Actualize test system deployment (#146)

anfimovdm · web-flow · commit cdad5e9bfc96 · 2025-06-09T18:20:53.000+03:00
diff --git a/.gitignore b/.gitignore
@@ -135,6 +135,7 @@ terraform.rc
 
 # Ignore sensitive files from deployment
 deployment/hosts
+deployment/ansible
 deployment/hosts.*
 deployment/files/*.pem
 deployment/files/*.crt
diff --git a/deployment/ansible.cfg b/deployment/ansible.cfg
@@ -1,2 +1,3 @@
 [defaults]
 host_key_checking = False
+roles_path = ./roles:./ansible/external-roles
diff --git a/deployment/celery_playbook.yml b/deployment/celery_playbook.yml
@@ -2,9 +2,15 @@
 
 - name: Install Celery
   hosts: celery
+  vars:
+    docker_users:
+      - "{{ test_system_user }}"
   roles:
     - base
-    - docker
+    # TODO: add role for building docker for s390x
+    - geerlingguy.docker
     - docker_customization
-    - terraform
+    - role: terraform
+      tags:
+        - terraform
     - celery
diff --git a/deployment/group_vars/celery b/deployment/group_vars/celery
@@ -25,6 +25,11 @@ result_backend_name: local
 celery_result_folder: /srv/celery_results
 celery_pool_type: prefork
 
+worker_prefetch_multiplier: 1
+result_expires: 3600
+tests_exec_timeout: 3600
+broker_pool: 30
+
 celery_log_file_dir: /var/log/celery
 celery_log_file: "{{ celery_log_file_dir }}/celery.log"
 celery_concurrency: 10
diff --git a/deployment/hosts_example.yml b/deployment/hosts_example.yml
@@ -0,0 +1,23 @@
+---
+all:
+  children:
+    celery:
+      hosts:
+        x86_64-node01:
+          celery_queues:
+            - "docker-x86_64-0"
+        aarch64-node01:
+          terraform_arch: arm
+          celery_queues:
+            - "docker-aarch64-0"
+          build_terraform: true
+          node_arch: aarch64
+          terraform_build_ver: v1.11.4
+          docker_build_ver: 3.6.1
+        s390x-node01:
+          celery_queues:
+            - "docker-s390x-0"
+          build_terraform: true
+          node_arch: s390x
+          terraform_build_ver: v1.11.4
+          docker_build_ver: 3.6.1
diff --git a/deployment/requirements.yml b/deployment/requirements.yml
@@ -0,0 +1,3 @@
+---
+roles:
+  - name: geerlingguy.docker
diff --git a/deployment/roles/base/tasks/main.yml b/deployment/roles/base/tasks/main.yml
@@ -1,26 +1,34 @@
 ---
 
 - name: Install yum-utils
-  dnf:
+  ansible.builtin.dnf:
     name: yum-utils
     state: present
 
 - name: Update all packages
-  dnf:
+  ansible.builtin.dnf:
     name: "*"
     state: latest
     skip_broken: true
     nobest: true
 
 - name: Install EPEL repository
-  dnf:
+  ansible.builtin.dnf:
     name: epel-release
     state: present
 
-- name: Add Celery user
-  user:
+- name: Allow 'wheel' group to have passwordless sudo
+  ansible.builtin.lineinfile:
+    dest: /etc/sudoers
+    state: present
+    regexp: '^%wheel'
+    line: '%wheel ALL=(ALL) NOPASSWD: ALL'
+    validate: 'visudo -cf %s'
+
+- name: Add "{{ test_system_user }}" user
+  ansible.builtin.user:
     name: "{{ test_system_user }}"
-    groups: docker
+    groups: wheel
     append: yes
     generate_ssh_key: yes
     ssh_key_bits: 4096
diff --git a/deployment/roles/celery/handlers/main.yml b/deployment/roles/celery/handlers/main.yml
@@ -1,6 +1,6 @@
 ---
 
 - name: Reload Celery service file
-  systemd:
+  ansible.builtin.systemd:
     service: alts-celery
     state: reloaded
diff --git a/deployment/roles/celery/tasks/main.yml b/deployment/roles/celery/tasks/main.yml
@@ -12,7 +12,7 @@
 
 
 - name: Install needed packages
-  dnf:
+  ansible.builtin.dnf:
     name: [
       "python3-pip", "python3-virtualenv", "librabbitmq",
       "cmake", "libtool", "autoconf", "git", "ansible", "python3-devel",
@@ -28,17 +28,17 @@
   become_user: "{{ test_system_user }}"
   block:
     - name: Clone ALTS repository
-      git:
+      ansible.builtin.git:
         repo: https://github.com/AlmaLinux/alts
         dest: /home/{{ test_system_user }}/alts
 
     - name: Install Celery dependencies
-      pip:
+      ansible.builtin.pip:
         virtualenv: "{{ celery_venv_dir }}"
         requirements: /home/{{ test_system_user }}/alts/requirements/celery.txt
 
     - name: Create config and SSL folder
-      file:
+      ansible.builtin.file:
         path: "{{ item }}"
         mode: 0755
         state: directory
@@ -47,7 +47,7 @@
         - "{{ celery_ssl_dir }}"
 
     - name: Copy the ssl certificates
-      copy:
+      ansible.builtin.copy:
         src: "{{ item.src }}"
         dest: "{{ item.dest }}"
         owner: "{{ test_system_user }}"
@@ -61,38 +61,47 @@
       when: celery_ssl
 
     - name: Create Celery config
-      template:
+      ansible.builtin.template:
         src: service_config.yaml.j2
         dest: "{{ test_system_config_dir }}/celery.yaml"
+      tags:
+        - celery-config
 
 - name: Create Celery Systemd service file
-  template:
+  ansible.builtin.template:
     src: alts-celery.service.j2
     dest: /etc/systemd/system/alts-celery.service
     mode: 0644
 
 - name: Create log files directory for Celery service
-  file:
+  ansible.builtin.file:
     path: "{{ celery_log_file_dir }}"
     mode: 0755
     owner: "{{ test_system_user }}"
     group: "{{ test_system_user }}"
     state: directory
 
 - name: Create folder for Celery local results
-  file:
+  ansible.builtin.file:
     path: "{{ celery_result_folder }}"
     mode: 0755
     owner: "{{ test_system_user }}"
     group: "{{ test_system_user }}"
     state: directory
   when: result_backend_name is defined and result_backend_name == 'local'
 
-- name: Reload Celery service file
-  command: systemctl daemon-reload
+- name: Create logrotate config
+  ansible.builtin.template:
+    src: celery-logrotate.j2
+    dest: /etc/logrotate.d/celery
+    owner: root
+    group: root
+    mode: 0644
 
 - name: Enable and start Celery service
-  service:
+  ansible.builtin.systemd:
     name: alts-celery
+    masked: no
+    state: restarted
+    daemon_reload: yes
     enabled: yes
-    state: stopped
diff --git a/deployment/roles/docker_customization/tasks/main.yml b/deployment/roles/docker_customization/tasks/main.yml
@@ -12,23 +12,23 @@
   when: "ansible_facts.os_family == 'RedHat'"
 
 - name: Deploy docker options file
-  template:
+  ansible.builtin.template:
     src: docker-options.j2
     dest: /etc/sysconfig/docker
     mode: 0644
     owner: root
     group: root
 
 - name: Create docker service config directory
-  file:
+  ansible.builtin.file:
     path: /etc/systemd/system/docker.service.d
     state: directory
     mode: 0755
     owner: root
     group: root
 
 - name: Deploy custom docker service configuration
-  copy:
+  ansible.builtin.copy:
     src: docker-moby.conf
     dest: /etc/systemd/system/docker.service.d/docker-moby.conf
     mode: 0644
@@ -41,7 +41,7 @@
   when: "config_deploy.changed"
 
 - name: Restart docker service if needed
-  systemd:
+  ansible.builtin.systemd:
     name: docker
     state: "{{ docker_service_state }}"
     enabled: yes
diff --git a/deployment/roles/terraform/defaults/main.yml b/deployment/roles/terraform/defaults/main.yml
@@ -1,5 +1,5 @@
 ---
 
 terraform_plugin_cache_dir: /home/{{ test_system_user }}/.terraform.d/plugins-cache
-terraform_version: 1.7.5
+terraform_version: 1.12.1
 terraform_arch: amd64
diff --git a/deployment/roles/terraform/tasks/main.yml b/deployment/roles/terraform/tasks/main.yml
@@ -1,36 +1,122 @@
 ---
 
 - name: Install unzip package
-  yum:
+  ansible.builtin.yum:
     name: unzip
     state: present
+  when: build_terraform is not defined
 
 - name: Download Terraform
-  get_url:
+  ansible.builtin.get_url:
     url: "https://releases.hashicorp.com/terraform/{{ terraform_version }}/terraform_{{ terraform_version }}_linux_{{ terraform_arch }}.zip"
     dest: /tmp/terraform.zip
+  when: build_terraform is not defined
 
 - name: Unpack Terraform
-  unarchive:
+  ansible.builtin.unarchive:
     src: /tmp/terraform.zip
     dest: /usr/local/bin
     remote_src: yes
+  when: build_terraform is not defined
 
 - name: Delete archive
-  file:
+  ansible.builtin.file:
     path: /tmp/terraform.zip
     state: absent
+  when: build_terraform is not defined
+
+- name: Install golang
+  ansible.builtin.yum:
+    name: golang
+    state: present
+  when: build_terraform is defined
+  tags:
+    - build-terraform
+
+- name: Clone terraform repository
+  ansible.builtin.git:
+    repo: https://github.com/hashicorp/terraform.git
+    dest: /tmp/terraform
+    version: "{{ terraform_build_ver }}"
+  when: build_terraform is defined
+  tags:
+    - build-terraform
+
+- name: Build terraform
+  ansible.builtin.shell: |
+    cd /tmp/terraform
+    GOBIN="/usr/local/bin/" go install .
+  when: build_terraform is defined
+  tags:
+    - build-terraform
+
+- name: Verify terraform installation
+  ansible.builtin.command: terraform version
+
+- name: Remove terraform git directory
+  ansible.builtin.file:
+    path: /tmp/terraform
+    state: absent
+  when: build_terraform is defined
+  tags:
+    - build-terraform
+
+- name: Clone docker provider
+  ansible.builtin.git:
+    repo: https://github.com/kreuzwerker/terraform-provider-docker.git
+    dest: /tmp/docker-provider
+    version: v"{{ docker_build_ver }}"
+  when: build_terraform is defined
+  tags:
+    - build-terraform
+
+- name: Prepare dir for docker provider
+  ansible.builtin.file:
+    path: /home/{{ test_system_user }}/.terraform.d/plugins-cache/registry.terraform.io/kreuzwerker/docker/{{ docker_build_ver }}/linux_{{ node_arch }}/
+    state: directory
+    mode: 0755
+    owner: "{{ test_system_user }}"
+    group: "{{ test_system_user }}"
+  when: build_terraform is defined
+  tags:
+    - build-terraform
+
+- name: Build docker provider
+  ansible.builtin.shell: |
+    cd /tmp/docker-provider
+    go build -o /home/{{ test_system_user }}/.terraform.d/plugins-cache/registry.terraform.io/kreuzwerker/docker/{{ docker_build_ver }}/linux_{{ node_arch }}/terraform-provider-docker_{{ docker_build_ver }}
+  when: build_terraform is defined
+  tags:
+    - build-terraform
+
+- name: Change provider ownership and permissions
+  ansible.builtin.file:
+    path: /home/{{ test_system_user }}/.terraform.d/plugins-cache/registry.terraform.io/kreuzwerker/docker/{{ docker_build_ver }}/linux_{{ node_arch }}/terraform-provider-docker_{{ docker_build_ver }}
+    mode: 0755
+    owner: "{{ test_system_user }}"
+    group: "{{ test_system_user }}"
+  when: build_terraform is defined
+  tags:
+    - build-terraform
+
+- name: Remove docker provider git directory
+  ansible.builtin.file:
+    path: /tmp/docker-provider
+    state: absent
+  when: build_terraform is defined
+  tags:
+    - build-terraform
 
 - name: Add Terraform plugin cache directory
-  file:
+  ansible.builtin.file:
     path: "{{ terraform_plugin_cache_dir }}"
     owner: "{{ test_system_user }}"
     group: "{{ test_system_user }}"
     mode: 0755
     state: directory
 
 - name: Create Terraform configuration file
-  template:
+  ansible.builtin.template:
     src: terraformrc.j2
     dest: /home/{{ test_system_user }}/.terraformrc
     owner: "{{ test_system_user }}"
diff --git a/deployment/templates/alts-celery.service.j2 b/deployment/templates/alts-celery.service.j2
diff --git a/deployment/templates/celery-logrotate.j2 b/deployment/templates/celery-logrotate.j2
diff --git a/deployment/templates/service_config.yaml.j2 b/deployment/templates/service_config.yaml.j2

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,3 @@`
`1`	`1`	`[defaults]`
`2`	`2`	`host_key_checking = False`
	`3`	`+roles_path = ./roles:./ansible/external-roles`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+---`
	`2`	`+roles:`
	`3`	`+ - name: geerlingguy.docker`