|
|
# openqa.gnome.org deployment
|
|
|
|
|
|
This server was manually.
|
|
|
This server was initially deployed by hand. The deployment is now described using Ansible in https://gitlab.gnome.org/sthursfield/openqa-ansible.
|
|
|
|
|
|
We hope to redeploy it using Ansible eventually. Work in progress towards that can be found at: https://gitlab.gnome.org/sthursfield/openqa-ansible/-/tree/main
|
|
|
|
|
|
The following notes are from the initial deployment:
|
|
|
The following steps from the initial deployment are not automated:
|
|
|
|
|
|
## Install docker
|
|
|
```
|
... | ... | @@ -19,28 +17,8 @@ dnf install docker-ce docker-ce-cli containerd.io |
|
|
dnf install containerd.io-1.4.6-3.1.fc34
|
|
|
```
|
|
|
|
|
|
## Get the SSL
|
|
|
```
|
|
|
cd ssl_cert
|
|
|
docker run -it --rm --privileged -p80:80 -v $PWD:/root debian:bullseye-slim /bin/bash
|
|
|
```
|
|
|
|
|
|
## Inside the docker:
|
|
|
```
|
|
|
apt-get update && apt-get install curl socat
|
|
|
cd /root/.acme.sh/
|
|
|
./acme.sh --issue --standalone -d openqa.gnome.org
|
|
|
exit
|
|
|
```
|
|
|
|
|
|
## In Host:
|
|
|
```
|
|
|
cd /root
|
|
|
mkdir openqa
|
|
|
cd openqa/
|
|
|
git clone https://github.com/os-autoinst/openQA.git
|
|
|
mkdir -p workdir/data/factory/{iso,hdd,other,tmp} workdir/data/tests workdir/data/testresults workdir/data/certs/ssl.{key,crt} workdir/data/conf
|
|
|
chmod 0777 workdir/data/testresults
|
|
|
cp -r openQA/container/openqa_data/data.template/conf/* workdir/data/conf/
|
|
|
cp openQA/container/webui/conf/database.ini workdir/data/conf/
|
|
|
sed -i 's/#base_url = http://FIXME/base_url = http://openqa.gnome.org//' workdir/data/conf/openqa.ini
|
... | ... | @@ -61,38 +39,6 @@ EOF |
|
|
```
|
|
|
|
|
|
## change provider to appropriate provider and update key and secret
|
|
|
```
|
|
|
cp ../ssl_cert/.acme.sh/openqa.gnome.org/ca.cer workdir/data/certs/ssl.crt/ca.crt
|
|
|
cp ../ssl_cert/.acme.sh/openqa.gnome.org/openqa.gnome.org.key workdir/data/certs/ssl.key/server.key
|
|
|
cp ../ssl_cert/.acme.sh/openqa.gnome.org/openqa.gnome.org.cer workdir/data/certs/ssl.crt/server.crt
|
|
|
docker network create openqa
|
|
|
mkdir ~/openqa/dockerfile
|
|
|
cat <<EOF >> ~/openqa/dockerfile/Dockerfile
|
|
|
FROM registry.opensuse.org/devel/openqa/containers15.2/openqa_webui:latest
|
|
|
RUN zypper --no-gpg-checks ref && zypper --no-gpg-checks update -y && zypper --no-gpg-checks in -y 'perl(Mojolicious::Plugin::OAuth2)'
|
|
|
RUN usermod -d /var/lib/openqa -s /bin/bash geekotest
|
|
|
COPY files /root/files
|
|
|
RUN cp /root/files/gnomeos.png /usr/share/openqa/assets/images/gnomeos.png && \
|
|
|
mkdir -p /usr/share/openqa/templates/webapi/branding/gnomeOS && \
|
|
|
cp /root/files/*html* /usr/share/openqa/templates/webapi/branding/gnomeOS/. && \
|
|
|
rm -rf /root/files && chown geekotest /usr/share/openqa/assets/images/gnomeos.png && \
|
|
|
echo -e "\n! gnomeos.png\n< images/gnomeos.png" >> /usr/share/openqa/assets/assetpack.def
|
|
|
EOF
|
|
|
```
|
|
|
|
|
|
## Copy `files` folder containing the logo and the sponsor html
|
|
|
```
|
|
|
cd dockerfile/
|
|
|
docker build -t openqa_webui:test .
|
|
|
cd ..
|
|
|
cd ~/openqa/workdir/data/tests
|
|
|
git clone https://gitlab.com/jamesthomas/gnome-tests.git gnomeos
|
|
|
cd gnomeos
|
|
|
git clone https://gitlab.com/jamesthomas/gnome-needles needles
|
|
|
cd /root/openqa
|
|
|
docker run -d --rm --network openqa -e POSTGRES_PASSWORD=openqa -e POSTGRES_USER=openqa -e POSTGRES_DB=openqa -v$(pwd)/workdir/db:/var/lib/postgresql/data --name=db postgres:latest
|
|
|
docker run --network openqa -d --rm --privileged -v $(pwd)/workdir/data:/data/ -v $(pwd)/workdir/data/certs/ssl.crt:/etc/apache2/ssl.crt -v $(pwd)/workdir/data/certs/ssl.key:/etc/apache2/ssl.key -p80:80 -p443:443 --name openqa_webui openqa_webui:test
|
|
|
```
|
|
|
|
|
|
## openqa will give admin access to the first user who loggedin. To give additional users admin access
|
|
|
```
|
... | ... | @@ -104,55 +50,9 @@ update users set is_admin=1, is_operator=1 where id=4; |
|
|
|
|
|
## change id to the id of the user who needs to have admin access
|
|
|
|
|
|
|
|
|
## To stop the webui use `stop.sh` in /root/openqa and `start.sh` to start it.
|
|
|
|
|
|
## stop.sh
|
|
|
```
|
|
|
#!/bin/bash
|
|
|
|
|
|
BACKUP_DIR="backup-$(date +%Y%m%d_%H%M)"
|
|
|
mkdir -p $BACKUP_DIR
|
|
|
|
|
|
docker cp -a openqa_webui:/var/lib/openqa/images ${BACKUP_DIR}/.
|
|
|
docker stop openqa_webui
|
|
|
|
|
|
rm -f backup-latest
|
|
|
ln -sf $BACKUP_DIR backup-latest
|
|
|
```
|
|
|
|
|
|
## start.sh
|
|
|
```
|
|
|
#!/bin/bash
|
|
|
|
|
|
set -e
|
|
|
|
|
|
docker run --network openqa -d --rm --privileged -v $(pwd)/workdir/data:/data/ -v $(pwd)/workdir/data/certs/ssl.crt:/etc/apache2/ssl.crt -v $(pwd)/workdir/data/certs/ssl.key:/etc/apache2/ssl.key -p80:80 -p443:443 --name openqa_webui openqa_webui:test
|
|
|
|
|
|
if [ -d backup-latest/images ]; then
|
|
|
docker cp -a backup-latest/images openqa_webui:/var/lib/openqa/.
|
|
|
docker exec openqa_webui chown -R geekotest /var/lib/openqa/images
|
|
|
fi
|
|
|
```
|
|
|
|
|
|
## How to renew SSL cert
|
|
|
|
|
|
This should be automated as soon as possible, but in the meantime... here's how to get a new SSL cert as root@openqa.gnome.org:
|
|
|
|
|
|
```
|
|
|
cd /root/ssl_cert/acme.sh/
|
|
|
git pull
|
|
|
cd ..
|
|
|
docker run -it --rm --privileged -p80:80 -v $PWD:/root debian:bullseye-slim /bin/bash
|
|
|
apt-get update && apt-get install curl socat
|
|
|
cd /root/.acme.sh/
|
|
|
./acme.sh --issue --standalone -d openqa.gnome.org
|
|
|
exit
|
|
|
cd /root/openqa
|
|
|
cp ../ssl_cert/.acme.sh/openqa.gnome.org/ca.cer workdir/data/certs/ssl.crt/ca.crt
|
|
|
cp ../ssl_cert/.acme.sh/openqa.gnome.org/openqa.gnome.org.key workdir/data/certs/ssl.key/server.key
|
|
|
cp ../ssl_cert/.acme.sh/openqa.gnome.org/openqa.gnome.org.cer workdir/data/certs/ssl.crt/server.crt
|
|
|
```
|
|
|
See the Ansible script for how to do this.
|
|
|
|
|
|
## Fixing diskimage uploads
|
|
|
|
... | ... | |