From cf9cba55a579956309fcf5480b1153a8e6577a88 Mon Sep 17 00:00:00 2001 From: David Galloway Date: Wed, 1 Nov 2017 10:12:03 -0400 Subject: [PATCH] Add ceph-cm-ansible-prs job Signed-off-by: David Galloway --- ansible/examples/slave_teuthology.yml | 145 ++++++++++++++++++ ceph-cm-ansible-prs/README.rst | 29 ++++ ceph-cm-ansible-prs/build/build | 89 +++++++++++ .../definitions/ceph-cm-ansible-prs.yml | 85 ++++++++++ 4 files changed, 348 insertions(+) create mode 100644 ansible/examples/slave_teuthology.yml create mode 100644 ceph-cm-ansible-prs/README.rst create mode 100644 ceph-cm-ansible-prs/build/build create mode 100644 ceph-cm-ansible-prs/config/definitions/ceph-cm-ansible-prs.yml diff --git a/ansible/examples/slave_teuthology.yml b/ansible/examples/slave_teuthology.yml new file mode 100644 index 000000000..2bae08ca0 --- /dev/null +++ b/ansible/examples/slave_teuthology.yml @@ -0,0 +1,145 @@ +--- +# This playbook should only be run against a teuthology host or a machine inside the Sepia test lab that can lock testnodes. +# See ceph-cm-ansible/README.rst + +- hosts: all + become: true + user: cm + vars: + - jenkins_user: 'jenkins-build' + # jenkins API credentials: + - api_user: 'ceph-jenkins' + - token: '{{ token }}' + - api_uri: 'https://jenkins.ceph.com' + - jenkins_credentials_uuid: '39fa150b-b2a1-416e-b334-29a9a2c0b32d' + - nodename: 'teuthology' + - labels: 'teuthology' + + tasks: + - name: "create a {{ jenkins_user }} user" + user: + name: "{{ jenkins_user }}" + append: yes + comment: "Jenkins Build Slave User" + + - name: "create a {{ jenkins_user }} home directory" + file: + path: "/home/{{ jenkins_user }}/" + state: directory + owner: "{{ jenkins_user }}" + + - name: Create .ssh directory + file: + path: "/home/{{ jenkins_user }}/.ssh" + state: directory + owner: "{{ jenkins_user }}" + + - name: set the authorized keys + authorized_key: + user: "{{ jenkins_user }}" + key: "{{ lookup('file', 'files/ssh/keys/jenkins_build.pub') }}" + + - name: Write ~/.ssh/config + blockinfile: + path: "/home/{{ jenkins_user }}/.ssh/config" + create: yes + block: | + Host * + StrictHostKeyChecking no + UserKnownHostsFile=/dev/null + + - name: set utf-8 for LC_ALL + lineinfile: + dest: "/home/{{ jenkins_user }}/.bashrc" + regexp: '^export LC_ALL=' + line: "export LC_ALL=en_US.UTF-8" + create: true + state: present + + - name: set utf-8 for LANG + lineinfile: + dest: "/home/{{ jenkins_user }}/.bashrc" + regexp: '^export LANG=' + line: "export LANG=en_US.UTF-8" + + - name: set utf-8 for LANGUAGE + lineinfile: + dest: "/home/{{ jenkins_user }}/.bashrc" + regexp: '^export LANGUAGE=' + line: "export LANGUAGE=en_US.UTF-8" + + - name: ensure the build dir exists + file: + path: "/home/{{ jenkins_user }}/build" + state: directory + owner: "{{ jenkins_user }}" + + - name: ensure the home dir has the right owner permissions + file: + path: "/home/{{ jenkins_user }}" + state: directory + owner: "{{ jenkins_user }}" + group: "{{ jenkins_user }}" + recurse: yes + + - name: ensure the gitconfig file exists + shell: printf "[user]\name=Ceph CI\nemail=ceph-release-team@redhat.com\n" > /home/{{ jenkins_user }}/.gitconfig + + - name: ensure the gitconfig file has right permissions + file: + path: "/home/{{ jenkins_user }}/.gitconfig" + owner: "{{ jenkins_user }}" + + - name: install six, latest one + pip: + name: six + state: latest + + - name: install python-jenkins + # https://review.openstack.org/460363 + pip: + name: python-jenkins + version: 0.4.15 + + - name: add github.com host key + known_hosts: + path: '/etc/ssh/ssh_known_hosts' + # we need to use 'host' here because prado currently uses ansible-playbook==1.9.1 + host: 'github.com' + # github.com.pub is the output of `ssh-keyscan github.com` + key: "{{ lookup('file', 'files/ssh/hostkeys/github.com.pub') }}" + + - name: register the new slave to jenkins master with jnlp + jenkins_node: + username: "{{ api_user }}" + uri: "{{ api_uri }}" + password: "{{ token }}" + # relies on a convention to set a unique name that allows a reverse + # mapping from Jenkins back to whatever service created the current + # node + name: "{{ ansible_default_ipv4.address }}+{{ nodename }}" + labels: "{{ labels }}" + host: "{{ ansible_default_ipv4.address }}" + credentialsId: "{{ jenkins_credentials_uuid }}" + launcher: 'hudson.slaves.JNLPLauncher' + remoteFS: '/home/{{ jenkins_user }}/build' + # XXX this should be configurable, not all nodes should have one executor + executors: '{{ executors|default(1) }}' + exclusive: true + + - name: Download slave.jar + get_url: + url: "{{ api_uri }}/jnlpJars/slave.jar" + dest: "/home/{{ jenkins_user }}/slave.jar" + force: yes + + - name: install the systemd unit file for jenkins + template: + src: "templates/systemd/jenkins.service.j2" + dest: "/etc/systemd/system/jenkins.service" + + - name: start jenkins service + service: + name: jenkins + state: started + enabled: yes diff --git a/ceph-cm-ansible-prs/README.rst b/ceph-cm-ansible-prs/README.rst new file mode 100644 index 000000000..5bb1d67d6 --- /dev/null +++ b/ceph-cm-ansible-prs/README.rst @@ -0,0 +1,29 @@ +ceph-cm-ansible-prs +=================== + +This job tests changes to the ceph-cm-ansible_ repo. It locks one testnode per machine type **and** distro and runs the ``ansible_managed`` and ``testnodes`` playbooks. + +Prerequisites +------------- + +These steps should only have to be performed when a new teuthology host is being set up but it's good to have documented. + +#. Run the ``ansible/examples/slave_teuthology.yml`` playbook against the teuthology host. + +#. As the ``jenkins-build`` user on the teuthology host, generate a new RSA SSH key (``ssh-keygen -t rsa``). + +#. Copy the public key to jenkins-build.pub_ in the keys repo. (This is so the jenkins-build user can ssh to testnodes and VPSHOSTs) + +#. Copy/create ``/home/jenkins-build/.config/libvirt/libvirt.conf`` so the jenkins-build user can downburst VPSes. + +#. Run the ceph-cm-ansible_ ``users`` playbook against VPSHOSTs so the jenkins-build pubkey is added to the ubuntu user's authorized_keys on the VPSHOSTs. + +**NOTE:** This job also relies on: + +- teuthology.yaml_ -- If the job is being run on the teuthology host, this should already be in place at ``/etc/teuthology.yaml``. +- ceph-sepia-secrets_ -- If the job is being run on a teuthology host, ``/etc/ansible`` should already be symlinked to a ceph-sepia-secrets checkout. + +.. _ceph-cm-ansible: https://github.com/ceph/ceph-cm-ansible +.. _jenkins-build.pub: https://github.com/ceph/keys/blob/master/ssh/jenkins-build.pub +.. _teuthology.yaml: http://docs.ceph.com/teuthology/docs/siteconfig.html +.. _ceph-sepia-secrets: https://github.com/ceph/ceph-sepia-secrets/ diff --git a/ceph-cm-ansible-prs/build/build b/ceph-cm-ansible-prs/build/build new file mode 100644 index 000000000..4b472e51c --- /dev/null +++ b/ceph-cm-ansible-prs/build/build @@ -0,0 +1,89 @@ +#!/bin/bash +# NOTE: Commented code was my attempt at creating this as a matrix job. +# I couldn't get the child jobs to share the same checkout/venv of teuthology +# so I left the code in place in case I (or somebody else) wants to take a +# crack at it in the future. + +set -ex + +# Clone or update teuthology +if [ ! -d teuthology ]; then + git clone https://github.com/ceph/teuthology + cd teuthology +else + cd teuthology + git pull +fi + +# Bootstrap teuthology +./bootstrap + +cd $WORKSPACE + +# Clone or update teuthology +if [ ! -d downburst ]; then + git clone https://github.com/ceph/downburst + cd downburst +else + cd downburst + git pull +fi + +# Bootstrap downburst +./bootstrap + +# Activate our virtualenv containing teuthology and ansible +source $WORKSPACE/teuthology/virtualenv/bin/activate + +# Add downburst to path +PATH=$PATH:$WORKSPACE/downburst/virtualenv/bin + +#if [ $DISTRO == "xenial" ]; then +# DISTRO="ubuntu" +# DISTRO_VERSION="16.04" +#elif [ $DISTRO == "trusty" ]; then +# DISTRO="ubuntu" +# DISTRO_VERSION="14.04" +#elif [ $DISTRO == "centos" ]; then +# DISTRO="centos" +# DISTRO_VERSION="7.3" +#else +# echo "Unknown distro: $DISTRO" +# exit 1 +#fi + +# Don't bail since we'll almost certainly not lock every machine/os type on the first try +set +e + +for machine_type in smithi mira vps; do + LOCK_TRUSTY_CMD="teuthology-lock --lock-many 1 --machine-type $machine_type --os-type ubuntu --os-version 14.04" + LOCK_XENIAL_CMD="teuthology-lock --lock-many 1 --machine-type $machine_type --os-type ubuntu --os-version 16.04" + LOCK_CENTOS_CMD="teuthology-lock --lock-many 1 --machine-type $machine_type --os-type centos --os-version 7.3" + $LOCK_TRUSTY_CMD; while [ $? -ne 0 ]; do sleep 5; $LOCK_TRUSTY_CMD; done + $LOCK_XENIAL_CMD; while [ $? -ne 0 ]; do sleep 5; $LOCK_XENIAL_CMD; done + $LOCK_CENTOS_CMD; while [ $? -ne 0 ]; do sleep 5; $LOCK_CENTOS_CMD; done +done + +#LOCK_CMD="teuthology-lock --lock-many 1 --machine-type $MACHINE_TYPE --os-type $DISTRO --os-version $DISTRO_VERSION" +# +## Keep trying to lock a machine +#$LOCK_CMD; while [ $? -ne 0 ]; do sleep 5; $LOCK_CMD; done + +set -e + +locked_machines=$(teuthology-lock --brief | awk '{ print $1 }' | paste -sd "," -) +#locked_machines=$(teuthology-lock --brief --machine-type $MACHINE_TYPE --os-type $DISTRO --os-version $DISTRO_VERSION | awk '{ print $1 }' | paste -sd "," -) + +cd $WORKSPACE/ceph-cm-ansible + +# Erase line about the vault password since testnodes don't need any secrets +sed -i '/vault_password_file/d' ./ansible.cfg + +ansible-playbook -vv ansible_managed.yml --limit=\"$locked_machines\" +#ansible-playbook -vvv ansible_managed.yml --limit=\"$locked_machine\" + +ansible-playbook -vv testnodes.yml -e ansible_ssh_user=ubuntu --limit=\"$locked_machines\" +#ansible-playbook -vvv testnodes.yml -e ansible_ssh_user=ubuntu --limit=\"$locked_machine\" + +teuthology-lock --unlock -t <(teuthology-lock --list-targets) +#teuthology-lock --unlock $locked_machine diff --git a/ceph-cm-ansible-prs/config/definitions/ceph-cm-ansible-prs.yml b/ceph-cm-ansible-prs/config/definitions/ceph-cm-ansible-prs.yml new file mode 100644 index 000000000..a9bc79914 --- /dev/null +++ b/ceph-cm-ansible-prs/config/definitions/ceph-cm-ansible-prs.yml @@ -0,0 +1,85 @@ +- scm: + name: ceph-cm-ansible + scm: + - git: + url: https://github.com/ceph/ceph-cm-ansible + branches: + - ${sha1} + refspec: +refs/pull/*:refs/remotes/origin/pr/* + browser: auto + timeout: 20 + basedir: "ceph-cm-ansible" + skip-tag: true + wipe-workspace: true + +- job: + name: ceph-cm-ansible-pull-requests + description: Tests changes to ceph-cm-ansible testnode playbook + project-type: freestyle +# project-type: matrix + node: teuthology + block-downstream: false + block-upstream: false + defaults: global + display-name: 'ceph-cm-ansible: Pull Requests' + quiet-period: 5 +# execution-strategy: +# sequential: false +# axes: +# - axis: +# type: user-defined +# name: MACHINE_TYPE +# values: +# - smithi +# - mira +# - vps +# - axis: +# type: user-defined +# name: DISTRO +# values: +# - trusty +# - xenial +# - centos +# - axis: +# type: label-expression +# name: teuthology +# values: +# - teuthology + + logrotate: + daysToKeep: 14 + + properties: + - github: + url: https://github.com/ceph/ceph-cm-ansible/ + + parameters: + - string: + name: sha1 + description: "A pull request ID, like 'origin/pr/72/head'" + + triggers: + - github-pull-request: + admin-list: + - djgalloway + - zmc + org-list: + - ceph + only-trigger-phrase: false + github-hooks: true + permit-all: true + auto-close-on-fail: false + + scm: + - ceph-cm-ansible + + builders: + - shell: + !include-raw: + - ../../../scripts/build_utils.sh + - ../../build/build +# +# wrappers: +# - pre-scm-buildstep: +# - shell: +# !include-raw: ../../build/setup