-
Notifications
You must be signed in to change notification settings - Fork 1
160 lines (141 loc) · 5.17 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
# Copyright (C) 2023 Sebastian Pipping <[email protected]>
# SPDX-License-Identifier: MIT
name: Build
# Drop permissions to minimum for security
permissions:
contents: read
on:
pull_request:
push:
schedule:
- cron: '0 2 * * 5' # Every Friday at 2am
workflow_dispatch:
jobs:
build:
name: Build
runs-on: ubuntu-22.04
env:
source_image: CentOS-Stream-GenericCloud-9-20231106.0.x86_64.qcow2
hdd_image: centos_hdd.qcow2
config_image: config_drive.iso
private_key: id_rsa__centos
public_key: id_rsa__centos.pub
username: centos
hostname: fake-kiwi3-quince
steps:
- uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
- name: Install dependencies (base)
run: |-
sudo apt-get update
sudo apt-get install --yes --no-install-recommends -V \
ansible \
genisoimage \
python3-pip \
python3-venv \
qemu-system-x86-64 \
qemu-utils \
wait-for-it
- name: Install dependencies (genconfdrv)
run: |-
set -v
git clone https://git.someserver.de/seba/genconfdrv.git
cd genconfdrv
git checkout d0a3658a93b47baf64790ba8985c5c6b73187db3 # just to avoid movement
python3 -m venv venv
source venv/bin/activate
pip install .
- name: Restore OpenStack source image from cache (if available)
id: cache-source-image
uses: actions/cache/restore@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: ${{ env.source_image }}
key: ${{ env.source_image }}
- name: Download OpenStack source image
if: steps.cache-source-image.outputs.cache-hit != 'true'
run: |-
set -x
wget "https://cloud.centos.org/centos/9-stream/x86_64/images/${source_image}"
- name: Save OpenStack VM source to cache (if missing)
if: steps.cache-source-image.outputs.cache-hit != 'true'
uses: actions/cache/save@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: ${{ env.source_image }}
key: ${{ env.source_image }}
- name: Create HDD file
run: |-
set -x
mv "${source_image}" "${hdd_image}"
qemu-img resize "${hdd_image}" 20g
- name: Create password-less SSH keypair
run: |-
set -x
ssh-keygen -N '' -C "${username}@${hostname}" -f "${private_key}"
- name: Create OpenStack config drive
run: |-
source genconfdrv/venv/bin/activate
set -x
genconfdrv \
-v \
--format iso \
-o "${config_image}" \
-H "${hostname}" \
-a "${username}:$(cat "${public_key}")" \
--disable-upgrades \
--no-debian-cleanup \
--no-debian-sources-cleanup
- name: Interact with VM
run: |-
set -x -o pipefail
# Prepare 127.0.0.1:22 for use by KVM
sudo systemctl stop sshd.service
sudo tee -a /etc/hosts <<<'127.0.0.1 kiwi3.gentoo-ev.org quince.gentoo-ev.org'
[[ "$(getent hosts kiwi3.gentoo-ev.org | awk '{print $1}' | tee /dev/stderr)" = 127.0.0.1 ]]
[[ "$(getent hosts quince.gentoo-ev.org | awk '{print $1}' | tee /dev/stderr)" = 127.0.0.1 ]]
# Spin up KVM
[[ ! -e /dev/kvm ]] # if this fails, add "-enable-kvm" to KVM below and then drop this assert
sudo qemu-system-x86_64 \
-chardev file,id=char0,path=serial.txt -serial chardev:char0 \
-cpu max \
-m 2g \
-drive "file=${hdd_image},format=qcow2,media=disk" \
-drive "file=${config_image},format=raw,media=cdrom" \
-net nic \
-net user,hostfwd=tcp::22-:22 \
-nographic \
&
qemu_pid=$!
# Follow VM console
while [[ ! -f serial.txt ]]; do
sleep 0.5
done
tail -f serial.txt &
tail_pid=$!
# Wait until SSH to the VM is working
wait-for-it -t 90 127.0.0.1:22
eval "$(ssh-agent)"
ssh-add "${private_key}"
export ANSIBLE_SSH_COMMON_ARGS='-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'
SSH() { ssh "${username}@127.0.0.1" ${ANSIBLE_SSH_COMMON_ARGS} "$@"; }
set +x
for i in {1..100}; do
if ! SSH id; then
sleep 5
continue
fi
break
done
set -x
SSH id # now as an assertion
# Throw Ansible at the VM
# NOTE: Without the "| cat", Ansible will refuse operation saying
# it requires blocking I/O on stdout. See this pull request:
# https://github.com/ansible/ansible/pull/77668/files
cd ansible
export ANSIBLE_FORCE_COLOR=true
export PYTHONUNBUFFERED=1
time ansible-playbook playbook-setup-kiwi3.yml playbook-setup-quince.yml | cat
# Shut down
set +e
SSH sudo poweroff
kill -2 "${tail_pid}"
kill -2 "${qemu_pid}"