has ran here
|
||||
file:
|
||||
path: /var/log/ansible.run
|
||||
state: touch
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
192
tasks/openqa.yml
192
tasks/openqa.yml
@ -1,192 +0,0 @@
|
||||
---
|
||||
- name: Install OpenQA packages
|
||||
yum:
|
||||
name: "{{ openqa_packages }}"
|
||||
state: present
|
||||
tags:
|
||||
- packages
|
||||
|
||||
- name: Copy httpd configuration files
|
||||
copy:
|
||||
remote_src: true
|
||||
src: /etc/httpd/conf.d/{{ item }}.template
|
||||
dest: /etc/httpd/conf.d/{{ item }}
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
loop:
|
||||
- openqa.conf
|
||||
- openqa-ssl.conf
|
||||
notify: restart_httpd
|
||||
tags:
|
||||
- configure
|
||||
|
||||
- name: Template OpenQA configuration files
|
||||
template:
|
||||
src: etc/openqa/{{ item }}.j2
|
||||
dest: /etc/openqa/{{ item }}
|
||||
owner: "{{ openqa_user }}"
|
||||
group: "{{ openqa_group }}"
|
||||
mode: "0444"
|
||||
loop:
|
||||
- openqa.ini
|
||||
- client.conf
|
||||
tags:
|
||||
- configure
|
||||
|
||||
- name: Get service facts
|
||||
service_facts:
|
||||
|
||||
- name: Check for non-empty postgres data directory
|
||||
stat:
|
||||
path: /var/lib/pgsql/data/base
|
||||
register: postgres_data_dir
|
||||
|
||||
- name: If postgresql is not already running, initialize database
|
||||
command: postgresql-setup --initdb
|
||||
when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" )
|
||||
and not postgres_data_dir.stat.exists
|
||||
|
||||
- name: Enable and start postgresql service
|
||||
systemd:
|
||||
name: postgresql
|
||||
state: started
|
||||
enabled: true
|
||||
when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" )
|
||||
and not postgres_data_dir.stat.exists
|
||||
|
||||
- name: Configure SELinux to allow httpd connection to network
|
||||
seboolean:
|
||||
name: httpd_can_network_connect
|
||||
state: true
|
||||
persistent: true
|
||||
tags:
|
||||
- configure
|
||||
|
||||
- name: Enable and start OpenQA services
|
||||
systemd:
|
||||
name: "{{ item }}"
|
||||
state: started
|
||||
enabled: true
|
||||
loop: "{{ openqa_services }}"
|
||||
tags:
|
||||
- configure
|
||||
|
||||
- name: Create openqa-vnc firewalld service
|
||||
template:
|
||||
src: etc/firewalld/services/openqa-vnc.xml.j2
|
||||
dest: /etc/firewalld/services/openqa-vnc.xml
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
tags:
|
||||
- configure
|
||||
|
||||
- name: Load openqa-vnc firewalld service
|
||||
systemd:
|
||||
name: firewalld
|
||||
state: reloaded
|
||||
tags:
|
||||
- configure
|
||||
|
||||
- name: Permit traffic for {{ item }} service
|
||||
ansible.posix.firewalld:
|
||||
service: "{{ item }}"
|
||||
permanent: true
|
||||
state: enabled
|
||||
loop:
|
||||
- http
|
||||
- openqa-vnc
|
||||
tags:
|
||||
- configure
|
||||
|
||||
- name: Reload FirewallD
|
||||
systemd:
|
||||
name: firewalld
|
||||
state: reloaded
|
||||
tags:
|
||||
- configure
|
||||
|
||||
- name: Check for existing repository
|
||||
stat:
|
||||
path: "{{ openqa_homedir }}/share/tests/rocky"
|
||||
register: rocky_testing_repo
|
||||
tags:
|
||||
- configure
|
||||
|
||||
- name: Clone repository if it does not already exist
|
||||
git:
|
||||
accept_hostkey: true
|
||||
dest: "{{ openqa_homedir }}/share/tests/rocky"
|
||||
repo: "{{ openqa_rocky_testing_repo }}"
|
||||
version: develop
|
||||
when: not rocky_testing_repo.stat.exists
|
||||
tags:
|
||||
- configure
|
||||
|
||||
- name: Set owner/group/permissions on repo contents
|
||||
file:
|
||||
path: "{{ openqa_homedir }}/share/tests/rocky"
|
||||
recurse: true
|
||||
owner: "{{ openqa_user }}"
|
||||
group: "{{ openqa_group }}"
|
||||
mode: "u+rwX,g+rwX,o+rX,o-w"
|
||||
tags:
|
||||
- configure
|
||||
|
||||
# fifloader.py will fail if the Demo user is not logged in
|
||||
- name: Authenticate to web UI the first time
|
||||
uri:
|
||||
url: "http://{{ openqa_host }}/login"
|
||||
|
||||
- name: Run fifloader.py
|
||||
command: ./fifloader.py -l -c templates.fif.json templates-updates.fif.json
|
||||
changed_when: "1 != 1"
|
||||
args:
|
||||
chdir: "{{ openqa_homedir }}/share/tests/rocky"
|
||||
|
||||
- name: Create ISO directory
|
||||
file:
|
||||
path: "{{ openqa_homedir }}/share/factory/iso/fixed"
|
||||
state: directory
|
||||
owner: "{{ openqa_user }}"
|
||||
group: "{{ openqa_group }}"
|
||||
mode: "0775"
|
||||
tags:
|
||||
- download_isos
|
||||
|
||||
- name: Download ISOs
|
||||
get_url:
|
||||
dest: "{{ openqa_homedir }}/share/factory/iso/fixed/{{ item.name }}"
|
||||
url: "{{ rocky_iso_download_url }}/{{ item.name }}"
|
||||
checksum: "{{ item.checksum }}"
|
||||
owner: "{{ openqa_user }}"
|
||||
group: "{{ openqa_group }}"
|
||||
tmp_dest: "/var/tmp"
|
||||
mode: "0644"
|
||||
loop: "{{ openqa_isos }}"
|
||||
tags:
|
||||
- download_isos
|
||||
|
||||
- name: Start {{ openqa_worker_count }} OpenQA workers
|
||||
ansible.builtin.systemd:
|
||||
name: "openqa-worker@{{ item }}"
|
||||
state: started
|
||||
enabled: true
|
||||
# range 'end' parameter is exclusive, so add 1
|
||||
loop: "{{ range(1, (openqa_worker_count|int + 1)) | list }}"
|
||||
tags:
|
||||
- start_workers
|
||||
- configure
|
||||
|
||||
- name: POST a job
|
||||
command: |
|
||||
openqa-cli api -X POST isos \
|
||||
ISO=Rocky-{{ rocky_version }}-{{ rocky_arch }}-minimal.iso \
|
||||
ARCH={{ rocky_arch }} \
|
||||
DISTRI=rocky \
|
||||
FLAVOR=minimal-iso \
|
||||
VERSION={{ rocky_version }} \
|
||||
BUILD="{{ '%Y%m%d.%H%M%S' | strftime }}.0"
|
||||
changed_when: "1 != 1"
|
||||
...
|
1
templates/README.md
Normal file
1
templates/README.md
Normal file
@ -0,0 +1 @@
|
||||
Templates go here
|
@ -1,4 +0,0 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<service>
|
||||
<port port="{{ openqa_min_vnc_port }}-{{ openqa_max_vnc_port }}" protocol="tcp"/>
|
||||
</service>
|
@ -1,3 +0,0 @@
|
||||
[{{ openqa_host }}]
|
||||
key = {{ openqa_client_key }}
|
||||
secret = {{ openqa_client_secret }}
|
@ -1,6 +0,0 @@
|
||||
[global]
|
||||
branding=plain
|
||||
download_domains = rockylinux.org fedoraproject.org opensuse.org
|
||||
|
||||
[auth]
|
||||
method = Fake
|
@ -1,77 +0,0 @@
|
||||
---
|
||||
# Default OpenQA user and group
|
||||
openqa_user: geekotest
|
||||
openqa_group: geekotest
|
||||
|
||||
# OpenQA data directory
|
||||
openqa_homedir: /var/lib/openqa
|
||||
|
||||
# URL for the repository containing the RockyLinux test automation
|
||||
openqa_rocky_testing_repo: "https://github.com/rocky-linux/os-autoinst-distri-rocky.git"
|
||||
|
||||
# The RockyLinux version to fetch for testing
|
||||
rocky_version: 8.6
|
||||
|
||||
# The RockyLinux architecture to fetch for testing
|
||||
rocky_arch: x86_64
|
||||
|
||||
# Public download URL for RockyLinux ISOs
|
||||
rocky_iso_download_url: "https://download.rockylinux.org/pub/rocky/{{ rocky_version }}/isos/{{ rocky_arch }}"
|
||||
|
||||
# Rocky Linux ISOs
|
||||
openqa_isos:
|
||||
- name: "Rocky-{{ rocky_version }}-{{ rocky_arch }}-boot.iso"
|
||||
checksum: "sha256:fe77cc293a2f2fe6ddbf5d4bc2b5c820024869bc7ea274c9e55416d215db0cc5"
|
||||
- name: "Rocky-{{ rocky_version }}-{{ rocky_arch }}-dvd1.iso"
|
||||
checksum: "sha256:1d48e0af63d07ff4e582a1819348e714c694e7fd33207f48879c2bc806960786"
|
||||
- name: "Rocky-{{ rocky_version }}-{{ rocky_arch }}-minimal.iso"
|
||||
checksum: "sha256:a9ece0e810275e881abfd66bb0e59ac05d567a5ec0bc2f108b9a3e90bef5bf94"
|
||||
|
||||
# The host the openqa-cli should access when it runs.
|
||||
# Change this if you want to access your OpenQA via an
|
||||
# alternative URL
|
||||
openqa_host: localhost
|
||||
|
||||
# These are the default client credentials.
|
||||
# They will expire 24 hours after installation and must
|
||||
# be replaced with new ones.
|
||||
openqa_client_key: 1234567890ABCDEF
|
||||
openqa_client_secret: 1234567890ABCDEF
|
||||
|
||||
# The number of workers to enable on this system
|
||||
openqa_worker_count: 1
|
||||
|
||||
# Port range to open for VNC access to local workers.
|
||||
# The max port should be 5990 + n where n is the total
|
||||
# number of workers you want to enable on your system.
|
||||
openqa_min_vnc_port: 5991
|
||||
openqa_max_vnc_port: "{{ 5990 + openqa_worker_count|int }}"
|
||||
|
||||
# Packages to install
|
||||
openqa_packages:
|
||||
- git
|
||||
- vim-enhanced
|
||||
- openqa
|
||||
- openqa-httpd
|
||||
- openqa-worker
|
||||
- fedora-messaging
|
||||
- guestfs-tools
|
||||
- libguestfs-xfs
|
||||
- python3-fedfind
|
||||
- python3-libguestfs
|
||||
- libvirt-daemon-config-network
|
||||
- virt-install
|
||||
- withlock
|
||||
- postgresql-server
|
||||
- perl-REST-Client
|
||||
|
||||
# Services to start and enable
|
||||
openqa_services:
|
||||
- sshd
|
||||
- httpd
|
||||
- openqa-gru
|
||||
- openqa-scheduler
|
||||
- openqa-websockets
|
||||
- openqa-webui
|
||||
- fm-consumer@fedora_openqa_scheduler
|
||||
...
|
Loading…
Reference in New Issue
Block a user