action #179359
closedcoordination #154768: [saga][epic][ux] State-of-art user experience for openQA
coordination #179356: [epic] Better config file management
Support for /usr/etc config files and directories in openQA webUI server size:M
Description
Motivation¶
See https://en.opensuse.org/openSUSE:Packaging_UsrEtc for details and motivation. Also this would make maintaining host specific configuration easier for o3+osd and could prevent problems like #176250
Acceptance criteria¶
- AC1: openQA behaves as described in https://en.opensuse.org/openSUSE:Packaging_UsrEtc#Variant_1_(ideal_case)
- AC2: Old files present on existing instances are still read
- AC3: The behaviour is properly described within config files and documentation
Suggestions¶
- Read https://en.opensuse.org/openSUSE:Packaging_UsrEtc
- Understand what was done in #176421 and extend the concept
- Start in https://github.com/os-autoinst/openQA/blob/master/lib/OpenQA/Setup.pm
- Keep in mind the impact of .spec file and downstream packaging implementations
- Consider best practice for config files in etc / .d files etc
- Document the behavior on where files come from, what takes priority and how duplicates are treated
Out of scope¶
- additional /usr/etc reading in worker+client
- additional /usr/etc reading for database.ini
Updated by okurz about 1 month ago
- Copied from action #176421: Support for config files in openqa.d size:S added
Updated by okurz about 1 month ago
- Copied to action #179362: Support for /usr/etc config files and directories in openQA workers added
Updated by okurz about 1 month ago
https://matrix.to/#/!XpAJOYggtDiIfDZZBr:opensuse.org/$um-8l6X_8P8AereP4JK2-Jwbh4fOLBUiqWBplRCbr8U
Hi, I was thinking about implementing https://en.opensuse.org/openSUSE:Packaging_UsrEtc for openQA and I wonder what is the current standard regarding the main config file path and config directly path, e.g. should it be /etc/openqa/openqa.ini and /etc/openqa/openqa.conf.d/99-foo.ini or should it be /etc/openqa/openqa.ini and /etc/openqa.conf.d/99-foo.ini what the wiki says?
fvogt quickly provided an answer
The .d directory is in the same directory as the .ini/.conf file
(okurz[m]) so that would be /etc/openqa/openqa.conf.d/ then. Should it be /etc/openqa/openqa.conf.d/ or /etc/openqa/openqa.d/ ?
(fvogt) If it's /etc/openqa/openqa.ini, then /etc/openqa/openqa.ini.d/
Updated by okurz about 1 month ago
https://github.com/os-autoinst/openQA/pull/6314 for correcting the current look-up path of config drop-in directories.
Updated by mkittler about 1 month ago
- Status changed from New to In Progress
- Assignee set to mkittler
Updated by mkittler about 1 month ago
- Status changed from In Progress to Feedback
PR to also look for the config under /usr/etc: https://github.com/os-autoinst/openQA/pull/6324
It doesn't change where the default config is installed, though.
Updated by nicksinger about 1 month ago
mkittler wrote in #note-6:
PR to also look for the config under
/usr/etc: https://github.com/os-autoinst/openQA/pull/6324
It doesn't change where the default config is installed, though.
cannot agree :) It broke o3 and I had to specify some overrides in systemd:
ariel:/etc/systemd/system # grep -i CONFIG */override.conf
openqa-gru.service.d/override.conf:Environment="OPENQA_CONFIG=/etc/openqa"
openqa-livehandler.service.d/override.conf:Environment="OPENQA_CONFIG=/etc/openqa"
openqa-scheduler.service.d/override.conf:Environment="OPENQA_CONFIG=/etc/openqa"
openqa-webui.service.d/override.conf:Environment="OPENQA_CONFIG=/etc/openqa"
Updated by nicksinger about 1 month ago
- Status changed from Feedback to Workable
Updated by okurz 24 days ago
- Blocks action #177276: Make use of config files in openqa.ini.d for OSD specific settings size:S added
Updated by mkittler 22 days ago
I asked about the remaining problem with my PR on Slack: https://suse.slack.com/archives/C02D1374S3V/p1743674486905609
Updated by okurz 21 days ago
- Priority changed from Normal to Urgent
https://github.com/os-autoinst/openQA/pull/6339 merged. Causing problems in configure-web-proxy, see https://openqa.opensuse.org/tests/4970226#step/openqa_webui/9
Updated by okurz 21 days ago
https://github.com/os-autoinst/os-autoinst-distri-openQA/pull/234 for os-autoinst-distri-openQA itself. You can look into configure-web-proxy and other tooling within the openQA repo itself.
Updated by openqa_review 20 days ago
- Due date set to 2025-04-19
Setting due date based on mean cycle time of SUSE QE Tools
Updated by dheidler 18 days ago
Currently these tests are failing related to the /usr/etc changes:
https://openqa.opensuse.org/tests/4976144#step/openqa_webui/1
Updated by mkittler 18 days ago
@dheidler The openQA-in-openQA test will be fixed by https://github.com/os-autoinst/os-autoinst-distri-openQA/pull/234.
For apparmor: https://github.com/os-autoinst/openQA/pull/6366
For the auto-reloading of worker services: https://github.com/os-autoinst/openQA/pull/6368
Updated by mkittler 17 days ago
All PRs are merged but I still had to create 2 more: https://github.com/os-autoinst/openQA/pull/6376, https://github.com/os-autoinst/openQA/pull/6375
Updated by mkittler 17 days ago
- Related to action #180155: openqaworker28 is offline size:S added
Updated by mkittler 16 days ago · Edited
- Status changed from In Progress to Resolved
The most recent PRs have been merged and the situation looks still good on o3.
All ACs are fulfilled, including documentation.
Note that all out of scope items have been implemented as well because leaving them out would have left the codebase in an extremely inconsistent state and there would have been no proof that the approach is generally applicable for all parts of openQA.
Updated by tinita 14 days ago
- Status changed from Resolved to Workable
Request https://build.opensuse.org/requests/1268562 was declined:
do not restart apparmor during update,,you want,,
,%apparmor_reload /etc/apparmor.d/yourprofile,
Updated by mkittler 11 days ago · Edited
- Status changed from In Progress to Feedback
PR for the AppArmor profile: https://github.com/os-autoinst/openQA/pull/6388
I'm not yet sure what to do about this one (from https://build.opensuse.org/requests/1268562#comment-2131771):
[ 534s] openQA-worker.x86_64: E: sysctl-file-unauthorized (Badness: 10000) /usr/lib/sysctl.d/01-openqa-reload-worker-auto-restart.conf (sha256 file digest default filter:02f132e4d967dd9d0f762126d0696881d0c20a29d5d68584fc1146b66ae0e783 shell filter:02f132e4d967dd9d0f762126d0696881d0c20a29d5d68584fc1146b66ae0e783 xml filter:<failed-to-calculate>)
[ 534s] Packaging sysctl.d drop-in configuration files requires a review and
[ 534s] whitelisting by the SUSE security team. If the package is intended for
[ 534s] inclusion in any SUSE product please open a bug report to request review of
[ 534s] the package by the security team. Please refer to
[ 534s] https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for
[ 534s] more information.
[ 534s]
Perhaps we should revert https://github.com/os-autoinst/openQA/pull/6376 again and leave it to the admin to configure this. I would have preferred having this in the rpm for a better out of the box experience, though.
EDIT: I gave it a try, let's see whether this is wanted. For that I created https://bugzilla.opensuse.org/show_bug.cgi?id=1241146 as per https://en.opensuse.org/openSUSE:Package_security_guidelines#Audit_Bugs_for_the_Security_Team.
Updated by livdywan 11 days ago
- Related to action #180905: [tools][qe-core]test fails in openqa_bootstrap on leap15.6 size:S added
Updated by livdywan 9 days ago
- Related to action #180878: Changes to sysctl.d/01-openqa-reload-worker-auto-restart.conf need review by SUSE security team added
Updated by mkittler 9 days ago
- Status changed from Feedback to Resolved
I consider this resolved because @okurz created #180878 for the remaining problem that came up. (The change for AppArmor already shows up on https://build.opensuse.org/requests/1269325 and will hopefully be accepted.)