diff --git a/init-rocky-openqa-developer-host.yml b/init-rocky-openqa-developer-host.yml new file mode 100644 index 0000000..f462e9b --- /dev/null +++ b/init-rocky-openqa-developer-host.yml @@ -0,0 +1,53 @@ +# Sets up local OpenQA testing environment +# This playbook is *NOT* intended for WAN-facing systems! +# +# Usages: +# # Install and configure an openQA developer host, download all current Rocky ISOs, +# # and POST a test job +# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml +# +# # Only perform ISO download tasks +# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml --tags=download_isos +# +# # Only perform configuration, do not download ISOs or POST a job +# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml --tags=configure +# +# Created: @akatch +--- +- name: Rocky OpenQA Runbook + hosts: localhost + connection: local + become: true + vars_files: + - vars/openqa.yml + + # This is to try to avoid the handler issue in pre/post tasks + handlers: + - import_tasks: handlers/main.yml + + pre_tasks: + - name: Check if ansible cannot be run here + stat: + path: /etc/no-ansible + register: no_ansible + + - name: Verify if we can run ansible + assert: + that: + - "not no_ansible.stat.exists" + success_msg: "We are able to run on this node" + fail_msg: "/etc/no-ansible exists - skipping run on this node" + + tasks: + - name: Install and configure OpenQA + import_tasks: tasks/openqa.yml + + post_tasks: + - name: Touching run file that ansible has ran here + file: + path: /var/log/ansible.run + state: touch + mode: '0644' + owner: root + group: root +... diff --git a/tasks/openqa.yml b/tasks/openqa.yml new file mode 100644 index 0000000..27d3585 --- /dev/null +++ b/tasks/openqa.yml @@ -0,0 +1,192 @@ +--- +- name: Install OpenQA packages + yum: + name: "{{ openqa_packages }}" + state: present + tags: + - packages + +- name: Copy httpd configuration files + copy: + remote_src: true + src: /etc/httpd/conf.d/{{ item }}.template + dest: /etc/httpd/conf.d/{{ item }} + mode: '0644' + owner: root + group: root + loop: + - openqa.conf + - openqa-ssl.conf + notify: restart_httpd + tags: + - configure + +- name: Template OpenQA configuration files + template: + src: etc/openqa/{{ item }}.j2 + dest: /etc/openqa/{{ item }} + owner: "{{ openqa_user }}" + group: "{{ openqa_group }}" + mode: "0444" + loop: + - openqa.ini + - client.conf + tags: + - configure + +- name: Get service facts + service_facts: + +- name: Check for non-empty postgres data directory + stat: + path: /var/lib/pgsql/data/base + register: postgres_data_dir + +- name: If postgresql is not already running, initialize database + command: postgresql-setup --initdb + when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" ) + and not postgres_data_dir.stat.exists + +- name: Enable and start postgresql service + systemd: + name: postgresql + state: started + enabled: true + when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" ) + and not postgres_data_dir.stat.exists + +- name: Configure SELinux to allow httpd connection to network + seboolean: + name: httpd_can_network_connect + state: true + persistent: true + tags: + - configure + +- name: Enable and start OpenQA services + systemd: + name: "{{ item }}" + state: started + enabled: true + loop: "{{ openqa_services }}" + tags: + - configure + +- name: Create openqa-vnc firewalld service + template: + src: etc/firewalld/services/openqa-vnc.xml.j2 + dest: /etc/firewalld/services/openqa-vnc.xml + owner: root + group: root + mode: "0644" + tags: + - configure + +- name: Load openqa-vnc firewalld service + systemd: + name: firewalld + state: reloaded + tags: + - configure + +- name: Permit traffic for {{ item }} service + ansible.posix.firewalld: + service: "{{ item }}" + permanent: true + state: enabled + loop: + - http + - openqa-vnc + tags: + - configure + +- name: Reload FirewallD + systemd: + name: firewalld + state: reloaded + tags: + - configure + +- name: Check for existing repository + stat: + path: "{{ openqa_homedir }}/share/tests/rocky" + register: rocky_testing_repo + tags: + - configure + +- name: Clone repository if it does not already exist + git: + accept_hostkey: true + dest: "{{ openqa_homedir }}/share/tests/rocky" + repo: "{{ openqa_rocky_testing_repo }}" + version: develop + when: not rocky_testing_repo.stat.exists + tags: + - configure + +- name: Set owner/group/permissions on repo contents + file: + path: "{{ openqa_homedir }}/share/tests/rocky" + recurse: true + owner: "{{ openqa_user }}" + group: "{{ openqa_group }}" + mode: "u+rwX,g+rwX,o+rX,o-w" + tags: + - configure + +# fifloader.py will fail if the Demo user is not logged in +- name: Authenticate to web UI the first time + uri: + url: "http://{{ openqa_host }}/login" + +- name: Run fifloader.py + command: ./fifloader.py -l -c templates.fif.json templates-updates.fif.json + changed_when: "1 != 1" + args: + chdir: "{{ openqa_homedir }}/share/tests/rocky" + +- name: Create ISO directory + file: + path: "{{ openqa_homedir }}/share/factory/iso/fixed" + state: directory + owner: "{{ openqa_user }}" + group: "{{ openqa_group }}" + mode: "0775" + tags: + - download_isos + +- name: Download ISOs + get_url: + dest: "{{ openqa_homedir }}/share/factory/iso/fixed/{{ item.name }}" + url: "{{ rocky_iso_download_url }}/{{ item.name }}" + checksum: "{{ item.checksum }}" + owner: "{{ openqa_user }}" + group: "{{ openqa_group }}" + tmp_dest: "/var/tmp" + mode: "0644" + loop: "{{ openqa_isos }}" + tags: + - download_isos + +- name: Start {{ openqa_worker_count }} OpenQA workers + ansible.builtin.systemd: + name: "openqa-worker@{{ item }}" + state: started + enabled: true + # range 'end' parameter is exclusive, so add 1 + loop: "{{ range(1, (openqa_worker_count|int + 1)) | list }}" + tags: + - start_workers + - configure + +- name: POST a job + command: | + openqa-cli api -X POST isos \ + ISO=Rocky-{{ rocky_version }}-{{ rocky_arch }}-minimal.iso \ + ARCH={{ rocky_arch }} \ + DISTRI=rocky \ + FLAVOR=minimal-iso \ + VERSION={{ rocky_version }} \ + BUILD="{{ '%Y%m%d.%H%M%S' | strftime }}.0" + changed_when: "1 != 1" +... diff --git a/templates/README.md b/templates/README.md deleted file mode 100644 index 25a2632..0000000 --- a/templates/README.md +++ /dev/null @@ -1 +0,0 @@ -Templates go here diff --git a/templates/etc/firewalld/services/openqa-vnc.xml.j2 b/templates/etc/firewalld/services/openqa-vnc.xml.j2 new file mode 100644 index 0000000..e125b1c --- /dev/null +++ b/templates/etc/firewalld/services/openqa-vnc.xml.j2 @@ -0,0 +1,4 @@ + + + + diff --git a/templates/etc/openqa/client.conf.j2 b/templates/etc/openqa/client.conf.j2 new file mode 100644 index 0000000..a0d7254 --- /dev/null +++ b/templates/etc/openqa/client.conf.j2 @@ -0,0 +1,3 @@ +[{{ openqa_host }}] +key = {{ openqa_client_key }} +secret = {{ openqa_client_secret }} diff --git a/templates/etc/openqa/openqa.ini.j2 b/templates/etc/openqa/openqa.ini.j2 new file mode 100644 index 0000000..932c182 --- /dev/null +++ b/templates/etc/openqa/openqa.ini.j2 @@ -0,0 +1,6 @@ +[global] +branding=plain +download_domains = rockylinux.org fedoraproject.org opensuse.org + +[auth] +method = Fake diff --git a/vars/openqa.yml b/vars/openqa.yml new file mode 100644 index 0000000..af1ed1b --- /dev/null +++ b/vars/openqa.yml @@ -0,0 +1,77 @@ +--- +# Default OpenQA user and group +openqa_user: geekotest +openqa_group: geekotest + +# OpenQA data directory +openqa_homedir: /var/lib/openqa + +# URL for the repository containing the RockyLinux test automation +openqa_rocky_testing_repo: "https://github.com/rocky-linux/os-autoinst-distri-rocky.git" + +# The RockyLinux version to fetch for testing +rocky_version: 8.6 + +# The RockyLinux architecture to fetch for testing +rocky_arch: x86_64 + +# Public download URL for RockyLinux ISOs +rocky_iso_download_url: "https://download.rockylinux.org/pub/rocky/{{ rocky_version }}/isos/{{ rocky_arch }}" + +# Rocky Linux ISOs +openqa_isos: + - name: "Rocky-{{ rocky_version }}-{{ rocky_arch }}-boot.iso" + checksum: "sha256:fe77cc293a2f2fe6ddbf5d4bc2b5c820024869bc7ea274c9e55416d215db0cc5" + - name: "Rocky-{{ rocky_version }}-{{ rocky_arch }}-dvd1.iso" + checksum: "sha256:1d48e0af63d07ff4e582a1819348e714c694e7fd33207f48879c2bc806960786" + - name: "Rocky-{{ rocky_version }}-{{ rocky_arch }}-minimal.iso" + checksum: "sha256:a9ece0e810275e881abfd66bb0e59ac05d567a5ec0bc2f108b9a3e90bef5bf94" + +# The host the openqa-cli should access when it runs. +# Change this if you want to access your OpenQA via an +# alternative URL +openqa_host: localhost + +# These are the default client credentials. +# They will expire 24 hours after installation and must +# be replaced with new ones. +openqa_client_key: 1234567890ABCDEF +openqa_client_secret: 1234567890ABCDEF + +# The number of workers to enable on this system +openqa_worker_count: 1 + +# Port range to open for VNC access to local workers. +# The max port should be 5990 + n where n is the total +# number of workers you want to enable on your system. +openqa_min_vnc_port: 5991 +openqa_max_vnc_port: "{{ 5990 + openqa_worker_count|int }}" + +# Packages to install +openqa_packages: + - git + - vim-enhanced + - openqa + - openqa-httpd + - openqa-worker + - fedora-messaging + - guestfs-tools + - libguestfs-xfs + - python3-fedfind + - python3-libguestfs + - libvirt-daemon-config-network + - virt-install + - withlock + - postgresql-server + - perl-REST-Client + +# Services to start and enable +openqa_services: + - sshd + - httpd + - openqa-gru + - openqa-scheduler + - openqa-websockets + - openqa-webui + - fm-consumer@fedora_openqa_scheduler +...