From c61436238247c785415fc26fb06d14dd3c6d5aa2 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Tue, 10 May 2022 17:57:35 +0200 Subject: [PATCH] New osmocom-obs-worker role for our OBS workers Related: OS#5556 Change-Id: I7a6d82e89e3a840739f71b90cdebe89bf8383c4a --- ansible/hosts | 4 + .../roles/osmocom-obs-worker/files/obs-ca.crt | 20 + .../roles/osmocom-obs-worker/files/obs.conf | 15 + .../roles/osmocom-obs-worker/tasks/main.yml | 8 + .../roles/osmocom-obs-worker/tasks/obs.yml | 52 +++ .../osmocom-obs-worker/tasks/openvpn.yml | 21 + .../osmocom-obs-worker/templates/obs-server | 442 ++++++++++++++++++ ansible/setup-obs-worker.yml | 21 + ansible/vars/Suse-15.yml | 2 + 9 files changed, 585 insertions(+) create mode 100644 ansible/roles/osmocom-obs-worker/files/obs-ca.crt create mode 100644 ansible/roles/osmocom-obs-worker/files/obs.conf create mode 100644 ansible/roles/osmocom-obs-worker/tasks/main.yml create mode 100644 ansible/roles/osmocom-obs-worker/tasks/obs.yml create mode 100644 ansible/roles/osmocom-obs-worker/tasks/openvpn.yml create mode 100644 ansible/roles/osmocom-obs-worker/templates/obs-server create mode 100644 ansible/setup-obs-worker.yml create mode 100644 ansible/vars/Suse-15.yml diff --git a/ansible/hosts b/ansible/hosts index ef0d0552..f9ed7a20 100644 --- a/ansible/hosts +++ b/ansible/hosts @@ -20,3 +20,7 @@ rpi4-raspbian11build-ansible-3 ansible_host=10.9.25.70 [simtester] simtest ansible_host=10.9.25.80 + +[obs-workers] +build3-obsworker1 ansible_host=2a01:4f8:212:3762::1:2 obs_worker_instances=8 obs_worker_jobs=8 +epyc1-obsworker1 ansible_host=2a02:8106:13:1e34:581e:abff:fe43:da45 obs_worker_instances=2 obs_worker_jobs=4 obs_vm_type=emulator:armv7l diff --git a/ansible/roles/osmocom-obs-worker/files/obs-ca.crt b/ansible/roles/osmocom-obs-worker/files/obs-ca.crt new file mode 100644 index 00000000..271d1687 --- /dev/null +++ b/ansible/roles/osmocom-obs-worker/files/obs-ca.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSzCCAjOgAwIBAgIUcLDeyxhcMpcccZ1i7AIKqvwTJ2gwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwNTEwMDkzMjQwWhcNNDIw +NTA1MDkzMjQwWjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALUsvHoy4oqpOHuzyoIG3qyoTGQW8Zpse7RaYAWJ +CLgcAGelXWrOhPy40xAWHpLzAnAIxYR4ZSlD2Ebaj08esz4VQs2CKQ0mJEVZA7oq +84YO3WK02HzoYFLee4ySvI967FCn6BwVZQVdz/A8wOIlAbe7Hmucx6dNLTLTR+Pw +YwHMSdnj+OlC2oX2UO+ZIR7jFbSYp7jGF9V8zk74NoAFAuv5rs1UeP01ZF9xgXll +KHUajaUKMKs+6KTo4d2l9ha45LHcoAuDUURzf4GMvO7zVVGw4mFwy/YsPoLV5+vX +YT4GqkBgk9iZXirgTk6xCkiP0NUw5UNhtarUDKvR/U8wLw8CAwEAAaOBkDCBjTAd +BgNVHQ4EFgQUHdDZVpUSwtRrSKp+PuMRK12TlQYwUQYDVR0jBEowSIAUHdDZVpUS +wtRrSKp+PuMRK12TlQahGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRwsN7L +GFwylxxxnWLsAgqq/BMnaDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq +hkiG9w0BAQsFAAOCAQEAPGqIfE172P1NaQGRIHdsRJRot9NnJzZih3q9m+T/YIE8 +8T3uoxhEsMPLzP19w8wAbRy+CjpLwTuYO44kOIVLYhFdx3BTVRhw+YU2RH4PSttE +JDVyYTFPGzjxwprpfui1aGom8u0oPL5MeutMWrPH6qVlIv7JGR3EbDG0iYwE5MZJ +6kW8VW6o5fL02uT+75vNkHTipLUO6S4l6h9NrrgR0ijZ5dhyKC0FZnLnowtMCXXl +2rfHSnGKjMGcq8Jlrwo6eMVPbZM6rrU/tvrjJkqESZY0jMktd0fV903XJ6+X4U9U +stu/HUtKUQC8d3wua1PuI1uPvpr8AQDcf5LuA/STHg== +-----END CERTIFICATE----- diff --git a/ansible/roles/osmocom-obs-worker/files/obs.conf b/ansible/roles/osmocom-obs-worker/files/obs.conf new file mode 100644 index 00000000..7dc2a84d --- /dev/null +++ b/ansible/roles/osmocom-obs-worker/files/obs.conf @@ -0,0 +1,15 @@ +client +remote 2a01:4f8:201:344a::1:4 1194 +ca "/etc/openvpn/obs-ca.crt" +cert "/etc/openvpn/obs.crt" +key "/etc/openvpn/obs.key" +comp-lzo yes +cipher AES-256-CBC +dev tun +proto udp6 +nobind +auth-nocache +script-security 2 +persist-key +persist-tun +remote-cert-tls server diff --git a/ansible/roles/osmocom-obs-worker/tasks/main.yml b/ansible/roles/osmocom-obs-worker/tasks/main.yml new file mode 100644 index 00000000..b350163c --- /dev/null +++ b/ansible/roles/osmocom-obs-worker/tasks/main.yml @@ -0,0 +1,8 @@ +--- + +- name: install OBS + include_tasks: obs.yml + +- name: install openvpn + include_tasks: openvpn.yml + diff --git a/ansible/roles/osmocom-obs-worker/tasks/obs.yml b/ansible/roles/osmocom-obs-worker/tasks/obs.yml new file mode 100644 index 00000000..08367ace --- /dev/null +++ b/ansible/roles/osmocom-obs-worker/tasks/obs.yml @@ -0,0 +1,52 @@ +- name: add OBS rpm repository + zypper_repository: + repo: https://download.opensuse.org/repositories/OBS:/Server:/2.10/15.3/OBS:Server:2.10.repo + autorefresh: yes + auto_import_keys: yes + +- name: install obs-worker + zypper: + name: + - obs-worker + +- name: Make sure an entry in /etc/hosts exists + lineinfile: + path: /etc/hosts + regexp: "^172.16.31.1" + line: "172.16.31.1 obs-backend.osmocom.org obs obs.osmocom.org" + state: present + +- name: Create /srv/obs/cache + file: + path: /srv/obs/cache + owner: obsrun + group: obsrun + recurse: yes + +- name: generate obs-server config file + template: + src: obs-server + dest: /etc/sysconfig/obs-server + +- name: install lxc + when: obs_vm_type == "lxc" + zypper: + name: + - lxc + +- name: install qemu + when: obs_vm_type != "lxc" + zypper: + name: + - qemu-arm + +- name: install qemu-arm + when: obs_vm_type == "emulator:armv7l" or obs_vm_type == "emulator:aarch64" + zypper: + name: + - qemu-arm + +- name: ensure the systemd service is installed + systemd: + name: obsworker.service + enabled: yes diff --git a/ansible/roles/osmocom-obs-worker/tasks/openvpn.yml b/ansible/roles/osmocom-obs-worker/tasks/openvpn.yml new file mode 100644 index 00000000..da53fa54 --- /dev/null +++ b/ansible/roles/osmocom-obs-worker/tasks/openvpn.yml @@ -0,0 +1,21 @@ +- name: Install openvpn + zypper: + name: + - openvpn + +- name: copy openvpn config + copy: + src: obs.conf + dest: /etc/openvpn/ + mode: 0600 + +- name: copy openvpn CA certificate + copy: + src: obs-ca.crt + dest: /etc/openvpn/ + mode: 0600 + +- name: ensure the systemd service is installed + systemd: + name: openvpn@obs.service + enabled: yes diff --git a/ansible/roles/osmocom-obs-worker/templates/obs-server b/ansible/roles/osmocom-obs-worker/templates/obs-server new file mode 100644 index 00000000..f042cd1f --- /dev/null +++ b/ansible/roles/osmocom-obs-worker/templates/obs-server @@ -0,0 +1,442 @@ +# +# NOTE: all these options can be also declared in /etc/buildhost.config on each worker differently. +# + +## Path: Applications/OBS +## Description: The OBS backend code directory +## Type: string +## Default: "" +## Config: OBS +# +# An empty dir will lead to the fall back directory, typically /usr/lib/obs/server/ +# +OBS_BACKENDCODE_DIR="" + +## Path: Applications/OBS +## Description: The base for OBS communication directory +## Type: string +## Default: "" +## Config: OBS +# +# An empty dir will lead to the fall back directory, typically /srv/obs/run +# +OBS_RUN_DIR="" + +## Path: Applications/OBS +## Description: The base for OBS logging directory +## Type: string +## Default: "" +## Config: OBS +# +# An empty dir will lead to the fall back directory, typically /srv/obs/log +# +OBS_LOG_DIR="" + +## Path: Applications/OBS +## Description: The base directory for OBS +## Type: string +## Default: "" +## Config: OBS +# +# An empty dir will lead to the fall back directory, typically /srv/obs +# +OBS_BASE_DIR="" + +## Path: Applications/OBS +## Description: Automatically setup api and webui for OBS server, be warned, this will replace config files ! +## Type: ("yes" | "no") +## Default: "no" +## Config: OBS +# +# This is usally only enabled on the OBS Appliance +# +OBS_API_AUTOSETUP="no" +# +# NOTE: all these options can be also declared in /etc/buildhost.config on each worker differently. +# + +## Path: Applications/OBS +## Description: define source server host to be used +## Type: string +## Default: "" +## Config: OBS +# +# An empty setting will point to localhost:5352 by default +# +OBS_SRC_SERVER="obs-backend.osmocom.org:5352" + +## Path: Applications/OBS +## Description: define repository server host to be used +## Type: string +## Default: "" +## Config: OBS +# +# An empty setting will point to localhost:5252 by default +# +OBS_REPO_SERVERS="obs-backend.osmocom.org:5252" + +## Path: Applications/OBS +## Description: define number of build instances +## Type: integer +## Default: 0 +## Config: OBS +# +# 0 instances will automatically use the number of CPU's +# +OBS_WORKER_INSTANCES="{{obs_worker_instances}}" + +## Path: Applications/OBS +## Description: define names of build instances for z/VM +## Type: string +## Default: "" +## Config: OBS +# +# The names of the workers as defined in z/VM. These must have two minidisks +# assigned, and have a secondary console configured to the local machine: +# 0150 is the root device +# 0250 is the swap device +# +#OBS_WORKER_INSTANCE_NAMES="LINUX075 LINUX076 LINUX077" +OBS_WORKER_INSTANCE_NAMES="" + +## Path: Applications/OBS +## Description: The base directory, where sub directories for each worker will get created +## Type: string +## Default: "" +## Config: OBS +# +# +OBS_WORKER_DIRECTORY="" + +## Path: Applications/OBS +## Description: The base for port numbers used by worker instances +## Type: integer +## Default: "0" +## Config: OBS +# +# 0 means let the operating system assign a port number +# +OBS_WORKER_PORTBASE="0" + +## Path: Applications/OBS +## Description: Number of parallel compile jobs per worker +## Type: integer +## Default: "1" +## Config: OBS +# +# this maps usually to "make -j1" during build +# +OBS_WORKER_JOBS="{{obs_worker_jobs}}" + +## Path: Applications/OBS +## Description: Run in test mode (build results will be ignore, no job blocking) +## Type: ("yes" | "") +## Default: "" +## Config: OBS +# +OBS_WORKER_TEST_MODE="" + +## Path: Applications/OBS +## Description: define one or more labels for the build host. +## Type: string +## Default: "" +## Config: OBS +# +# A label can be used to build specific packages only on dedicated hosts. +# For example for benchmarking. +# +OBS_WORKER_HOSTLABELS="" + +## Path: Applications/OBS +## Description: can be used to define a security level of the worker +## Type: string +## Default: "" +## Config: OBS +# +# This will extend the hostlabels and can be used to limit the workers +# to the hosts which have all security fixes deployed. +# +OBS_WORKER_SECURITY_LEVEL="" + +## Path: Applications/OBS +## Description: Register in SLP server +## Type: ("yes" | "no") +## Default: "yes" +## Config: OBS +# +# +OBS_USE_SLP="yes" + +## Path: Applications/OBS +## Description: Use a common cache directory for downloaded packages +## Type: string +## Default: "" +## Config: OBS +# +# Enable caching requires a given directory here. Be warned, content will be +# removed there ! +# +OBS_CACHE_DIR="/srv/obs/cache" + +## Path: Applications/OBS +## Description: Defines the package cache size +## Type: size in MB +## Default: "" +## Config: OBS +# +# Set the size to 50% of the maximum usable size of this partition +# +OBS_CACHE_SIZE="100000" + +## Path: Applications/OBS +## Description: Defines the nice level of running workers +## Type: integer +## Default: 18 +## Config: OBS +# +# Nicenesses range from -20 (most favorable scheduling) to 19 (least +# favorable). +# Default to 18 as some testsuites depend on being able to switch to +# one priority below (19) _and_ having changed the numeric level +# (so going from 19->19 makes them fail). +# +OBS_WORKER_NICE_LEVEL=18 + +## Path: Applications/OBS +## Description: Set used VM type by worker +## Type: ("auto" | "xen" | "kvm" | "lxc" | "zvm" | "emulator:$arch" | "emulator:$arch:$script" | "none" | "openstack") +## Default: "auto" +## Config: OBS +# +# +OBS_VM_TYPE="{{obs_vm_type}}" + +## Path: Applications/OBS +## Description: Set kernel used by worker (kvm) +## Type: ("none" | "/boot/vmlinuz" | "/foo/bar/vmlinuz) +## Default: "none" +## Config: OBS +# +# For z/VM this is normally /boot/image +# +OBS_VM_KERNEL="none" + +## Path: Applications/OBS +## Description: Set initrd used by worker (kvm) +## Type: ("none" | "/boot/initrd" | "/foo/bar/initrd-foo) +## Default: "none" +## Config: OBS +# +# for KVM, you have to create with (example for openSUSE 11.2): +# +# export rootfstype="ext4" +# mkinitrd -d /dev/null -m "ext4 binfmt_misc virtio_pci virtio_blk" -k vmlinuz-2.6.31.12-0.2-default -i initrd-2.6.31.12-0.2-default-obs_worker +# +# a working initrd file which includes virtio and binfmt_misc for OBS in order to work fine +# +# for z/VM, the build script will create a initrd at the given location if +# it does not yet exist. +# +OBS_VM_INITRD="none" + +## Path: Applications/OBS +## Description: Autosetup for XEN/KVM/TMPFS disk (root) - Filesize in MB +## Type: integer +## Default: "4096" +## Config: OBS +# +# +OBS_VM_DISK_AUTOSETUP_ROOT_FILESIZE="4096" + +## Path: Applications/OBS +## Description: Autosetup for XEN/KVM disk (swap) - Filesize in MB +## Type: integer +## Default: "1024" +## Config: OBS +# +# +OBS_VM_DISK_AUTOSETUP_SWAP_FILESIZE="1024" + +## Path: Applications/OBS +## Description: Default filesystem to use for autosetup. +## Type: ("ext2" | "ext3" | "ext4" | "reiserfs" | "btrfs" | "xfs") +## Default: "ext3" +## Config: OBS +# +# +# Buildflag vmfstype may overwrite this for a specific job. +OBS_VM_DISK_AUTOSETUP_FILESYSTEM="ext3" + +## Path: Applications/OBS +## Description: Filesystem mount options to use for autosetup +## Type: string +## Default: "" +## Config: OBS +# +# +OBS_VM_DISK_AUTOSETUP_MOUNT_OPTIONS="" + +## Path: Applications/OBS +## Description: Enable build in memory +## Type: ("yes" | "") +## Default: "" +## Config: OBS +# +# WARNING: this requires much memory! +# +OBS_VM_USE_TMPFS="yes" + +## Path: Applications/OBS +## Description: Specify custom options for VM handler +## Type: string +## Default: "" +## Config: OBS +# +# Can be used to workaround problems with VM handler and should not be needed usually +# +OBS_VM_CUSTOM_OPTION="" + +## Path: Applications/OBS +## Description: Memory allocated for each VM (512) if not set +## Type: integer +## Default: "" +## Config: OBS +# +# +OBS_INSTANCE_MEMORY="" + +## Path: Applications/OBS +## Description: Enable storage auto configuration +## Type: ("yes" | "") +## Default: "" +## Config: OBS +# +# WARNING: this may destroy data on your hard disk ! +# This is usually only used on mass deployed worker instances +# +OBS_STORAGE_AUTOSETUP="" + +## Path: Applications/OBS +## Description: Setup LVM via obsstoragesetup +## Type: ("take_all" | "use_obs_vg" | "none") +## Default: "use_obs_vg" +## Config: OBS +# +# take_all: WARNING: all LVM partitions will be used and all data erased ! +# use_obs_vg: A lvm volume group named "OBS" will be re-setup for the workers. +# +OBS_SETUP_WORKER_PARTITIONS="use_obs_vg" + +## Path: Applications/OBS +## Description: Size in MB when creating LVM partition for cache partition +## Type: integer +## Default: "" +## Config: OBS +# +# +OBS_WORKER_CACHE_SIZE="" + +## Path: Applications/OBS +## Description: Size in MB when creating LVM partition for each worker root partition +## Type: integer +## Default: "" +## Config: OBS +# +# +OBS_WORKER_ROOT_SIZE="" + +## Path: Applications/OBS +## Description: Size in MB when creating LVM partition for each worker swap partition +## Type: integer +## Default: "" +## Config: OBS +# +# +OBS_WORKER_SWAP_SIZE="" + +## Path: Applications/OBS +## Description: URL to a proxy service for caching binaries used by worker +## Type: string +## Default: "" +## Config: OBS +# +# +OBS_WORKER_BINARIES_PROXY="" + +## Path: Applications/OBS +## Description: URL to a ssh pub key to allow root user login +## Type: string +## Default: "" +## Config: OBS +# +# This is usually used on mass (PXE) deployed workers) +# +OBS_ROOT_SSHD_KEY_URL="" + +## Path: Applications/OBS +## Description: URL to a script to be downloaded and executed +## Type: string +## Default: "" +## Config: OBS +# +# This is a hook for doing special things in your setup at boot time +# +OBS_WORKER_SCRIPT_URL="" + +## Path: Applications/OBS +## Description: If chroot/lxc is used for build, empty it after build is finished +## Type: ("yes" | "") +## Default: "" +## Config: OBS +# +# +OBS_WORKER_CLEANUP_CHROOT="" + +##Path: Application/OBS +## Description: wipes the build environment of the worker after the build +## Type: ("yes" | "") +## Default: "" +## Config: OBS +# +# +OBS_WORKER_WIPE_AFTER_BUILD="" + +##Path: Application/OBS +## Description: name or id of openstack instance that controls the worker (building) instances +## Type: ("yes" | "") +## Default: "" +## Config: OBS +# +# +OBS_WORKER_CONTROL_INSTANCE="" + +##Path: Application/OBS +## Description: name or id flavor to create openstack worker (building) instance +## Type: ("yes" | "") +## Default: "" +## Config: OBS +# +# +OBS_WORKER_OS_FLAVOR="" + +##Path: Application/OBS +## Description: openstack environment variables. Only used when OBS_VM_TYPE=openstack +## Type: ("yes" | "") +## Default: "" +## Config: OBS +# +# +OS_AUTH_URL="" + +OS_PROJECT_ID="" +OS_PROJECT_NAME="" +OS_USER_DOMAIN_NAME="" +OS_USERNAME="" +OS_PASSWORD="" +OS_REGION_NAME="" + +OBS_WORKER_PREFIX="" + +OBS_OPENSTACK_DISK_SIZE="" +OBS_OPENSTACK_SWAP_SIZE="" +OBS_OPENSTACK_MEMORY_SIZE="" diff --git a/ansible/setup-obs-worker.yml b/ansible/setup-obs-worker.yml new file mode 100644 index 00000000..c742a19e --- /dev/null +++ b/ansible/setup-obs-worker.yml @@ -0,0 +1,21 @@ +--- +- name: setup OBS worker + hosts: obs-workers + user: root + vars_files: + - "vars/{{ ansible_facts['os_family'] }}-{{ ansible_facts['distribution_major_version']}}.yml" + tasks: + - name: install common utilities + zypper: + name: + - vim + - tmux + - screen + - tcpdump + - strace + - ltrace + + roles: + - name: osmocom-obs-worker + tags: + - obs-worker diff --git a/ansible/vars/Suse-15.yml b/ansible/vars/Suse-15.yml new file mode 100644 index 00000000..0cf00c2e --- /dev/null +++ b/ansible/vars/Suse-15.yml @@ -0,0 +1,2 @@ +--- +obs_distro: fixme