mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-04-24 10:31:56 +08:00
58dd80c799
We need to treat it and the x86_64 update group separately to do this, but it really doesn't need 200G. We have images from three weeks ago, and we don't need that kind of buffer, and space is a bit tight. Note: there is no aarch64 updates group as we do not currently run updates tests on aarch64. Signed-off-by: Adam Williamson <awilliam@redhat.com>
432 lines
17 KiB
YAML
432 lines
17 KiB
YAML
# Required vars
|
|
# - openqa_email
|
|
## string - Email address of admin user
|
|
# - openqa_nickname
|
|
## string - Short name of admin user (shown in the web UI for e.g.)
|
|
# - openqa_fullname
|
|
## string - Full name of admin user
|
|
# - openqa_key
|
|
# - openqa_secret
|
|
## string - MUST be 16-character hexadecimals, and are secrets
|
|
# openqa_userid
|
|
## string - User ID of admin user: for Fedora should be a Fedora openID URL,
|
|
## http://fasname.id.fedoraproject.org
|
|
|
|
# Required vars with defaults
|
|
# - external_hostname
|
|
## string - The public hostname for the server (will be used as ServerName)
|
|
## default - ansible_nodename
|
|
# - openqa_webapi_plugins
|
|
## string - Space-separated list of openQA WebAPI plugins to enable
|
|
## Note if you enable FedoraMessaging or AMQP plugins, you should
|
|
## also set openqa_amqp_publisher_prefix, openqa_amqp_publisher_url
|
|
## and openqa_amqp_publisher_exchange
|
|
## default - FedoraUpdateRestart
|
|
# - openqa_repo
|
|
## string - Repo to enable when updating openQA packages. Set to
|
|
## 'updates-testing' to use packages from updates-testing
|
|
## default - 'updates', which is effectively a no-op
|
|
|
|
# Optional vars
|
|
# - openqa_static_uid
|
|
## int - a static ID for the geekotest user and group if desired
|
|
## this is useful for NFS mounting openQA data files
|
|
# - openqa_dbname
|
|
## string - The name of the database to use
|
|
# - openqa_dbhost
|
|
## string - The hostname of the database server
|
|
# - openqa_dbuser
|
|
## string - The database username
|
|
# - openqa_dbpassword
|
|
## string - The database password
|
|
# - openqa_assetsize
|
|
## int - the asset size limit to set in GB (upstream default is 100GB)
|
|
## higher is recommended for normal Fedora testing, 300GB is good
|
|
## FIXME: this only works for pgsql ATM
|
|
# - openqa_assetsize_updates
|
|
## int - the asset size limit to set for update job groups in GB
|
|
## (upstream default is 100GB). Lower is recommended for normal
|
|
## Fedora testing, 50GB is good
|
|
## FIXME: this only works for pgsql ATM
|
|
# - openqa_amqp_publisher_prefix
|
|
## string - openQA AMQP 'topic_prefix' config value. This prefix is
|
|
## prepended to the topic when publishing messages with the
|
|
## AMQP or FedoraMessaging plugins, with a . added (so don't
|
|
## include the . in the value). If set to an empty string,
|
|
## openQA from before August 2019 will use 'suse' as the
|
|
## prefix; later openQA will omit the prefix entirely
|
|
## default - '' (empty string)
|
|
# - openqa_amqp_publisher_url
|
|
## string - AMQP broker URL for publishing messages with the AMQP or
|
|
## FedoraMessaging plugins, e.g.
|
|
## amqps://fedora:@rabbitmq.fedoraproject.org/%2Fpubsub
|
|
## default - amqp://test:@localhost/%2Fpubsub
|
|
# - openqa_amqp_publisher_exchange
|
|
## string - exchange to publish AMQP messages to with AMQP or
|
|
## FedoraMessaging plugins, e.g. amq.topic. Note, this can
|
|
## be (ab)used to set additional query parameters for the
|
|
## publish request, by just appending them, e.g.
|
|
## amq.topic&cacertfile=/path/to/ca_certificate_file
|
|
## default - amq.topic
|
|
# - deployment_type
|
|
## string - Fedora Infrastructure thing; for this role, applies an
|
|
## infra-specific tweak to httpd config. Don't set it outside
|
|
## Fedora infra.
|
|
# - openqa_scratch
|
|
## list - A list of task IDs of scratch builds to install. If set, we
|
|
## will download the scratch build(s) and set up a side repo
|
|
## containing them. We do this because openQA staging is our
|
|
## main platform for testing new openQA releases; we need to
|
|
## be able to run scratch builds to see if a new release is
|
|
## really bad before submitting it as an update, we don't want
|
|
## to send new builds to updates-testing if they have problems
|
|
# - openqa_nfs_workers
|
|
## list - A list of hostnames of workers that will share the factory
|
|
## directory via NFS. All these will be granted rw access to
|
|
## the share (they need write access to be able to decompress
|
|
## compressed disk images on the fly). If not defined, the
|
|
## factory dir will not be shared via NFS at all.
|
|
|
|
# If openqa_dbhost is set, the other openqa_db* variables must be too,
|
|
# and the server will be configured to use a pgsql database accordingly.
|
|
# If openqa_dbhost is not set, the server will use a local SQLite database
|
|
# and the other openqa_db* values are ignored.
|
|
|
|
- name: Create geekotest group with static GID
|
|
group: "name=geekotest gid={{ openqa_static_uid }} system=yes"
|
|
when: "openqa_static_uid is defined"
|
|
|
|
- name: Create geekotest user with static UID
|
|
user:
|
|
name: geekotest
|
|
comment: "openQA user"
|
|
uid: "{{ openqa_static_uid }}"
|
|
group: geekotest
|
|
home: "/var/lib/openqa"
|
|
createhome: no
|
|
system: yes
|
|
shell: /sbin/nologin
|
|
when: "openqa_static_uid is defined"
|
|
|
|
- name: Remove scratch repo directory
|
|
file: path=/var/tmp/scratchrepo state=absent
|
|
|
|
- name: (Re-)create scratch repo directory
|
|
file: path=/var/tmp/scratchrepo state=directory owner=root group=root
|
|
when: "openqa_scratch is defined"
|
|
|
|
- name: Install Koji CLI client and createrepo
|
|
package:
|
|
name: ["koji", "createrepo"]
|
|
state: present
|
|
tags:
|
|
- packages
|
|
when: "openqa_scratch is defined"
|
|
|
|
- name: Download scratch builds
|
|
command: "koji download-task --arch=noarch --arch={{ ansible_architecture }} {{ item }}"
|
|
args:
|
|
chdir: /var/tmp/scratchrepo
|
|
loop: "{{ openqa_scratch|flatten(levels=1) }}"
|
|
when: "openqa_scratch is defined"
|
|
|
|
- name: Write repodata
|
|
command: "createrepo ."
|
|
args:
|
|
chdir: /var/tmp/scratchrepo
|
|
when: "openqa_scratch is defined"
|
|
|
|
- name: Write scratch build repo config
|
|
copy: src=scratchrepo.repo dest=/etc/yum.repos.d/scratchrepo.repo owner=root group=root mode=0644
|
|
when: "openqa_scratch is defined"
|
|
|
|
- name: Delete scratch build repo config
|
|
file: path=/etc/yum.repos.d/scratchrepo.conf state=absent
|
|
when: "openqa_scratch is not defined"
|
|
|
|
# this is separate from the step below so we can use openqa_repo just
|
|
# for these packages
|
|
- name: Install openQA packages
|
|
package:
|
|
name:
|
|
- openqa
|
|
- openqa-httpd
|
|
- openqa-plugin-fedora-messaging
|
|
- openqa-plugin-fedoraupdaterestart
|
|
state: latest
|
|
enablerepo: "{{ openqa_repo }}"
|
|
tags:
|
|
- packages
|
|
|
|
- name: Install various other required packages
|
|
package:
|
|
name:
|
|
- python3-libselinux # for using seboolean module
|
|
- git # for checking out tests/tools
|
|
- jq # for checking if tests changed after template load
|
|
- python3-libsemanage # for using seboolean module
|
|
- nfs-utils # for configuring/running NFS server
|
|
- perl(Class::DBI::Pg) # for using postgresql DB
|
|
- genisoimage # for building cloud-init ISO
|
|
- policycoreutils # for loading SELinux policy module
|
|
state: present
|
|
tags:
|
|
- packages
|
|
|
|
- name: Check test directory exists with correct ownership
|
|
file: path=/var/lib/openqa/share/tests/fedora state=directory owner=geekotest group=geekotest recurse=yes
|
|
|
|
# we don't want to run the checkout if the tests are on a non-standard
|
|
# branch, as that usually means we're messing around on staging and
|
|
# don't want the checkout reset to HEAD.
|
|
- name: Check if tests are checked out and on a non-standard branch
|
|
command: "git status" # noqa 303
|
|
args:
|
|
chdir: /var/lib/openqa/share/tests/fedora
|
|
register: testsbranch
|
|
failed_when: "1 != 1"
|
|
changed_when: "1 != 1"
|
|
check_mode: no
|
|
|
|
- name: Check out the tests
|
|
git:
|
|
repo: https://pagure.io/fedora-qa/os-autoinst-distri-fedora.git # noqa 401
|
|
dest: /var/lib/openqa/share/tests/fedora
|
|
register: gittests
|
|
become: true
|
|
become_user: geekotest
|
|
when: >
|
|
(testsbranch.stderr.find('ot a git repository') != -1) or
|
|
(testsbranch.stdout.find('On branch master') != -1 and
|
|
testsbranch.stdout.find('Changes not staged') == -1)
|
|
|
|
- name: Remove old openqa_fedora_tools checkout
|
|
file: path=/root/openqa_fedora_tools state=absent
|
|
|
|
- name: Create asset directories
|
|
file: path={{ item }} state=directory owner=geekotest group=geekotest mode=0775
|
|
with_items:
|
|
- /var/lib/openqa/share/factory/iso
|
|
- /var/lib/openqa/share/factory/iso/fixed
|
|
- /var/lib/openqa/share/factory/hdd
|
|
- /var/lib/openqa/share/factory/hdd/fixed
|
|
- /var/lib/openqa/share/factory/repo
|
|
- /var/lib/openqa/share/factory/other
|
|
|
|
- name: Copy in meta-data for cloud-init ISO creation
|
|
copy: src=meta-data dest=/var/tmp/meta-data owner=root group=root mode=0644
|
|
|
|
- name: Copy in user-data for cloud-init ISO creation
|
|
copy: src=user-data dest=/var/tmp/user-data owner=root group=root mode=0644
|
|
|
|
- name: Create cloud-init ISO
|
|
command: genisoimage -output cloudinit.iso -volid cidata -joliet -rock /var/tmp/user-data /var/tmp/meta-data
|
|
args:
|
|
chdir: /var/lib/openqa/share/factory/iso/fixed
|
|
creates: /var/lib/openqa/share/factory/iso/fixed/cloudinit.iso
|
|
|
|
- name: Create exports file
|
|
template: src=exports.j2 dest=/etc/exports.d/openqa.exports owner=root group=root mode=0644
|
|
register: exportsfile
|
|
when: openqa_nfs_workers is defined
|
|
tags:
|
|
- config
|
|
|
|
- name: Enable and start NFS server
|
|
service: name=nfs-server enabled=yes state=started
|
|
when: openqa_nfs_clients is defined
|
|
|
|
- name: Refresh exports
|
|
command: exportfs -r
|
|
when: exportsfile is changed
|
|
|
|
- name: Set up Apache config
|
|
template: src=openqa.conf.httpd.j2 dest=/etc/httpd/conf.d/openqa.conf owner=root group=root mode=0644
|
|
notify:
|
|
- reload httpd
|
|
tags:
|
|
- config
|
|
|
|
- name: OpenQA config
|
|
template: src=openqa.ini.j2 dest=/etc/openqa/openqa.ini owner=geekotest group=root mode=0644
|
|
tags:
|
|
- config
|
|
|
|
- name: Create database
|
|
delegate_to: "{{ openqa_dbhost }}"
|
|
become_user: postgres
|
|
become: true
|
|
postgresql_db: db={{ openqa_dbname }}
|
|
when: "openqa_dbhost is defined"
|
|
|
|
- name: Ensure db user has access to database
|
|
delegate_to: "{{ openqa_dbhost }}"
|
|
become_user: postgres
|
|
become: true
|
|
postgresql_user: db={{ openqa_dbname }} user={{ openqa_dbuser }} password={{ openqa_dbpassword }} role_attr_flags=NOSUPERUSER
|
|
when: "openqa_dbhost is defined"
|
|
|
|
- name: Database config
|
|
template: src=database.ini.pgsql.j2 dest=/etc/openqa/database.ini owner=geekotest group=root mode=0640
|
|
when: "openqa_dbhost is defined"
|
|
tags:
|
|
- config
|
|
|
|
- name: Initialize database
|
|
shell: "/usr/share/openqa/script/initdb --user geekotest --init_database" # noqa 305
|
|
register: initdb
|
|
changed_when: "initdb.rc == 0"
|
|
failed_when: "(initdb.rc > 0) and (initdb.stdout is not defined or initdb.stdout.find('already exists') == -1)"
|
|
|
|
- name: Enable and start services
|
|
service: name={{ item }} enabled=yes state=started
|
|
register: services
|
|
with_items:
|
|
- openqa-livehandler
|
|
- openqa-scheduler
|
|
- openqa-webui
|
|
- openqa-websockets
|
|
- openqa-gru
|
|
|
|
- name: Create somewhere to stick our custom SELinux module
|
|
file:
|
|
path: /usr/local/share/selinux
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Copy over custom SELinux module allowing httpd to connect to openQA
|
|
copy: src=httpd-openqa.pp dest=/usr/local/share/selinux/httpd-openqa.pp owner=root group=root mode=0644
|
|
register: selinux_module
|
|
|
|
- name: Load our custom SELinux module
|
|
command: semodule -i /usr/local/share/selinux/httpd-openqa.pp
|
|
when: selinux_module is changed
|
|
|
|
# Unfortunately still need this until port 9528 is tagged:
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1277312
|
|
- name: Set httpd_can_network_connect SELinux boolean
|
|
seboolean: name=httpd_can_network_connect state=yes persistent=yes
|
|
|
|
- name: Allow Apache to read from NFS (as we store test data files there now)
|
|
seboolean: name=httpd_use_nfs state=yes persistent=yes
|
|
|
|
# services is undefined in check mode
|
|
- name: Wait for openQA to be fully started
|
|
pause: seconds=5
|
|
when: "services is defined and services is changed"
|
|
|
|
# the 'dispatcher' role may require this to have a non-root group and
|
|
# sets it 0640, so we don't enforce ownership here and set mode to
|
|
# 0640 so we don't wind up ping-ponging it between server and
|
|
# dispatcher roles.
|
|
- name: openQA client config
|
|
template: src=client.conf.j2 dest=/etc/openqa/client.conf mode=0640
|
|
tags:
|
|
- config
|
|
|
|
- name: Create admin user
|
|
command: >
|
|
/var/lib/openqa/script/create_admin --email {{ openqa_email }} --nickname {{ openqa_nickname }}
|
|
--fullname '{{ openqa_fullname }}' --key {{ openqa_key }} --secret {{ openqa_secret }}
|
|
{{ openqa_userid }}
|
|
register: admin
|
|
changed_when: "admin.rc == 0"
|
|
failed_when: "(admin.rc > 0) and (admin.stderr is not defined or admin.stderr.find('already exists') == -1)"
|
|
|
|
- name: Check if we're on upstream template format or FIF
|
|
stat:
|
|
path: /var/lib/openqa/share/tests/fedora/templates.fif.json
|
|
register: templatesfif
|
|
|
|
- name: Dump existing config for checking changes
|
|
shell: "/usr/share/openqa/script/dump_templates --json > /tmp/tmpl-old.json || :"
|
|
when: "(gittests is defined) and (gittests is changed)"
|
|
changed_when: "1 != 1"
|
|
|
|
# Because of the boring details of how template loading works, getting
|
|
# a correct 'changed' for this step is too difficult. Instead we have
|
|
# the dump (above) and check (later) steps; when the templates actually
|
|
# changed, the *check* step will register as changed.
|
|
- name: Load main tests (upstream format)
|
|
command: "/var/lib/openqa/share/tests/fedora/templates --clean"
|
|
when: "(gittests is defined) and (gittests is changed) and (not templatesfif.stat.exists)"
|
|
changed_when: "1 != 1"
|
|
|
|
- name: Load update tests (upstream format)
|
|
command: "/var/lib/openqa/share/tests/fedora/templates-updates --update"
|
|
when: "(gittests is defined) and (gittests is changed) and (not templatesfif.stat.exists)"
|
|
changed_when: "1 != 1"
|
|
|
|
- name: Load all tests (FIF format)
|
|
command: "/var/lib/openqa/share/tests/fedora/fifloader.py -l --clean templates.fif.json templates-updates.fif.json"
|
|
args:
|
|
chdir: /var/lib/openqa/share/tests/fedora
|
|
when: "(gittests is defined) and (gittests is changed) and (templatesfif.stat.exists)"
|
|
changed_when: "1 != 1"
|
|
|
|
- name: Check if the tests changed in previous step
|
|
shell: "/usr/share/openqa/script/dump_templates --json > /tmp/tmpl-new.json && diff <(jq -S . /tmp/tmpl-old.json) <(jq -S . /tmp/tmpl-new.json)"
|
|
when: "(gittests is defined) and (gittests is changed)"
|
|
register: testsdiff
|
|
changed_when: "testsdiff.rc > 0"
|
|
failed_when: "1 != 1"
|
|
|
|
- name: Set 'fedora' asset size limit (if specified) (pgsql)
|
|
delegate_to: "{{ openqa_dbhost }}"
|
|
become_user: postgres
|
|
become: true
|
|
command: >
|
|
psql -d {{ openqa_dbname }} -c "UPDATE job_groups SET size_limit_gb = {{ openqa_assetsize }}
|
|
WHERE name = 'fedora' AND (size_limit_gb != {{ openqa_assetsize }} OR size_limit_gb IS NULL);"
|
|
when: "openqa_dbhost is defined and openqa_assetsize is defined"
|
|
register: pgsqlsize
|
|
changed_when: "pgsqlsize.stdout.find('UPDATE 0') == -1"
|
|
|
|
- name: Set 'Fedora PowerPC' asset size limit (if specified) (pgsql)
|
|
delegate_to: "{{ openqa_dbhost }}"
|
|
become_user: postgres
|
|
become: true
|
|
command: >
|
|
psql -d {{ openqa_dbname }} -c "UPDATE job_groups SET size_limit_gb = {{ openqa_assetsize_ppc }}
|
|
WHERE name = 'Fedora PowerPC' AND (size_limit_gb != {{ openqa_assetsize_ppc }}
|
|
OR size_limit_gb IS NULL);"
|
|
when: "openqa_dbhost is defined and openqa_assetsize_ppc is defined"
|
|
register: pgsqlsizeppc
|
|
changed_when: "pgsqlsizeppc.stdout.find('UPDATE 0') == -1"
|
|
|
|
- name: Set 'Fedora AArch64' asset size limit (if specified) (pgsql)
|
|
delegate_to: "{{ openqa_dbhost }}"
|
|
become_user: postgres
|
|
become: true
|
|
command: >
|
|
psql -d {{ openqa_dbname }} -c "UPDATE job_groups SET size_limit_gb = {{ openqa_assetsize_aarch64 }}
|
|
WHERE name = 'Fedora AArch64' AND (size_limit_gb != {{ openqa_assetsize_aarch64 }}
|
|
OR size_limit_gb IS NULL);"
|
|
when: "openqa_dbhost is defined and openqa_assetsize_aarch64 is defined"
|
|
register: pgsqlsizeaarch64
|
|
changed_when: "pgsqlsizeaarch64.stdout.find('UPDATE 0') == -1"
|
|
|
|
- name: Set (x86_64) update job group asset size limit (if specified) (pgsql)
|
|
delegate_to: "{{ openqa_dbhost }}"
|
|
become_user: postgres
|
|
become: true
|
|
command: >
|
|
psql -d {{ openqa_dbname }} -c "UPDATE job_groups SET size_limit_gb = {{ openqa_assetsize_updates }}
|
|
WHERE name = 'Fedora Updates' AND (size_limit_gb != {{ openqa_assetsize_updates }}
|
|
OR size_limit_gb IS NULL);"
|
|
when: "openqa_dbhost is defined and openqa_assetsize_updates is defined"
|
|
register: pgsqlupdatesize
|
|
changed_when: "pgsqlupdatesize.stdout.find('UPDATE 0') == -1"
|
|
|
|
- name: Set ppc64le update job group asset size limit (if specified) (pgsql)
|
|
delegate_to: "{{ openqa_dbhost }}"
|
|
become_user: postgres
|
|
become: true
|
|
command: >
|
|
psql -d {{ openqa_dbname }} -c "UPDATE job_groups SET size_limit_gb = {{ openqa_assetsize_updates_ppc }}
|
|
WHERE name = 'Fedora PowerPC Updates' AND (size_limit_gb != {{ openqa_assetsize_updates_ppc }}
|
|
OR size_limit_gb IS NULL);"
|
|
when: "openqa_dbhost is defined and openqa_assetsize_updates_ppc is defined"
|
|
register: pgsqlupdatesizeppc
|
|
changed_when: "pgsqlupdatesizeppc.stdout.find('UPDATE 0') == -1"
|