Add tool to bootstrap openQA with only one command

docs/Installing.asciidoc

@@ -19,6 +19,36 @@ assumed that the reader is already familiar with openQA and has already read the
 Starter Guide, available at the
 https://github.com/os-autoinst/openQA[official repository].
 
+== openQA quick bootstrap
+
+To quickly get a working openQA installation, you can use openQA-bootstrap.
+
+=== Directly on your machine
+
+This should work on openSUSE Leap and openSUSE Tumbleweed and will setup openQA
+on your machine.
+
+[source,sh]
+-------------------------------------------------------------------------------
+zypper in openQA-bootstrap
+/usr/share/openqa/script/openqa-bootstrap
+-------------------------------------------------------------------------------
+
+=== openQA in a container
+
+You can also setup a systemd-nspawn container with openQA with the following
+commands. This will only work on Tumbleweed and you need to have no application
+listening on port 80 yet because the container will share the host systems
+network stack.
+
+[source,sh]
+-------------------------------------------------------------------------------
+zypper in openQA-bootstrap
+/usr/share/openqa/script/openqa-bootstrap-container
+
+systemd-run -tM openqa1 /bin/bash # start a shell in the container
+-------------------------------------------------------------------------------
+
 == Repositories and installation
 
 Keep in mind that there can be disruptive changes between openQA versions.

openQA.spec

@@ -193,6 +193,14 @@ Supplements:    packageand(%name:postgresql-server)
 You only need this package if you have a local postgresql server
 next to the webui.
 
+%package bootstrap
+Summary:        Automated openQA setup
+Group:          Development/Tools/Other
+
+%description bootstrap
+This can automatically setup openQA - either directly on your system
+or within a systemd-nspawn container.
+
 %package doc
 Summary:        The openQA documentation
 Group:          Development/Tools/Other
@@ -481,4 +489,8 @@ fi
 %files local-db
 %{_unitdir}/openqa-setup-db.service
 
+%files bootstrap
+%{_datadir}/openqa/script/openqa-bootstrap
+%{_datadir}/openqa/script/openqa-bootstrap-container
+
 %changelog

script/openqa-bootstrap

@@ -0,0 +1,90 @@
+#!/bin/bash -x
+
+
+# add extra repos for leap
+source /etc/os-release
+if $NAME == "openSUSE Leap" ; then
+	zypper -n addrepo obs://devel:openQA devel:openQA
+	zypper -n addrepo obs://devel:openQA:Leap:${VERSION} devel:openQA:Leap:${VERSION}
+	zypper -n  --gpg-auto-import-keys refresh
+fi
+
+
+# install packages
+zypper -n install --no-recommends openQA-local-db apache2 openQA-worker qemu-kvm sudo
+
+
+# setup database
+systemctl enable --now postgresql
+su postgres -c "createuser -D geekotest"
+su postgres -c "createdb -O geekotest openqa"
+
+
+# setup webserver and fake-auth
+# from script/setup-single-instance (https://github.com/os-autoinst/openQA/pull/1933)
+for i in headers proxy proxy_http proxy_wstunnel rewrite ; do a2enmod $i ; done
+sed -i -e 's/^.*httpsonly.*$/httpsonly = 0/g' /etc/openqa/openqa.ini
+sed -i -e 's/#.*method.*OpenID.*$/&\nmethod = Fake/' /etc/openqa/openqa.ini
+sed "s/#ServerName.*$/ServerName $(hostname)/" /etc/apache2/vhosts.d/openqa.conf.template > /etc/apache2/vhosts.d/openqa.conf
+
+
+if ping -c1 download.suse.de. && (! rpm -q ca-certificates-suse) ; then
+	# add internal CA if executed within suse network
+	if ! zypper info ca-certificates-suse | grep -q ':' ; then
+		# add suse ca repo if needed
+		# use this way of adding the repo to be distro agnostic
+		zypper -n addrepo obs://SUSE:CA SUSE:CA
+		sed -i -e 's#download.opensuse.org/repositories#download.suse.de/ibs#' /etc/zypp/repos.d/SUSE\:CA.repo
+		sed -i -e 's/https/http/' /etc/zypp/repos.d/SUSE\:CA.repo
+		zypper -n --gpg-auto-import-keys refresh
+	fi
+	zypper -n install --no-recommends -ly ca-certificates-suse
+fi
+
+# fetch tests and needles
+if ping -c1 gitlab.suse.de. ; then
+	# use faster local mirror if run from within SUSE network
+	export needles_giturl="https://gitlab.suse.de/openqa/os-autoinst-needles-opensuse-mirror.git"
+fi
+/usr/share/openqa/script/fetchneedles
+
+if ping -c1 gitlab.suse.de. ; then
+	# clone SLE needles if run from within SUSE network
+	git clone https://gitlab.suse.de/openqa/os-autoinst-needles-sles.git /var/lib/openqa/tests/opensuse/products/sle/needles
+	chown -R geekotest: /var/lib/openqa/tests/opensuse/products/sle/needles
+fi
+
+
+# ensure that the hostname is mapped to 127.0.0.1 (needed for livehandler)
+grep -q $(hostname) /etc/hosts || echo "127.0.0.1 $(hostname)" >> /etc/hosts
+
+
+# start daemons
+systemctl enable --now apache2.service
+systemctl enable --now openqa-webui.service
+systemctl enable --now openqa-websockets.service
+systemctl enable --now openqa-scheduler.service
+systemctl enable --now openqa-resource-allocator.service
+systemctl enable --now openqa-livehandler.service
+systemctl enable --now openqa-gru.service
+
+# wait for webui to become available
+while ! curl -sI http://localhost/ | grep 200 ; do
+	sleep 3
+done
+
+# create api key
+curl http://localhost/login # create demo user (id=2)
+API_KEY=$(hexdump -n 8 -e '2/4 "%08X" 1 "\n"' /dev/random)
+API_SECRET=$(hexdump -n 8 -e '2/4 "%08X" 1 "\n"' /dev/random)
+echo "INSERT INTO api_keys (key, secret, user_id, t_created, t_updated) VALUES ('${API_KEY}', '${API_SECRET}', 2, NOW(), NOW());" | su postgres -c 'psql openqa'
+
+cat >> /etc/openqa/client.conf <<EOF
+[localhost]
+key = ${API_KEY}
+secret = ${API_SECRET}
+EOF
+
+
+# start worker
+systemctl enable --now openqa-worker@1.service

script/openqa-bootstrap-container

@@ -0,0 +1,61 @@
+#!/bin/bash -x
+
+# This script doesn't work on Leap 15.0 as it makes use of the -P option of systemd-run
+# which is not available there
+
+
+CONTAINER_NAME="openqa1"
+CONTANER_PATH="/var/lib/machines/${CONTAINER_NAME}"
+
+DEFAULT_REPO="http://download.opensuse.org/tumbleweed/repo/oss/"
+PKGS_TO_INSTALL="aaa_base systemd shadow zypper openSUSE-release vim iproute2 iputils openQA-local-db openQA-worker sudo apache2 net-tools curl wget ca-certificates-mozilla qemu-kvm openQA-bootstrap"
+
+zypper -n install systemd-container
+mkdir -p /var/lib/machines/
+
+cat > /etc/systemd/system/systemd-nspawn-openqa@.service <<EOF
+[Unit]
+Description=Container %i
+Documentation=man:systemd-nspawn(1)
+PartOf=machines.target
+Before=machines.target
+After=network.target systemd-resolved.service
+RequiresMountsFor=/var/lib/machines
+
+[Service]
+ExecStart=/usr/bin/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --bind /dev/kvm --settings=override --machine=%i
+KillMode=mixed
+Type=notify
+RestartForceExitStatus=133
+SuccessExitStatus=133
+Slice=machine.slice
+Delegate=yes
+TasksMax=16384
+
+DevicePolicy=closed
+DeviceAllow=/dev/net/tun rwm
+DeviceAllow=char-pts rw
+
+# nspawn itself needs access to /dev/loop-control and /dev/loop, to
+# implement the --image= option. Add these here, too.
+DeviceAllow=/dev/loop-control rw
+DeviceAllow=/dev/kvm rw
+DeviceAllow=block-loop rw
+DeviceAllow=block-blkext rw
+
+[Install]
+WantedBy=machines.target
+EOF
+
+mkdir $CONTANER_PATH
+zypper -n --root $CONTANER_PATH addrepo $DEFAULT_REPO defaultrepo
+zypper -n --root $CONTANER_PATH --gpg-auto-import-keys refresh
+zypper -n --root $CONTANER_PATH install --no-recommends -ly $PKGS_TO_INSTALL
+
+systemctl daemon-reload
+systemctl start systemd-nspawn-openqa@$CONTAINER_NAME
+# ensure that the container is really running
+while ! timeout -s9 2 systemd-run -qPM $CONTAINER_NAME /bin/bash -c whoami ; do systemctl restart systemd-nspawn-openqa@$CONTAINER_NAME.service ; sleep 3 ; done
+systemd-run -qPM $CONTAINER_NAME /bin/bash -c '/usr/share/openqa/script/openqa-bootstrap'
+
+echo -e "$(tput setaf 2;tput bold)Your openQA container has been created. Run 'systemd-run -tM $CONTAINER_NAME /bin/bash' to get a shell in the container$(tput sgr0)"