diff --git a/inventory/group_vars/openqa-tap-workers b/inventory/group_vars/openqa-tap-workers new file mode 100644 index 0000000000..3fd28770b7 --- /dev/null +++ b/inventory/group_vars/openqa-tap-workers @@ -0,0 +1,18 @@ +openqa_tap: true + +# for iptables rules...maybe other stuff in future? both staging +# and prod workers are in this group +host_group: openqa-tap-workers + +# firewall rules to allow openQA openvswitch guests to communicate +custom_rules: [ + '-A FORWARD -i br0 -j ACCEPT', + '-A FORWARD -m state -i eth0 -o br0 --state RELATED,ESTABLISHED -j ACCEPT', + '-A INPUT -i br0 -j ACCEPT' +] + +# we do stuff with ifcfg that base doesn't understand. terrible, terrible +# stuff. seriously - it doesn't handle the openvswitch config well. so +# let's tell it to just configure eth0 for us and leave everything else +# alone. +ansible_ifcfg_whitelist: ['eth0'] diff --git a/inventory/group_vars/openqa-workers b/inventory/group_vars/openqa-workers index 0e3e18d789..f9fc73ecf3 100644 --- a/inventory/group_vars/openqa-workers +++ b/inventory/group_vars/openqa-workers @@ -4,22 +4,5 @@ openqa_hostname: openqa01.qa.fedoraproject.org openqa_key: "{{ prod_openqa_apikey }}" openqa_secret: "{{ prod_openqa_apisecret }}" -# for iptables rules...maybe other stuff in future? both staging -# and prod workers are in this group -host_group: openqa-workers - -# firewall rules to allow openQA openvswitch guests to communicate -custom_rules: [ - '-A FORWARD -i br0 -j ACCEPT', - '-A FORWARD -m state -i eth0 -o br0 --state RELATED,ESTABLISHED -j ACCEPT', - '-A INPUT -i br0 -j ACCEPT' -] - -# we do stuff with ifcfg that base doesn't understand. terrible, terrible -# stuff. seriously - it doesn't handle the openvswitch config well. so -# let's tell it to just configure eth0 for us and leave everything else -# alone. -ansible_ifcfg_whitelist: ['eth0'] - deployment_type: prod freezes: false diff --git a/inventory/inventory b/inventory/inventory index cd4c436800..72c39a4cfb 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -516,6 +516,11 @@ openqa-stg01.qa.fedoraproject.org qa06.qa.fedoraproject.org qa07.qa.fedoraproject.org +# the workers that can run networked jobs. each server should have *one* of these +[openqa-tap-workers] +qa14.qa.fedoraproject.org +qa06.qa.fedoraproject.org + [packages] packages03.phx2.fedoraproject.org packages04.phx2.fedoraproject.org diff --git a/roles/base/templates/iptables/iptables.openqa-workers b/roles/base/templates/iptables/iptables.openqa-tap-workers similarity index 100% rename from roles/base/templates/iptables/iptables.openqa-workers rename to roles/base/templates/iptables/iptables.openqa-tap-workers diff --git a/roles/openqa/worker/tasks/main.yml b/roles/openqa/worker/tasks/main.yml index 3e109be4ca..e654a2b000 100644 --- a/roles/openqa/worker/tasks/main.yml +++ b/roles/openqa/worker/tasks/main.yml @@ -7,6 +7,11 @@ ## string - hostname of openQA server to run jobs for ## default - localhost +# Optional vars +# - openqa_tap +## bool - whether this is the tap-enabled host or not +## each deployment should have *one* tap-capable worker host + - name: Install packages dnf: name={{ item }} state=present with_items: @@ -21,6 +26,9 @@ - include: nfs-client.yml when: openqa_hostname is defined and openqa_hostname != "localhost" +- include: tap-setup.yml + when: openqa_tap is defined and openqa_tap + - name: openQA client config template: src=client.conf.j2 dest=/etc/openqa/client.conf owner=_openqa-worker group=root mode=0600 tags: @@ -31,81 +39,6 @@ tags: - config -- name: Enable ipv4_forward in sysctl - sysctl: name=net.ipv4.ip_forward value=1 state=present sysctl_set=yes reload=yes - -# this is Fedora infra-only stuff to stop network.service choking on -# dumb ifcfg stuff -- name: Check if there's an annoying ifcfg-usb0 lurking - stat: path=/etc/sysconfig/network-scripts/ifcfg-usb0 - register: ifcfgusb0 - failed_when: "1 != 1" - changed_when: "1 != 1" - always_run: true - when: deployment_type is defined - -- name: Check if there's an annoying ifcfg-eth1 lurking - stat: path=/etc/sysconfig/network-scripts/ifcfg-eth1 - register: ifcfgeth1 - failed_when: "1 != 1" - changed_when: "1 != 1" - always_run: true - when: deployment_type is defined - -- name: Make sure usb0 doesn't get in our way - lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-usb0 regexp="^ONBOOT=" line="ONBOOT=no" - when: (ifcfgusb0.stat.exists == True) and (deployment_type is defined) - -- name: Make sure eth1 doesn't get in our way - lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^ONBOOT=" line="ONBOOT=no" - when: (ifcfgeth1.stat.exists == True) and (deployment_type is defined) - -- name: Start openvswitch service - service: name=openvswitch enabled=yes state=started - with_sequence: "count={{ openqa_workers }}" - -- name: Enable network service (needed for openvswitch devices) - service: name=network enabled=yes state=started - -- name: openvswitch bridge device config - copy: src=ifcfg-br0 dest=/etc/sysconfig/network-scripts/ifcfg-br0 owner=root group=root mode=0644 - notify: - - restart network - tags: - - config - -- name: openvswitch gre tunnel config (prod) - template: src=ifcfg-gre.j2 dest=/etc/sysconfig/network-scripts/ifcfg-gre{{ item.0 }} owner=root group=root mode=0644 - with_indexed_items: "{{ groups['openqa-workers']|difference([inventory_hostname]) }}" - when: deployment_type == 'prod' - notify: - - restart network - tags: - - config - -- name: openvswitch gre tunnel config (stg) - template: src=ifcfg-gre.j2 dest=/etc/sysconfig/network-scripts/ifcfg-gre{{ item.0 }} owner=root group=root mode=0644 - with_indexed_items: "{{ groups['openqa-stg-workers']|difference([inventory_hostname]) }}" - when: deployment_type == 'stg' - notify: - - restart network - tags: - - config - -- name: Install ifup-pre-local script to create tap devices - copy: src=ifup-pre-local dest=/sbin/ifup-pre-local owner=root group=root mode=0755 - -- name: openvswitch tap devices config - template: src=ifcfg-tap.j2 dest=/etc/sysconfig/network-scripts/ifcfg-tap{{ item }} owner=root group=root mode=0644 - with_sequence: start=0 end={{ openqa_workers | int }} - notify: - - restart network - tags: - - config - -- name: Enable and start os-autoinst openvswitch service - service: name=os-autoinst-openvswitch enabled=yes state=started - - name: Enable and start worker services service: name=openqa-worker@{{ item }} enabled=yes state=started with_sequence: "count={{ openqa_workers }}" diff --git a/roles/openqa/worker/tasks/tap-setup.yml b/roles/openqa/worker/tasks/tap-setup.yml new file mode 100644 index 0000000000..4239766079 --- /dev/null +++ b/roles/openqa/worker/tasks/tap-setup.yml @@ -0,0 +1,56 @@ +- name: Enable ipv4_forward in sysctl + sysctl: name=net.ipv4.ip_forward value=1 state=present sysctl_set=yes reload=yes + +# this is Fedora infra-only stuff to stop network.service choking on +# dumb ifcfg stuff +- name: Check if there's an annoying ifcfg-usb0 lurking + stat: path=/etc/sysconfig/network-scripts/ifcfg-usb0 + register: ifcfgusb0 + failed_when: "1 != 1" + changed_when: "1 != 1" + always_run: true + when: deployment_type is defined + +- name: Check if there's an annoying ifcfg-eth1 lurking + stat: path=/etc/sysconfig/network-scripts/ifcfg-eth1 + register: ifcfgeth1 + failed_when: "1 != 1" + changed_when: "1 != 1" + always_run: true + when: deployment_type is defined + +- name: Make sure usb0 doesn't get in our way + lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-usb0 regexp="^ONBOOT=" line="ONBOOT=no" + when: (ifcfgusb0.stat.exists == True) and (deployment_type is defined) + +- name: Make sure eth1 doesn't get in our way + lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^ONBOOT=" line="ONBOOT=no" + when: (ifcfgeth1.stat.exists == True) and (deployment_type is defined) + +- name: Start openvswitch service + service: name=openvswitch enabled=yes state=started + with_sequence: "count={{ openqa_workers }}" + +- name: Enable network service (needed for openvswitch devices) + service: name=network enabled=yes state=started + +- name: openvswitch bridge device config + copy: src=ifcfg-br0 dest=/etc/sysconfig/network-scripts/ifcfg-br0 owner=root group=root mode=0644 + notify: + - restart network + tags: + - config + +- name: Install ifup-pre-local script to create tap devices + copy: src=ifup-pre-local dest=/sbin/ifup-pre-local owner=root group=root mode=0755 + +- name: openvswitch tap devices config + template: src=ifcfg-tap.j2 dest=/etc/sysconfig/network-scripts/ifcfg-tap{{ item }} owner=root group=root mode=0644 + with_sequence: start=0 end={{ openqa_workers | int }} + notify: + - restart network + tags: + - config + +- name: Enable and start os-autoinst openvswitch service + service: name=os-autoinst-openvswitch enabled=yes state=started diff --git a/roles/openqa/worker/templates/ifcfg-gre.j2 b/roles/openqa/worker/templates/ifcfg-gre.j2 deleted file mode 100644 index 77120de74a..0000000000 --- a/roles/openqa/worker/templates/ifcfg-gre.j2 +++ /dev/null @@ -1,7 +0,0 @@ -DEVICETYPE='ovs' -TYPE='OVSTunnel' -OVS_BRIDGE='br0' -DEVICE='gre{{ item.0 }}' -OVS_TUNNEL_TYPE='gre' -OVS_TUNNEL_OPTIONS='options:remote_ip={{ hostvars[item.1]['eth0_ip'] }}' -ONBOOT='yes' diff --git a/roles/openqa/worker/templates/workers.ini.j2 b/roles/openqa/worker/templates/workers.ini.j2 index b9665bc8fc..06a3908412 100644 --- a/roles/openqa/worker/templates/workers.ini.j2 +++ b/roles/openqa/worker/templates/workers.ini.j2 @@ -1,2 +1,5 @@ [global] HOST = http://{{ openqa_hostname|default('localhost') }} +{% if openqa_tap is defined and openqa_tap %} +WORKER_CLASS = tap +{% endif %}