New osmocom-obs-worker role for our OBS workers

Related: OS#5556
Change-Id: I7a6d82e89e3a840739f71b90cdebe89bf8383c4a
This commit is contained in:
Harald Welte 2022-05-10 17:57:35 +02:00
parent 526f1e12d3
commit c614362382
9 changed files with 585 additions and 0 deletions

View File

@ -20,3 +20,7 @@ rpi4-raspbian11build-ansible-3 ansible_host=10.9.25.70
[simtester]
simtest ansible_host=10.9.25.80
[obs-workers]
build3-obsworker1 ansible_host=2a01:4f8:212:3762::1:2 obs_worker_instances=8 obs_worker_jobs=8
epyc1-obsworker1 ansible_host=2a02:8106:13:1e34:581e:abff:fe43:da45 obs_worker_instances=2 obs_worker_jobs=4 obs_vm_type=emulator:armv7l

View File

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDSzCCAjOgAwIBAgIUcLDeyxhcMpcccZ1i7AIKqvwTJ2gwDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwNTEwMDkzMjQwWhcNNDIw
NTA1MDkzMjQwWjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALUsvHoy4oqpOHuzyoIG3qyoTGQW8Zpse7RaYAWJ
CLgcAGelXWrOhPy40xAWHpLzAnAIxYR4ZSlD2Ebaj08esz4VQs2CKQ0mJEVZA7oq
84YO3WK02HzoYFLee4ySvI967FCn6BwVZQVdz/A8wOIlAbe7Hmucx6dNLTLTR+Pw
YwHMSdnj+OlC2oX2UO+ZIR7jFbSYp7jGF9V8zk74NoAFAuv5rs1UeP01ZF9xgXll
KHUajaUKMKs+6KTo4d2l9ha45LHcoAuDUURzf4GMvO7zVVGw4mFwy/YsPoLV5+vX
YT4GqkBgk9iZXirgTk6xCkiP0NUw5UNhtarUDKvR/U8wLw8CAwEAAaOBkDCBjTAd
BgNVHQ4EFgQUHdDZVpUSwtRrSKp+PuMRK12TlQYwUQYDVR0jBEowSIAUHdDZVpUS
wtRrSKp+PuMRK12TlQahGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRwsN7L
GFwylxxxnWLsAgqq/BMnaDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
hkiG9w0BAQsFAAOCAQEAPGqIfE172P1NaQGRIHdsRJRot9NnJzZih3q9m+T/YIE8
8T3uoxhEsMPLzP19w8wAbRy+CjpLwTuYO44kOIVLYhFdx3BTVRhw+YU2RH4PSttE
JDVyYTFPGzjxwprpfui1aGom8u0oPL5MeutMWrPH6qVlIv7JGR3EbDG0iYwE5MZJ
6kW8VW6o5fL02uT+75vNkHTipLUO6S4l6h9NrrgR0ijZ5dhyKC0FZnLnowtMCXXl
2rfHSnGKjMGcq8Jlrwo6eMVPbZM6rrU/tvrjJkqESZY0jMktd0fV903XJ6+X4U9U
stu/HUtKUQC8d3wua1PuI1uPvpr8AQDcf5LuA/STHg==
-----END CERTIFICATE-----

View File

@ -0,0 +1,15 @@
client
remote 2a01:4f8:201:344a::1:4 1194
ca "/etc/openvpn/obs-ca.crt"
cert "/etc/openvpn/obs.crt"
key "/etc/openvpn/obs.key"
comp-lzo yes
cipher AES-256-CBC
dev tun
proto udp6
nobind
auth-nocache
script-security 2
persist-key
persist-tun
remote-cert-tls server

View File

@ -0,0 +1,8 @@
---
- name: install OBS
include_tasks: obs.yml
- name: install openvpn
include_tasks: openvpn.yml

View File

@ -0,0 +1,52 @@
- name: add OBS rpm repository
zypper_repository:
repo: https://download.opensuse.org/repositories/OBS:/Server:/2.10/15.3/OBS:Server:2.10.repo
autorefresh: yes
auto_import_keys: yes
- name: install obs-worker
zypper:
name:
- obs-worker
- name: Make sure an entry in /etc/hosts exists
lineinfile:
path: /etc/hosts
regexp: "^172.16.31.1"
line: "172.16.31.1 obs-backend.osmocom.org obs obs.osmocom.org"
state: present
- name: Create /srv/obs/cache
file:
path: /srv/obs/cache
owner: obsrun
group: obsrun
recurse: yes
- name: generate obs-server config file
template:
src: obs-server
dest: /etc/sysconfig/obs-server
- name: install lxc
when: obs_vm_type == "lxc"
zypper:
name:
- lxc
- name: install qemu
when: obs_vm_type != "lxc"
zypper:
name:
- qemu-arm
- name: install qemu-arm
when: obs_vm_type == "emulator:armv7l" or obs_vm_type == "emulator:aarch64"
zypper:
name:
- qemu-arm
- name: ensure the systemd service is installed
systemd:
name: obsworker.service
enabled: yes

View File

@ -0,0 +1,21 @@
- name: Install openvpn
zypper:
name:
- openvpn
- name: copy openvpn config
copy:
src: obs.conf
dest: /etc/openvpn/
mode: 0600
- name: copy openvpn CA certificate
copy:
src: obs-ca.crt
dest: /etc/openvpn/
mode: 0600
- name: ensure the systemd service is installed
systemd:
name: openvpn@obs.service
enabled: yes

View File

@ -0,0 +1,442 @@
#
# NOTE: all these options can be also declared in /etc/buildhost.config on each worker differently.
#
## Path: Applications/OBS
## Description: The OBS backend code directory
## Type: string
## Default: ""
## Config: OBS
#
# An empty dir will lead to the fall back directory, typically /usr/lib/obs/server/
#
OBS_BACKENDCODE_DIR=""
## Path: Applications/OBS
## Description: The base for OBS communication directory
## Type: string
## Default: ""
## Config: OBS
#
# An empty dir will lead to the fall back directory, typically /srv/obs/run
#
OBS_RUN_DIR=""
## Path: Applications/OBS
## Description: The base for OBS logging directory
## Type: string
## Default: ""
## Config: OBS
#
# An empty dir will lead to the fall back directory, typically /srv/obs/log
#
OBS_LOG_DIR=""
## Path: Applications/OBS
## Description: The base directory for OBS
## Type: string
## Default: ""
## Config: OBS
#
# An empty dir will lead to the fall back directory, typically /srv/obs
#
OBS_BASE_DIR=""
## Path: Applications/OBS
## Description: Automatically setup api and webui for OBS server, be warned, this will replace config files !
## Type: ("yes" | "no")
## Default: "no"
## Config: OBS
#
# This is usally only enabled on the OBS Appliance
#
OBS_API_AUTOSETUP="no"
#
# NOTE: all these options can be also declared in /etc/buildhost.config on each worker differently.
#
## Path: Applications/OBS
## Description: define source server host to be used
## Type: string
## Default: ""
## Config: OBS
#
# An empty setting will point to localhost:5352 by default
#
OBS_SRC_SERVER="obs-backend.osmocom.org:5352"
## Path: Applications/OBS
## Description: define repository server host to be used
## Type: string
## Default: ""
## Config: OBS
#
# An empty setting will point to localhost:5252 by default
#
OBS_REPO_SERVERS="obs-backend.osmocom.org:5252"
## Path: Applications/OBS
## Description: define number of build instances
## Type: integer
## Default: 0
## Config: OBS
#
# 0 instances will automatically use the number of CPU's
#
OBS_WORKER_INSTANCES="{{obs_worker_instances}}"
## Path: Applications/OBS
## Description: define names of build instances for z/VM
## Type: string
## Default: ""
## Config: OBS
#
# The names of the workers as defined in z/VM. These must have two minidisks
# assigned, and have a secondary console configured to the local machine:
# 0150 is the root device
# 0250 is the swap device
#
#OBS_WORKER_INSTANCE_NAMES="LINUX075 LINUX076 LINUX077"
OBS_WORKER_INSTANCE_NAMES=""
## Path: Applications/OBS
## Description: The base directory, where sub directories for each worker will get created
## Type: string
## Default: ""
## Config: OBS
#
#
OBS_WORKER_DIRECTORY=""
## Path: Applications/OBS
## Description: The base for port numbers used by worker instances
## Type: integer
## Default: "0"
## Config: OBS
#
# 0 means let the operating system assign a port number
#
OBS_WORKER_PORTBASE="0"
## Path: Applications/OBS
## Description: Number of parallel compile jobs per worker
## Type: integer
## Default: "1"
## Config: OBS
#
# this maps usually to "make -j1" during build
#
OBS_WORKER_JOBS="{{obs_worker_jobs}}"
## Path: Applications/OBS
## Description: Run in test mode (build results will be ignore, no job blocking)
## Type: ("yes" | "")
## Default: ""
## Config: OBS
#
OBS_WORKER_TEST_MODE=""
## Path: Applications/OBS
## Description: define one or more labels for the build host.
## Type: string
## Default: ""
## Config: OBS
#
# A label can be used to build specific packages only on dedicated hosts.
# For example for benchmarking.
#
OBS_WORKER_HOSTLABELS=""
## Path: Applications/OBS
## Description: can be used to define a security level of the worker
## Type: string
## Default: ""
## Config: OBS
#
# This will extend the hostlabels and can be used to limit the workers
# to the hosts which have all security fixes deployed.
#
OBS_WORKER_SECURITY_LEVEL=""
## Path: Applications/OBS
## Description: Register in SLP server
## Type: ("yes" | "no")
## Default: "yes"
## Config: OBS
#
#
OBS_USE_SLP="yes"
## Path: Applications/OBS
## Description: Use a common cache directory for downloaded packages
## Type: string
## Default: ""
## Config: OBS
#
# Enable caching requires a given directory here. Be warned, content will be
# removed there !
#
OBS_CACHE_DIR="/srv/obs/cache"
## Path: Applications/OBS
## Description: Defines the package cache size
## Type: size in MB
## Default: ""
## Config: OBS
#
# Set the size to 50% of the maximum usable size of this partition
#
OBS_CACHE_SIZE="100000"
## Path: Applications/OBS
## Description: Defines the nice level of running workers
## Type: integer
## Default: 18
## Config: OBS
#
# Nicenesses range from -20 (most favorable scheduling) to 19 (least
# favorable).
# Default to 18 as some testsuites depend on being able to switch to
# one priority below (19) _and_ having changed the numeric level
# (so going from 19->19 makes them fail).
#
OBS_WORKER_NICE_LEVEL=18
## Path: Applications/OBS
## Description: Set used VM type by worker
## Type: ("auto" | "xen" | "kvm" | "lxc" | "zvm" | "emulator:$arch" | "emulator:$arch:$script" | "none" | "openstack")
## Default: "auto"
## Config: OBS
#
#
OBS_VM_TYPE="{{obs_vm_type}}"
## Path: Applications/OBS
## Description: Set kernel used by worker (kvm)
## Type: ("none" | "/boot/vmlinuz" | "/foo/bar/vmlinuz)
## Default: "none"
## Config: OBS
#
# For z/VM this is normally /boot/image
#
OBS_VM_KERNEL="none"
## Path: Applications/OBS
## Description: Set initrd used by worker (kvm)
## Type: ("none" | "/boot/initrd" | "/foo/bar/initrd-foo)
## Default: "none"
## Config: OBS
#
# for KVM, you have to create with (example for openSUSE 11.2):
#
# export rootfstype="ext4"
# mkinitrd -d /dev/null -m "ext4 binfmt_misc virtio_pci virtio_blk" -k vmlinuz-2.6.31.12-0.2-default -i initrd-2.6.31.12-0.2-default-obs_worker
#
# a working initrd file which includes virtio and binfmt_misc for OBS in order to work fine
#
# for z/VM, the build script will create a initrd at the given location if
# it does not yet exist.
#
OBS_VM_INITRD="none"
## Path: Applications/OBS
## Description: Autosetup for XEN/KVM/TMPFS disk (root) - Filesize in MB
## Type: integer
## Default: "4096"
## Config: OBS
#
#
OBS_VM_DISK_AUTOSETUP_ROOT_FILESIZE="4096"
## Path: Applications/OBS
## Description: Autosetup for XEN/KVM disk (swap) - Filesize in MB
## Type: integer
## Default: "1024"
## Config: OBS
#
#
OBS_VM_DISK_AUTOSETUP_SWAP_FILESIZE="1024"
## Path: Applications/OBS
## Description: Default filesystem to use for autosetup.
## Type: ("ext2" | "ext3" | "ext4" | "reiserfs" | "btrfs" | "xfs")
## Default: "ext3"
## Config: OBS
#
#
# Buildflag vmfstype may overwrite this for a specific job.
OBS_VM_DISK_AUTOSETUP_FILESYSTEM="ext3"
## Path: Applications/OBS
## Description: Filesystem mount options to use for autosetup
## Type: string
## Default: ""
## Config: OBS
#
#
OBS_VM_DISK_AUTOSETUP_MOUNT_OPTIONS=""
## Path: Applications/OBS
## Description: Enable build in memory
## Type: ("yes" | "")
## Default: ""
## Config: OBS
#
# WARNING: this requires much memory!
#
OBS_VM_USE_TMPFS="yes"
## Path: Applications/OBS
## Description: Specify custom options for VM handler
## Type: string
## Default: ""
## Config: OBS
#
# Can be used to workaround problems with VM handler and should not be needed usually
#
OBS_VM_CUSTOM_OPTION=""
## Path: Applications/OBS
## Description: Memory allocated for each VM (512) if not set
## Type: integer
## Default: ""
## Config: OBS
#
#
OBS_INSTANCE_MEMORY=""
## Path: Applications/OBS
## Description: Enable storage auto configuration
## Type: ("yes" | "")
## Default: ""
## Config: OBS
#
# WARNING: this may destroy data on your hard disk !
# This is usually only used on mass deployed worker instances
#
OBS_STORAGE_AUTOSETUP=""
## Path: Applications/OBS
## Description: Setup LVM via obsstoragesetup
## Type: ("take_all" | "use_obs_vg" | "none")
## Default: "use_obs_vg"
## Config: OBS
#
# take_all: WARNING: all LVM partitions will be used and all data erased !
# use_obs_vg: A lvm volume group named "OBS" will be re-setup for the workers.
#
OBS_SETUP_WORKER_PARTITIONS="use_obs_vg"
## Path: Applications/OBS
## Description: Size in MB when creating LVM partition for cache partition
## Type: integer
## Default: ""
## Config: OBS
#
#
OBS_WORKER_CACHE_SIZE=""
## Path: Applications/OBS
## Description: Size in MB when creating LVM partition for each worker root partition
## Type: integer
## Default: ""
## Config: OBS
#
#
OBS_WORKER_ROOT_SIZE=""
## Path: Applications/OBS
## Description: Size in MB when creating LVM partition for each worker swap partition
## Type: integer
## Default: ""
## Config: OBS
#
#
OBS_WORKER_SWAP_SIZE=""
## Path: Applications/OBS
## Description: URL to a proxy service for caching binaries used by worker
## Type: string
## Default: ""
## Config: OBS
#
#
OBS_WORKER_BINARIES_PROXY=""
## Path: Applications/OBS
## Description: URL to a ssh pub key to allow root user login
## Type: string
## Default: ""
## Config: OBS
#
# This is usually used on mass (PXE) deployed workers)
#
OBS_ROOT_SSHD_KEY_URL=""
## Path: Applications/OBS
## Description: URL to a script to be downloaded and executed
## Type: string
## Default: ""
## Config: OBS
#
# This is a hook for doing special things in your setup at boot time
#
OBS_WORKER_SCRIPT_URL=""
## Path: Applications/OBS
## Description: If chroot/lxc is used for build, empty it after build is finished
## Type: ("yes" | "")
## Default: ""
## Config: OBS
#
#
OBS_WORKER_CLEANUP_CHROOT=""
##Path: Application/OBS
## Description: wipes the build environment of the worker after the build
## Type: ("yes" | "")
## Default: ""
## Config: OBS
#
#
OBS_WORKER_WIPE_AFTER_BUILD=""
##Path: Application/OBS
## Description: name or id of openstack instance that controls the worker (building) instances
## Type: ("yes" | "")
## Default: ""
## Config: OBS
#
#
OBS_WORKER_CONTROL_INSTANCE=""
##Path: Application/OBS
## Description: name or id flavor to create openstack worker (building) instance
## Type: ("yes" | "")
## Default: ""
## Config: OBS
#
#
OBS_WORKER_OS_FLAVOR=""
##Path: Application/OBS
## Description: openstack environment variables. Only used when OBS_VM_TYPE=openstack
## Type: ("yes" | "")
## Default: ""
## Config: OBS
#
#
OS_AUTH_URL=""
OS_PROJECT_ID=""
OS_PROJECT_NAME=""
OS_USER_DOMAIN_NAME=""
OS_USERNAME=""
OS_PASSWORD=""
OS_REGION_NAME=""
OBS_WORKER_PREFIX=""
OBS_OPENSTACK_DISK_SIZE=""
OBS_OPENSTACK_SWAP_SIZE=""
OBS_OPENSTACK_MEMORY_SIZE=""

View File

@ -0,0 +1,21 @@
---
- name: setup OBS worker
hosts: obs-workers
user: root
vars_files:
- "vars/{{ ansible_facts['os_family'] }}-{{ ansible_facts['distribution_major_version']}}.yml"
tasks:
- name: install common utilities
zypper:
name:
- vim
- tmux
- screen
- tcpdump
- strace
- ltrace
roles:
- name: osmocom-obs-worker
tags:
- obs-worker

2
ansible/vars/Suse-15.yml Normal file
View File

@ -0,0 +1,2 @@
---
obs_distro: fixme