From 83d6ed6cc5e6d5d712dba19800cf61063b04fe7f Mon Sep 17 00:00:00 2001 From: Kienan Stewart Date: Wed, 24 May 2023 13:51:47 -0400 Subject: [PATCH] ansible/lava: Add role for lava server Change-Id: I11cbf0ab6e78f9b344c4860d24458e264c7e79c3 --- automation/ansible/README.md | 26 ++++++ automation/ansible/group_vars/all.yml | 2 + automation/ansible/group_vars/node.yml | 2 + automation/ansible/hosts | 3 + automation/ansible/infra_lava.yml | 4 + .../common/files/internal.efficios.com.pem | 85 +++++++++++++++++ .../ansible/roles/common/tasks/certs.yml | 15 +++ .../ansible/roles/common/tasks/main.yml | 2 + .../roles/lava-server/files/vhost-tls.conf | 34 +++++++ .../roles/lava-server/handlers/main.yml | 12 +++ .../roles/lava-server/tasks/enable_device.yml | 14 +++ .../ansible/roles/lava-server/tasks/main.yml | 93 +++++++++++++++++++ .../roles/lava-server/tasks/pdudaemon.yml | 44 +++++++++ .../templates/allowed_hosts.yaml.j2 | 6 ++ .../roles/lava-server/templates/ldap.yaml.j2 | 8 ++ .../ansible/roles/lava-server/vars/main.yml | 2 + automation/ansible/site.yml | 1 + 17 files changed, 353 insertions(+) create mode 100644 automation/ansible/README.md create mode 100644 automation/ansible/group_vars/all.yml create mode 100644 automation/ansible/group_vars/node.yml create mode 100644 automation/ansible/infra_lava.yml create mode 100644 automation/ansible/roles/common/files/internal.efficios.com.pem create mode 100644 automation/ansible/roles/common/tasks/certs.yml create mode 100644 automation/ansible/roles/lava-server/files/vhost-tls.conf create mode 100644 automation/ansible/roles/lava-server/handlers/main.yml create mode 100644 automation/ansible/roles/lava-server/tasks/enable_device.yml create mode 100644 automation/ansible/roles/lava-server/tasks/main.yml create mode 100644 automation/ansible/roles/lava-server/tasks/pdudaemon.yml create mode 100644 automation/ansible/roles/lava-server/templates/allowed_hosts.yaml.j2 create mode 100644 automation/ansible/roles/lava-server/templates/ldap.yaml.j2 create mode 100644 automation/ansible/roles/lava-server/vars/main.yml diff --git a/automation/ansible/README.md b/automation/ansible/README.md new file mode 100644 index 0000000..e511650 --- /dev/null +++ b/automation/ansible/README.md @@ -0,0 +1,26 @@ +# Required collections + +``` +ansible-galaxy collection install community.general +``` + +# Privileged data + +Privileged data is stored in Bitwarden. To use roles that fetch privileged data, +the following utilities must be available: + +* [bw](https://bitwarden.com/help/cli/) + +Once installed, login and unlock the vault: + +``` +bw login # or, `bw unlock` +export BW_SESSION=xxxx +bw sync -f +``` + +# Running playbooks + +``` +ansible-playbook -i hosts [-l SUBSET] site.yaml +``` diff --git a/automation/ansible/group_vars/all.yml b/automation/ansible/group_vars/all.yml new file mode 100644 index 0000000..2a78929 --- /dev/null +++ b/automation/ansible/group_vars/all.yml @@ -0,0 +1,2 @@ +--- +jenkins_user: false diff --git a/automation/ansible/group_vars/node.yml b/automation/ansible/group_vars/node.yml new file mode 100644 index 0000000..02a0ca6 --- /dev/null +++ b/automation/ansible/group_vars/node.yml @@ -0,0 +1,2 @@ +--- +jenkins_user: true diff --git a/automation/ansible/hosts b/automation/ansible/hosts index 14dcada..3b4b654 100644 --- a/automation/ansible/hosts +++ b/automation/ansible/hosts @@ -10,6 +10,9 @@ cloud05.internal.efficios.com #cloud07.internal.efficios.com #cloud08.internal.efficios.com +[infra_lava] +lava-master-03.internal.efficios.com + [node_armhf] ci-node-deb11-armhf-01 ci-node-deb11-armhf-02 diff --git a/automation/ansible/infra_lava.yml b/automation/ansible/infra_lava.yml new file mode 100644 index 0000000..8305bb1 --- /dev/null +++ b/automation/ansible/infra_lava.yml @@ -0,0 +1,4 @@ +- hosts: infra_lava + roles: + - common + - lava-server diff --git a/automation/ansible/roles/common/files/internal.efficios.com.pem b/automation/ansible/roles/common/files/internal.efficios.com.pem new file mode 100644 index 0000000..59146bd --- /dev/null +++ b/automation/ansible/roles/common/files/internal.efficios.com.pem @@ -0,0 +1,85 @@ +-----BEGIN CERTIFICATE----- +MIIGYzCCBUugAwIBAgIME8HUfOP7nlNsYE4GMA0GCSqGSIb3DQEBCwUAMEwxCzAJ +BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSIwIAYDVQQDExlB +bHBoYVNTTCBDQSAtIFNIQTI1NiAtIEc0MB4XDTIzMDEwNTE3MTYyN1oXDTI0MDIw +NjE3MTYyNlowIjEgMB4GA1UEAwwXKi5pbnRlcm5hbC5lZmZpY2lvcy5jb20wggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMYxGUCLUIIKARfCF1oT6oKRSA +dmMJpeI9k+bWMbDZ9m15xZXdlx33OwOJA0lgBLLuJnds/WxE9EFACjYbk7M3Vyp+ +97rVsFdZ2biLLGX7264I0/0LtQgg3UMqTH01DKj2RspCCCo1YsUncX2/h1V+Zo9b +pJG7dqPQ+YjpGajXYVNahv5s0ljpzqcJWGNsKDOQFqvIZWKXDUhFelm+dY57J90W +lGvB6eoOoilip7k4BSJ/3OIjvML6Pz6zvKJE2ZAn4ZT0HdpizCVqmO1zq96/qbdE +VJpMpRCZs/RKMgookBp22ZDSsZ+zfAu441MiQEq+oQxjSU8Y9kLK5x3M0PAhAgMB +AAGjggNtMIIDaTAOBgNVHQ8BAf8EBAMCBaAwgZMGCCsGAQUFBwEBBIGGMIGDMEYG +CCsGAQUFBzAChjpodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9h +bHBoYXNzbGNhc2hhMjU2ZzQuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5n +bG9iYWxzaWduLmNvbS9hbHBoYXNzbGNhc2hhMjU2ZzQwVwYDVR0gBFAwTjAIBgZn +gQwBAgEwQgYKKwYBBAGgMgoBAzA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5n +bG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJBgNVHRMEAjAAMEEGA1UdHwQ6MDgw +NqA0oDKGMGh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vYWxwaGFzc2xjYXNoYTI1 +Nmc0LmNybDA5BgNVHREEMjAwghcqLmludGVybmFsLmVmZmljaW9zLmNvbYIVaW50 +ZXJuYWwuZWZmaWNpb3MuY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD +AjAfBgNVHSMEGDAWgBRPy6yowu+r3YNva7/OmD1cWCV2FTAdBgNVHQ4EFgQUMzXk +R9Q8ur0Bb8oOGN72GFCPBkswggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AG9T +dqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABhYLvJUgAAAQDAEcwRQIh +ALuWQU0tdPDfxouzEvKu93ITGwF6lT5NYbS7xK36PsbRAiAGd1lNkbyptg9EKd2I +J1Yt8TZEkJn0eT1zkYuGWfvvPwB1AHPZnokbTJZ4oCB9R53mssYc0FFecRkqjGuA +EHrBd3K1AAABhYLvJXkAAAQDAEYwRAIgDWI/namYh4xclEmP7UAStAqghK8MAL2G +iZpsFDnkSO8CICqUbt/aQCEuhIThMTzmxDa22hWdS2LGF/RMRft/lXe/AHcAdv+I +Pwq2+5VRwmHM9Ye6NLSkzbsp3GhCCp/mZ0xaOnQAAAGFgu8liwAABAMASDBGAiEA +yRvXFPB/0uvpQRoWU/GAlQPRtUYI5arQWgojUv7M3j8CIQCp9cR8+Z7jOb71eDuJ +lQK8gLgdmHDi6zgdQCk6xFZlGzANBgkqhkiG9w0BAQsFAAOCAQEAGzDx32bMP53h +JHQmNKHo69Q2kLsx1YfxElMjoUriVpvaPjNkSUm4f94KSAPNw/h9nqSLp0PBIOPF +xClutnF4We52GuINGtsxGjDBb8w0X+s3ObzrQxD1zAqXCS6kpHmdLf9xQ3dwxFML +w4bOibIpxIaQXTVQuHW8qRKUHXKr2kUQx7+tIbavsrN/HUS6zc8Kjm/k/KadH+zA +u2vcgAw+4RAeKfzG3e3zNUwl8Dn7GTL0DL87SGSb5Hj3HFyojYqIOMNzQ1MO00i4 +p/oq2AWSUndRFD9VTVdZwvgpBB4Qh39J2yExyd+8+ob56q1FmzMe5kTT+8IkSXSG +YkjI4uyfJA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEijCCA3KgAwIBAgIQfU1CqStDHX5kU+fBmo1YdzANBgkqhkiG9w0BAQsFADBX +MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UE +CxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIyMTAx +MjAzNDk0M1oXDTI3MTAxMjAwMDAwMFowTDELMAkGA1UEBhMCQkUxGTAXBgNVBAoT +EEdsb2JhbFNpZ24gbnYtc2ExIjAgBgNVBAMTGUFscGhhU1NMIENBIC0gU0hBMjU2 +IC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtJCmVZhWIPzOH +A3jP1QwkuDFT8/+DImyZlSt85UpZwq7G0Sqd+n8gLlHIZypQkad5VkT7OLU+MI78 +lC7LVwxpU19ExlaWL67ANyWG8XHx3AJFQoZhuDbvUeNzRQyQs6XS5wN6uDlF0Bf1 +AtCUQWrGGLGYwyC1xTrzgrFKpESsIXMqklUGTsh8i7DKZhRUVfgrPLJUkbbLUrLY +42+KRCiwfSvBloC5PgDYnj3oMZ1aTe3Wfk3l1I4D3RKaJ4PU1qHXhHJOge2bjGIG +l6MsaBN+BB2sr6EnxX0xnMIbew2oIfOFoLqs47vh/GH4JN0qql2WBHfDPVDm3b+G +QxY6N/LXAgMBAAGjggFbMIIBVzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYI +KwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYE +FE/LrKjC76vdg29rv86YPVxYJXYVMB8GA1UdIwQYMBaAFGB7ZhpFDZfKiVAvfQTN +NKj//P1LMHoGCCsGAQUFBwEBBG4wbDAtBggrBgEFBQcwAYYhaHR0cDovL29jc3Au +Z2xvYmFsc2lnbi5jb20vcm9vdHIxMDsGCCsGAQUFBzAChi9odHRwOi8vc2VjdXJl +Lmdsb2JhbHNpZ24uY29tL2NhY2VydC9yb290LXIxLmNydDAzBgNVHR8ELDAqMCig +JqAkhiJodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL3Jvb3QuY3JsMCEGA1UdIAQa +MBgwCAYGZ4EMAQIBMAwGCisGAQQBoDIKAQMwDQYJKoZIhvcNAQELBQADggEBABol +9nNkiECpWQenQ7oVP1FhvRX/LWTdzXpdMmp/SELnEJhoOe+366E0dt8tWGg+ezAc +DPeGYPmp83nAVLeDpji7Nqu8ldB8+G/B6U9GB8i2DDIAqSsFEvcMbWb5gZ2/DmRN +cifGi9FKAuFu2wyft4s4DHwzL2CJ2zjMlUOM3RaE1cxuOs+Om6MCD9G7vnkAtSiC +/OOfHO902f4yI2a48K+gKaAf3lISFXjd32pwQ21LpM3ueIGydaJ+1/z8nv+C7SUT +5bHoz7cYU27LUvh1n2WSNnC6/QwFSoP6gNKa4POO/oO13xjhrLRHJ/04cKMbRALt +JWQkPacJ8SJVhB2R7BI= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG +A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv +b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw +MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i +YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT +aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ +jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp +xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp +1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG +snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ +U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 +9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B +AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz +yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE +38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP +AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad +DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME +HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/automation/ansible/roles/common/tasks/certs.yml b/automation/ansible/roles/common/tasks/certs.yml new file mode 100644 index 0000000..462e764 --- /dev/null +++ b/automation/ansible/roles/common/tasks/certs.yml @@ -0,0 +1,15 @@ +--- +- name: Deploy internal certificate + ansible.builtin.copy: + dest: /etc/ssl/certs/internal.efficios.com.pem + mode: '0644' + owner: 'root' + group: 'root' + src: 'internal.efficios.com.pem' +- name: Deploy internal certificate key + ansible.builtin.copy: + dest: /etc/ssl/private/internal.efficios.com.key + mode: '0640' + owner: 'root' + group: 'root' + content: "{{lookup('community.general.bitwarden', 'TLS Certificate internal.efficios.com', collection_id='35c5d8b1-2520-4450-a479-aef50131b930')[0]['notes'] }}" diff --git a/automation/ansible/roles/common/tasks/main.yml b/automation/ansible/roles/common/tasks/main.yml index 1a4895f..5cb4e16 100644 --- a/automation/ansible/roles/common/tasks/main.yml +++ b/automation/ansible/roles/common/tasks/main.yml @@ -39,10 +39,12 @@ remove: yes - name: Create jenkins user + when: jenkins_user | bool user: name: 'jenkins' - name: Set up authorized_keys for the jenkins user + when: jenkins_user | bool authorized_key: user: 'jenkins' key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA3fwpioVLDoCQsQkYK5bOwPb8N0EXeYm2MleBQTfqxtKaqWWbmUtFXAiyclKHRspjcAiIKwwqLyhPopHBqJzmXnB0GsfGmxXJ6wSBgKJ4kdBVRM+nKlK0wCl1oQkFeV/Xl3jzt1Ey96XiNWlesfkvgcMCpsJzQ7/xRb9IcghskzlQbLOwDNir/156JgAYUYvOLqNCcE+xcgPxJGanfZDXTLkfBYxaeaB8isBPeEU6fhPvu/W055M1uB7E0qhcbFtuKCBu1Fg4jzsW4yDU8+ZB1b5mAXwEAuMbVGMrOf4rjtTpGpQd6XFsXpFT28NU1u5j2cUbtANJalkNDX/UY6XJ jenkins@ci-master-02' diff --git a/automation/ansible/roles/lava-server/files/vhost-tls.conf b/automation/ansible/roles/lava-server/files/vhost-tls.conf new file mode 100644 index 0000000..ca9e95a --- /dev/null +++ b/automation/ansible/roles/lava-server/files/vhost-tls.conf @@ -0,0 +1,34 @@ + + ServerAdmin webmaster@localhost + + SSLEngine On + SSLCertificateKeyFile /etc/ssl/private/internal.efficios.com.key + SSLCertificateFile /etc/ssl/certs/internal.efficios.com.pem + + Alias /tmp/ /var/lib/lava/dispatcher/tmp/ + + # Let apache2 handle these URIs + ProxyPass /tmp ! + # Send web socket requests to lava-publisher + ProxyPass /ws/ ws://127.0.0.1:8001/ws/ + ProxyPassReverse /ws/ ws://127.0.0.1:8001/ws/ + # Send request to Gunicorn + ProxyPass / http://127.0.0.1:8000/ + ProxyPassReverse / http://127.0.0.1:8000/ + ProxyPreserveHost On + + DocumentRoot /usr/share/lava-server/static/lava_server/ + + + Options -Indexes + Require all granted + AllowOverride None + + php_admin_flag engine Off + + + + LogLevel info + ErrorLog ${APACHE_LOG_DIR}/lava-server.log + CustomLog ${APACHE_LOG_DIR}/lava-server.log combined + \ No newline at end of file diff --git a/automation/ansible/roles/lava-server/handlers/main.yml b/automation/ansible/roles/lava-server/handlers/main.yml new file mode 100644 index 0000000..5b050b9 --- /dev/null +++ b/automation/ansible/roles/lava-server/handlers/main.yml @@ -0,0 +1,12 @@ +--- +- name: Reload apache + shell: + cmd: apache2ctl graceful +- name: Restart apache + ansible.builtin.service: + name: apache2 + state: restarted +- name: Restart lava-server-gunicorn + ansible.builtin.service: + name: lava-server-gunicorn + state: restarted diff --git a/automation/ansible/roles/lava-server/tasks/enable_device.yml b/automation/ansible/roles/lava-server/tasks/enable_device.yml new file mode 100644 index 0000000..23e9303 --- /dev/null +++ b/automation/ansible/roles/lava-server/tasks/enable_device.yml @@ -0,0 +1,14 @@ +--- +- name: Check device type details + become: yes + become_user: lavaserver + register: device_details + ignore_errors: true + shell: + cmd: "lava-server manage device-types details {{item}}" +- name: Enable device type + become: yes + become_user: lavaserver + when: device_details.rc == 1 + shell: + cmd: "lava-server manage device-types add {{item}}" diff --git a/automation/ansible/roles/lava-server/tasks/main.yml b/automation/ansible/roles/lava-server/tasks/main.yml new file mode 100644 index 0000000..782b5ca --- /dev/null +++ b/automation/ansible/roles/lava-server/tasks/main.yml @@ -0,0 +1,93 @@ +--- +- name: Install lava-server + apt: + name: + - lava-server + - libvirt-clients +- name: Enable apache modules + shell: + cmd: a2enmod "{{ item }}" + creates: "/etc/apache2/mods-enabled/{{item}}.load" + loop: + - proxy + - proxy_http + - ssl + notify: + - Restart apache +- name: Disable default apache2 site + ansible.builtin.file: + path: /etc/apache2/sites-enable/000-default.conf + state: absent + notify: + - Reload apache +- name: Enable lava-server site + shell: + cmd: a2ensite lava-server.conf + creates: /etc/apache2/sites-enabled/lava-server.conf + notify: + - Reload apache +- name: Deploy internal certificate + import_role: + name: common + tasks_from: certs + notify: + - Reload apache +- name: Create TLS vhost + copy: + src: vhost-tls.conf + dest: /etc/apache2/sites-enabled/lava-server-tls.conf + notify: + - Reload apache +- name: Configure lava-server allowed hosts + ansible.builtin.template: + src: allowed_hosts.yaml.j2 + dest: /etc/lava-server/settings.d/00-hosts.yaml + owner: lavaserver + group: lavaserver + mode: '0640' + notify: + - Restart lava-server-gunicorn +- name: Configure lava-server LDAP integration + ansible.builtin.template: + src: ldap.yaml.j2 + dest: /etc/lava-server/settings.d/01-ldap.yaml + owner: lavaserver + group: lavaserver + mode: '0640' + notify: + - Restart lava-server-gunicorn +- name: Add lava devices + include_tasks: enable_device.yml + loop: + - qemu + - x86 + - imx6q-wandboard + - cubietruck +- name: Clone lttng-ci repo + become: yes + become_user: lavaserver + git: + dest: /var/lib/lava-server/home/lttng-ci + repo: https://github.com/lttng/lttng-ci + register: clone_result +- name: List devices in lttng-ci repo + when: clone_result.before != clone_result.after + find: + paths: + - /var/lib/lava-server/home/lttng-ci/lava/devices/ + register: found_lava_devices +- name: Create device links + when: clone_result.before != clone_result.after + ansible.builtin.file: + src: "{{item}}" + path: "/etc/lava-server/dispatcher-config/devices/{{item | basename }}" + state: link + loop: "{{found_lava_devices['files'] | map(attribute='path')}}" +- name: Configure PDU Daemon + import_tasks: pdudaemon.yml +- name: Generate root SSH keypair + # The public key can be installed on qemu hosts + # lava-worker runs as root, not as lavaserver. + community.crypto.openssh_keypair: + path: /root/.ssh/id_ed25519 + type: ed25519 diff --git a/automation/ansible/roles/lava-server/tasks/pdudaemon.yml b/automation/ansible/roles/lava-server/tasks/pdudaemon.yml new file mode 100644 index 0000000..e62f04c --- /dev/null +++ b/automation/ansible/roles/lava-server/tasks/pdudaemon.yml @@ -0,0 +1,44 @@ +--- +- name: Install dependencies + apt: + name: + - python3-venv + - python3-pip + - python3-pexpect + - python3-requests + - python3-systemd + - python3-paramiko + - python3-serial +- name: Clone pdudaemon + become: yes + become_user: lavaserver + git: + dest: /var/lib/lava-server/home/pdudaemon + repo: https://git.internal.efficios.com/efficios/pdudaemon.git + version: console_server_update + register: pdudaemon_clone +- name: Build pdudaemon + become: yes + become_user: lavaserver + when: pdudaemon_clone.before != pdudaemon_clone.after + shell: + chdir: /var/lib/lava-server/home/pdudaemon + cmd: "python3 ./setup.py build" +- name: Install pdudaemon + when: pdudaemon_clone.before != pdudaemon_clone.after + shell: + chdir: /var/lib/lava-server/home/pdudaemon + cmd: "python3 setup.py install --prefix=/usr/local/" +- name: Copy pdudaemon service file + when: pdudaemon_clone.before != pdudaemon_clone.after + copy: + remote_src: true + src: /var/lib/lava-server/home/lttng-ci/lava/pdudaemon/pdudaemon.service + dest: /etc/systemd/system/pdudaemon.service + mode: '0644' +- name: Enable pdudaemon service + ansible.builtin.systemd: + daemon_reload: true + name: pdudaemon.service + enabled: true + state: started diff --git a/automation/ansible/roles/lava-server/templates/allowed_hosts.yaml.j2 b/automation/ansible/roles/lava-server/templates/allowed_hosts.yaml.j2 new file mode 100644 index 0000000..5fd0baf --- /dev/null +++ b/automation/ansible/roles/lava-server/templates/allowed_hosts.yaml.j2 @@ -0,0 +1,6 @@ +ALLOWED_HOSTS: + # This allows the local dispatcher to run without issues + - localhost +{% for host in lava_allowed_hosts %} + - {{host}} +{% endfor%} diff --git a/automation/ansible/roles/lava-server/templates/ldap.yaml.j2 b/automation/ansible/roles/lava-server/templates/ldap.yaml.j2 new file mode 100644 index 0000000..9c8cbd3 --- /dev/null +++ b/automation/ansible/roles/lava-server/templates/ldap.yaml.j2 @@ -0,0 +1,8 @@ +AUTH_LDAP_SERVER_URI: "ldap://smb-adc02.internal.efficios.com:389" +AUTH_LDAP_START_TLS: true +AUTH_LDAP_BIND_DN: "{{ lookup('community.general.bitwarden', 'Jenkins Domain Account', field='binddn', collection_id='35c5d8b1-2520-4450-a479-aef50131b930')[0] }}" +AUTH_LDAP_BIND_PASSWORD: "{{ lookup('community.general.bitwarden', 'Jenkins Domain Account', field='password', collection_id='35c5d8b1-2520-4450-a479-aef50131b930')[0] }}" +AUTH_LDAP_USER_SEARCH: 'LDAPSearch("CN=Users,DC=internal,DC=efficios,DC=com", ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)")' +AUTH_LDAP_USER_ATTR_MAP: + first_name: "givenName" + email: "mail" diff --git a/automation/ansible/roles/lava-server/vars/main.yml b/automation/ansible/roles/lava-server/vars/main.yml new file mode 100644 index 0000000..eaa760a --- /dev/null +++ b/automation/ansible/roles/lava-server/vars/main.yml @@ -0,0 +1,2 @@ +lava_allowed_hosts: + - "{{ ansible_facts['fqdn'] }}" diff --git a/automation/ansible/site.yml b/automation/ansible/site.yml index c1f983a..3a193f7 100644 --- a/automation/ansible/site.yml +++ b/automation/ansible/site.yml @@ -1,5 +1,6 @@ --- - import_playbook: hosts.yml +- import_playbook: infra_lava.yml - import_playbook: node_armhf.yml - import_playbook: node_arm64.yml - import_playbook: node_ppc64el.yml -- 2.34.1