action #158455
closedcoordination #105624: [saga][epic] Reconsider how openQA handles secrets
coordination #157537: [epic] Secure setup of openQA test machines with secure network+secure authentication
[spike][timeboxed:10h] openQA worker native on s390x
0%
Description
Motivation¶
In https://sd.suse.com/servicedesk/customer/portal/1/SD-150437 we are asked to handle "compromised root passwords in QA segments" including s390kvm080…099 . We might have an easier time to prevent ssh access to s390x kvm instances if we run the openQA worker instances directly on s390zl12+13. For this we should try to build native openQA-worker packages and see how far we can reach.
G1¶
- G1: Feasibility of openQA-worker packages native on s390x has been evaluated
- G2: Follow-up tasks have been identified
Suggestions¶
- Branch build.opensuse.org/package/show/devel:openQA/openQA and enable s390x based on Leap 15.5 or Leap 15.6 and try to build as much as possible, most and foremost os-autoinst+openQA-worker
- Identify follow-up tasks
Updated by okurz 6 months ago
- Copied from action #158242: Prevent ssh access to test VMs on svirt hypervisor hosts with firewall size:M added
Updated by okurz 6 months ago
Testing in https://build.opensuse.org/project/show/home:okurz:branches:devel:openQA with having s390x enabled for Leap 15.5, Leap 15.6, Tumbleweed
Already identified minor changes necessary to be able to build os-autoinst on s390x
https://github.com/os-autoinst/os-autoinst/pull/2485
Updated by openqa_review 6 months ago
- Due date set to 2024-04-25
Setting due date based on mean cycle time of SUSE QE Tools
Updated by okurz 6 months ago
The last build failed in a unit test t/26-video_stream with
t/26-video_stream.t .. 1/? cat: write error: Broken pipe
# No tests run!
# Failed test 'No tests run for subtest "frames parsing"'
# at t/26-video_stream.t line 146.
Can't call method "similarity" on an undefined value at t/26-video_stream.t line 123.
# Tests were run but no plan was declared and done_testing() was not seen.
t/26-video_stream.t .. 2/? # Looks like your test exited with 255 just after 3.
t/26-video_stream.t .. Dubious, test returned 255 (wstat 65280, 0xff00)
Failed 1/3 subtests
Reproducing in a Leap 15.5 podman container on s390zl12 I could reproduce it once but then subsequent 10000(!) runs couldn't reproduce. The fail ratio is certainly below 1% or depending very much on some special circumstances.
https://build.opensuse.org/package/show/home:okurz:branches:devel:openQA/os-autoinst shows that we need perl-Mojolicious built for s390x so I should try to branch devel:openQA:Leap:15.5 and/or …:15.6 and build for s390x as well.
Updated by okurz 6 months ago
https://github.com/os-autoinst/os-autoinst/pull/2485 merged. Now enabled s390x in https://build.opensuse.org/project/show/devel:openQA:Leap:15.6
Updated by okurz 6 months ago
https://github.com/os-autoinst/os-autoinst/pull/2487 to improve error reporting in tests.
Updated by okurz 6 months ago
Enabled s390x in https://build.opensuse.org/project/show/devel:openQA:Leap:15.5 as well. Let's see if builds completes there and if that fixes the unresolvable in https://build.opensuse.org/projects/home:okurz:branches:devel:openQA/packages/os-autoinst/repositories/15.5/binaries
Updated by okurz 6 months ago
https://build.opensuse.org/package/show/home:okurz:branches:devel:openQA/os-autoinst shows that we can successfully build os-autoinst on s390x. I enabled s390x in https://build.opensuse.org/projects/devel:openQA/meta for 15.5+15.6
Updated by okurz 6 months ago
- Copied to action #158985: openQA worker native on s390x added