From 1c68f193ddcf6f5a5a9a4d85b7fdbd6ff1f1d174 Mon Sep 17 00:00:00 2001 From: Artem Goncharov Date: Wed, 15 Mar 2023 10:56:31 +0100 Subject: [PATCH] add more configs --- containers/Dockerfile.f36 | 18 +++ nodepool/nodepool.yaml | 46 ++++++++ playbooks/base/cleanup.yaml | 16 +++ playbooks/base/library | 1 + playbooks/base/post-logs.yaml | 27 +++++ playbooks/base/post.yaml | 29 +++++ playbooks/base/pre.yaml | 52 +++++++++ zuul.d/container-images/base.yaml | 12 ++ zuul.d/container-images/fedora.yaml | 20 ++++ zuul.d/jobs.yaml | 62 ++++++++++ zuul.d/nodesets.yaml | 6 + zuul.d/pipelines.yaml | 170 ++++++++++++++++++++++++++++ zuul.d/project.yaml | 9 ++ 13 files changed, 468 insertions(+) create mode 100644 containers/Dockerfile.f36 create mode 100644 nodepool/nodepool.yaml create mode 100644 playbooks/base/cleanup.yaml create mode 120000 playbooks/base/library create mode 100644 playbooks/base/post-logs.yaml create mode 100644 playbooks/base/post.yaml create mode 100644 playbooks/base/pre.yaml create mode 100644 zuul.d/container-images/base.yaml create mode 100644 zuul.d/container-images/fedora.yaml create mode 100644 zuul.d/jobs.yaml create mode 100644 zuul.d/nodesets.yaml create mode 100644 zuul.d/pipelines.yaml create mode 100644 zuul.d/project.yaml diff --git a/containers/Dockerfile.f36 b/containers/Dockerfile.f36 new file mode 100644 index 0000000..4e095ab --- /dev/null +++ b/containers/Dockerfile.f36 @@ -0,0 +1,18 @@ +FROM quay.io/fedora/fedora:36-x86_64 + +ENV XDG_CACHE_HOME=/root/.cache +RUN dnf update -y && dnf install -y iproute rsync git traceroute unzip bzip2 \ + bzip2-devel libffi-devel sqlite-devel sqlite-devel rpm-sign expect \ + make curl wget tar procps-ng which sudo unzip findutils grep ncurses-devel \ + openssl-devel zlib-devel krb5-devel make cmake gcc gcc-c++ rpm-build \ + python3.6 python3.7 python3.8 python3.9 python3.10 python3.11 python3-dnf \ + python3-setuptools python3 python3-devel python3-wheel python3-pip && \ + dnf clean all + +RUN ln -sf /bin/pip3 /bin/pip && /bin/pip3 install --user 'tox>=3.8.0' os-testr + +RUN mv /etc/sudoers /etc/sudoers.d/zuul && grep includedir /etc/sudoers.d/zuul > /etc/sudoers && sed -e 's/.*includedir.*//' -i /etc/sudoers.d/zuul && chmod 440 /etc/sudoers + +RUN echo 'zuul:x:0:0:root:/root:/bin/bash' >> /etc/passwd +ENV PATH=/root/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +WORKDIR /root diff --git a/nodepool/nodepool.yaml b/nodepool/nodepool.yaml new file mode 100644 index 0000000..5ca52c8 --- /dev/null +++ b/nodepool/nodepool.yaml @@ -0,0 +1,46 @@ +--- +images-dir: /opt/nodepool/images +elements-dir: /data/nodepool/elements +webapp: + port: 8005 + +zookeeper-servers: + - host: zookeeper.zuul-ci.svc.cluster.local + port: 2281 + +zookeeper-tls: + cert: /tls/client/tls.crt + key: /tls/client/tls.key + ca: /tls/client/ca.crt + +diskimages: + +labels: + - name: pod-fedora-latest + - name: pod-fedora-35 + - name: pod-fedora-36 + +providers: + - name: osinfra + driver: kubernetes + context: otcci + pools: + - name: zuul + labels: + # - name: kubernetes-namespace + # type: namespace + - name: pod-fedora-latest + type: pod + image: quay.io/opentelekomcloud/zuul-fedora:33 + cpu: 2 + memory: 2048 + - name: pod-fedora-35 + type: pod + image: quay.io/opentelekomcloud/zuul-fedora:35 + cpu: 2 + memory: 2048 + - name: pod-fedora-36 + type: pod + image: quay.io/opentelekomcloud/zuul-fedora:36 + cpu: 2 + memory: 2048 diff --git a/playbooks/base/cleanup.yaml b/playbooks/base/cleanup.yaml new file mode 100644 index 0000000..2aea1ce --- /dev/null +++ b/playbooks/base/cleanup.yaml @@ -0,0 +1,16 @@ +- hosts: all + tasks: + - name: Gather debug info on job fail + when: not (zuul_success | bool) + block: + - name: get df disk usage + raw: timeout -k 5 90 df + + - name: get df inode usage + raw: timeout -k 5 90 df -i + + - name: get l2 networking + raw: timeout -k 5 90 ip link + + - name: get l3 networking + raw: timeout -k 5 90 ip addr diff --git a/playbooks/base/library b/playbooks/base/library new file mode 120000 index 0000000..53bed96 --- /dev/null +++ b/playbooks/base/library @@ -0,0 +1 @@ +../library \ No newline at end of file diff --git a/playbooks/base/post-logs.yaml b/playbooks/base/post-logs.yaml new file mode 100644 index 0000000..6b5683b --- /dev/null +++ b/playbooks/base/post-logs.yaml @@ -0,0 +1,27 @@ +- hosts: localhost + tasks: + - name: Include Zuul manifest role + include_role: + name: generate-zuul-manifest + + - name: Get cloud config from vault + no_log: true + vault_cloud_config: + vault_addr: "{{ zuul_vault_addr }}" + vault_token: "{{ lookup('file', zuul_base_vault_token_path) }}" + cloud_secret_path: "{{ vault_cloud_secret_path }}" + mode: "token" + register: cloud_config + + - name: Include upload logs role + no_log: true + include_role: + name: upload-logs-swift1 + vars: + zuul_log_path_shard_build: true + zuul_log_cloud_config: '{{ cloud_config.config }}' + zuul_log_partition: false + zuul_log_delete_after: 648000 + # Unique log prefix to avoid container name collisions when ceph is + # used. + zuul_log_container: zuul_logs diff --git a/playbooks/base/post.yaml b/playbooks/base/post.yaml new file mode 100644 index 0000000..02e28be --- /dev/null +++ b/playbooks/base/post.yaml @@ -0,0 +1,29 @@ +- hosts: all + tasks: + - block: + - include_role: + name: fetch-output + when: + - "ansible_connection != 'kubectl'" + - ansible_user_dir is defined + + - block: + - include_role: + name: fetch-output-openshift + when: + - "ansible_connection == 'kubectl'" + - ansible_user_dir is defined + + - import_role: + name: merge-output-to-logs + when: ansible_user_dir is defined + +- hosts: all + ignore_errors: yes + tasks: + - block: + - include_role: + name: remove-build-sshkey + when: + - "ansible_connection != 'kubectl'" + - ansible_user_dir is defined diff --git a/playbooks/base/pre.yaml b/playbooks/base/pre.yaml new file mode 100644 index 0000000..f39cb68 --- /dev/null +++ b/playbooks/base/pre.yaml @@ -0,0 +1,52 @@ +- hosts: localhost + roles: + - role: emit-job-header + zuul_log_path_shard_build: true + - log-inventory + +- hosts: all + tasks: + - include_role: + name: start-zuul-console + + - block: + # A regular VM way + - include_role: + name: validate-host + - include_role: + name: prepare-workspace + - include_role: + name: add-build-sshkey + when: "ansible_connection != 'kubectl'" + - block: + # A Pod way + - include_role: + name: prepare-workspace-openshift + - include_role: + name: remove-zuul-sshkey + run_once: true + when: "ansible_connection == 'kubectl'" + + - import_role: + name: ensure-output-dirs + when: ansible_user_dir is defined + +# If there is a registered role (as constructed from project name) try to +# generate secret-id and leave it at well-known location. The job is then +# responsible to take it and use. Secret is wrapped with ttl set to job +# timeout. Try to do so only if there is zuul_vault variable with role_id set +# in (We do not use role_id, but just presence). +- hosts: localhost + tasks: + - include_role: + name: create-vault-approle-secret + vars: + vault_addr: "{{ zuul_vault_addr }}" + vault_token: "{{ lookup('file', zuul_base_vault_token_path) }}" + vault_secret_dest: "{{ zuul.executor.work_root }}/.approle-secret" + vault_role_name: "{{ ['zuul', zuul.tenant, zuul.project.name] | join('_') | regex_replace('/', '_') }}" + when: + - "zuul.post_review | bool" + - "zuul_vault_addr is defined" + - "zuul_base_vault_token_path is defined" + - "zuul_vault is defined and zuul_vault.vault_role_id is defined" diff --git a/zuul.d/container-images/base.yaml b/zuul.d/container-images/base.yaml new file mode 100644 index 0000000..fa3bd4d --- /dev/null +++ b/zuul.d/container-images/base.yaml @@ -0,0 +1,12 @@ +# Base image building jobs +- job: + name: zuul-config-build-image + parent: otc-build-docker-image + abstract: true + +- job: + name: zuul-config-upload-image + parent: otcinfra-upload-image-quay + abstract: true + vars: + upload_docker_image_promote: false diff --git a/zuul.d/container-images/fedora.yaml b/zuul.d/container-images/fedora.yaml new file mode 100644 index 0000000..6261176 --- /dev/null +++ b/zuul.d/container-images/fedora.yaml @@ -0,0 +1,20 @@ +- job: + name: zuul-config-build-image-f36 + description: Build a F36 image. + parent: zuul-config-build-image + vars: &zuul-f36_vars + docker_images: + - context: containers + dockerfile: Dockerfile.f36 + repository: opentelekomcloud/zuul-fedora + tags: ['36'] + files: &zuul-f36_files + - containers/Dockerfile.f36 + - zuul.d/container-images/fedora.yaml + +- job: + name: zuul-config-upload-image-f36 + description: Build and upload a f36 image. + parent: zuul-config-upload-image + vars: *zuul-f36_vars + files: *zuul-f36_files diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml new file mode 100644 index 0000000..7076550 --- /dev/null +++ b/zuul.d/jobs.yaml @@ -0,0 +1,62 @@ +# Shared zuul config common to all OpenTelekomCloud tenants. +# Contains definitions of trusted jobs + + +# Changes to this job require a special procedure, because they can +# not be tested before landing, and if they are faulty, they will +# break all jobs, meaning subsequent corrections will not be able to +# land. To make a change: +# +# 1) Ensure that base-test and its playbooks are identical to base. +# 2) Make the change to base-test and/or its playbooks. +# 3) Merge the change from step 2. No jobs normally use base-test, so +# this is safe. +# 4) Propose a change to a job to reparent it to base-test. Choose a +# job which will exercise whatever you are changing. The +# "unittests" job in zuul-jobs is a good choice. Use [DNM] in the +# commit subject so that people know not to merge the change. Set +# it to "Work in progress" so people don't review it. +# 5) Once test results arrive for the change in step 2, make a change +# which copies the job and/or playbooks of base-test to base. In +# the commit message, link to (without using Depends-On:) the +# change from step 4 so reviewers can see the test results. +# 6) Once the change in step 5 merges, abandon the change from step 4. + +- job: + name: base + parent: null + abstract: true + description: | + The base job for OpenTelekomCloud's installation of Zuul. + + All jobs ultimately inherit from this. It runs a pre-playbook + which copies all of the job's prepared git repos on to all of + the nodes in the nodeset. It runs a post-playbook which copies + all of the files in the logs/ subdirectory of the executor + work directory to the logserver. + + It also sets default timeout and nodeset values (which may be + overidden). + + Responds to these variables: + + .. zuul:jobvar:: base_serial + :default: Omitted + + This sets the serial keyword in the pre and post playbooks + which can be an integer or percentage. + + See ansible documentation for more information: + http://docs.ansible.com/ansible/latest/playbooks_delegation.html + + pre-run: playbooks/base/pre.yaml + post-run: + - playbooks/base/post.yaml + - playbooks/base/post-logs.yaml + roles: + - zuul: zuul/zuul-jobs + timeout: 1800 + post-timeout: 1800 + nodeset: pod-fedora-36 + extra-vars: + zuul_use_fetch_output: true diff --git a/zuul.d/nodesets.yaml b/zuul.d/nodesets.yaml new file mode 100644 index 0000000..d2b6130 --- /dev/null +++ b/zuul.d/nodesets.yaml @@ -0,0 +1,6 @@ +### K8 pods +- nodeset: + name: pod-fedora-latest + nodes: + - name: fedora-pod + label: pod-fedora-36 diff --git a/zuul.d/pipelines.yaml b/zuul.d/pipelines.yaml new file mode 100644 index 0000000..170f193 --- /dev/null +++ b/zuul.d/pipelines.yaml @@ -0,0 +1,170 @@ +--- +- pipeline: + name: check + description: | + Newly opened pull requests enter this pipeline to receive an + initial verification + manager: independent + precedence: low + trigger: + github: + - event: pull_request + action: + - opened + - changed + - reopened + - event: pull_request + action: comment + comment: (?i)^\s*recheck\s*$ + # When using the checks API to report results, failed runs + # will have a "re-run" button which emits this event. + - event: check_run + action: rerequested + check: .*/check:.* + gitlab: + - event: gl_merge_request + action: comment + comment: (?i)^\s*recheck\s*$ + - event: gl_merge_request + action: + - opened + - changed + gitea: + - event: gt_pull_request + action: + - opened + - changed + - reopened + - event: gt_pull_request + action: comment + comment: (?i)^\s*recheck\s*$ + start: + github: + check: in_progress + comment: false + gitlab: + comment: true + approval: false + success: + github: + check: success + comment: false + gitlab: + comment: true + approval: true + gitea: + comment: true + status: "success" + failure: + github: + check: failure + comment: false + gitlab: + comment: true + approval: false + gitea: + comment: true + status: "failure" + dequeue: + github: + check: cancelled + comment: false + +- pipeline: + name: gate + description: | + Changes that have been approved by core developers are enqueued + in order in this pipeline, and if they pass tests, will be + merged. + manager: dependent + precedence: high + supercedes: check + post-review: true + require: + github: + review: + - type: approved + permission: write + current-patchset: true + open: true + label: 'gate' + # status: "otc-zuul\\[bot\\]:eco/check:success" + gitlab: + approved: true + open: true + labels: + - 'gate' + trigger: + github: + - event: pull_request_review + action: submitted + state: approved + - event: pull_request + action: comment + comment: (?i)^\s*regate\s*$ + - event: pull_request_review + action: dismissed + state: request_changes + - event: pull_request + action: status + status: ".*:success" + - event: check_run + action: rerequested + check: .*/gate:.* + - event: pull_request + action: labeled + label: + - gate + gitlab: + - event: gl_merge_request + action: + - approved + - event: gl_merge_request + action: + - labeled + labels: + - gate + start: + github: + check: in_progress + comment: false + gitlab: + comment: true + approval: false + success: + github: + check: success + merge: true + gitlab: + comment: true + approval: true + merge: true + failure: + github: + check: failure + gitlab: + comment: true + approval: false + dequeue: + github: + check: cancelled + comment: false + window-floor: 20 + window-increase-factor: 2 + +- pipeline: + name: post + description: | + This pipeline runs jobs that operate after each change is + merged. Queue items are identified by the abbreviated hash (git + log --format=%h) of the merge commit. + manager: supercedent + precedence: high + post-review: true + trigger: + github: + - event: push + ref: ^refs/heads/.*$ + gitlab: + - event: gl_push + ref: ^refs/heads/.*$ diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml new file mode 100644 index 0000000..46b9028 --- /dev/null +++ b/zuul.d/project.yaml @@ -0,0 +1,9 @@ +- project: + merge-mode: squash-merge + default-branch: main + check: + jobs: [] + gate: + jobs: [] + post: + jobs: []