infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions

openqa/worker: give up on GRE, single tap host instead

Browse source 
OK, this GRE crap ain't working. Let's give up! Instead let's
have one tap-capable host per openQA deployment, so all the
tap jobs will go to it. This...should achieve that. Let's see
what blows up.
This commit is contained in:
Adam Williamson 2016-05-05 14:10:46 -07:00
parent 5503e325e1
commit b0b7dc9b47
8 changed files with 90 additions and 99 deletions
Download patch file Download diff file Expand all files Collapse all files

18
inventory/group_vars/openqa-tap-workers Normal file
View file

@ -0,0 +1,18 @@
openqa_tap: true
# for iptables rules...maybe other stuff in future? both staging
# and prod workers are in this group
host_group: openqa-tap-workers
# firewall rules to allow openQA openvswitch guests to communicate
custom_rules: [
'-A FORWARD -i br0 -j ACCEPT',
'-A FORWARD -m state -i eth0 -o br0 --state RELATED,ESTABLISHED -j ACCEPT',
'-A INPUT -i br0 -j ACCEPT'
]
# we do stuff with ifcfg that base doesn't understand. terrible, terrible
# stuff. seriously - it doesn't handle the openvswitch config well. so
# let's tell it to just configure eth0 for us and leave everything else
# alone.
ansible_ifcfg_whitelist: ['eth0']

17
inventory/group_vars/openqa-workers
View file

@ -4,22 +4,5 @@ openqa_hostname: openqa01.qa.fedoraproject.org
openqa_key: "{{ prod_openqa_apikey }}" openqa_key: "{{ prod_openqa_apikey }}"
openqa_secret: "{{ prod_openqa_apisecret }}" openqa_secret: "{{ prod_openqa_apisecret }}"
# for iptables rules...maybe other stuff in future? both staging
# and prod workers are in this group
host_group: openqa-workers
# firewall rules to allow openQA openvswitch guests to communicate
custom_rules: [
'-A FORWARD -i br0 -j ACCEPT',
'-A FORWARD -m state -i eth0 -o br0 --state RELATED,ESTABLISHED -j ACCEPT',
'-A INPUT -i br0 -j ACCEPT'
]
# we do stuff with ifcfg that base doesn't understand. terrible, terrible
# stuff. seriously - it doesn't handle the openvswitch config well. so
# let's tell it to just configure eth0 for us and leave everything else
# alone.
ansible_ifcfg_whitelist: ['eth0']
deployment_type: prod deployment_type: prod
freezes: false freezes: false

5
inventory/inventory
View file

@ -516,6 +516,11 @@ openqa-stg01.qa.fedoraproject.org
qa06.qa.fedoraproject.org qa06.qa.fedoraproject.org
qa07.qa.fedoraproject.org qa07.qa.fedoraproject.org
# the workers that can run networked jobs. each server should have *one* of these
[openqa-tap-workers]
qa14.qa.fedoraproject.org
qa06.qa.fedoraproject.org
[packages] [packages]
packages03.phx2.fedoraproject.org packages03.phx2.fedoraproject.org
packages04.phx2.fedoraproject.org packages04.phx2.fedoraproject.org

0
roles/base/templates/iptables/iptables.openqa-workers → roles/base/templates/iptables/iptables.openqa-tap-workers
View file

83
roles/openqa/worker/tasks/main.yml
View file

@ -7,6 +7,11 @@
## string - hostname of openQA server to run jobs for ## string - hostname of openQA server to run jobs for
## default - localhost ## default - localhost
# Optional vars
# - openqa_tap
## bool - whether this is the tap-enabled host or not
## each deployment should have *one* tap-capable worker host
- name: Install packages - name: Install packages
dnf: name={{ item }} state=present dnf: name={{ item }} state=present
with_items: with_items:
@ -21,6 +26,9 @@
- include: nfs-client.yml - include: nfs-client.yml
when: openqa_hostname is defined and openqa_hostname != "localhost" when: openqa_hostname is defined and openqa_hostname != "localhost"
- include: tap-setup.yml
when: openqa_tap is defined and openqa_tap
- name: openQA client config - name: openQA client config
template: src=client.conf.j2 dest=/etc/openqa/client.conf owner=_openqa-worker group=root mode=0600 template: src=client.conf.j2 dest=/etc/openqa/client.conf owner=_openqa-worker group=root mode=0600
tags: tags:
@ -31,81 +39,6 @@
tags: tags:
- config - config
- name: Enable ipv4_forward in sysctl
sysctl: name=net.ipv4.ip_forward value=1 state=present sysctl_set=yes reload=yes
# this is Fedora infra-only stuff to stop network.service choking on
# dumb ifcfg stuff
- name: Check if there's an annoying ifcfg-usb0 lurking
stat: path=/etc/sysconfig/network-scripts/ifcfg-usb0
register: ifcfgusb0
failed_when: "1 != 1"
changed_when: "1 != 1"
always_run: true
when: deployment_type is defined
- name: Check if there's an annoying ifcfg-eth1 lurking
stat: path=/etc/sysconfig/network-scripts/ifcfg-eth1
register: ifcfgeth1
failed_when: "1 != 1"
changed_when: "1 != 1"
always_run: true
when: deployment_type is defined
- name: Make sure usb0 doesn't get in our way
lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-usb0 regexp="^ONBOOT=" line="ONBOOT=no"
when: (ifcfgusb0.stat.exists == True) and (deployment_type is defined)
- name: Make sure eth1 doesn't get in our way
lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^ONBOOT=" line="ONBOOT=no"
when: (ifcfgeth1.stat.exists == True) and (deployment_type is defined)
- name: Start openvswitch service
service: name=openvswitch enabled=yes state=started
with_sequence: "count={{ openqa_workers }}"
- name: Enable network service (needed for openvswitch devices)
service: name=network enabled=yes state=started
- name: openvswitch bridge device config
copy: src=ifcfg-br0 dest=/etc/sysconfig/network-scripts/ifcfg-br0 owner=root group=root mode=0644
notify:
- restart network
tags:
- config
- name: openvswitch gre tunnel config (prod)
template: src=ifcfg-gre.j2 dest=/etc/sysconfig/network-scripts/ifcfg-gre{{ item.0 }} owner=root group=root mode=0644
with_indexed_items: "{{ groups['openqa-workers']|difference([inventory_hostname]) }}"
when: deployment_type == 'prod'
notify:
- restart network
tags:
- config
- name: openvswitch gre tunnel config (stg)
template: src=ifcfg-gre.j2 dest=/etc/sysconfig/network-scripts/ifcfg-gre{{ item.0 }} owner=root group=root mode=0644
with_indexed_items: "{{ groups['openqa-stg-workers']|difference([inventory_hostname]) }}"
when: deployment_type == 'stg'
notify:
- restart network
tags:
- config
- name: Install ifup-pre-local script to create tap devices
copy: src=ifup-pre-local dest=/sbin/ifup-pre-local owner=root group=root mode=0755
- name: openvswitch tap devices config
template: src=ifcfg-tap.j2 dest=/etc/sysconfig/network-scripts/ifcfg-tap{{ item }} owner=root group=root mode=0644
with_sequence: start=0 end={{ openqa_workers | int }}
notify:
- restart network
tags:
- config
- name: Enable and start os-autoinst openvswitch service
service: name=os-autoinst-openvswitch enabled=yes state=started
- name: Enable and start worker services - name: Enable and start worker services
service: name=openqa-worker@{{ item }} enabled=yes state=started service: name=openqa-worker@{{ item }} enabled=yes state=started
with_sequence: "count={{ openqa_workers }}" with_sequence: "count={{ openqa_workers }}"

56
roles/openqa/worker/tasks/tap-setup.yml Normal file
View file

@ -0,0 +1,56 @@
- name: Enable ipv4_forward in sysctl
sysctl: name=net.ipv4.ip_forward value=1 state=present sysctl_set=yes reload=yes
# this is Fedora infra-only stuff to stop network.service choking on
# dumb ifcfg stuff
- name: Check if there's an annoying ifcfg-usb0 lurking
stat: path=/etc/sysconfig/network-scripts/ifcfg-usb0
register: ifcfgusb0
failed_when: "1 != 1"
changed_when: "1 != 1"
always_run: true
when: deployment_type is defined
- name: Check if there's an annoying ifcfg-eth1 lurking
stat: path=/etc/sysconfig/network-scripts/ifcfg-eth1
register: ifcfgeth1
failed_when: "1 != 1"
changed_when: "1 != 1"
always_run: true
when: deployment_type is defined
- name: Make sure usb0 doesn't get in our way
lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-usb0 regexp="^ONBOOT=" line="ONBOOT=no"
when: (ifcfgusb0.stat.exists == True) and (deployment_type is defined)
- name: Make sure eth1 doesn't get in our way
lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^ONBOOT=" line="ONBOOT=no"
when: (ifcfgeth1.stat.exists == True) and (deployment_type is defined)
- name: Start openvswitch service
service: name=openvswitch enabled=yes state=started
with_sequence: "count={{ openqa_workers }}"
- name: Enable network service (needed for openvswitch devices)
service: name=network enabled=yes state=started
- name: openvswitch bridge device config
copy: src=ifcfg-br0 dest=/etc/sysconfig/network-scripts/ifcfg-br0 owner=root group=root mode=0644
notify:
- restart network
tags:
- config
- name: Install ifup-pre-local script to create tap devices
copy: src=ifup-pre-local dest=/sbin/ifup-pre-local owner=root group=root mode=0755
- name: openvswitch tap devices config
template: src=ifcfg-tap.j2 dest=/etc/sysconfig/network-scripts/ifcfg-tap{{ item }} owner=root group=root mode=0644
with_sequence: start=0 end={{ openqa_workers | int }}
notify:
- restart network
tags:
- config
- name: Enable and start os-autoinst openvswitch service
service: name=os-autoinst-openvswitch enabled=yes state=started

7
roles/openqa/worker/templates/ifcfg-gre.j2
View file

@ -1,7 +0,0 @@
DEVICETYPE='ovs'
TYPE='OVSTunnel'
OVS_BRIDGE='br0'
DEVICE='gre{{ item.0 }}'
OVS_TUNNEL_TYPE='gre'
OVS_TUNNEL_OPTIONS='options:remote_ip={{ hostvars[item.1]['eth0_ip'] }}'
ONBOOT='yes'

3
roles/openqa/worker/templates/workers.ini.j2
View file

@ -1,2 +1,5 @@
[global] [global]
HOST = http://{{ openqa_hostname|default('localhost') }} HOST = http://{{ openqa_hostname|default('localhost') }}
{% if openqa_tap is defined and openqa_tap %}
WORKER_CLASS = tap
{% endif %}