Project

General

Profile

Actions

action #158455

closed

coordination #105624: [saga][epic] Reconsider how openQA handles secrets

coordination #157537: [epic] Secure setup of openQA test machines with secure network+secure authentication

[spike][timeboxed:10h] openQA worker native on s390x

Added by okurz 6 months ago. Updated 6 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Feature requests
Target version:
Start date:
2024-03-28
Due date:
% Done:

0%

Estimated time:

Description

Motivation

In https://sd.suse.com/servicedesk/customer/portal/1/SD-150437 we are asked to handle "compromised root passwords in QA segments" including s390kvm080…099 . We might have an easier time to prevent ssh access to s390x kvm instances if we run the openQA worker instances directly on s390zl12+13. For this we should try to build native openQA-worker packages and see how far we can reach.

G1

  • G1: Feasibility of openQA-worker packages native on s390x has been evaluated
  • G2: Follow-up tasks have been identified

Suggestions

  • Branch build.opensuse.org/package/show/devel:openQA/openQA and enable s390x based on Leap 15.5 or Leap 15.6 and try to build as much as possible, most and foremost os-autoinst+openQA-worker
  • Identify follow-up tasks

Related issues 2 (0 open2 closed)

Copied from openQA Infrastructure - action #158242: Prevent ssh access to test VMs on svirt hypervisor hosts with firewall size:MRejecteddheidler2024-03-28

Actions
Copied to openQA Project - action #158985: openQA worker native on s390xResolvedokurz

Actions
Actions #1

Updated by okurz 6 months ago

  • Copied from action #158242: Prevent ssh access to test VMs on svirt hypervisor hosts with firewall size:M added
Actions #2

Updated by okurz 6 months ago

  • Project changed from openQA Infrastructure to openQA Project
  • Category changed from Feature requests to Feature requests
  • Target version changed from Tools - Next to Ready
Actions #3

Updated by okurz 6 months ago

  • Status changed from New to In Progress
  • Assignee set to okurz
Actions #4

Updated by okurz 6 months ago

Testing in https://build.opensuse.org/project/show/home:okurz:branches:devel:openQA with having s390x enabled for Leap 15.5, Leap 15.6, Tumbleweed

Already identified minor changes necessary to be able to build os-autoinst on s390x
https://github.com/os-autoinst/os-autoinst/pull/2485

Actions #5

Updated by openqa_review 6 months ago

  • Due date set to 2024-04-25

Setting due date based on mean cycle time of SUSE QE Tools

Actions #6

Updated by okurz 6 months ago

The last build failed in a unit test t/26-video_stream with

t/26-video_stream.t .. 1/? cat: write error: Broken pipe
    # No tests run!

#   Failed test 'No tests run for subtest "frames parsing"'
#   at t/26-video_stream.t line 146.
Can't call method "similarity" on an undefined value at t/26-video_stream.t line 123.
# Tests were run but no plan was declared and done_testing() was not seen.
t/26-video_stream.t .. 2/? # Looks like your test exited with 255 just after 3.
t/26-video_stream.t .. Dubious, test returned 255 (wstat 65280, 0xff00)
Failed 1/3 subtests 

Reproducing in a Leap 15.5 podman container on s390zl12 I could reproduce it once but then subsequent 10000(!) runs couldn't reproduce. The fail ratio is certainly below 1% or depending very much on some special circumstances.

https://build.opensuse.org/package/show/home:okurz:branches:devel:openQA/os-autoinst shows that we need perl-Mojolicious built for s390x so I should try to branch devel:openQA:Leap:15.5 and/or …:15.6 and build for s390x as well.

Actions #8

Updated by okurz 6 months ago

https://github.com/os-autoinst/os-autoinst/pull/2487 to improve error reporting in tests.

Actions #10

Updated by okurz 6 months ago

https://build.opensuse.org/package/show/home:okurz:branches:devel:openQA/os-autoinst shows that we can successfully build os-autoinst on s390x. I enabled s390x in https://build.opensuse.org/projects/devel:openQA/meta for 15.5+15.6

Actions #11

Updated by okurz 6 months ago

  • Status changed from In Progress to Feedback
Actions #12

Updated by okurz 6 months ago

  • Status changed from Feedback to In Progress
Actions #13

Updated by okurz 6 months ago

Actions #14

Updated by okurz 6 months ago

  • Due date deleted (2024-04-25)
  • Status changed from In Progress to Resolved

Follow-up #158985 created as the task seems feasible.

Actions

Also available in: Atom PDF