ceph · djgalloway · Nov 1, 2017
diff --git a/ansible/examples/slave_teuthology.yml b/ansible/examples/slave_teuthology.yml
@@ -0,0 +1,145 @@
+---
+# This playbook should only be run against a teuthology host or a machine inside the Sepia test lab that can lock testnodes.
+# See ceph-cm-ansible/README.rst
+
+- hosts: all
+  become: true
+  user: cm
+  vars:
+   - jenkins_user: 'jenkins-build'
+   # jenkins API credentials:
+   - api_user: 'ceph-jenkins'
+   - token: '{{ token }}'
+   - api_uri: 'https://jenkins.ceph.com'
+   - jenkins_credentials_uuid: '39fa150b-b2a1-416e-b334-29a9a2c0b32d'
+   - nodename: 'teuthology'
+   - labels: 'teuthology'
+
+  tasks:
+    - name: "create a {{ jenkins_user }} user"
+      user:
+        name: "{{ jenkins_user }}"
+        append: yes
+        comment: "Jenkins Build Slave User"
+
+    - name: "create a {{ jenkins_user }} home directory"
+      file:
+        path: "/home/{{ jenkins_user }}/"
+        state: directory
+        owner: "{{ jenkins_user }}"
+
+    - name: Create .ssh directory
+      file:
+        path: "/home/{{ jenkins_user }}/.ssh"
+        state: directory
+        owner: "{{ jenkins_user }}"
+
+    - name: set the authorized keys
+      authorized_key:
+        user: "{{ jenkins_user }}"
+        key: "{{ lookup('file', 'files/ssh/keys/jenkins_build.pub') }}"
+
+    - name: Write ~/.ssh/config
+      blockinfile:
+        path: "/home/{{ jenkins_user }}/.ssh/config"
+        create: yes
+        block: |
+          Host *
+            StrictHostKeyChecking no
+            UserKnownHostsFile=/dev/null
+
+    - name: set utf-8 for LC_ALL
+      lineinfile:
+        dest: "/home/{{ jenkins_user }}/.bashrc"
+        regexp: '^export LC_ALL='
+        line: "export LC_ALL=en_US.UTF-8"
+        create: true
+        state: present
+
+    - name: set utf-8 for LANG
+      lineinfile:
+        dest: "/home/{{ jenkins_user }}/.bashrc"
+        regexp: '^export LANG='
+        line: "export LANG=en_US.UTF-8"
+
+    - name: set utf-8 for LANGUAGE
+      lineinfile:
+        dest: "/home/{{ jenkins_user }}/.bashrc"
+        regexp: '^export LANGUAGE='
+        line: "export LANGUAGE=en_US.UTF-8"
+
+    - name: ensure the build dir exists
+      file:
+        path: "/home/{{ jenkins_user }}/build"
+        state: directory
+        owner: "{{ jenkins_user }}"
+
+    - name: ensure the home dir has the right owner permissions
+      file:
+        path: "/home/{{ jenkins_user }}"
+        state: directory
+        owner: "{{ jenkins_user }}"
+        group: "{{ jenkins_user }}"
+        recurse: yes
+
+    - name: ensure the gitconfig file exists
+      shell: printf "[user]\name=Ceph CI\[email protected]\n" > /home/{{ jenkins_user }}/.gitconfig
+
+    - name: ensure the gitconfig file has right permissions
+      file:
+        path: "/home/{{ jenkins_user }}/.gitconfig"
+        owner: "{{ jenkins_user }}"
+
+    - name: install six, latest one
+      pip:
+        name: six
+        state: latest
+
+    - name: install python-jenkins
+      # https://review.openstack.org/460363
+      pip:
+        name: python-jenkins
+        version: 0.4.15
+
+    - name: add github.com host key
+      known_hosts:
+        path: '/etc/ssh/ssh_known_hosts'
+        # we need to use 'host' here because prado currently uses ansible-playbook==1.9.1
+        host: 'github.com'
+        # github.com.pub is the output of `ssh-keyscan github.com`
+        key: "{{ lookup('file', 'files/ssh/hostkeys/github.com.pub') }}"
+
+    - name: register the new slave to jenkins master with jnlp
+      jenkins_node:
+        username: "{{ api_user }}"
+        uri: "{{ api_uri }}"
+        password: "{{ token }}"
+        # relies on a convention to set a unique name that allows a reverse
+        # mapping from Jenkins back to whatever service created the current
+        # node
+        name: "{{ ansible_default_ipv4.address }}+{{ nodename }}"
+        labels: "{{ labels }}"
+        host: "{{ ansible_default_ipv4.address }}"
+        credentialsId: "{{ jenkins_credentials_uuid }}"
+        launcher: 'hudson.slaves.JNLPLauncher'
+        remoteFS: '/home/{{ jenkins_user }}/build'
+        # XXX this should be configurable, not all nodes should have one executor
+        executors: '{{ executors|default(1) }}'
+        exclusive: true
+
+    - name: Download slave.jar
+      get_url:
+        url: "{{ api_uri }}/jnlpJars/slave.jar"
+        dest: "/home/{{ jenkins_user }}/slave.jar"
+        force: yes
+
+    - name: install the systemd unit file for jenkins
+      template:
+        src: "templates/systemd/jenkins.service.j2"
+        dest: "/etc/systemd/system/jenkins.service"
+
+    - name: start jenkins service
+      service:
+        name: jenkins
+        state: started
+        enabled: yes
diff --git a/ceph-cm-ansible-prs/README.rst b/ceph-cm-ansible-prs/README.rst
@@ -0,0 +1,29 @@
+ceph-cm-ansible-prs
+===================
+
+This job tests changes to the ceph-cm-ansible_ repo.  It locks one testnode per machine type **and** distro and runs the ``ansible_managed`` and ``testnodes`` playbooks.
+
+Prerequisites
+-------------
+
+These steps should only have to be performed when a new teuthology host is being set up but it's good to have documented.
+
+#. Run the ``ansible/examples/slave_teuthology.yml`` playbook against the teuthology host.
+
+#. As the ``jenkins-build`` user on the teuthology host, generate a new RSA SSH key (``ssh-keygen -t rsa``).
+
+#. Copy the public key to jenkins-build.pub_ in the keys repo. (This is so the jenkins-build user can ssh to testnodes and VPSHOSTs)
+
+#. Copy/create ``/home/jenkins-build/.config/libvirt/libvirt.conf`` so the jenkins-build user can downburst VPSes.
+
+#. Run the ceph-cm-ansible_ ``users`` playbook against VPSHOSTs so the jenkins-build pubkey is added to the ubuntu user's authorized_keys on the VPSHOSTs.
+
+**NOTE:** This job also relies on:
+
+- teuthology.yaml_ -- If the job is being run on the teuthology host, this should already be in place at ``/etc/teuthology.yaml``.
+- ceph-sepia-secrets_ -- If the job is being run on a teuthology host, ``/etc/ansible`` should already be symlinked to a ceph-sepia-secrets checkout.
+
+.. _ceph-cm-ansible: https://github.com/ceph/ceph-cm-ansible
+.. _jenkins-build.pub: https://github.com/ceph/keys/blob/master/ssh/jenkins-build.pub
+.. _teuthology.yaml: http://docs.ceph.com/teuthology/docs/siteconfig.html
+.. _ceph-sepia-secrets: https://github.com/ceph/ceph-sepia-secrets/
diff --git a/ceph-cm-ansible-prs/build/build b/ceph-cm-ansible-prs/build/build
@@ -0,0 +1,89 @@
+#!/bin/bash
+# NOTE: Commented code was my attempt at creating this as a matrix job.
+# I couldn't get the child jobs to share the same checkout/venv of teuthology
+# so I left the code in place in case I (or somebody else) wants to take a
+# crack at it in the future.
+
+set -ex
+
+# Clone or update teuthology
+if [ ! -d teuthology ]; then
+  git clone https://github.com/ceph/teuthology
+  cd teuthology
+else
+  cd teuthology
+  git pull
+fi
+
+# Bootstrap teuthology
+./bootstrap
+
+cd $WORKSPACE
+
+# Clone or update teuthology
+if [ ! -d downburst ]; then
+  git clone https://github.com/ceph/downburst
+  cd downburst
+else
+  cd downburst
+  git pull
+fi
+
+# Bootstrap downburst
+./bootstrap
+
+# Activate our virtualenv containing teuthology and ansible
+source $WORKSPACE/teuthology/virtualenv/bin/activate
+
+# Add downburst to path
+PATH=$PATH:$WORKSPACE/downburst/virtualenv/bin
+
+#if [ $DISTRO == "xenial" ]; then
+#  DISTRO="ubuntu"
+#  DISTRO_VERSION="16.04"
+#elif [ $DISTRO == "trusty" ]; then
+#  DISTRO="ubuntu"
+#  DISTRO_VERSION="14.04"
+#elif [ $DISTRO == "centos" ]; then
+#  DISTRO="centos"
+#  DISTRO_VERSION="7.3"
+#else
+#  echo "Unknown distro: $DISTRO"
+#  exit 1
+#fi
+
+# Don't bail since we'll almost certainly not lock every machine/os type on the first try
+set +e
+
+for machine_type in smithi mira vps; do
+  LOCK_TRUSTY_CMD="teuthology-lock --lock-many 1 --machine-type $machine_type --os-type ubuntu --os-version 14.04"
+  LOCK_XENIAL_CMD="teuthology-lock --lock-many 1 --machine-type $machine_type --os-type ubuntu --os-version 16.04"
+  LOCK_CENTOS_CMD="teuthology-lock --lock-many 1 --machine-type $machine_type --os-type centos --os-version 7.3"
+  $LOCK_TRUSTY_CMD; while [ $? -ne 0 ]; do sleep 5; $LOCK_TRUSTY_CMD; done
+  $LOCK_XENIAL_CMD; while [ $? -ne 0 ]; do sleep 5; $LOCK_XENIAL_CMD; done
+  $LOCK_CENTOS_CMD; while [ $? -ne 0 ]; do sleep 5; $LOCK_CENTOS_CMD; done
+done
+
+#LOCK_CMD="teuthology-lock --lock-many 1 --machine-type $MACHINE_TYPE --os-type $DISTRO --os-version $DISTRO_VERSION"
+#
+## Keep trying to lock a machine
+#$LOCK_CMD; while [ $? -ne 0 ]; do sleep 5; $LOCK_CMD; done
+
+set -e
+
+locked_machines=$(teuthology-lock --brief | awk '{ print $1 }' | paste -sd "," -)
+#locked_machines=$(teuthology-lock --brief --machine-type $MACHINE_TYPE --os-type $DISTRO --os-version $DISTRO_VERSION | awk '{ print $1 }' | paste -sd "," -)
+
+cd $WORKSPACE/ceph-cm-ansible
+
+# Erase line about the vault password since testnodes don't need any secrets
+sed -i '/vault_password_file/d' ./ansible.cfg
+
+ansible-playbook -vv ansible_managed.yml --limit=\"$locked_machines\"
+#ansible-playbook -vvv ansible_managed.yml --limit=\"$locked_machine\"
+
+ansible-playbook -vv testnodes.yml -e ansible_ssh_user=ubuntu --limit=\"$locked_machines\"
+#ansible-playbook -vvv testnodes.yml -e ansible_ssh_user=ubuntu --limit=\"$locked_machine\"
+
+teuthology-lock --unlock -t <(teuthology-lock --list-targets)
+#teuthology-lock --unlock $locked_machine
diff --git a/ceph-cm-ansible-prs/config/definitions/ceph-cm-ansible-prs.yml b/ceph-cm-ansible-prs/config/definitions/ceph-cm-ansible-prs.yml
@@ -0,0 +1,85 @@
+- scm:
+    name: ceph-cm-ansible
+    scm:
+      - git:
+          url: https://github.com/ceph/ceph-cm-ansible
+          branches:
+            - ${sha1}
+          refspec: +refs/pull/*:refs/remotes/origin/pr/*
+          browser: auto
+          timeout: 20
+          basedir: "ceph-cm-ansible"
+          skip-tag: true
+          wipe-workspace: true
+
+- job:
+    name: ceph-cm-ansible-pull-requests
+    description: Tests changes to ceph-cm-ansible testnode playbook
+    project-type: freestyle
+#    project-type: matrix
+    node: teuthology
+    block-downstream: false
+    block-upstream: false
+    defaults: global
+    display-name: 'ceph-cm-ansible: Pull Requests'
+    quiet-period: 5
+#    execution-strategy:
+#      sequential: false
+#    axes:
+#      - axis:
+#          type: user-defined
+#          name: MACHINE_TYPE
+#          values:
+#            - smithi
+#            - mira
+#            - vps
+#      - axis:
+#          type: user-defined
+#          name: DISTRO
+#          values:
+#            - trusty
+#            - xenial
+#            - centos
+#      - axis:
+#          type: label-expression
+#          name: teuthology
+#          values:
+#            - teuthology
+
+    logrotate:
+      daysToKeep: 14
+
+    properties:
+      - github:
+          url: https://github.com/ceph/ceph-cm-ansible/
+
+    parameters:
+      - string:
+          name: sha1
+          description: "A pull request ID, like 'origin/pr/72/head'"
+
+    triggers:
+      - github-pull-request:
+          admin-list:
+            - djgalloway
+            - zmc
+          org-list:
+            - ceph
+          only-trigger-phrase: false
+          github-hooks: true
+          permit-all: true
+          auto-close-on-fail: false
+
+    scm:
+      - ceph-cm-ansible
+
+    builders:
+      - shell:
+          !include-raw:
+            - ../../../scripts/build_utils.sh
+            - ../../build/build
+#
+#    wrappers:
+#      - pre-scm-buildstep:
+#          - shell:
+#              !include-raw: ../../build/setup