Add an ansible-runner task to run bonnyci-test-suite #389
Conversation
gandelman-a
force-pushed
the
bonnyci-test-suite
branch
from
e9741af
to
d16f1fd
Compare
|
Merge Failed! Help can be found at http://bonnyci.org/lore/end_users/use/#handling-merge-failures |
gandelman-a
force-pushed
the
bonnyci-test-suite
branch
2 times, most recently
from
ee8a0a8
to
0ac68e6
Compare
| letsencrypt: | ||
| account_key: | | ||
| -----BEGIN RSA PRIVATE KEY----- | ||
| ThisIsNotARealKey | ||
| -----END RSA PRIVATE KEY----- | ||
| bonnyci_test_suite: |
There was a problem hiding this comment.
(nit) I would prefer to only put sensitive information here, but it also seems easier to just put it all in a single location here.
There was a problem hiding this comment.
maybe, there's no reason this list needs to be private so it can also go in the bastion host_vars.
There was a problem hiding this comment.
So actually we keep the github API tokens for two github accounts in there. I can separate this out from the other test suite config and have things stored in 2 places?
| dest: /etc/sudoers.d/99_bonnyci-test-suite | ||
| mode: 0400 | ||
| owner: root | ||
| content: "bonnyci-test-suite ALL=(ALL) NOPASSWD:ALL" |
There was a problem hiding this comment.
this reveals a problem with our ansible-runner, there's no reason that bonnyci-test-suite user should have sudo access.
There was a problem hiding this comment.
Right, we need to have each runner task have its own ansible venv, into which it can install its repo's requirements. I was going to look at doing that in a follow up patch
There was a problem hiding this comment.
Created BonnyCI/projman#242
gandelman-a
force-pushed
the
bonnyci-test-suite
branch
2 times, most recently
from
b3e1f4d
to
974a9b5
Compare
Until we can run this as a periodic job in Zuul and get its logs published into logstash, run it as an ansible task from the bastion. This essentially just sets up the task, a user and passes through some secrets. The test suite itself contains a playbook, which the ansible-runner task calls, to convert the secrets into a test config and run the test suite. The datadog monitor should be able to monitor for the runner task and report on its failure. Closes-Issue: BonnyCI/projman#178 Signed-off-by: Adam Gandelman <adamg@ubuntu.com>
gandelman-a
force-pushed
the
bonnyci-test-suite
branch
from
974a9b5
to
d8a9e6d
Compare
Until we can run this as a periodic job in Zuul and get its logs
published into logstash, run it as an ansible task from the bastion.
This essentially just sets up the task, a user and passes through some
secrets. The test suite itself contains a playbook, which the ansible-runner
task calls, to convert the secrets into a test config and run the test suite.
The datadog monitor should be able to monitor for the runner task and
report on its failure.
Closes-Issue: BonnyCI/projman#178
Signed-off-by: Adam Gandelman adamg@ubuntu.com