Compare commits

...

4 Commits

Author SHA1 Message Date
Al Bowles
6713c3024c
Add requirements file 2023-02-18 14:43:30 -06:00
Al Bowles
ed3b12a320
Linter fixes 2023-02-18 14:35:36 -06:00
Al Bowles
0f57ce2a83
Update filelist 2023-02-18 13:43:37 -06:00
Al Bowles
af549402d9
Automation for configuring a worker-only host 2023-02-18 13:41:46 -06:00
13 changed files with 208 additions and 41 deletions

View File

@ -1,3 +1,4 @@
---
# .ansible-lint
warn_list:
- '204' # Lines should be less than 160 characters

View File

@ -17,26 +17,30 @@ This repository is for openQA operations and management.
├── handlers
│   └── main.yml
├── init-rocky-openqa-developer-host.yml
├── localhost.yml
├── init-rocky-openqa-worker-host.yml
├── README.md
├── roles
│   └── README.md
├── tasks
│   ├── main.yml
│   ├── openqa-worker.yml
│   └── openqa.yml
├── templates
│   └── etc
│   ├── firewalld
│   │   └── services
│   │   ├── openqa-socket.xml.j2
│   │   └── openqa-vnc.xml.j2
│   └── openqa
│   ├── client.conf.j2
│   └── openqa.ini.j2
│   ├── openqa.ini.j2
│   └── workers.conf.j2
├── tests
│   ├── README.md
│   └── test.yml
└── vars
├── main.yml
├── openqa-worker.yml
└── openqa.yml
```

View File

@ -23,16 +23,17 @@
# This is to try to avoid the handler issue in pre/post tasks
handlers:
- import_tasks: handlers/main.yml
- name: Import handlers
ansible.builtin.import_tasks: handlers/main.yml
pre_tasks:
- name: Check if ansible cannot be run here
stat:
ansible.builtin.stat:
path: /etc/no-ansible
register: no_ansible
- name: Verify if we can run ansible
assert:
ansible.builtin.assert:
that:
- "not no_ansible.stat.exists"
success_msg: "We are able to run on this node"
@ -40,11 +41,11 @@
tasks:
- name: Install and configure OpenQA
import_tasks: tasks/openqa.yml
ansible.builtin.import_tasks: tasks/openqa.yml
post_tasks:
- name: Touching run file that ansible has ran here
file:
ansible.builtin.file:
path: /var/log/ansible.run
state: touch
mode: '0644'

View File

@ -0,0 +1,43 @@
# Configure an openQA worker host
# This playbook is *NOT* intended for WAN-facing systems!
#
# Created: @akatch
---
- name: Rocky openQA Worker Runbook
hosts: openqa_workers
become: true
gather_facts: false
vars_files:
- vars/openqa-worker.yml
# This is to try to avoid the handler issue in pre/post tasks
handlers:
- name: Import handlers
ansible.builtin.import_tasks: handlers/main.yml
pre_tasks:
- name: Check if ansible cannot be run here
ansible.builtin.stat:
path: /etc/no-ansible
register: no_ansible
- name: Verify if we can run ansible
ansible.builtin.assert:
that:
- "not no_ansible.stat.exists"
success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node"
tasks:
- name: Install and configure OpenQA workers
ansible.builtin.import_tasks: tasks/openqa-worker.yml
post_tasks:
- name: Touching run file that ansible has ran here
ansible.builtin.file:
path: /var/log/ansible.run
state: touch
mode: '0644'
owner: root
group: root
...

3
requirements.yml Normal file
View File

@ -0,0 +1,3 @@
---
collections:
- ansible.posix

View File

@ -1,4 +0,0 @@
---
# No tasks
- debug: msg="No tasks are provided here. Please import the task as needed in your playbook."
...

66
tasks/openqa-worker.yml Normal file
View File

@ -0,0 +1,66 @@
---
- name: Install OpenQA worker packages
ansible.builtin.dnf:
name: "{{ openqa_worker_packages }}"
state: present
tags:
- packages
- name: Create openQA group
ansible.builtin.group:
name: "{{ openqa_group }}"
system: true
- name: Create openQA user
ansible.builtin.user:
name: "{{ openqa_user }}"
groups: "{{ openqa_group }}"
append: true
system: true
- name: Configure firewalld for openQA worker connections
ansible.builtin.template:
src: etc/firewalld/services/{{ item }}.xml.j2
dest: /etc/firewalld/services/{{ item }}.xml
owner: root
group: root
mode: "0644"
loop:
- openqa-socket
- openqa-vnc
tags:
- configure
- name: Reload firewalld
ansible.builtin.systemd:
name: firewalld
state: reloaded
tags:
- configure
ignore_errors: "{{ ansible_check_mode }}"
- name: Write openQA configuration file
ansible.builtin.template:
src: etc/openqa/{{ item }}.j2
dest: /etc/openqa/{{ item }}
owner: "{{ openqa_user }}"
group: "{{ openqa_group }}"
mode: "0444"
loop:
- client.conf
- workers.conf
tags:
- configure
- name: Start openQA workers
ansible.builtin.systemd:
name: "openqa-worker@{{ item }}"
state: started
enabled: true
# range "end" parameter is exclusive, so add 1
loop: "{{ range(1, (openqa_worker_count | int + 1)) | list }}"
tags:
- start_workers
- configure
ignore_errors: "{{ ansible_check_mode }}"
...

View File

@ -1,13 +1,13 @@
---
- name: Install OpenQA packages
yum:
ansible.builtin.yum:
name: "{{ openqa_packages }}"
state: present
tags:
- packages
- name: Copy httpd configuration files
copy:
ansible.builtin.copy:
remote_src: true
src: /etc/httpd/conf.d/{{ item }}.template
dest: /etc/httpd/conf.d/{{ item }}
@ -22,7 +22,7 @@
- configure
- name: Template OpenQA configuration files
template:
ansible.builtin.template:
src: etc/openqa/{{ item }}.j2
dest: /etc/openqa/{{ item }}
owner: "{{ openqa_user }}"
@ -35,20 +35,21 @@
- configure
- name: Get service facts
service_facts:
ansible.builtin.service_facts:
- name: Check for non-empty postgres data directory
stat:
ansible.builtin.stat:
path: /var/lib/pgsql/data/base
register: postgres_data_dir
- name: If postgresql is not already running, initialize database
command: postgresql-setup --initdb
ansible.builtin.command: postgresql-setup --initdb
when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" )
and not postgres_data_dir.stat.exists
changed_when: true
- name: Enable and start postgresql service
systemd:
ansible.builtin.systemd:
name: postgresql
state: started
enabled: true
@ -56,7 +57,7 @@
and not postgres_data_dir.stat.exists
- name: Configure SELinux to allow httpd connection to network
seboolean:
ansible.posix.seboolean:
name: httpd_can_network_connect
state: true
persistent: true
@ -64,7 +65,7 @@
- configure
- name: Enable and start OpenQA services
systemd:
ansible.builtin.systemd:
name: "{{ item }}"
state: started
enabled: true
@ -73,7 +74,7 @@
- configure
- name: Create openqa-vnc firewalld service
template:
ansible.builtin.template:
src: etc/firewalld/services/openqa-vnc.xml.j2
dest: /etc/firewalld/services/openqa-vnc.xml
owner: root
@ -83,13 +84,13 @@
- configure
- name: Load openqa-vnc firewalld service
systemd:
ansible.builtin.systemd:
name: firewalld
state: reloaded
tags:
- configure
- name: Permit traffic for {{ item }} service
- name: Permit traffic for http and openqa-vnc services
ansible.posix.firewalld:
service: "{{ item }}"
permanent: true
@ -101,21 +102,21 @@
- configure
- name: Reload FirewallD
systemd:
ansible.builtin.systemd:
name: firewalld
state: reloaded
tags:
- configure
- name: Check for existing repository
stat:
ansible.builtin.stat:
path: "{{ openqa_homedir }}/share/tests/rocky"
register: rocky_testing_repo
tags:
- configure
- name: Clone repository if it does not already exist
git:
ansible.builtin.git:
accept_hostkey: true
dest: "{{ openqa_homedir }}/share/tests/rocky"
repo: "{{ openqa_rocky_testing_repo }}"
@ -125,7 +126,7 @@
- configure
- name: Set owner/group/permissions on repo contents
file:
ansible.builtin.file:
path: "{{ openqa_homedir }}/share/tests/rocky"
recurse: true
owner: "{{ openqa_user }}"
@ -136,17 +137,17 @@
# fifloader.py will fail if the Demo user is not logged in
- name: Authenticate to web UI the first time
uri:
ansible.builtin.uri:
url: "http://{{ openqa_host }}/login"
- name: Run fifloader.py
command: ./fifloader.py -l -c templates.fif.json templates-updates.fif.json
ansible.builtin.command: ./fifloader.py -l -c templates.fif.json templates-updates.fif.json
changed_when: "1 != 1"
args:
chdir: "{{ openqa_homedir }}/share/tests/rocky"
- name: Create ISO directory
file:
ansible.builtin.file:
path: "{{ openqa_homedir }}/share/factory/iso/fixed"
state: directory
owner: "{{ openqa_user }}"
@ -156,7 +157,7 @@
- download_isos
- name: Download ISOs
get_url:
ansible.builtin.get_url:
dest: "{{ openqa_homedir }}/share/factory/iso/fixed/{{ item.name }}"
url: "{{ rocky_iso_download_url }}/{{ item.name }}"
checksum: "{{ item.checksum }}"
@ -168,7 +169,7 @@
tags:
- download_isos
- name: Start {{ openqa_worker_count }} OpenQA workers
- name: Start OpenQA workers
ansible.builtin.systemd:
name: "openqa-worker@{{ item }}"
state: started
@ -180,7 +181,7 @@
- configure
- name: POST a job
command: |
ansible.builtin.command: |
openqa-cli api -X POST isos \
ISO=Rocky-{{ rocky_version }}-{{ rocky_arch }}-minimal.iso \
ARCH={{ rocky_arch }} \

View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<port port="{{ openqa_min_socket_port }}-{{ openqa_max_socket_port }}" protocol="tcp"/>
</service>

View File

@ -0,0 +1,9 @@
[global]
HOST = https://{{ openqa_host }}
CACHEDIRECTORY = /var/lib/openqa/cache # desired cache location
CACHELIMIT = 50 # max. cache size in GiB, defaults to 50
CACHE_MIN_FREE_PERCENTAGE = 10 # min. free disk space to preserve in percent
CACHEWORKERS = 5 # number of parallel cache minion workers, defaults to 5
[https://{{ openqa_host }}]
TESTPOOLSERVER = rsync://{{ openqa_host }}/tests # also cache tests (via rsync)

View File

@ -1,5 +1,9 @@
---
- hosts: localhost
- name: Run tests
hosts: localhost
remote_user: root
tasks:
- import_tasks: example.yml
- name: Ensure required variables are defined
ansible.builtin.assert:
that:
- openqa_host is defined

35
vars/openqa-worker.yml Normal file
View File

@ -0,0 +1,35 @@
---
# The primary openQA host
openqa_host: openqa.rockylinux.org
openqa_client_key: 1234567890ABCDEF
openqa_client_secret: 1234567890ABCDEF
# Default OpenQA user and group
openqa_user: geekotest
openqa_group: geekotest
# The number of workers to enable on this system
openqa_worker_count: 2
# Port range to open for VNC access to local workers.
# The max port should be 5990 + n where n is the total
# number of workers you want to enable on your system.
openqa_min_vnc_port: 5991
openqa_max_vnc_port: "{{ 5990 + openqa_worker_count | int }}"
# Port range to open for socket connections from the primary host.
openqa_min_socket_port: 20000
openqa_max_socket_port: 20089
# Packages to install
openqa_worker_packages:
- firewalld
- guestfs-tools
- libguestfs-xfs
- libvirt-daemon-config-network
- openqa-worker
- perl-REST-Client
- python3-libguestfs
- virt-install
- withlock
...