OpenID support in FAS is going away. openQA has OAuth2 support.
I've tested this config to work with manual edits on lab, now
ansiblizing it (for lab only to start with).
Signed-off-by: Adam Williamson <awilliam@redhat.com>
We really ought to do this. Capacity and reliability are issues,
so I'm going to try it with a small set of core tests at first.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
so, this was working before somehow, but it was pretty clearly
wrong. We were using queues owned by openqa.stg on the prod
rabbitmq instance for the cases where the openQA "stg" consumers
need to listen to prod queues. This can only have been working
with an openqa.stg user on prod, which seems wrong. Instead,
these three consumers should do it the way the relval and
relvalami consumers do - use a queue owned by the "openqa" user,
but with a suffix so they have a different queue from the actual
prod queue. The upshot of this is that in the configs, we should
go from:
amqp_url = "amqps://openqa:@rabbitmq.fedoraproject.org/%2Fpubsub"
...
queue = "openqa.stg_scheduler"
- which is weird and I have no idea how it ever worked - to:
amqp_url = "amqps://openqa:@rabbitmq.fedoraproject.org/%2Fpubsub"
...
queue = "openqa_scheduler_stg"
- which seems much more sensible.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
This is triggered by
https://pagure.io/fedora-infrastructure/issue/11375 , but the
changes are rather extensive. Unfortunately, some of the
relevant files got messed up by the alphabetical sort thing that
got run on several group variable files a while ago, so that
confuses the diff a bit - I had to unwind those changes to make
the files readable again in order to make these changes.
Ultimately the goal here is to make the config more consistent
and more functional - the variables used and their names should
be more consistently related to what they're actually *for*,
which I didn't entirely understand when setting this up. So
we have variables for the username being used in each case and
we use that variable where we're referring to the username, for
instance. This should also make the whole thing about the cases
where listeners on the openQA stg/lab instance need to listen
to prod messages clearer, too. It also makes the user creation
clearer by doing it explicitly, just once per user, instead of
haphazardly doing it implicitly through the queue definitions.
And finally it should also actually fix 11375, by giving the
appropriate write permissions to each user.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
The 2023-05 git builds look good on stg, and are now in u-t, so
drop the scratch repos on stg and enable u-t on prod so we get
the builds from u-t everywhere.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
I think the recent git builds are good and I want them everywhere
so I can merge a bunch of things and clean up before the weekend.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Upstream implemented a feature that we can use to do the same
thing using just a test variable, so we're switching to that.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
We don't need the scratch builds on stg any more now we've sent
the new builds to updates-testing. We *do* want to use the builds
from u-t on prod now (I don't want to wait a week for the stable
push).
Signed-off-by: Adam Williamson <awilliam@redhat.com>
This sets up the openQA lab instance to report to the new stg
instance of resultsdb, and use authentication. The scheduler
config file is now mode 0600 because it has a password in it.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
We need to treat it and the x86_64 update group separately to
do this, but it really doesn't need 200G. We have images from
three weeks ago, and we don't need that kind of buffer, and space
is a bit tight.
Note: there is no aarch64 updates group as we do not currently
run updates tests on aarch64.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
We don't need scratch builds on lab or updates-testing on prod
any more, latest builds are stable.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Staging wiki auth from openqa-lab01 works again now (thanks to
Aurelien) so we can re-enable these. Also fix the grouping in
openqa_lab that was broken by the sorting done in 580cd25.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
This unifies prod and stg onto the ways of doing things for the
latest packages, and rejigs the swtpm stuff a bit to tear down
more (we shouldn't need the custom SELinux policy any more).
Signed-off-by: Adam Williamson <awilliam@redhat.com>
os-autoinst is actually an official build now, and this is a
newer (and somewhat fixed) openQA scratch.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
This was done using yq (
https://mikefarah.gitbook.io/yq/operators/sort-keys )
Doing things this way makes it much easier to see if a variable is set
in a file or if two hosts differ in what variables they set. Hopefully
we can keep things sorted moving forward.
Basically this means just sort a-z anything you add to any host or group
vaiable and it will be in the right place.
Additionally, this enforces 'normal' intent rules for all the variable
files which we should also try and obey. 2 spaces for first level, 3 for
next, etc. When in doubt you can run yq on it.
This should cause NO actual vairable changes, it's all just readability
fixing for humans, ansible parses it exactly the same.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We don't need the scratch builds any more, they're in u-t. We
also don't need to use a side branch on lab createhdds any more,
or deploy from u-t on prod.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
The latest versions that were previously deployed as scratch
builds on lab are now in u-t, and ran fine on lab for a week, so
let's just deploy them from u-t to both instances now.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
The main goal of these changes is to allow all workers in each
deployment NFS write access to the factory share. This is because
I want to try using os-autoinst's at-job-run-time decompression
of disk images instead of openQA's at-asset-download-time
decompression; it avoids some awkwardness with the asset file
name, and should also actually allow us to drop the decompression
code from openQA I think.
I also rejigged various other things at the same time as they
kinda logically go together. It's mostly cleanups and tweaks to
group variables. I tried to handle more things explicitly with
variables, as it's better for use of these plays outside of
Fedora infra.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
I just enhanced the scheduler code so we can share the stock
WANTED definition (which now includes all arches) between prod
and lab, but filter the arches with a config file setting. This
means we don't have to carry and install a whole custom WANTED
file with the extra arches for lab any more, we just set the
appropriate value in the config file. Also drop some stuff from
the config file that's been useless since we switched to
fedora-messaging.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
We decided that since this wasn't really a staging host, we should stop
calling it 'stg' and putting it in stg group. Since it's used for
testing new openqa and edge features, lab seemed appropriate.
This brings up a openqa-lab01 on qvmhost-x86-01 and a power9 and aarch64
workers. More workers to be added as they are installed. Ther will be at
least one more power9 and 2 more aarch64 boxes.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
