Prepare two synchronized machines to test PCW

[ilausuch]

PCW is executed in a microos and is setup using ansible. This PR creates the environment for two VMs to test the ansible playbooks and selenium tests.

The microos is ready with all the needed packages.

• Related ticket: https://progress.opensuse.org/issues/130144
• Verification run:
  https://openqa.suse.de/tests/11624244
  https://openqa.suse.de/tests/11624245

[pdostal]

Please generate new keys and put them into data/publiccloud/pcw/.

[grisu48]

We should not use pre-generated keys in test runs, but rather generate new transient keys for each test run.

[pdostal]

This is already done in Ansible.

[asmorodskyi]

yes I would expect only python3 install here , all other things should happen via ansible script if we currently missing something we need to add this into ansible script not here

[ilausuch]

do you mean python3-selinux?
why python3 shouldn't be in the other repo?

[pdostal]

Try to remove this as a whole.

[asmorodskyi]

Try to remove this as a whole.

no we do need to install python on target ( it is not available by default on MicroOS and requirement by ansible )

do you mean python3-selinux?

no I mean that except installation of python package target should not be changed by the test at all , no addition of extra repos , no extra packages installation . the whole point of this test is to check that on clean VM this ansible playbook can create workable system. With set of this zypper addrepo ... / zypper in ... calls you removing "on clean VM"

[pdostal]

Anton, there is no Python in the list right now. Isn't Python on MicroOS by default? And if it's not, then Ivan will find out latest.

[asmorodskyi]

Anton, there is no Python in the list right now. Isn't Python on MicroOS by default? And if it's not, then Ivan will find out latest.

two times when I was doing this setup manually I was forced to install python , but you can double-check with someone who knows MicroOS better

[grisu48]

python3 is not present by default I think. However this things are moving rather quickly, it's anyways good to install it explicitly, just to ensure it's present.

[asmorodskyi]

at least for me pcw_client is a bit confusing . I would call it ansible_client and ansible_target . After all playbook will install not only PCW there

[grisu48]

Do we really need selenium? Wouldn't it be sufficient to fetch the /health.json from the newly installed PCW instance and check if it returns the expected status object?

{"status": "ok"}

[asmorodskyi]

Do we really need selenium?

1. I think this discussion goes far away from this PR . this is something what we will decide later on
2. depending what expected coverage for the test . I think at the end we will have several tests based on that some of them will concentrate covering ansible playbook and they won't need selenium . Others will aim give better coverage of PCW functionality and here we might use selenium

[github-actions]

Great PR! Please pay attention to the following items before merging:

Files matching lib/**.pm:

• Consider adding or extending unit tests in t/

This is an automatically generated QA checklist based on modified files.

[ricardobranco777]

Do we really need selenium? Wouldn't it be sufficient to fetch the /health.json from the newly installed PCW instance and check if it returns the expected status object?

{"status": "ok"}

I do believe that Selenium tests would fit nicely here, because the one that we have in GitHub interacts directly with Django, and in this case we have Nginx + Django.

@ilausuch (or anyone planning to add such a test):

• Example code on how to run it in openQA: https://github.com/os-autoinst/os-autoinst-distri-opensuse/blob/master/tests/ha/hawk_gui.pm
• Basic Selenium test for pcw: https://github.com/SUSE/pcw/blob/master/tests/test_webui.py

OPTIONAL: Run the tests using a Docker image like it's done with HAWK:

• Example Dockerfile: https://github.com/ClusterLabs/hawk/blob/master/e2e_test/Dockerfile
• Documentation on how to publish the image in registry.opensuse.org: https://confluence.suse.com/display/qasle/Automatic+publishing+of+Docker+images+from+a+Git+repository+using+OpenBuildService

[asmorodskyi]

LGTM

[asmorodskyi]

it won't work like this see line 201

[asmorodskyi]

if (check_var('PUBLIC_CLOUD_PREPARE_TOOLS', 1)) {
        load_create_publiccloud_tools_image();
    }
    elsif (check_var('PUBLIC_CLOUD_TOOLS_CLI', 1)) {
        load_publiccloud_cli_tools();
    }
elsif (get_var('PUBLIC_CLOUD_PCW_TARGET')) {
            loadtest 'microos/disk_boot';
            loadtest 'publiccloud/ansible_target';
}
    else {
        loadtest 'boot/boot_to_desktop';
        if (get_var('PUBLIC_CLOUD_MIGRATION')) {
            my $args = OpenQA::Test::RunArgs->new();
            loadtest('publiccloud/upload_image', run_args => $args);
            loadtest('publiccloud/migration', run_args => $args);
        } elsif (check_var('PUBLIC_CLOUD_DOWNLOAD_TESTREPO', 1)) {
            load_publiccloud_download_repos();
        } elsif (get_var('PUBLIC_CLOUD_QAM')) {
            load_maintenance_publiccloud_tests();
        } elsif (get_var('PUBLIC_CLOUD_PCW_CLIENT')) {
             loadtest 'publiccloud/ansible_client';
}

[ilausuch]

Yes, understood. In my wayt a previous loadtest is added

[pdostal]

I would move this out of load_slem_on_pc_tests().

[pdostal]

Please either allow password login and generate the key in the test or at least generate our own key in data/publiccloud/

[grisu48]

Let's please not have pre-generated keys as they always expose a certain security risk. Unless really really really necessary, let's generate per-test key pairs.

[asmorodskyi]

Let's please not have pre-generated keys as they always expose a certain security risk. Unless really really really necessary, let's generate per-test key pairs.

IMHO it is too much . we can not apply common security rules into short living test VM running in internal network . Generating per-test key pairs coming with very high price -> in case debug is needed you can access VM only via VNC

[asmorodskyi]

if we really want to care about security of test VM running on internal network let's hide ssh key in worker config so it will be protected on same level as some other info which has much much more value

[ilausuch]

We decided to move in an other direction. See the ticket