New osmocom-obs-worker role for our OBS workers

Related: OS#5556
Change-Id: I7a6d82e89e3a840739f71b90cdebe89bf8383c4a

9 files changed, 585 insertions, 0 deletions

diff --git a/ansible/hosts b/ansible/hosts
index ef0d055..f9ed7a2 100644
--- a/ansible/hosts
+++ b/ansible/hosts
@@ -20,3 +20,7 @@ rpi4-raspbian11build-ansible-3 ansible_host=10.9.25.70
 
 [simtester]
 simtest ansible_host=10.9.25.80
+
+[obs-workers]
+build3-obsworker1 ansible_host=2a01:4f8:212:3762::1:2 obs_worker_instances=8 obs_worker_jobs=8
+epyc1-obsworker1 ansible_host=2a02:8106:13:1e34:581e:abff:fe43:da45 obs_worker_instances=2 obs_worker_jobs=4 obs_vm_type=emulator:armv7l
diff --git a/ansible/roles/osmocom-obs-worker/files/obs-ca.crt b/ansible/roles/osmocom-obs-worker/files/obs-ca.crt
new file mode 100644
index 0000000..271d168
--- /dev/null
+++ b/ansible/roles/osmocom-obs-worker/files/obs-ca.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDSzCCAjOgAwIBAgIUcLDeyxhcMpcccZ1i7AIKqvwTJ2gwDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIwNTEwMDkzMjQwWhcNNDIw
+NTA1MDkzMjQwWjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALUsvHoy4oqpOHuzyoIG3qyoTGQW8Zpse7RaYAWJ
+CLgcAGelXWrOhPy40xAWHpLzAnAIxYR4ZSlD2Ebaj08esz4VQs2CKQ0mJEVZA7oq
+84YO3WK02HzoYFLee4ySvI967FCn6BwVZQVdz/A8wOIlAbe7Hmucx6dNLTLTR+Pw
+YwHMSdnj+OlC2oX2UO+ZIR7jFbSYp7jGF9V8zk74NoAFAuv5rs1UeP01ZF9xgXll
+KHUajaUKMKs+6KTo4d2l9ha45LHcoAuDUURzf4GMvO7zVVGw4mFwy/YsPoLV5+vX
+YT4GqkBgk9iZXirgTk6xCkiP0NUw5UNhtarUDKvR/U8wLw8CAwEAAaOBkDCBjTAd
+BgNVHQ4EFgQUHdDZVpUSwtRrSKp+PuMRK12TlQYwUQYDVR0jBEowSIAUHdDZVpUS
+wtRrSKp+PuMRK12TlQahGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRwsN7L
+GFwylxxxnWLsAgqq/BMnaDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
+hkiG9w0BAQsFAAOCAQEAPGqIfE172P1NaQGRIHdsRJRot9NnJzZih3q9m+T/YIE8
+8T3uoxhEsMPLzP19w8wAbRy+CjpLwTuYO44kOIVLYhFdx3BTVRhw+YU2RH4PSttE
+JDVyYTFPGzjxwprpfui1aGom8u0oPL5MeutMWrPH6qVlIv7JGR3EbDG0iYwE5MZJ
+6kW8VW6o5fL02uT+75vNkHTipLUO6S4l6h9NrrgR0ijZ5dhyKC0FZnLnowtMCXXl
+2rfHSnGKjMGcq8Jlrwo6eMVPbZM6rrU/tvrjJkqESZY0jMktd0fV903XJ6+X4U9U
+stu/HUtKUQC8d3wua1PuI1uPvpr8AQDcf5LuA/STHg==
+-----END CERTIFICATE-----
diff --git a/ansible/roles/osmocom-obs-worker/files/obs.conf b/ansible/roles/osmocom-obs-worker/files/obs.conf
new file mode 100644
index 0000000..7dc2a84
--- /dev/null
+++ b/ansible/roles/osmocom-obs-worker/files/obs.conf
@@ -0,0 +1,15 @@
+client
+remote 2a01:4f8:201:344a::1:4 1194
+ca "/etc/openvpn/obs-ca.crt"
+cert "/etc/openvpn/obs.crt"
+key "/etc/openvpn/obs.key"
+comp-lzo yes
+cipher AES-256-CBC
+dev tun
+proto udp6
+nobind
+auth-nocache
+script-security 2
+persist-key
+persist-tun
+remote-cert-tls server
diff --git a/ansible/roles/osmocom-obs-worker/tasks/main.yml b/ansible/roles/osmocom-obs-worker/tasks/main.yml
new file mode 100644
index 0000000..b350163
--- /dev/null
+++ b/ansible/roles/osmocom-obs-worker/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+
+- name: install OBS
+  include_tasks: obs.yml
+
+- name: install openvpn
+  include_tasks: openvpn.yml
+
diff --git a/ansible/roles/osmocom-obs-worker/tasks/obs.yml b/ansible/roles/osmocom-obs-worker/tasks/obs.yml
new file mode 100644
index 0000000..08367ac
--- /dev/null
+++ b/ansible/roles/osmocom-obs-worker/tasks/obs.yml
@@ -0,0 +1,52 @@
+- name: add OBS rpm repository
+  zypper_repository:
+    repo: https://download.opensuse.org/repositories/OBS:/Server:/2.10/15.3/OBS:Server:2.10.repo
+    autorefresh: yes
+    auto_import_keys: yes
+
+- name: install obs-worker
+  zypper:
+    name:
+      - obs-worker
+
+- name: Make sure an entry in /etc/hosts exists
+  lineinfile:
+    path: /etc/hosts
+    regexp: "^172.16.31.1"
+    line: "172.16.31.1  obs-backend.osmocom.org obs obs.osmocom.org"
+    state: present
+
+- name: Create /srv/obs/cache
+  file:
+    path: /srv/obs/cache
+    owner: obsrun
+    group: obsrun
+    recurse: yes
+
+- name: generate obs-server config file
+  template:
+    src: obs-server
+    dest: /etc/sysconfig/obs-server
+
+- name: install lxc
+  when: obs_vm_type == "lxc"
+  zypper:
+    name:
+      - lxc
+
+- name: install qemu
+  when: obs_vm_type != "lxc"
+  zypper:
+    name:
+      - qemu-arm
+
+- name: install qemu-arm
+  when: obs_vm_type == "emulator:armv7l" or obs_vm_type == "emulator:aarch64"
+  zypper:
+    name:
+      - qemu-arm
+
+- name: ensure the systemd service is installed
+  systemd:
+    name: obsworker.service
+    enabled: yes
diff --git a/ansible/roles/osmocom-obs-worker/tasks/openvpn.yml b/ansible/roles/osmocom-obs-worker/tasks/openvpn.yml
new file mode 100644
index 0000000..da53fa5
--- /dev/null
+++ b/ansible/roles/osmocom-obs-worker/tasks/openvpn.yml
@@ -0,0 +1,21 @@
+- name: Install openvpn
+  zypper:
+    name:
+      - openvpn
+
+- name: copy openvpn config
+  copy:
+    src: obs.conf
+    dest: /etc/openvpn/
+    mode: 0600
+
+- name: copy openvpn CA certificate
+  copy:
+    src: obs-ca.crt
+    dest: /etc/openvpn/
+    mode: 0600
+
+- name: ensure the systemd service is installed
+  systemd:
+    name: openvpn@obs.service
+    enabled: yes
diff --git a/ansible/roles/osmocom-obs-worker/templates/obs-server b/ansible/roles/osmocom-obs-worker/templates/obs-server
new file mode 100644
index 0000000..f042cd1
--- /dev/null
+++ b/ansible/roles/osmocom-obs-worker/templates/obs-server
@@ -0,0 +1,442 @@
+#
+# NOTE: all these options can be also declared in /etc/buildhost.config on each worker differently.
+#
+
+## Path:        Applications/OBS
+## Description: The OBS backend code directory
+## Type:        string
+## Default:     ""
+## Config:      OBS
+#
+# An empty dir will lead to the fall back directory, typically /usr/lib/obs/server/
+#
+OBS_BACKENDCODE_DIR=""
+
+## Path:        Applications/OBS
+## Description: The base for OBS communication directory
+## Type:        string
+## Default:     ""
+## Config:      OBS
+#
+# An empty dir will lead to the fall back directory, typically /srv/obs/run
+#
+OBS_RUN_DIR=""
+
+## Path:        Applications/OBS
+## Description: The base for OBS logging directory
+## Type:        string
+## Default:     ""
+## Config:      OBS
+#
+# An empty dir will lead to the fall back directory, typically /srv/obs/log
+#
+OBS_LOG_DIR=""
+
+## Path:        Applications/OBS
+## Description: The base directory for OBS
+## Type:        string
+## Default:     ""
+## Config:      OBS
+#
+# An empty dir will lead to the fall back directory, typically /srv/obs
+#
+OBS_BASE_DIR=""
+
+## Path:        Applications/OBS
+## Description: Automatically setup api and webui for OBS server, be warned, this will replace config files !
+## Type:        ("yes" | "no")
+## Default:     "no"
+## Config:      OBS
+#
+# This is usally only enabled on the OBS Appliance
+#
+OBS_API_AUTOSETUP="no"
+#
+# NOTE: all these options can be also declared in /etc/buildhost.config on each worker differently.
+#
+
+## Path:        Applications/OBS
+## Description: define source server host to be used
+## Type:        string
+## Default:     ""
+## Config:      OBS
+#
+# An empty setting will point to localhost:5352 by default
+#
+OBS_SRC_SERVER="obs-backend.osmocom.org:5352"
+
+## Path:        Applications/OBS
+## Description: define repository server host to be used
+## Type:        string
+## Default:     ""
+## Config:      OBS
+#
+# An empty setting will point to localhost:5252 by default
+#
+OBS_REPO_SERVERS="obs-backend.osmocom.org:5252"
+
+## Path:        Applications/OBS
+## Description: define number of build instances
+## Type:        integer
+## Default:     0
+## Config:      OBS
+#
+# 0 instances will automatically use the number of CPU's
+#
+OBS_WORKER_INSTANCES="{{obs_worker_instances}}"
+
+## Path:        Applications/OBS
+## Description: define names of build instances for z/VM
+## Type:        string
+## Default:     ""
+## Config:      OBS
+#
+# The names of the workers as defined in z/VM. These must have two minidisks
+# assigned, and have a secondary console configured to the local machine: 
+# 0150 is the root device
+# 0250 is the swap device
+#
+#OBS_WORKER_INSTANCE_NAMES="LINUX075 LINUX076 LINUX077"
+OBS_WORKER_INSTANCE_NAMES=""
+
+## Path:        Applications/OBS
+## Description: The base directory, where sub directories for each worker will get created
+## Type:        string
+## Default:     ""
+## Config:      OBS
+#
+#
+OBS_WORKER_DIRECTORY=""
+
+## Path:        Applications/OBS
+## Description: The base for port numbers used by worker instances
+## Type:        integer
+## Default:     "0"
+## Config:      OBS
+#
+# 0 means let the operating system assign a port number
+#
+OBS_WORKER_PORTBASE="0"
+
+## Path:        Applications/OBS
+## Description: Number of parallel compile jobs per worker
+## Type:        integer
+## Default:     "1"
+## Config:      OBS
+#
+# this maps usually to "make -j1" during build
+#
+OBS_WORKER_JOBS="{{obs_worker_jobs}}"
+
+## Path:        Applications/OBS
+## Description: Run in test mode (build results will be ignore, no job blocking)
+## Type:        ("yes" | "")
+## Default:     ""
+## Config:      OBS
+#
+OBS_WORKER_TEST_MODE=""
+
+## Path:        Applications/OBS
+## Description: define one or more labels for the build host.
+## Type:        string
+## Default:     ""
+## Config:      OBS
+#
+# A label can be used to build specific packages only on dedicated hosts.
+# For example for benchmarking.
+#
+OBS_WORKER_HOSTLABELS=""
+
+## Path:        Applications/OBS
+## Description: can be used to define a security level of the worker
+## Type:        string
+## Default:     ""
+## Config:      OBS
+#
+# This will extend the hostlabels and can be used to limit the workers
+# to the hosts which have all security fixes deployed.
+#
+OBS_WORKER_SECURITY_LEVEL=""
+
+## Path:        Applications/OBS
+## Description: Register in SLP server
+## Type:        ("yes" | "no")
+## Default:     "yes"
+## Config:      OBS
+#
+#
+OBS_USE_SLP="yes"
+
+## Path:        Applications/OBS
+## Description: Use a common cache directory for downloaded packages
+## Type:        string
+## Default:     ""
+## Config:      OBS
+#
+# Enable caching requires a given directory here. Be warned, content will be
+# removed there !
+# 
+OBS_CACHE_DIR="/srv/obs/cache"
+
+## Path:        Applications/OBS
+## Description: Defines the package cache size
+## Type:        size in MB
+## Default:     ""
+## Config:      OBS
+#
+# Set the size to 50% of the maximum usable size of this partition
+#
+OBS_CACHE_SIZE="100000"
+
+## Path:        Applications/OBS
+## Description: Defines the nice level of running workers
+## Type:        integer
+## Default:     18
+## Config:      OBS
+# 
+# Nicenesses range from -20 (most favorable  scheduling) to 19 (least
+# favorable).
+# Default to 18 as some testsuites depend on being able to switch to
+# one priority below (19) _and_ having changed the numeric level
+# (so going from 19->19 makes them fail).
+#
+OBS_WORKER_NICE_LEVEL=18
+
+## Path:        Applications/OBS
+## Description: Set used VM type by worker
+## Type:        ("auto" | "xen" | "kvm" | "lxc" | "zvm" | "emulator:$arch" | "emulator:$arch:$script" | "none" | "openstack")
+## Default:     "auto"
+## Config:      OBS
+#
+#
+OBS_VM_TYPE="{{obs_vm_type}}"
+
+## Path:        Applications/OBS
+## Description: Set kernel used by worker (kvm)
+## Type:        ("none" | "/boot/vmlinuz" | "/foo/bar/vmlinuz)
+## Default:     "none"
+## Config:      OBS
+#
+# For z/VM this is normally /boot/image
+#
+OBS_VM_KERNEL="none"
+
+## Path:        Applications/OBS
+## Description: Set initrd used by worker (kvm)
+## Type:        ("none" | "/boot/initrd" | "/foo/bar/initrd-foo)
+## Default:     "none"
+## Config:      OBS
+#
+# for KVM, you have to create with (example for openSUSE 11.2):
+#
+# export rootfstype="ext4"
+# mkinitrd -d /dev/null -m "ext4 binfmt_misc virtio_pci virtio_blk" -k vmlinuz-2.6.31.12-0.2-default -i initrd-2.6.31.12-0.2-default-obs_worker
+#
+# a working initrd file which includes virtio and binfmt_misc for OBS in order to work fine
+#
+# for z/VM, the build script will create a initrd at the given location if
+# it does not yet exist.
+# 
+OBS_VM_INITRD="none"
+
+## Path:        Applications/OBS
+## Description: Autosetup for XEN/KVM/TMPFS disk (root) - Filesize in MB
+## Type:        integer
+## Default:     "4096"
+## Config:      OBS
+#
+#
+OBS_VM_DISK_AUTOSETUP_ROOT_FILESIZE="4096"
+
+## Path:        Applications/OBS
+## Description: Autosetup for XEN/KVM disk (swap) - Filesize in MB
+## Type:        integer
+## Default:     "1024"
+## Config:      OBS
+#
+#
+OBS_VM_DISK_AUTOSETUP_SWAP_FILESIZE="1024"
+
+## Path:        Applications/OBS
+## Description: Default filesystem to use for autosetup.
+## Type:        ("ext2" | "ext3" | "ext4" | "reiserfs" | "btrfs" | "xfs")
+## Default:     "ext3"
+## Config:      OBS
+#
+#
+# Buildflag vmfstype may overwrite this for a specific job.
+OBS_VM_DISK_AUTOSETUP_FILESYSTEM="ext3"
+
+## Path:        Applications/OBS
+## Description: Filesystem mount options to use for autosetup
+## Type:        string
+## Default:     ""
+## Config:      OBS
+#
+#
+OBS_VM_DISK_AUTOSETUP_MOUNT_OPTIONS=""
+
+## Path:        Applications/OBS
+## Description: Enable build in memory
+## Type:        ("yes" | "")
+## Default:     ""
+## Config:      OBS
+#
+# WARNING: this requires much memory!
+#
+OBS_VM_USE_TMPFS="yes"
+
+## Path:        Applications/OBS
+## Description: Specify custom options for VM handler
+## Type:        string
+## Default:     ""
+## Config:      OBS
+#
+# Can be used to workaround problems with VM handler and should not be needed usually
+#
+OBS_VM_CUSTOM_OPTION=""
+
+## Path:        Applications/OBS
+## Description: Memory allocated for each VM (512) if not set
+## Type:        integer
+## Default:     ""
+## Config:      OBS
+#
+#
+OBS_INSTANCE_MEMORY=""
+
+## Path:        Applications/OBS
+## Description: Enable storage auto configuration
+## Type:        ("yes" | "")
+## Default:     ""
+## Config:      OBS
+#
+# WARNING: this may destroy data on your hard disk !
+# This is usually only used on mass deployed worker instances
+#
+OBS_STORAGE_AUTOSETUP=""
+
+## Path:        Applications/OBS
+## Description: Setup LVM via obsstoragesetup
+## Type:        ("take_all" | "use_obs_vg" | "none")
+## Default:     "use_obs_vg"
+## Config:      OBS
+#
+# take_all: WARNING: all LVM partitions will be used and all data erased !
+# use_obs_vg:  A lvm volume group named "OBS" will be re-setup for the workers.
+#
+OBS_SETUP_WORKER_PARTITIONS="use_obs_vg"
+
+## Path:        Applications/OBS
+## Description: Size in MB when creating LVM partition for cache partition
+## Type:        integer
+## Default:     ""
+## Config:      OBS
+#
+#
+OBS_WORKER_CACHE_SIZE=""
+
+## Path:        Applications/OBS
+## Description: Size in MB when creating LVM partition for each worker root partition
+## Type:        integer
+## Default:     ""
+## Config:      OBS
+#
+#
+OBS_WORKER_ROOT_SIZE=""
+
+## Path:        Applications/OBS
+## Description: Size in MB when creating LVM partition for each worker swap partition
+## Type:        integer
+## Default:     ""
+## Config:      OBS
+#
+#
+OBS_WORKER_SWAP_SIZE=""
+
+## Path:        Applications/OBS
+## Description: URL to a proxy service for caching binaries used by worker
+## Type:        string
+## Default:     ""
+## Config:      OBS
+#
+#
+OBS_WORKER_BINARIES_PROXY=""
+
+## Path:        Applications/OBS
+## Description: URL to a ssh pub key to allow root user login
+## Type:        string
+## Default:     ""
+## Config:      OBS
+#
+# This is usually used on mass (PXE) deployed workers)
+#
+OBS_ROOT_SSHD_KEY_URL=""
+
+## Path:        Applications/OBS
+## Description: URL to a script to be downloaded and executed
+## Type:        string
+## Default:     ""
+## Config:      OBS
+#
+# This is a hook for doing special things in your setup at boot time
+#
+OBS_WORKER_SCRIPT_URL=""
+
+## Path:        Applications/OBS
+## Description: If chroot/lxc is used for build, empty it after build is finished
+## Type:        ("yes" | "")
+## Default:     ""
+## Config:      OBS
+#
+#
+OBS_WORKER_CLEANUP_CHROOT=""
+
+##Path:         Application/OBS
+## Description: wipes the build environment of the worker after the build
+## Type:        ("yes" | "")
+## Default:     ""
+## Config:      OBS
+#
+#
+OBS_WORKER_WIPE_AFTER_BUILD=""
+
+##Path:         Application/OBS
+## Description: name or id of openstack instance that controls the worker (building) instances
+## Type:        ("yes" | "")
+## Default:     ""
+## Config:      OBS
+#
+#
+OBS_WORKER_CONTROL_INSTANCE=""
+
+##Path:         Application/OBS
+## Description: name or id flavor to create openstack worker (building) instance
+## Type:        ("yes" | "")
+## Default:     ""
+## Config:      OBS
+#
+#
+OBS_WORKER_OS_FLAVOR=""
+
+##Path:         Application/OBS
+## Description: openstack environment variables. Only used when OBS_VM_TYPE=openstack
+## Type:        ("yes" | "")
+## Default:     ""
+## Config:      OBS
+#
+#
+OS_AUTH_URL=""
+
+OS_PROJECT_ID=""
+OS_PROJECT_NAME=""
+OS_USER_DOMAIN_NAME=""
+OS_USERNAME=""
+OS_PASSWORD=""
+OS_REGION_NAME=""
+
+OBS_WORKER_PREFIX=""
+
+OBS_OPENSTACK_DISK_SIZE=""
+OBS_OPENSTACK_SWAP_SIZE=""
+OBS_OPENSTACK_MEMORY_SIZE=""
diff --git a/ansible/setup-obs-worker.yml b/ansible/setup-obs-worker.yml
new file mode 100644
index 0000000..c742a19
--- /dev/null
+++ b/ansible/setup-obs-worker.yml
@@ -0,0 +1,21 @@
+---
+- name: setup OBS worker
+  hosts: obs-workers
+  user: root
+  vars_files:
+    - "vars/{{ ansible_facts['os_family'] }}-{{ ansible_facts['distribution_major_version']}}.yml"
+  tasks:
+    - name: install common utilities
+      zypper:
+        name:
+          - vim
+          - tmux
+          - screen
+          - tcpdump
+          - strace
+          - ltrace
+
+  roles:
+    - name: osmocom-obs-worker
+      tags:
+        - obs-worker
diff --git a/ansible/vars/Suse-15.yml b/ansible/vars/Suse-15.yml
new file mode 100644
index 0000000..0cf00c2
--- /dev/null
+++ b/ansible/vars/Suse-15.yml
@@ -0,0 +1,2 @@
+---
+obs_distro: fixme