Project

General

Profile

Wiki » History » Version 96

okurz, 2020-10-02 10:54
Add "Accessing o3 infrastructure"

1 3 okurz
# Introduction
2 1 alarrosa
3 3 okurz
This is the organisation wiki for the **openQA Project**.
4 49 okurz
The source code is hosted in the [os-autoinst github project](http://github.com/os-autoinst/), especially [openQA itself](http://github.com/os-autoinst/openQA) and the main backend [os-autoinst](http://github.com/os-autoinst/os-autoinst)
5 1 alarrosa
6 48 okurz
If you are interested in the tests for SUSE/openSUSE products take a look into the [openqatests](https://progress.opensuse.org/projects/openqatests) project.
7
8 70 szarate
If you are looking for entry level issues to contribute to the backend, take a look at [this search query](https://progress.opensuse.org/projects/openqav3/search?utf8=%E2%9C%93&issues=1&q=entrance+level+issue)
9
10 14 okurz
{{toc}}
11
12 3 okurz
# Organisational
13 1 alarrosa
14 51 okurz
## ticket workflow
15
16 65 SLindoMansilla
Picture: http://imagebin.suse.de/2127/img
17 64 SLindoMansilla
18 51 okurz
The following ticket statuses are used together and their meaning is explained:
19
20 63 okurz
* *New*: No one has worked on the ticket (e.g. the ticket has not been properly refined) or no one is feeling responsible for the work on this ticket.
21 73 riafarov
* *Workable*: The ticket has been refined and is ready to be picked.
22
* *In Progress*: Assignee is actively working on the ticket.
23 1 alarrosa
* *Resolved*: The complete work on this issue is done and the according issue is supposed to be fixed as observed (Should be updated together with a link to a merged pull request or also a link to an production openQA showing the effect)
24 73 riafarov
* *Feedback*: Further work on the ticket is blocked by open points or is awaiting for the feedback to proceed. Sometimes also used to ask Assignee about progress on inactivity.
25 74 okurz
* *Blocked*: Further work on the ticket is blocked by some external dependency (e.g. bugs, not implemented features). There should be a link to another ticket, bug, trello card, etc. where it can be seen what the ticket is blocked by.
26 51 okurz
* *Rejected*: The issue is considered invalid, should not be done, is considered out of scope.
27
* *Closed*: As this can be set only by administrators it is suggested to not use this status.
28
29
It is good practice to update the status together with a comment about it, e.g. a link to a pull request or a reason for reject.
30
31 80 okurz
## ticket categories
32
33
* *Concrete Bugs*: Regressions, crashes, error messages
34
* *Feature requests*: Ideas or wishes for extension, enhancement, improvement
35
* *Organisational*: Organisational tasks within the project(s), not directly code related
36
* *Support*: Support of users, usage problems, questions
37
38
Please avoid the use of other, deprecated categories
39
40 83 okurz
Suggestion by *okurz*: I recommend to avoid the word "bug" in our categories because of the usual "is it a bug or a feature" struggle. Instead I suggest to strictly define "Regressions & Crashes" to clearly separate "it used to work in before" from "this was never part of requirements" for Features. Any ticket of this category also means that our project processes missed something so we have points for improvements, e.g. extend things to look out for in code review.
41
42 13 okurz
## ticket templates
43
You can use these templates to fill in tickets and further improve them with more detail over time. Copy the code block, paste it into a new issue, replace every block marked with "<…>" with your content or delete if not appropriate.
44
45 71 nicksinger
### Defects
46 13 okurz
47
Subject: `<Short description, example: "openQA dies when triggering any Windows ME tests">`
48
49 1 alarrosa
50 13 okurz
```
51 71 nicksinger
## Observation
52 13 okurz
<description of what can be observed and what the symptoms are, provide links to failing test results and/or put short blocks from the log output here to visualize what is happening>
53
54 71 nicksinger
## Steps to reproduce
55 1 alarrosa
* <do this>
56 13 okurz
* <do that>
57 1 alarrosa
* <observe result>
58 13 okurz
59 71 nicksinger
## Problem
60 13 okurz
<problem investigation, can also include different hypotheses, should be labeled as "H1" for first hypothesis, etc.>
61
62 71 nicksinger
## Suggestion
63 13 okurz
<what to do as a first step>
64
65 71 nicksinger
## Workaround
66 13 okurz
<example: retrigger job>
67
```
68
69
example ticket: #10526
70
71 72 nicksinger
### Feature requests
72 13 okurz
73
Subject: `<Short description, example: "grub3 btrfs support" (feature)>`
74
75
76
```
77
## User story
78
<As a <role>, I want to <do an action>, to <achieve which goal> >
79
80 72 nicksinger
## Acceptance criteria
81 13 okurz
* <**AC1:** the first acceptance criterion that needs to be fulfilled to do this, example: Clicking "restart button" causes restart of the job>
82
* <**AC2:** also think about the "not-actions", example: other jobs are not affected>
83
84 72 nicksinger
## Tasks
85 13 okurz
* <first task to do as an easy starting point>
86 69 okurz
* <what do do next, all tasks optionally with an effort estimation in hours, e.g. "(0.5-2h)">
87 13 okurz
* <optional: mark "optional" tasks>
88
89 72 nicksinger
## Further details
90 17 okurz
<everything that does not fit into above sections>
91 13 okurz
```
92
93
example ticket: #10212
94
95 62 SLindoMansilla
## Further decision steps working on test issues
96 61 SLindoMansilla
97 62 SLindoMansilla
Test issues could be one of the following sources. Feel free to use the following template in tickets as well
98 1 alarrosa
99 62 SLindoMansilla
```
100
## Problem
101
* **H1** The product has changed
102
 * **H1.1** product changed slightly but in an acceptable way without the need for communication with DEV+RM --> adapt test
103
 * **H1.2** product changed slightly but in an acceptable way found after feedback from RM --> adapt test
104
 * **H1.3** product changed significantly --> after approval by RM adapt test
105 61 SLindoMansilla
106 62 SLindoMansilla
* **H2** Fails because of changes in test setup
107
 * **H2.1** Our test hardware equipment behaves different
108
 * **H2.2** The network behaves different
109
110
* **H3** Fails because of changes in test infrastructure software, e.g. os-autoinst, openQA
111
* **H4** Fails because of changes in test management configuration, e.g. openQA database settings
112
* **H5** Fails because of changes in the test software itself (the test plan in source code as well as needles)
113
* **H6** Sporadic issue, i.e. the root problem is already hidden in the system for a long time but does not show symptoms every time
114
```
115 25 okurz
116
## pull request handling on github
117
118
As a reviewer of pull requests on github for all related repositories, e.g. https://github.com/os-autoinst/os-autoinst-distri-opensuse/pulls, apply labels in case PRs are open for a longer time and can not be merged so that we keep our backlog clean and know why PRs are blocked.
119
120
* **notready**: Triaged as not ready yet for merging, no (immediate) reaction by the reviewee, e.g. when tests are missing, other scenarios break, only tested for one of SLE/TW
121
* **wip**: Marked by the reviewee itself as "[WIP]" or "[DO-NOT-MERGE]" or similar
122
* **question**: Questions to the reviewee, not answered yet
123 54 okurz
124
125
## Where to contribute?
126
127
If you want to help openQA development you can take a look into the existing [issues](https://progress.opensuse.org/projects/openqav3/issues). There are also some "always valid" tasks to be working on:
128
129
* *improve test coverage*:
130
 * *user story*: As openqa backend as well as test developer I want better test coverage of our projects to reduce technical debt
131
 * *acceptance criteria*: test coverage is significantly higher than before
132
 * *suggestions*: check current coverage in each individual project (os-autoinst/openQA/os-autoinst-distri-opensuse) and add tests as necessary
133
134 28 okurz
135 1 alarrosa
# Use cases
136 40 okurz
137 28 okurz
The following use cases 1-6 have been defined within a SUSE workshop (others have been defined later) to clarify how different actors work with openQA. Some of them are covered already within openQA quite well, some others are stated as motivation for further feature development.
138
139 6 okurz
## Use case 1
140 4 okurz
**User:** QA-Project Managment
141 1 alarrosa
**primary actor:** QA Project Manager, QA Team Leads
142
**stakeholder:** Directors, VP
143 7 okurz
**trigger:** product milestones, providing a daily status
144 1 alarrosa
**user story:** „As a QA project manager I want to check on a daily basis the „openQA Dashboard“ to get a summary/an overall status of the „reviewers results“ in order to take the right actions and prioritize tasks in QA accordingly.“
145 28 okurz
	
146 4 okurz
## Use case 2
147 1 alarrosa
**User:** openQA-Admin
148
**primary actor:** Backend-Team
149 4 okurz
**stakeholder:** Qa-Prjmgr, QA-TL, openQA Tech-Lead
150 7 okurz
**trigger:** Bugs, features, new testcases
151 5 okurz
**user story:** „As an openQA admin I constantly check in the web-UI the system health and I manage its configuration to ensure smooth operation of the tool.“
152 28 okurz
153 1 alarrosa
## Use case 3
154
**User:** QA-Reviewer
155
**primary actor:** QA-Team
156 4 okurz
**stakeholder:** QA-Prjmgr, Release-Mgmt, openQA-Admin
157 7 okurz
**trigger:** every new build
158
**user story:** „As an openQA-Reviewer at any point in time I review on the webpage of openQA the overall status of a build in order to track and find bugs, because I want to find bugs as early as possible and report them.“
159 28 okurz
160 1 alarrosa
## Use case 4
161
**User:** Testcase-Contributor
162 4 okurz
**primary actor:** All development teams, Maintenance QA
163 5 okurz
**stakeholder:** QA-Reviewer, openQA-Admin, openQA Tech-Lead
164 40 okurz
**trigger:** features, new functionality, bugs, new product/package
165 7 okurz
**user story:** „As developer when there are new features, new functionality, bugs, new product/package in git I contribute my testcases because I want to ensure good quality submissions and smooth product integration.“
166 28 okurz
167 4 okurz
## Use case 5
168
**User:** Release-Mgmt
169
**primary actor:** Release Manager
170 1 alarrosa
**stakeholder:** Directors, VP, PM, TAMs, Partners
171 7 okurz
**trigger:** Milestones
172
**user story:** „As a Release-Manager on a daily basis I check on a dashboard for the product health/build status in order to act early in case of failures and have concrete and current reports.“
173 28 okurz
174 4 okurz
## Use case 6
175
**User:** Staging-Admin
176
**primary actor:** Staging-Manager for the products
177 1 alarrosa
**stakeholder:** Release-Mgmt, Build-Team
178
**trigger:** every single submission to projects
179 40 okurz
**user story:** „As a Staging-Manager I review the build status of packages with every staged submission to the „staging projects“ in the „staging dashboard“ and the test-status of the pre-integrated fixes, because I want to identify major breakage before integration to the products and provide fast feedback back to the development.“
180
181
## Use case 7
182
**User:** Bug investigator
183
**primary actor:** Any bug assignee for openQA observed bugs
184
**stakeholder:** Developer
185
**trigger:** bugs
186 8 okurz
**user story:** „As a developer that has been assigned a bug which has been observed in openQA I can review referenced tests, find a newer and the most recent job in the same scenario, understand what changed since the last successful job, what other jobs show same symptoms to investigate the root cause fast and use openQA for verification of a bug fix.“
187 15 okurz
188 8 okurz
# Thoughts about categorizing test results, issues, states within openQA
189
by okurz
190
191
When reviewing test results it is important to distinguish between different causes of "failed tests"
192
193
## Nomenclature
194
195 58 okurz
### Test status categories
196 1 alarrosa
A common definition about the status of a test regarding the product it tests: "false|true positive|negative" as described on https://en.wikipedia.org/wiki/False_positives_and_false_negatives. "positive|negative" describes the outcome of a test ("positive": test signals presence of issue; "negative": no signal) whereas "false|true" describes the conclusion of the test regarding the presence of issues in the SUT or product in our case ("true": correct reporting; "false": incorrect reporting), e.g. "true negative", test successful, no issues detected and there are no issues, product is working as expected by customer. Another example: Think of testing as of a fire alarm. An alarm (event detector) should only go off (be "positive") *if* there is a fire (event to detect) --> "true positive" whereas *if* there is *no* fire there should be *no* alarm --> "true negative".
197 10 okurz
198 1 alarrosa
Another common but potentially ambiguous categorization:
199 10 okurz
200
* *broken*: the test is not behaving as expected (Ambiguity: "as expected" by whom?) --> commonly a "false positive", can also be "false negative" but hard to detect
201
* *failing*: the test is behaving as expected, but the test output is a fail --> "true positive"
202
* *working*: the test is behaving as expected (with no comment regarding the result, though some might ambiguously imply 'result is negative')
203
* *passing*: the test is behaving as expected, but the result is a success --> "true negative"
204 8 okurz
205 9 okurz
If in doubt declare a test as "broken". We should review the test and examine if it is behaving as expected.
206 10 okurz
207 8 okurz
Be careful about "positive/negative" as some might also use "positive" to incorrectly denote a passing test (and "negative" for failing test) as an indicator of "working product" not an indicator about "issue present". If you argue what is "used in common speech" think about how "false positive" is used as in "false alarm" --> "positive" == "alarm raised", also see https://narainko.wordpress.com/2012/08/26/understanding-false-positive-and-false-negative/
208
209 10 okurz
### Priorization of work regarding categories
210 3 okurz
In this sense development+QA want to accomplish a "true negative" state whenever possible (no issues present, therefore none detected). As QA and test developers we want to prevent "false positives" ("false alarms" declaring a product as broken when it is not but the test failed for other reasons), also known as "type I error" and "false negatives" (a product issue is not catched by tests and might "slip through" QA and at worst is only found by an external outside customer) also known as "type II error". Also see https://en.wikipedia.org/wiki/Type_I_and_type_II_errors. In the context of openQA and system testing paired with screen matching a "false positive" is much more likely as the tests are very susceptible to subtle variations and changes even if they should be accepted. So when in doubt, create an issue in progress, look at it again, and find that it was a false alarm, rather than wasting more peoples time with INVALID bug reports by believing the product to be broken when it isn't. To quote Richard Brown: "I […] believe this is the route to ongoing improvement - if we have tests which produce such false alarms, then that is a clear indicator that the test needs to be reworked to be less ambiguous, and that IS our job as openQA developers to deal with".
211 11 okurz
212
## Further categorization of statuses, issues and such in testing, especially automatic tests
213
By okurz
214
215
This categorization scheme is meant to help in communication in either written or spoken discussions being simple, concise, easy to remember while unambiguous in every case.
216
While used for naming it should also be used as a decision tree and can be followed from the top following each branch.
217
218
### Categorization scheme
219
220
To keep it simple I will try to go in steps of deciding if a potential issue is of one of two categories in every step (maybe three) and go further down from there. The degree of further detailing is not limited, i.e. it can be further extended. Naming scheme should follow arabic number (for two levels just 1 and 2) counting schemes added from the right for every additional level of decision step and detail without any separation between the digits, e.g. "1111" for the first type in every level of detail up to level four. Also, I am thinking of giving the fully written form phonetic name to unambiguously identify each on every level as long as not more individual levels are necessary. The alphabet should be reserved for higher levels and higher priority types.
221
Every leaf of the tree must have an action assigned to it.
222 12 okurz
223 11 okurz
1 **failed** (ZULU)
224
11 new (passed->failed) (YANKEE)
225
111 product issue ("true positive") (WHISKEY)
226 44 okurz
1111 unfiled issue (SIERRA)
227 11 okurz
11111 hard issue (openqa *fail*) (KILO)
228
111121 critical / potential ship stopper (INDIA) --> immediately file bug report with "ship_stopper?" flag; opt. inform RM directly
229 44 okurz
111122 non-critical hard issue (HOTEL) --> file bug report
230 11 okurz
11112 soft issue (openqa *softfail* on job level, not on module level) (JULIETT) --> file bug report on failing test module
231
1112 bugzilla bug exists (ROMEO)
232
11121 bug was known to openqa / openqa developer --> cross-reference (bug->test, test->bug) AND raise review process issue, improve openqa process
233
11122 bug was filed by other sources (e.g. beta-tester) --> cross-reference (bug->test, test->bug)
234
112 test issue ("false positive") (VICTOR)
235
1121 progress issue exists (QUEBEC) --> cross-reference (issue->test, test->issue)
236
1122 unfiled test issue (PAPA)
237
11221 easy to do w/o progress issue
238
112211 need needles update --> re-needle if sure, TODO how to notify?
239
112212 pot. flaky, timeout
240
1122121 retrigger yields PASS --> comment in progress about flaky issue fixed
241
1122122 reproducible on retrigger --> file progress issue
242
11222 needs progress issue filed --> file progress issue
243
12 existing / still failing (failed->failed) (XRAY)
244
121 product issue (UNIFORM)
245
1211 unfiled issue (OSCAR) --> file bug report AND raise review process issue (why has it not been found and filed?)
246
1212 bugzilla bug exists (NOVEMBER) --> ensure cross-reference, also see rules for 1112 ROMEO
247
122 test issue (TANGO)
248
1221 progress issue exists (MIKE) --> monitor, if persisting reprioritize test development work
249
1222 needs progress issue filed (LIMA) --> file progress issue AND raise review process issue, see 1211 OSCAR
250
2 **passed** (ALFA)
251
21 stable (passed->passed) (BRAVO)
252
211 existing "true negative" (DELTA) --> monitor, maybe can be made stricter
253
212 existing "false negative" (ECHO) --> needs test improvement
254
22 fixed (failed->passed) (CHARLIE)
255
222 fixed "true negative" (FOXTROTT) --> TODO split monitor, see 211 DELTA
256
2221 was test issue --> close progress issue
257
2222 was product issue
258
22221 no bug report exists --> raise review process issue (why was it not filed?)
259
22222 bug report exists
260
222221 was marked as RESOLVED FIXED
261
221 fixed but "false negative" (GOLF) --> potentially revert test fix, also see 212 ECHO
262 41 okurz
263
264 11 okurz
Priority from high to low: INDIA->OSCAR->HOTEL->JULIETT->…
265 35 okurz
266 82 okurz
# Proposals for uses of labels
267 23 okurz
With [Show bug or label icon on overview if labeled (gh#550)](https://github.com/os-autoinst/openQA/pull/550) it is possible to add custom labels just by writing them. Nevertheless, a convention should be found for a common benefit. <del>Beware that labels are also automatically carried over with (Carry over labels from previous jobs in same scenario if still failing [gh#564])(https://github.com/os-autoinst/openQA/pull/564) which might make consistent test failures less visible when reviewers only look for test results without labels or bugrefs.</del> Labels are not anymore automatically carried over ([gh#1071](https://github.com/os-autoinst/openQA/pull/1071)).
268
269
List of proposed labels with their meaning and where they could be applied.
270
271
* ***`fixed_<build_ref>`***: If a test failure is already fixed in a more recent build and no bug reference is known, use this label together with a reference to a more recent passed test run in the same scenario. Useful for reviewing older builds. Example (https://openqa.suse.de/tests/382518#comments):
272
273
```
274
label:fixed_Build1501
275
276
t#382919
277
```
278 24 okurz
279
* ***`needles_added`***: In case needles were missing for test changes or expected product changes caused needle matching to fail, use this label with a reference to the test PR or a proper reasoning why the needles were missing and how you added them. Example (https://openqa.suse.de/tests/388521#comments):
280
281
```
282
label:needles_added
283
284
needles for https://github.com/os-autoinst/os-autoinst-distri-opensuse/pull/1353 were missing, added by jpupava in the meantime.
285 60 mgriessmeier
```
286
287 67 okurz
# s390x Test Organisation
288 1 alarrosa
289 67 okurz
See the following picture for a graphical overview of the current s390x test infrastructure at SUSE:
290
291
![SUSE s390x test infrastructure](qa_sle_openqa_s390x_test_infrastructure.jpg)
292
293 75 okurz
## Upgrades
294 60 mgriessmeier
295
### on z/VM 
296
#### special Requirements
297
298
Due to the lack of proper use of hdd-images on zVM, we need to workaround this with having a dedicated worker_class aka a dedicated Host where we run two jobs with START_AFTER_TEST,
299
the first one which installs the basesystem we want to have upgraded and a second one which is doing the actually upgrade (e.g migration_offline_sle12sp2_zVM_preparation and migration_offline_sle12sp2_zVM)
300
301
Since we encountered issues with randomly other preparation jobs are started in between there, we need to ensure that we have one complete chain for all migration jobs running on one worker, that means for example:
302
303 75 okurz
1. migration_offline_sle12sp2_zVM_preparation 
304
1. migration_offline_sle12sp2_zVM (START_AFTER_TEST=#1) 
305
1. migration_offline_sle12sp2_allpatterns_zVM_preparation (START_AFTER_TEST=#2) 
306
1. migration_offline_sle12sp2_allpatterns_zVM 
307
1. ...
308 66 okurz
309
This scheme ensures that all actual Upgrade jobs are finding the prepared system and are able to upgrade it
310
311
### on z/KVM
312
313 67 okurz
No special requirements anymore, see details in #18016
314 77 nicksinger
315
## Automated z/VM LPAR installation with openQA using qnipl
316
317 78 nicksinger
There is an ongoing effort to automate the LPAR creation and installation on z/VM. A first idea resulted in the creation of [qnipl](https://github.com/openSUSE/dracut-qnipl). `qnipl` enables one to boot a very slim initramfs from a shared medium (e.g. shared SCSI-disks) and supply it with the needed parameters to chainload a "normal SLES installation" using kexec.
318 77 nicksinger
This method is required for z/VM because snipl (Simple network initial program loader) can only load/boot LPARs from specific disks, not network resources.
319
320
### Setup
321
322
1. Get a shared disk for all your LPARs
323
  * Normally this can easily done by infra/gschlotter
324
  * Disks needs to be connected to all guests which should be able to network-boot
325
1. Boot a fully installed SLES on one of the LPARs to start preparing the shared-disk
326
1. Put a DOS partition table on the disk and create one single, large partition on there
327
1. Put a FS on there. Our first test was on ext2 and it worked flawlessly in our attempts
328
1. Install `zipl` (The s390x bootloader from IBM) on this partition
329
  * A simple and sufficient config can be found in [poo#33682](https://progress.opensuse.org/issues/33682)
330
1. clone [`qnipl`](https://github.com/nicksinger/dracut-qnipl) to your dracut modules (e.g. /usr/lib/dracut/modules.d/95qnipl)
331
1. Include the module named `qnipl` to your dracut modules for initramfs generation
332
  * e.g. in /etc/dracut.conf.d/99-qnipl.conf add: `add_dracutmodules+=qnipl`
333
1. Generate your initramfs (e.g. `dracut -f -a "url-lib qnipl" --no-hostonly-cmdline /tmp/custom_initramfs`)
334
  * Put the initramfs next to your kernel binary on the partition you want to prepare
335
1. From now on you can use `snipl` to boot any LPAR connected with this shared disk from network
336
  * example: `snipl -f ./snipl.conf -s P0069A27-LP3 -A fa00 --wwpn_scsiload 500507630713d3b3 --lun_scsiload 4001401100000000 --ossparms_scsiload "install=http://openqa.suse.de/assets/repo/SLE-15-Installer-DVD-s390x-Build533.2-Media1 hostip=10.161.159.3/20 gateway=10.161.159.254 Nameserver=10.160.0.1 Domain=suse.de ssh=1 regurl=http://all-533.2.proxy.scc.suse.de"`
337
  * `--ossparms_scsiload` is then evaluated and used by `qnipl` to kexec into the installer with the (for the installer) needed parameters
338
339
### Further details
340
341 78 nicksinger
Further details can also be found in the [github repo](https://github.com/openSUSE/dracut-qnipl/blob/master/README.md). Pull requests, questions and ideas always welcome!
342 84 okurz
343 1 alarrosa
# Infrastructure setup for o3 (openqa.opensuse.org)
344 87 okurz
345 88 okurz
o3 consists of a VM running the web UI and physical worker machines. The VM for 3 has netapp backed storage on rotating disk so less performant than SSD but cheaper. So eventually we might have the possibility to use SSD based storage. Currently there are four virtual storage devices provided to o3 totalling to 10 TB.
346
347 87 okurz
## Automatic update of o3
348
349
o3 is automatically deployed on a daily base, that includes both the webUI host as well as the workers.
350 1 alarrosa
351 90 okurz
### Automatic update of o3 webUI host
352 1 alarrosa
353 90 okurz
Done with cron job in `/etc/cron.d/auto-update`
354
355 87 okurz
### Recurring automatic update of openQA workers
356
357 94 okurz
All o3 workers (except power8) apply a daily automatic update and are "Transactional Servers" running openSUSE Leap. power8 is non-transactional with a weekly update every Sunday.
358 87 okurz
359
This was for a number of reasons including:
360
361
* Getting all the machines consistent after a few years of drift
362
* Making it easier to keep them consistent by leveraging a read only root filesystem
363
* Guaranteeing rollbackability by using transactional updates
364
365 1 alarrosa
This was done by rbrown also to fulfill the prerequisite to getting them viable for multi-machine testing
366 87 okurz
367 90 okurz
These systems currently patch themselves and reboot automatically in the default maintenance window of 0330-0500 CET/CEST.
368 87 okurz
369
On problems this could be changed in the following way:
370
371
* Edit the maintenance window in /etc/rebootmgr.conf
372
* Disable the automatic reboot by "systemctl disable rebootmgr.service"
373
* Disable the automatic patching by "systemctl disable transactional-update.timer"
374
375
SUSE employees have access to the bootmenu for the openQA worker machines, e.g. openqaworker1 and openqaworker4 via openqaworker1- ipmi.suse.de and openqaworker4-ipmi.suse.de which are both connected to the r&d network. For imagetester one would need to go through SUSE-IT in an unlikely event of a boot-preventing update. "snapper rollback" can be executed from a booted, functionally operative machine which one can ssh into.
376 84 okurz
377 91 okurz
To execute commands manually on all workers one can do for example the following:
378
379
```
380
for i in aarch64 openqaworker1 openqaworker4 openqaworker7 power8 imagetester rebel; do echo $i && ssh root@$i "(transactional-update -n dup || zypper -n dup) && reboot" ; done
381
```
382
383
mind the correct list of machines.
384
385 92 okurz
For manual investigation https://github.com/kubic-project/microos-toolbox can be helpful
386
387 96 okurz
## Accessing o3 infrastructure
388
389
The o3 webui host as well as the workers within the o3 infrastructure can be accessed over ssh by using `ssh -p 2213 gate.opensuse.org`. Ask one of the existing admins to put your ssh key there to be able to login.
390
391 89 ggardet_arm
## AArch64 specific configurations on o3
392
393
On o3, the aarch64 workers need additional configuration.
394
395
### Setup HugePages
396
397
You need to setup HugePages support to improve performances with qemu VM and to match current aarch64 `MACHINE` configuration.
398
For the D05 machine, the configuration is: `40` pages with a size of `1G`.
399
If there are some permissions issues on `/dev/hugepages/`, check https://progress.opensuse.org/issues/53234
400
401
402 84 okurz
## Moving worker from osd to o3
403
404
* Ensure system management, e.g. over IPMI works. This is untouched by the following steps and can be used during the process for recovery and setup
405
* Ensure network is configured for DHCP
406
* Instruct SUSE-IT to change VLAN for machine from 2 to 662 (example: https://infra.nue.suse.com/SelfService/Display.html?id=16458)
407
* Remove from osd:
408
409
```
410
salt-key -y -d openqaworker7.suse.de
411
```
412
413
* Add entry on o3 to `/etc/dnsmasq.d/openqa.conf` with MAC address, e.g.
414
415
```
416
dhcp-host=54:ab:3a:24:34:b8,openqaworker7
417
```
418
419
* Add entry to `/etc/hosts` which dnsmasq picks up to give out a DHCP lease, e.g.
420
421
```
422
192.168.112.12   openqaworker7.openqanet.opensuse.org openqaworker7
423
```
424
425 85 okurz
* Adapt NFS mount point
426
427
```
428
sed -i '/openqa\.suse\.de/d' /etc/fstab && echo 'openqa1-opensuse:/ /var/lib/openqa/share nfs4 ro,fsc 0 0' >> /etc/fstab
429
```
430
431 84 okurz
* Reload dnsmasq with `systemctl restart dnsmasq`
432
* Restart network on machine (over IMPI) using `systemctl restart network` and monitor in o3:`journalctl -f -u dnsmasq` until address is assigned, e.g.:
433
434
```
435
Feb 29 10:48:30 ariel dnsmasq[28105]: read /etc/hosts - 30 addresses
436
Feb 29 10:48:54 ariel dnsmasq-dhcp[28105]: DHCPREQUEST(eth1) 10.160.1.101 54:ab:3a:24:34:b8
437
Feb 29 10:48:54 ariel dnsmasq-dhcp[28105]: DHCPNAK(eth1) 10.160.1.101 54:ab:3a:24:34:b8 wrong network
438
Feb 29 10:49:10 ariel dnsmasq-dhcp[28105]: DHCPDISCOVER(eth1) 54:ab:3a:24:34:b8
439
Feb 29 10:49:10 ariel dnsmasq-dhcp[28105]: DHCPOFFER(eth1) 192.168.112.12 54:ab:3a:24:34:b8
440
Feb 29 10:49:10 ariel dnsmasq-dhcp[28105]: DHCPREQUEST(eth1) 192.168.112.12 54:ab:3a:24:34:b8
441
Feb 29 10:49:10 ariel dnsmasq-dhcp[28105]: DHCPACK(eth1) 192.168.112.12 54:ab:3a:24:34:b8 openqaworker7
442 85 okurz
```
443
444
* Ensure all mountpoints up
445
446
```
447
mount -a
448 84 okurz
```
449
450
* Change root password to o3 one
451 86 okurz
* Allow ssh password authentication: `sed -i 's/^PasswordAuthentication/#&/' /etc/ssh/sshd_config && systemctl restart sshd`
452 84 okurz
* Add personal ssh key to machine, e.g. openqaworker7:/root/.ssh/authorized_keys
453
* Update /etc/openqa/client.conf with the same key as used on other workers for "openqa1-opensuse"
454
* Update /etc/openqa/workers.ini with similar config as used on other workers, e.g. based on openqaworker4, example:
455
456
```
457
# diff -Naur /etc/openqa/workers.ini{.osd,}
458
--- /etc/openqa/workers.ini.osd 2020-02-29 15:21:47.737998821 +0100
459
+++ /etc/openqa/workers.ini     2020-02-29 15:22:53.334464958 +0100
460
@@ -1,17 +1,10 @@
461
-# This file is generated by salt - don't touch
462
-# Hosted on https://gitlab.suse.de/openqa/salt-pillars-openqa
463
-# numofworkers: 10
464
-
465
 [global]
466
-HOST=openqa.suse.de
467
-CACHEDIRECTORY=/var/lib/openqa/cache
468
-LOG_LEVEL=debug
469
-WORKER_CLASS=qemu_x86_64,qemu_x86_64_staging,tap,openqaworker7
470
-WORKER_HOSTNAME=10.160.1.101
471
-
472
-[1]
473
-WORKER_CLASS=qemu_x86_64,qemu_x86_64_staging,tap,qemu_x86_64_ibft,openqaworker7
474
+HOST=http://openqa1-opensuse
475
+WORKER_HOSTNAME=192.168.112.12
476
+CACHEDIRECTORY = /var/lib/openqa/cache
477
+CACHELIMIT = 50
478
+WORKER_CLASS = openqaworker7,qemu_x86_64
479
480
-[openqa.suse.de]
481
-TESTPOOLSERVER = rsync://openqa.suse.de/tests
482
+[http://openqa1-opensuse]
483
+TESTPOOLSERVER = rsync://openqa1-opensuse/tests
484
```
485
486
* Remove OSD specifics
487
488
```
489
systemctl disable --now auto-update.timer salt-minion telegraf
490
for i in  NPI SUSE_CA telegraf-monitoring; do zypper rr $i; done
491
zypper -n dup --force-resolution --allow-vendor-change
492
```
493
494
* If the machine is not a transactional-server one has the following options: Keep as is and handle like power8 (also not transactional), enable transactional updates w/o root being r/o, change to root being r/o on-the-fly, reinstall as transactional. At least option 2 is suggested, enable transactional updates:
495
496
```
497
zypper -n in transactional-update
498
systemctl enable --now transactional-update.timer rebootmgr
499
```
500
501
* Enable apparmor
502
503
```
504
zypper -n in apparmor-utils
505
systemctl unmask apparmor
506
systemctl enable --now apparmor
507
```
508
509
* Switch firewall from SuSEfirewall2 to firewalld
510
511
```
512
zypper -n in firewalld && zypper -n rm SuSEfirewall2
513
systemctl enable --now firewalld
514
firewall-cmd --zone=trusted --add-interface=br1
515
firewall-cmd --set-default-zone trusted
516
firewall-cmd --zone=trusted --add-masquerade
517
```
518
519
* Copy over special openSUSE UEFI staging images, see #63382
520
* Check operation with a single openQA worker instance:
521
522
```
523
systemctl enable --now openqa-worker.target openqa-worker@1
524
```
525
526
* Test with an openQA job cloned from a production job, e.g. for openqaworker7
527
528
```
529
openqa-clone-job --within-instance https://openqa.opensuse.org/t${id} WORKER_CLASS=openqaworker7
530
```
531
532
* After the latest openQA job could successfully finish enable more worker instances
533
534
```
535
systemctl unmask openqa-worker@{2..14} && systemctl enable --now openqa-worker@{2..14}
536
```
537
538
* Monitor if nightly update works, e.g. look for journal entry:
539
540
```
541
Mar 01 00:08:26 openqaworker7 transactional-update[10933]: Calling zypper up
542
543
Mar 01 00:08:51 openqaworker7 transactional-update[10933]: transactional-update finished - informed rebootmgr
544
Mar 01 00:08:51 openqaworker7 systemd[1]: Started Update the system.
545
546
Mar 01 03:30:00 openqaworker7 rebootmgrd[40760]: rebootmgr: reboot triggered now!
547
548
Mar 01 03:36:32 openqaworker7 systemd[1]: Reached target openQA Worker.
549
```
550 93 okurz
551 95 okurz
## Distribution upgrades
552
553
```
554
. /etc/os-release
555
sed -i -e "s/${VERSION_ID}/\$releasever/g" /etc/zypp/repos.d/*
556
zypper --releasever=$new_version ref
557
test -f /etc/openqa/openqa.ini && sudo -u geekotest /opt/openqa-scripts/dump-psql
558
zypper -n --releasever=$new_version dup --auto-agree-with-licenses --replacefiles --download-in-advance
559
for i in $(cat /var/adm/rpmconfigcheck) ; do vimdiff ${i%.rpm*} $i ; done
560
rm $(cat /var/adm/rpmconfigcheck)
561
reboot
562
systemctl --failed
563
```
564
565 93 okurz
# openQA infrastructure needs (o3 + osd)
566
567
TL;DR: SSD storage for o3 would be good, new OSD ARM workers needed, missing redundancy for o3-ppc, rest is fine for the time being
568
569
2020-03: SUSE IT (EngInfra) provided us more space for O3 but we have only slow rotating-disk storage. Performance could be improved by providing SSD storage.
570
571
The most time and effort we currently struggle with storage space for OSD (openqa.suse.de) ~~both OSD (openqa.suse.de) as well as O3 (openqa.opensuse.org) (2020-03: Situation on o3 resolved with more storage provided by SUSE IT)~~. Both instances (OSD + O3) are using precious netapp-storage but there is currently no better approach to use different, external storage. An increase of the available space would be appreciated, ~~o3 being more important right now than osd,~~ see https://progress.opensuse.org/issues/57494 for details. Graphs like 
572
https://stats.openqa-monitor.qa.suse.de/d/nRDab3Jiz/openqa-jobs-test?orgId=1&from=1578343509900&to=1578653794173&fullscreen&panelId=12 show how usual test backlogs are worked on within OSD by architecture. It can be seen that both the ppc64le and aarch64 backlogs are reduced fast so we do not need more ppc64le or aarch64 machines. However, we have a stability problem with all three aarch64 workers. Potentially new machine(s) could help, see https://progress.opensuse.org/issues/41882 for details.