Add tool to bootstrap openQA with only one command

os-autoinst · Dec 19, 2018 · 3173263 · 3173263
1 parent 2e94967
commit 3173263
Show file tree

Hide file tree

Showing 3 changed files with 137 additions and 0 deletions.
diff --git a/openQA.spec b/openQA.spec
@@ -193,6 +193,14 @@ Supplements:    packageand(%name:postgresql-server)
 You only need this package if you have a local postgresql server
 next to the webui.
 
+%package bootstrap
+Summary:        Automated openQA setup
+Group:          Development/Tools/Other
+
+%description bootstrap
+This can automatically setup openQA - either directly on your system
+or within a systemd-nspawn container.
+
 %package doc
 Summary:        The openQA documentation
 Group:          Development/Tools/Other
@@ -481,4 +489,8 @@ fi
 %files local-db
 %{_unitdir}/openqa-setup-db.service
 
+%files bootstrap
+%{_datadir}/openqa/script/openqa-bootstrap
+%{_datadir}/openqa/script/openqa-bootstrap-container
+
 %changelog
diff --git a/script/openqa-bootstrap b/script/openqa-bootstrap
@@ -0,0 +1,61 @@
+#!/bin/bash -x
+
+zypper -n install --no-recommends openQA-local-db apache2 openQA-worker qemu-kvm
+
+# setup database
+systemctl enable --now postgresql
+su postgres -c "createuser -D geekotest"
+su postgres -c "createdb -O geekotest openqa"
+
+
+# setup webserver and fake-auth
+# from script/setup-single-instance (https://github.com/os-autoinst/openQA/pull/1933)
+for i in headers proxy proxy_http proxy_wstunnel rewrite ; do a2enmod $i ; done
+sed -i -e 's/^.*httpsonly.*$/httpsonly = 0/g' /etc/openqa/openqa.ini
+sed -i -e 's/#.*method.*OpenID.*$/&\nmethod = Fake/' /etc/openqa/openqa.ini
+sed "s/#ServerName.*$/ServerName $(hostname)/" /etc/apache2/vhosts.d/openqa.conf.template > /etc/apache2/vhosts.d/openqa.conf
+
+
+# fetch tests and needles
+echo "opensuse ..."
+if ping -c1 gitlab.suse.de. ; then
+	# use faster local mirror if run from within SUSE network
+	export needles_giturl="https://gitlab.suse.de/openqa/os-autoinst-needles-opensuse-mirror.git"
+fi
+/usr/share/openqa/script/fetchneedles
+
+if ping -c1 gitlab.suse.de. ; then
+	# clone SLE needles if run from within SUSE network
+	git clone https://gitlab.suse.de/openqa/os-autoinst-needles-sles.git /var/lib/openqa/tests/opensuse/products/sle/needles
+	chown -R geekotest: /var/lib/openqa/tests/opensuse/products/sle/needles
+fi
+
+
+# ensure that the hostname is mapped to 127.0.0.1 (needed for livehandler)
+grep -q $(hostname) /etc/hosts || echo "127.0.0.1 $(hostname)" >> /etc/hosts
+
+
+# start daemons
+systemctl enable --now apache2.service
+systemctl enable --now openqa-webui.service
+systemctl enable --now openqa-websockets.service
+systemctl enable --now openqa-scheduler.service
+systemctl enable --now openqa-resource-allocator.service
+systemctl enable --now openqa-livehandler.service
+systemctl enable --now openqa-gru.service
+
+
+# create api key
+curl http://localhost/login # create demo user (id=2)
+API_KEY=$(hexdump -n 8 -e '2/4 "%08X" 1 "\n"' /dev/random)
+API_SECRET=$(hexdump -n 8 -e '2/4 "%08X" 1 "\n"' /dev/random)
+echo "INSERT INTO api_keys (key, secret, user_id, t_created, t_updated) VALUES ('${API_KEY}', '${API_SECRET}', 2, NOW(), NOW());" | su postgres -c 'psql openqa'
+
+cat >> /etc/openqa/client.conf <<EOF
+[localhost]
+key = ${API_KEY}
+secret = ${API_SECRET}
+EOF
+
+# start worker
+systemctl enable --now openqa-worker@1.service
diff --git a/script/openqa-bootstrap-container b/script/openqa-bootstrap-container
@@ -0,0 +1,64 @@
+#!/bin/bash -x
+
+CONTAINER_NAME="openqa1"
+CONTANER_PATH="/var/lib/machines/${CONTAINER_NAME}"
+
+DEFAULT_REPO="http://download.opensuse.org/tumbleweed/repo/oss/"
+PKGS_TO_INSTALL="aaa_base systemd shadow zypper openSUSE-release vim iproute2 iputils openQA-local-db openQA-worker sudo apache2 net-tools curl wget ca-certificates-mozilla qemu-kvm openQA-bootstrap"
+
+zypper -n install systemd-container
+mkdir -p /var/lib/machines/
+
+cat > /etc/systemd/system/systemd-nspawn-openqa@.service <<EOF
+[Unit]
+Description=Container %i
+Documentation=man:systemd-nspawn(1)
+PartOf=machines.target
+Before=machines.target
+After=network.target systemd-resolved.service
+RequiresMountsFor=/var/lib/machines
+
+[Service]
+ExecStart=/usr/bin/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --bind /dev/kvm --settings=override --machine=%i
+KillMode=mixed
+Type=notify
+RestartForceExitStatus=133
+SuccessExitStatus=133
+Slice=machine.slice
+Delegate=yes
+TasksMax=16384
+
+DevicePolicy=closed
+DeviceAllow=/dev/net/tun rwm
+DeviceAllow=char-pts rw
+
+# nspawn itself needs access to /dev/loop-control and /dev/loop, to
+# implement the --image= option. Add these here, too.
+DeviceAllow=/dev/loop-control rw
+DeviceAllow=/dev/kvm rw
+DeviceAllow=block-loop rw
+DeviceAllow=block-blkext rw
+
+[Install]
+WantedBy=machines.target
+EOF
+
+mkdir $CONTANER_PATH
+zypper -n --root $CONTANER_PATH addrepo $DEFAULT_REPO defaultrepo
+zypper -n --root $CONTANER_PATH --gpg-auto-import-keys refresh
+zypper -n --root $CONTANER_PATH install --no-recommends -ly $PKGS_TO_INSTALL
+
+if ping -c1 download.suse.de. ; then
+	# add internal CA if executed within suse network
+	zypper -n --root $CONTANER_PATH addrepo http://download.suse.de/ibs/SUSE:/CA/openSUSE_Tumbleweed/SUSE:CA.repo
+	zypper -n --root $CONTANER_PATH --gpg-auto-import-keys refresh
+	zypper -n --root $CONTANER_PATH install --no-recommends -ly ca-certificates-suse
+fi
+
+systemctl daemon-reload
+systemctl start systemd-nspawn-openqa@$CONTAINER_NAME
+# ensure that the container is really running
+while ! timeout -s9 2 systemd-run -qPM $CONTAINER_NAME /bin/bash -c whoami ; do systemctl restart systemd-nspawn-openqa@$CONTAINER_NAME.service ; sleep 3 ; done
+systemd-run -qPM $CONTAINER_NAME /bin/bash -c '/usr/share/openqa/script/openqa-bootstrap'
+
+echo -e "$(tput setaf 2;tput bold)Your openQA container has been created. Run 'systemd-run -tM $CONTAINER_NAME /bin/bash' to get a shell in the container$(tput sgr0)"