action #158455: [spike][timeboxed:10h] openQA worker native on s390x - openQA Project - openSUSE Project Management Tool

Custom queries

All 'new' issues w/o assignee, sorted by version/priority
All auto_review tickets
All auto_review+force_result tickets
openQA Infrastructure Project
openqa-review - Closed tickets last updated by openqa-review, last 30 days
QA roadmap long-term
QA SLE functional
QA SLE Functional - closed in last 14 days
QA SLE Functional - High, need to be refined
QA SLE Functional - over cycle time median
QA SLE u
QA SLE y
QA tools (tag not necessary in openQA and subprojects)
QA tools tag (tag not necessary in openQA and subprojects; excluding tickets in "Ready" version as they are already on the backlog)
QAC - Backlog
QE tools team - backlog (dev)
QE tools team - backlog (ready issues)
QE tools team - backlog SLA high
QE tools team - backlog SLA immediate
QE tools team - backlog SLA no immediate/urgent in feedback/blocked
QE tools team - backlog SLA normal
QE tools team - backlog SLA urgent
QE tools team - backlog SLO high
QE tools team - backlog SLO normal
QE tools team - backlog SLO urgent
QE tools team - backlog, high-level view (epics and higher)
QE tools team - backlog, non-reactive work, needs parent
QE tools team - backlog, top-level view (all sagas)
QE tools team - closed within last 14 days
QE tools team - closed within last 60 days
QE tools team - closed yesterday
QE Tools Team - Collaborative Session
QE tools team - due date forecast
QE Tools team - due soon
QE tools team - exceeding due-date
QE tools team - infrastructure backlog
QE tools team - next - sorted by update time
QE tools team - next issues
QE tools team - non-estimated (unblocked) issues (dev)
QE tools team - non-estimated (unblocked) issues (infra)
QE tools team - ready issues - Workable
QE tools team - ready, not assigned/blocked/low
QE tools team - SLO high forecast
QE tools team - update forecast
QE tools team - updated by priority
QE tools team - what members of the team are working on - Feedback (not-low)
QE Tools Team Backlog By Assignee
Tools Team Retrospective
Tools Team Retrospective (not estimated or assigned)

Actions

Copy link

action #158455

closed

coordination #105624: [saga][epic] Reconsider how openQA handles secrets

coordination #157537: [epic] Secure setup of openQA test machines with secure network+secure authentication

[spike][timeboxed:10h] openQA worker native on s390x

Added by okurz 8 months ago. Updated 8 months ago.

Status:

Resolved

Priority:

Normal

Assignee:

okurz

Category:

Feature requests

Target version:

Ready

Start date:

2024-03-28

Due date:

% Done:

Estimated time:

Tags:

security, password

Description

Motivation¶

In https://sd.suse.com/servicedesk/customer/portal/1/SD-150437 we are asked to handle "compromised root passwords in QA segments" including s390kvm080…099 . We might have an easier time to prevent ssh access to s390x kvm instances if we run the openQA worker instances directly on s390zl12+13. For this we should try to build native openQA-worker packages and see how far we can reach.

G1¶

G1: Feasibility of openQA-worker packages native on s390x has been evaluated
G2: Follow-up tasks have been identified

Suggestions¶

Branch build.opensuse.org/package/show/devel:openQA/openQA and enable s390x based on Leap 15.5 or Leap 15.6 and try to build as much as possible, most and foremost os-autoinst+openQA-worker
Identify follow-up tasks

Related issues 2 (0 open — 2 closed)

Copied from openQA Infrastructure - action #158242: Prevent ssh access to test VMs on svirt hypervisor hosts with firewall size:M

Rejected

dheidler

2024-03-28

Actions

Copied to openQA Project - action #158985: openQA worker native on s390x

Resolved

okurz

Actions

Issue # Delay: days Cancel

History
Notes
Property changes

Actions

Copy link

Updated by okurz 8 months ago

Copied from action #158242: Prevent ssh access to test VMs on svirt hypervisor hosts with firewall size:M added

Actions

Copy link

Updated by okurz 8 months ago

Project changed from openQA Infrastructure to openQA Project
Category changed from Feature requests to Feature requests
Target version changed from Tools - Next to Ready

Actions

Copy link

Updated by okurz 8 months ago

Status changed from New to In Progress
Assignee set to okurz

Actions

Copy link

Updated by okurz 8 months ago

Testing in https://build.opensuse.org/project/show/home:okurz:branches:devel:openQA with having s390x enabled for Leap 15.5, Leap 15.6, Tumbleweed

Already identified minor changes necessary to be able to build os-autoinst on s390x
https://github.com/os-autoinst/os-autoinst/pull/2485

Actions

Copy link

Updated by openqa_review 8 months ago

Due date set to 2024-04-25

Setting due date based on mean cycle time of SUSE QE Tools

Actions

Copy link

Updated by okurz 8 months ago

The last build failed in a unit test t/26-video_stream with

t/26-video_stream.t .. 1/? cat: write error: Broken pipe
    # No tests run!

#   Failed test 'No tests run for subtest "frames parsing"'
#   at t/26-video_stream.t line 146.
Can't call method "similarity" on an undefined value at t/26-video_stream.t line 123.
# Tests were run but no plan was declared and done_testing() was not seen.
t/26-video_stream.t .. 2/? # Looks like your test exited with 255 just after 3.
t/26-video_stream.t .. Dubious, test returned 255 (wstat 65280, 0xff00)
Failed 1/3 subtests

Reproducing in a Leap 15.5 podman container on s390zl12 I could reproduce it once but then subsequent 10000(!) runs couldn't reproduce. The fail ratio is certainly below 1% or depending very much on some special circumstances.

https://build.opensuse.org/package/show/home:okurz:branches:devel:openQA/os-autoinst shows that we need perl-Mojolicious built for s390x so I should try to branch devel:openQA:Leap:15.5 and/or …:15.6 and build for s390x as well.

Actions

Copy link