Add an ansible-runner task to run bonnyci-test-suite #389
base: master
Are you sure you want to change the base?
Conversation
e9741af
to
d16f1fd
Compare
Merge Failed! Help can be found at http://bonnyci.org/lore/end_users/use/#handling-merge-failures |
ee8a0a8
to
0ac68e6
Compare
letsencrypt: | ||
account_key: | | ||
-----BEGIN RSA PRIVATE KEY----- | ||
ThisIsNotARealKey | ||
-----END RSA PRIVATE KEY----- | ||
bonnyci_test_suite: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(nit) I would prefer to only put sensitive information here, but it also seems easier to just put it all in a single location here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe, there's no reason this list needs to be private so it can also go in the bastion host_vars.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So actually we keep the github API tokens for two github accounts in there. I can separate this out from the other test suite config and have things stored in 2 places?
dest: /etc/sudoers.d/99_bonnyci-test-suite | ||
mode: 0400 | ||
owner: root | ||
content: "bonnyci-test-suite ALL=(ALL) NOPASSWD:ALL" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this reveals a problem with our ansible-runner, there's no reason that bonnyci-test-suite user should have sudo access.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, we need to have each runner task have its own ansible venv, into which it can install its repo's requirements. I was going to look at doing that in a follow up patch
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Created BonnyCI/projman#242
b3e1f4d
to
974a9b5
Compare
Until we can run this as a periodic job in Zuul and get its logs published into logstash, run it as an ansible task from the bastion. This essentially just sets up the task, a user and passes through some secrets. The test suite itself contains a playbook, which the ansible-runner task calls, to convert the secrets into a test config and run the test suite. The datadog monitor should be able to monitor for the runner task and report on its failure. Closes-Issue: BonnyCI/projman#178 Signed-off-by: Adam Gandelman <adamg@ubuntu.com>
974a9b5
to
d8a9e6d
Compare
Until we can run this as a periodic job in Zuul and get its logs
published into logstash, run it as an ansible task from the bastion.
This essentially just sets up the task, a user and passes through some
secrets. The test suite itself contains a playbook, which the ansible-runner
task calls, to convert the secrets into a test config and run the test suite.
The datadog monitor should be able to monitor for the runner task and
report on its failure.
Closes-Issue: BonnyCI/projman#178
Signed-off-by: Adam Gandelman adamg@ubuntu.com