ansible/roles/openqa/server/tasks/main.yml

# Required vars
# - openqa_email
##       string - Email address of admin user
# - openqa_nickname
##       string - Short name of admin user (shown in the web UI for e.g.)
# - openqa_fullname
##       string - Full name of admin user
# - openqa_key
# - openqa_secret
##       string - MUST be 16-character hexadecimals, and are secrets
# openqa_userid
##       string - User ID of admin user: for Fedora should be a Fedora openID URL,
##                http://fasname.id.fedoraproject.org

# Required vars with defaults
# - external_hostname
##       string - The public hostname for the server (will be used as ServerName)
##       default - ansible_nodename

# Optional vars
# - openqa_static_uid
##       int - a static ID for the geekotest user and group if desired
##             this is useful for NFS mounting openQA data files
# - openqa_dbname
##       string - The name of the database to use
# - openqa_dbhost
##       string - The hostname of the database server
# - openqa_dbuser
##       string - The database username
# - openqa_dbpassword
##       string - The database password
# - openqa_assetsize
##       int - the asset size limit to set in GB (upstream default is 100GB)
##             higher is recommended for normal Fedora testing, 300GB is good
##             FIXME: this only works for pgsql ATM
# - deployment_type
##      string - Fedora Infrastructure thing; for this role, decides
##               whether to monkeypatch the repo URLs in the templates
##               to work inside Fedora infrastructure. Don't set it
##               unless your deployment is running in Fedora infra.
#
# If openqa_dbhost is set, the others must be too, and the server will be
# configured to use a pgsql database accordingly. If openqa_dbhost is not
# set, the server will use a local SQLite database and the other values
# are ignored.

- name: Create geekotest group with static GID
  group: "name=geekotest gid={{ openqa_static_uid }} system=yes"
  when: "openqa_static_uid is defined"

- name: Create geekotest user with static UID
  user:
    name: geekotest
    comment: "openQA user"
    uid: "{{ openqa_static_uid }}"
    group: geekotest
    home: "/var/lib/openqa"
    createhome: no
    system: yes
    shell: /sbin/nologin
  when: "openqa_static_uid is defined"

- name: Install required packages (testing)
  dnf: name={{ item }} state=present enablerepo="updates-testing"
  with_items:
  - openqa
  - openqa-httpd
  - openqa-plugin-fedmsg
  tags:
  - packages

- name: Install required packages
  dnf: name={{ item }} state=present
  with_items:
  - libselinux-python
  - git
  - json_diff
  - libselinux-utils
  - libsemanage-python
  - nfs-utils
  - perl(Class::DBI::Pg)
  - perl(DateTime::Format::Pg)
  - expect
  - libguestfs-tools-c
  - libguestfs-xfs
  - libvirt-daemon-config-network
  - libvirt-python3
  - python2-fedfind
  - python3-fedfind
  - python3-libguestfs
  - virt-install
  - withlock
  tags:
  - packages

- name: Check test directory exists with correct ownership
  file: path=/var/lib/openqa/share/tests/fedora state=directory owner=geekotest group=geekotest recurse=yes

# we don't want to run the checkout if the tests are on a non-standard
# branch, as that usually means we're messing around on staging and
# don't want the checkout reset to HEAD.
- name: Check if tests are checked out and on a non-standard branch
  command: "git status"
  args:
    chdir: /var/lib/openqa/share/tests/fedora
  register: testsbranch
  failed_when: "1 != 1"
  changed_when: "1 != 1"
  always_run: true

- name: Check out the tests
  git:
    repo: https://bitbucket.org/rajcze/openqa_fedora
    dest: /var/lib/openqa/share/tests/fedora
  register: gittests
  become: true
  become_user: geekotest
  when: "(testsbranch.stdout.find('Not a git repository') != -1) or (testsbranch.stdout.find('On branch develop') != -1)"

- name: Check out openqa_fedora_tools
  git:
    repo: https://bitbucket.org/rajcze/openqa_fedora_tools
    dest: /root/openqa_fedora_tools
  register: git_result

- name: Create asset directories
  file: path={{ item }} state=directory owner=geekotest group=root mode=0755
  with_items:
  - /var/lib/openqa/share/factory/iso
  - /var/lib/openqa/share/factory/hdd
  - /var/lib/openqa/share/factory/repo
  - /var/lib/openqa/share/factory/other

- name: Set up createhdds cron job
  copy: src=createhdds dest=/etc/cron.daily/createhdds owner=root group=root mode=0755

- name: Check if any hard disk images need (re)building
  command: "/root/openqa_fedora_tools/tools/createhdds.py check"
  args:
    chdir: /var/lib/openqa/share/factory/hdd/
  register: diskcheck
  failed_when: "1 != 1"
  changed_when: "1 != 1"
  always_run: true

- name: Ensure libvirt is running if needed to create images
  service: name=libvirtd enabled=yes state=started
  when: "diskcheck.rc > 1"

# > 1 is not a typo; check exits with 1 if all images are present but some
# are outdated, and 2 if any images are missing. We only want to handle
# outright *missing* images here in the playbook (to handle the case of
# first deployment). Outdated images are handled by the daily cron run.
- name: Create hard disk images (this may take a long time!)
  command: "/etc/cron.daily/createhdds"
  when: "diskcheck.rc > 1"

- name: Create exports file
  copy: src=exports dest=/etc/exports.d/openqa.exports owner=root group=root mode=0644
  tags:
  - config

- name: Enable and start NFS server
  service: name=nfs-server enabled=yes state=started

- name: Set up Apache config
  template: src=openqa.conf.httpd.j2 dest=/etc/httpd/conf.d/openqa.conf owner=root group=root mode=0644
  notify:
  - reload httpd
  tags:
  - config

- name: OpenQA config
  template: src=openqa.ini.j2 dest=/etc/openqa/openqa.ini owner=geekotest group=root mode=0644
  tags:
  - config

- name: Create database
  delegate_to: "{{ openqa_dbhost }}"
  become_user: postgres
  become: true
  postgresql_db: db={{ openqa_dbname }}
  when: "openqa_dbhost is defined"

- name: Ensure db user has access to database
  delegate_to: "{{ openqa_dbhost }}"
  become_user: postgres
  become: true
  postgresql_user: db={{ openqa_dbname }} user={{ openqa_dbuser }} password={{ openqa_dbpassword }} role_attr_flags=NOSUPERUSER
  when: "openqa_dbhost is defined"

- name: Database config
  template: src=database.ini.pgsql.j2 dest=/etc/openqa/database.ini owner=geekotest group=root mode=0640
  when: "openqa_dbhost is defined"
  tags:
  - config

- name: Initialize database
  command: "/usr/share/openqa/script/initdb --user geekotest --init_database"
  register: initdb
  changed_when: "initdb.rc == 0"
  failed_when: "(initdb.rc > 0) and (initdb.stderr is not defined or initdb.stderr.find('already exists') == -1)"

- name: Enable and start services
  service: name={{ item }} enabled=yes state=started
  register: services
  with_items:
  - openqa-scheduler
  - openqa-webui
  - openqa-websockets
  - openqa-gru

# This is using a big hammer until #1277312 is resolved
- name: Allow Apache to connect to openQA
  seboolean: name=httpd_can_network_connect state=yes persistent=yes

- name: Allow Apache to read from NFS (as we store test data files there now)
  seboolean: name=httpd_use_nfs state=yes persistent=yes

# services is undefined in check mode
- name: Wait for openQA to be fully started
  pause: seconds=5
  when: "services is defined and services|changed"

# the 'dispatcher' role requires this to be root.fedmsg 0640. so we
# don't enforce ownership here and set mode to 0640 so we don't wind
# up ping-ponging it between server and dispatcher roles.
- name: openQA client config
  template: src=client.conf.j2 dest=/etc/openqa/client.conf mode=0640
  tags:
  - config

- name: Create admin user
  command: "/var/lib/openqa/script/create_admin --email {{ openqa_email }} --nickname {{ openqa_nickname }} --fullname '{{ openqa_fullname }}' --key {{ openqa_key }} --secret {{ openqa_secret }} {{ openqa_userid }}"
  register: admin
  changed_when: "admin.rc == 0"
  failed_when: "(admin.rc > 0) and (admin.stderr is not defined or admin.stderr.find('already exists') == -1)"

- name: Dump existing config for checking changes
  shell: "/usr/share/openqa/script/dump_templates --json > /tmp/tmpl-old.json"
  when: "(gittests is defined) and (gittests|changed)"
  changed_when: "1 != 1"

# Because of the boring details of how template loading works, getting
# a correct 'changed' for this step is too difficult. Instead we have
# the prior and following steps; when the templates actually changed,
# the *following* step will register as changed.
- name: Load tests
  shell: "/var/lib/openqa/share/tests/fedora/templates --clean"
  when: "(gittests is defined) and (gittests|changed)"
  changed_when: "1 != 1"

- name: Check if the tests changed in previous step
  shell: "/usr/share/openqa/script/dump_templates --json > /tmp/tmpl-new.json && json_diff /tmp/tmpl-old.json /tmp/tmpl-new.json"
  when: "(gittests is defined) and (gittests|changed)"
  register: testsdiff
  changed_when: "testsdiff.rc > 0"
  failed_when: "1 != 1"

- name: Set asset size limit (if specified) (pgsql)
  delegate_to: "{{ openqa_dbhost }}"
  become_user: postgres
  become: true
  command: "psql -d {{ openqa_dbname }} -c \"UPDATE job_groups SET size_limit_gb = {{ openqa_assetsize }} WHERE size_limit_gb != {{ openqa_assetsize }};\""
  when: "openqa_dbhost is defined and openqa_assetsize is defined"
  register: pgsqlsize
  changed_when: "pgsqlsize.stdout.find('UPDATE 0') == -1"