Skip to content

Commit

Permalink
Add an ansible-runner task to run bonnyci-test-suite
Browse files Browse the repository at this point in the history 
Until we can run this as a periodic job in Zuul and get its logs
published into logstash, run it as an ansible task from the bastion.

This essentially just sets up the task, a user and passes through some
secrets.  The test suite itself contains a playbook, which the ansible-runner
task calls, to convert the secrets into a test config and run the test suite.

The datadog monitor should be able to monitor for the runner task and
report on its failure.

Closes-Issue: BonnyCI/projman#178

Signed-off-by: Adam Gandelman <adamg@ubuntu.com>
  • Loading branch information
@gandelman-a
gandelman-a committed May 4, 2017
1 parent 8166339 commit ee8a0a8
Show file tree
Hide file tree
Showing 9 changed files with 82 additions and 5 deletions.
4 changes: 2 additions & 2 deletions bastion.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,9 +39,9 @@
- notifempty
when: secrets is defined

- role: bonnyci-test-suite

- role: ansible-runner
ansible_runner_minute: "*/15"
ansible_runner_virtualenv: /opt/ansible

- role: tailon
tailon_ip: 127.0.0.1
Expand Down
8 changes: 8 additions & 0 deletions inventory/host_vars/bastion.opentechsjc.bonnyci.org
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,14 @@ ansible_runner_tasks:
user: cideploy
ansible_remote_user: ubuntu

- name: bonnyci-test-suite
playbook: tools/ansible/run-tests.yml
inventory: opentech-sjc-common
repo: https://github.com/BonnyCI/bonnyci-test-suite.git
user: bonnyci-test-suite
secrets_path: /var/lib/bonnyci-test-suite/test_secrets.yml
schedule: "*/30""

dns_subdomain: internal.opentechsjc.bonnyci.org

bonnyci_bastion_ssl: true
Expand Down
1 change: 1 addition & 0 deletions roles/ansible-runner/defaults/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
ansible_runner_user: root
ansible_runner_secrets_path: /etc/secrets.yml
ansible_runner_virtualenv: /opt/ansible
ansible_runner_minute: "*/15"
datadog_callback_url: https://raw.githubusercontent.com/DataDog/ansible-datadog-callback/master/datadog_callback.py

# Example:
Expand Down
7 changes: 4 additions & 3 deletions roles/ansible-runner/tasks/runner.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
git:
repo: "{{ item.repo }}"
dest: "/opt/source/{{ item.name }}"
version: "{{ item.branch | default(omit) }}"
update: true

- name: Ensure source ownership
Expand All @@ -30,7 +31,7 @@

- include: secret-file.yml
secret_file_type: secrets
secret_file_path: "{{ ansible_runner_secrets_path }}"
secret_file_path: "{{ item.secrets_path | default(ansible_runner_secrets_path) }}"
secret_file_user: "{{ item.user }}"

- name: Ensure cron log path
Expand All @@ -51,6 +52,6 @@
- name: Add ansible-runner cron job
cron:
name: "ansible-runner deploy {{ item.name}}"
minute: "{{ ansible_runner_minute | default(omit) }}"
minute: "{{ item.schedule | default(ansible_runner_minute) }}"
user: "{{ item.user }}"
job: "/usr/local/bin/ansible-runner {{ item.name }} -e @{{ ansible_runner_secrets_path }}"
job: "/usr/local/bin/ansible-runner {{ item.name }} -e @{{ item.secrets_path | default(ansible_runner_secrets_path) }}"
2 changes: 2 additions & 0 deletions roles/bonnyci-test-suite/defaults/main.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
test_suite_user: bonnyci-test-suite
test_suite_homedir: /var/lib/bonnyci-test-suite
2 changes: 2 additions & 0 deletions roles/bonnyci-test-suite/files/github_known_hosts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
|1|sZsXNcKhZcbBZs+DPD6mFkw1l7k=|G8U7iIJ+htP9bxkRoe3Zss2WiR8= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
|1|dRlxGwUzT9kmk0gcajFrqrKZ67o=|F0r14BhXr24oGRZUvZD0r7SCJ7o= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
43 changes: 43 additions & 0 deletions roles/bonnyci-test-suite/tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
- name: Create the test suite user
user:
name: "{{ test_suite_user }}"
home: "{{ test_suite_homedir }}"
system: yes
state: present

- name: Create test suite user ssh directory
file:
path: "{{ test_suite_homedir }}/.ssh"
state: directory
owner: "{{ test_suite_user }}"
group: "{{ test_suite_user }}"

- name: Write out test suite user ssh private key
copy:
dest: "{{ test_suite_homedir }}/.ssh/id_rsa"
content: "{{ secrets.ssh_keys.test_suite.private }}"
owner: "{{ test_suite_user }}"
group: "{{ test_suite_user }}"
mode: 0600

- name: Write out test suite user known_hosts
copy:
dest: "{{ test_suite_homedir }}/.ssh/known_hosts"
src: "github_known_hosts"
owner: "{{ test_suite_user }}"
group: "{{ test_suite_user }}"

- name: Write out test suite secrets
template:
dest: "{{ test_suite_homedir }}/test_secrets.yml"
src: test_secrets.yml
owner: "{{ test_suite_user }}"
group: "{{ test_suite_user }}"
mode: 0600

- name: give sudo access to user to update venv
copy:
dest: /etc/sudoers.d/99_bonnyci-test-suite
mode: 0400
owner: root
content: "bonnyci-test-suite ALL=(ALL) NOPASSWD:ALL"
1 change: 1 addition & 0 deletions roles/bonnyci-test-suite/templates/test_secrets.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{{ secrets.bonnyci_test_suite | to_nice_yaml(indent=2) }}
19 changes: 19 additions & 0 deletions secrets.yml.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,8 +90,27 @@ secrets:
-----END RSA PRIVATE KEY-----
public: >
ssh-rsa a public ssh key goes here backup@backups
test_suite:
private: |
-----BEGIN RSA PRIVATE KEY-----
a private ssh key goes here
-----END RSA PRIVATE KEY-----
public: >
ssh-rsa a public ssh key goes here test-suite@test-suite
letsencrypt:
account_key: |
-----BEGIN RSA PRIVATE KEY-----
ThisIsNotARealKey
-----END RSA PRIVATE KEY-----
bonnyci_test_suite:
check_job: bonnyci-run-check
gate_job: bonnyci-run-gate
bot_name: "bonnyci[bot]"
check_context: check_github
gate_context: gate_github
upstream_api_token: github_api_token_of_an_upstream_maintainer
upstream_org: BonnyCI
upstream_repo: testing-repo
downstream_api_token: github_api_token_for_downstream_repo_owner
downstream_org: BobbyBoatswain
downstream_repo: testing-repo

0 comments on commit ee8a0a8

Please sign in to comment.