Compare commits

...

10 Commits

Author SHA1 Message Date
Al Bowles
6152baa8ae
Start cache services 2023-02-27 10:03:14 -06:00
Al Bowles
676a3d16c4
Move requirements file to meet convention 2023-02-19 15:23:01 -06:00
Al Bowles
6713c3024c
Add requirements file 2023-02-18 14:43:30 -06:00
Al Bowles
ed3b12a320
Linter fixes 2023-02-18 14:35:36 -06:00
Al Bowles
0f57ce2a83
Update filelist 2023-02-18 13:43:37 -06:00
Al Bowles
af549402d9
Automation for configuring a worker-only host 2023-02-18 13:41:46 -06:00
Al Bowles
2d2ef95f0a
Update filelist 2023-02-18 12:51:51 -06:00
Al Bowles
6911a4c8a7
Initial commit 2023-02-18 12:45:36 -06:00
59c82413e2
corrections to pre-commit 2023-02-15 16:49:12 -07:00
4c45c3f335
update pre-commit config 2023-02-15 16:43:05 -07:00
18 changed files with 547 additions and 22 deletions

View File

@ -1,3 +1,4 @@
---
# .ansible-lint
warn_list:
- '204' # Lines should be less than 160 characters

View File

@ -1,7 +1,7 @@
---
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v3.4.0
rev: v4.4.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
@ -17,15 +17,17 @@ repos:
- id: ansible-lint
name: Ansible-lint
description: This hook runs ansible-lint.
entry: ansible-lint --force-color
entry: ansible-lint -v --force-color
language: python
# do not pass files to ansible-lint, see:
# https://github.com/ansible/ansible-lint/issues/611
pass_filenames: false
always_run: true
additional_dependencies:
- ansible-core>=2.13.3
- repo: https://github.com/adrienverge/yamllint.git
rev: v1.26.0
rev: v1.29.0
hooks:
- id: yamllint
files: \.(yaml|yml)$

View File

@ -1,30 +1,47 @@
# Ansible AWX Template: Template
# Ansible AWX Template: openQA Management
Ansible AWX is the method used for the Rocky Linux infrastructure, as a replacement for using the CLI. This template should be copied, as to manage playbooks and tasks into reproducible, repeatable, and organized manner.
Ansible AWX is the method used for the Rocky Linux infrastructure, as a replacement for using the CLI.
## Provides / Information
This repository is for AWX templates.
This repository is for openQA operations and management.
```
.
├── README.md
├── collections
│   └── README.md
├── defaults
│   └── main.yml
├── files
│   └── README.md
├── handlers
│   └── main.yml
├── tasks
│   └── main.yml
├── templates
├── init-rocky-openqa-developer-host.yml
├── init-rocky-openqa-worker-host.yml
├── README.md
├── roles
│   └── README.md
├── tasks
│   ├── main.yml
│   ├── openqa-worker.yml
│   └── openqa.yml
├── templates
│   └── etc
│   ├── firewalld
│   │   └── services
│   │   ├── openqa-socket.xml.j2
│   │   └── openqa-vnc.xml.j2
│   └── openqa
│   ├── client.conf.j2
│   ├── openqa.ini.j2
│   └── workers.conf.j2
├── tests
│   ├── README.md
│   ├── inventory
│   └── test.yml
└── vars
└── main.yml
├── main.yml
├── openqa-worker.yml
└── openqa.yml
```
## Guidelines

View File

@ -0,0 +1,3 @@
---
collections:
- ansible.posix

View File

@ -0,0 +1,54 @@
# Sets up local OpenQA testing environment
# This playbook is *NOT* intended for WAN-facing systems!
#
# Usages:
# # Install and configure an openQA developer host, download all current Rocky ISOs,
# # and POST a test job
# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml
#
# # Only perform ISO download tasks
# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml --tags=download_isos
#
# # Only perform configuration, do not download ISOs or POST a job
# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml --tags=configure
#
# Created: @akatch
---
- name: Rocky OpenQA Runbook
hosts: localhost
connection: local
become: true
vars_files:
- vars/openqa.yml
# This is to try to avoid the handler issue in pre/post tasks
handlers:
- name: Import handlers
ansible.builtin.import_tasks: handlers/main.yml
pre_tasks:
- name: Check if ansible cannot be run here
ansible.builtin.stat:
path: /etc/no-ansible
register: no_ansible
- name: Verify if we can run ansible
ansible.builtin.assert:
that:
- "not no_ansible.stat.exists"
success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node"
tasks:
- name: Install and configure OpenQA
ansible.builtin.import_tasks: tasks/openqa.yml
post_tasks:
- name: Touching run file that ansible has ran here
ansible.builtin.file:
path: /var/log/ansible.run
state: touch
mode: '0644'
owner: root
group: root
...

View File

@ -0,0 +1,43 @@
# Configure an openQA worker host
# This playbook is *NOT* intended for WAN-facing systems!
#
# Created: @akatch
---
- name: Rocky openQA Worker Runbook
hosts: openqa_workers
become: true
gather_facts: false
vars_files:
- vars/openqa-worker.yml
# This is to try to avoid the handler issue in pre/post tasks
handlers:
- name: Import handlers
ansible.builtin.import_tasks: handlers/main.yml
pre_tasks:
- name: Check if ansible cannot be run here
ansible.builtin.stat:
path: /etc/no-ansible
register: no_ansible
- name: Verify if we can run ansible
ansible.builtin.assert:
that:
- "not no_ansible.stat.exists"
success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node"
tasks:
- name: Install and configure OpenQA workers
ansible.builtin.import_tasks: tasks/openqa-worker.yml
post_tasks:
- name: Touching run file that ansible has ran here
ansible.builtin.file:
path: /var/log/ansible.run
state: touch
mode: '0644'
owner: root
group: root
...

View File

@ -1,4 +0,0 @@
---
# No tasks
- debug: msg="No tasks are provided here. Please import the task as needed in your playbook."
...

75
tasks/openqa-worker.yml Normal file
View File

@ -0,0 +1,75 @@
---
- name: Install OpenQA worker packages
ansible.builtin.dnf:
name: "{{ openqa_worker_packages }}"
state: present
tags:
- packages
- name: Create openQA group
ansible.builtin.group:
name: "{{ openqa_group }}"
system: true
- name: Create openQA user
ansible.builtin.user:
name: "{{ openqa_user }}"
groups: "{{ openqa_group }}"
append: true
system: true
- name: Configure firewalld for openQA worker connections
ansible.builtin.template:
src: etc/firewalld/services/{{ item }}.xml.j2
dest: /etc/firewalld/services/{{ item }}.xml
owner: root
group: root
mode: "0644"
loop:
- openqa-socket
- openqa-vnc
tags:
- configure
- name: Reload firewalld
ansible.builtin.systemd:
name: firewalld
state: reloaded
tags:
- configure
ignore_errors: "{{ ansible_check_mode }}"
- name: Write openQA configuration file
ansible.builtin.template:
src: etc/openqa/{{ item }}.j2
dest: /etc/openqa/{{ item }}
owner: "{{ openqa_user }}"
group: "{{ openqa_group }}"
mode: "0444"
loop:
- client.conf
- workers.conf
tags:
- configure
- name: Start openQA workers
ansible.builtin.systemd:
name: "openqa-worker@{{ item }}"
state: started
enabled: true
# range "end" parameter is exclusive, so add 1
loop: "{{ range(1, (openqa_worker_count | int + 1)) | list }}"
tags:
- start_workers
- configure
ignore_errors: "{{ ansible_check_mode }}"
- name: Start openQA cache services
ansible.builtin.systemd:
name: "{{ item }}"
state: started
enabled: true
loop:
- openqa-worker-cacheservice
- openqa-worker-cacheservice-minion
...

193
tasks/openqa.yml Normal file
View File

@ -0,0 +1,193 @@
---
- name: Install OpenQA packages
ansible.builtin.yum:
name: "{{ openqa_packages }}"
state: present
tags:
- packages
- name: Copy httpd configuration files
ansible.builtin.copy:
remote_src: true
src: /etc/httpd/conf.d/{{ item }}.template
dest: /etc/httpd/conf.d/{{ item }}
mode: '0644'
owner: root
group: root
loop:
- openqa.conf
- openqa-ssl.conf
notify: restart_httpd
tags:
- configure
- name: Template OpenQA configuration files
ansible.builtin.template:
src: etc/openqa/{{ item }}.j2
dest: /etc/openqa/{{ item }}
owner: "{{ openqa_user }}"
group: "{{ openqa_group }}"
mode: "0444"
loop:
- openqa.ini
- client.conf
tags:
- configure
- name: Get service facts
ansible.builtin.service_facts:
- name: Check for non-empty postgres data directory
ansible.builtin.stat:
path: /var/lib/pgsql/data/base
register: postgres_data_dir
- name: If postgresql is not already running, initialize database
ansible.builtin.command: postgresql-setup --initdb
when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" )
and not postgres_data_dir.stat.exists
changed_when: true
- name: Enable and start postgresql service
ansible.builtin.systemd:
name: postgresql
state: started
enabled: true
when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" )
and not postgres_data_dir.stat.exists
- name: Configure SELinux to allow httpd connection to network
ansible.posix.seboolean:
name: httpd_can_network_connect
state: true
persistent: true
tags:
- configure
- name: Enable and start OpenQA services
ansible.builtin.systemd:
name: "{{ item }}"
state: started
enabled: true
loop: "{{ openqa_services }}"
tags:
- configure
- name: Create openqa-vnc firewalld service
ansible.builtin.template:
src: etc/firewalld/services/openqa-vnc.xml.j2
dest: /etc/firewalld/services/openqa-vnc.xml
owner: root
group: root
mode: "0644"
tags:
- configure
- name: Load openqa-vnc firewalld service
ansible.builtin.systemd:
name: firewalld
state: reloaded
tags:
- configure
- name: Permit traffic for http and openqa-vnc services
ansible.posix.firewalld:
service: "{{ item }}"
permanent: true
state: enabled
loop:
- http
- openqa-vnc
tags:
- configure
- name: Reload FirewallD
ansible.builtin.systemd:
name: firewalld
state: reloaded
tags:
- configure
- name: Check for existing repository
ansible.builtin.stat:
path: "{{ openqa_homedir }}/share/tests/rocky"
register: rocky_testing_repo
tags:
- configure
- name: Clone repository if it does not already exist
ansible.builtin.git:
accept_hostkey: true
dest: "{{ openqa_homedir }}/share/tests/rocky"
repo: "{{ openqa_rocky_testing_repo }}"
version: develop
when: not rocky_testing_repo.stat.exists
tags:
- configure
- name: Set owner/group/permissions on repo contents
ansible.builtin.file:
path: "{{ openqa_homedir }}/share/tests/rocky"
recurse: true
owner: "{{ openqa_user }}"
group: "{{ openqa_group }}"
mode: "u+rwX,g+rwX,o+rX,o-w"
tags:
- configure
# fifloader.py will fail if the Demo user is not logged in
- name: Authenticate to web UI the first time
ansible.builtin.uri:
url: "http://{{ openqa_host }}/login"
- name: Run fifloader.py
ansible.builtin.command: ./fifloader.py -l -c templates.fif.json templates-updates.fif.json
changed_when: "1 != 1"
args:
chdir: "{{ openqa_homedir }}/share/tests/rocky"
- name: Create ISO directory
ansible.builtin.file:
path: "{{ openqa_homedir }}/share/factory/iso/fixed"
state: directory
owner: "{{ openqa_user }}"
group: "{{ openqa_group }}"
mode: "0775"
tags:
- download_isos
- name: Download ISOs
ansible.builtin.get_url:
dest: "{{ openqa_homedir }}/share/factory/iso/fixed/{{ item.name }}"
url: "{{ rocky_iso_download_url }}/{{ item.name }}"
checksum: "{{ item.checksum }}"
owner: "{{ openqa_user }}"
group: "{{ openqa_group }}"
tmp_dest: "/var/tmp"
mode: "0644"
loop: "{{ openqa_isos }}"
tags:
- download_isos
- name: Start OpenQA workers
ansible.builtin.systemd:
name: "openqa-worker@{{ item }}"
state: started
enabled: true
# range 'end' parameter is exclusive, so add 1
loop: "{{ range(1, (openqa_worker_count | int + 1)) | list }}"
tags:
- start_workers
- configure
- name: POST a job
ansible.builtin.command: |
openqa-cli api -X POST isos \
ISO=Rocky-{{ rocky_version }}-{{ rocky_arch }}-minimal.iso \
ARCH={{ rocky_arch }} \
DISTRI=rocky \
FLAVOR=minimal-iso \
VERSION={{ rocky_version }} \
BUILD="{{ '%Y%m%d.%H%M%S' | strftime }}.0"
changed_when: "1 != 1"
...

View File

@ -1 +0,0 @@
Templates go here

View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<port port="{{ openqa_min_socket_port }}-{{ openqa_max_socket_port }}" protocol="tcp"/>
</service>

View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<port port="{{ openqa_min_vnc_port }}-{{ openqa_max_vnc_port }}" protocol="tcp"/>
</service>

View File

@ -0,0 +1,3 @@
[{{ openqa_host }}]
key = {{ openqa_client_key }}
secret = {{ openqa_client_secret }}

View File

@ -0,0 +1,6 @@
[global]
branding=plain
download_domains = rockylinux.org fedoraproject.org opensuse.org
[auth]
method = Fake

View File

@ -0,0 +1,9 @@
[global]
HOST = https://{{ openqa_host }}
CACHEDIRECTORY = /var/lib/openqa/cache # desired cache location
CACHELIMIT = 50 # max. cache size in GiB, defaults to 50
CACHE_MIN_FREE_PERCENTAGE = 10 # min. free disk space to preserve in percent
CACHEWORKERS = 5 # number of parallel cache minion workers, defaults to 5
[https://{{ openqa_host }}]
TESTPOOLSERVER = rsync://{{ openqa_host }}/tests # also cache tests (via rsync)

View File

@ -1,5 +1,9 @@
---
- hosts: localhost
- name: Run tests
hosts: localhost
remote_user: root
tasks:
- import_tasks: example.yml
- name: Ensure required variables are defined
ansible.builtin.assert:
that:
- openqa_host is defined

35
vars/openqa-worker.yml Normal file
View File

@ -0,0 +1,35 @@
---
# The primary openQA host
openqa_host: openqa.rockylinux.org
openqa_client_key: 1234567890ABCDEF
openqa_client_secret: 1234567890ABCDEF
# Default OpenQA user and group
openqa_user: geekotest
openqa_group: geekotest
# The number of workers to enable on this system
openqa_worker_count: 2
# Port range to open for VNC access to local workers.
# The max port should be 5990 + n where n is the total
# number of workers you want to enable on your system.
openqa_min_vnc_port: 5991
openqa_max_vnc_port: "{{ 5990 + openqa_worker_count | int }}"
# Port range to open for socket connections from the primary host.
openqa_min_socket_port: 20000
openqa_max_socket_port: 20089
# Packages to install
openqa_worker_packages:
- firewalld
- guestfs-tools
- libguestfs-xfs
- libvirt-daemon-config-network
- openqa-worker
- perl-REST-Client
- python3-libguestfs
- virt-install
- withlock
...

77
vars/openqa.yml Normal file
View File

@ -0,0 +1,77 @@
---
# Default OpenQA user and group
openqa_user: geekotest
openqa_group: geekotest
# OpenQA data directory
openqa_homedir: /var/lib/openqa
# URL for the repository containing the RockyLinux test automation
openqa_rocky_testing_repo: "https://github.com/rocky-linux/os-autoinst-distri-rocky.git"
# The RockyLinux version to fetch for testing
rocky_version: 8.6
# The RockyLinux architecture to fetch for testing
rocky_arch: x86_64
# Public download URL for RockyLinux ISOs
rocky_iso_download_url: "https://download.rockylinux.org/pub/rocky/{{ rocky_version }}/isos/{{ rocky_arch }}"
# Rocky Linux ISOs
openqa_isos:
- name: "Rocky-{{ rocky_version }}-{{ rocky_arch }}-boot.iso"
checksum: "sha256:fe77cc293a2f2fe6ddbf5d4bc2b5c820024869bc7ea274c9e55416d215db0cc5"
- name: "Rocky-{{ rocky_version }}-{{ rocky_arch }}-dvd1.iso"
checksum: "sha256:1d48e0af63d07ff4e582a1819348e714c694e7fd33207f48879c2bc806960786"
- name: "Rocky-{{ rocky_version }}-{{ rocky_arch }}-minimal.iso"
checksum: "sha256:a9ece0e810275e881abfd66bb0e59ac05d567a5ec0bc2f108b9a3e90bef5bf94"
# The host the openqa-cli should access when it runs.
# Change this if you want to access your OpenQA via an
# alternative URL
openqa_host: localhost
# These are the default client credentials.
# They will expire 24 hours after installation and must
# be replaced with new ones.
openqa_client_key: 1234567890ABCDEF
openqa_client_secret: 1234567890ABCDEF
# The number of workers to enable on this system
openqa_worker_count: 1
# Port range to open for VNC access to local workers.
# The max port should be 5990 + n where n is the total
# number of workers you want to enable on your system.
openqa_min_vnc_port: 5991
openqa_max_vnc_port: "{{ 5990 + openqa_worker_count | int }}"
# Packages to install
openqa_packages:
- git
- vim-enhanced
- openqa
- openqa-httpd
- openqa-worker
- fedora-messaging
- guestfs-tools
- libguestfs-xfs
- python3-fedfind
- python3-libguestfs
- libvirt-daemon-config-network
- virt-install
- withlock
- postgresql-server
- perl-REST-Client
# Services to start and enable
openqa_services:
- sshd
- httpd
- openqa-gru
- openqa-scheduler
- openqa-websockets
- openqa-webui
- fm-consumer@fedora_openqa_scheduler
...