buildtestvms.sh is using "hammer host reboot" which needs vmtools (either vmware-tools or open-vm-tools) to be installed and active.

If OTOH you use hammer host stop followed by a hammer host start then you can power cycle a VM hard without needing the vmtools.

As the VM is going to be rebuilt, we might as well power cycle it hard and do without the requirement for vmtools (and save a couple seconds that the VM would take to cleanly shutdown).

currently mock is called without the -r flag. This means that only the release that the symlink /etc/mock/default.cfg points to.

change the scripts to have one more param in the jenkins job so as to be able to select the mock config (e.g. rhel-6-x86_64, rhel-7-x86_64)

In Sat 6.2.6 I just noticed that CV versions are not necessarily listed in chronological order.

This breaks publishcv.sh (lines 39 through 42)

Example

# hammer content-view info --name "cv-soe-testing-6Server" --organization-id 1 | sed -n "/Versions:/,/Components:/p"
Versions:
 1) ID:        744
    Version:   74.0
    Published: 2017/01/10 13:15:34
2) ID:        739
    Version:   72.0
    Published: 2017/01/10 07:27:22
3) ID:        742
    Version:   73.0
    Published: 2017/01/10 12:10:11
4) ID:        696
    Version:   61.0
    Published: 2017/01/04 12:50:57
5) ID:        697
    Version:   62.0
    Published: 2017/01/04 15:53:22
6) ID:        700
    Version:   63.0
    Published: 2017/01/04 16:40:46
7) ID:        701
    Version:   64.0
    Published: 2017/01/04 17:30:44
8) ID:        703
    Version:   65.0
    Published: 2017/01/04 18:37:44
9) ID:        704
    Version:   66.0
    Published: 2017/01/04 19:14:22
10)ID:        705
    Version:   67.0
    Published: 2017/01/05 11:08:41
11)ID:        708
    Version:   68.0
    Published: 2017/01/05 13:06:46
12)ID:        709
    Version:   69.0
    Published: 2017/01/05 14:24:48
13)ID:        711
    Version:   70.0
    Published: 2017/01/05 15:25:52
14)ID:        728
    Version:   71.0
    Published: 2017/01/09 18:27:05
Components:

currently we have this bit of code;

# we need to wait until all the test machines have been rebuilt by foreman
[...]

in pushtests.sh

• That's not nice for the pipeline as time spent installing is counted towards pushtests.sh instead of buildtestvms.sh.
• Replicate the test (for a System under Test (SUT) being in build mode) to buildtestvms.sh from pushtests.sh.
• Do not remove the test from pushtests.sh though, in a puppet-only build buildtestvms.sh is never called.

note to self:
config_opts['use_nspawn'] = False
to

• docs
• example config el7
• example config el6
  if in testing I continue having issues with mock builds with the latest mock

As a user I want to easily use Option 2: Using a Content View as a Puppet Environment directly from A separate lifecycle for Puppet modules in Satellite 6 by @wzzrd

The idea is that there are 2 HG
a) one for full SOE CI runs
b) one for puppet only

Jenkins should build the job for full SOE CI runs once or twice day for the HG members of a) (so build by schedule)
and do a puppet run on the HG members of b) as soon as there is a git commit (so poll git every minute).

I should have thought of this earlier.
Just came across a customer who has had capsule syncs stuck for many days but did not look into the cause.

Introduce a timeout to capsule-sync.check.sh to that after a maximum of N hours the script does
exit 1

tell() in common.sh folds at the default 80 columns.
This negatively impacts log readability, as most other console output in Jenkins is wider than 80 columns
Personally, I find 240 much more pleasant. 81add13

We need to restrict the role of the satellite jenkins user to minimum permissions required for running the job.

@nstrug README.md should have links to your posts on Open Source Architects

320cba1 makes that addition.

You should be able to merge #66

Master branch should be protected to prevent direct commits.

common.sh uses

"hammer content-host list --organization \"${ORG}\" \
--host-collection \"$TESTVM_HOSTCOLLECTION\" \

While this works fine on Satellite 6.1, Satellite 6.2's hammer has changed in that regard.

# hammer content-host list --organization "Sat Test" --host-collection "Test Servers RHEL7"
Error: Unrecognised option '--host-collection'

See: 'hammer content-host list --help'

As a release manager I want to specify locations of satellite servers, repository IDs, host groups etc in the build plan, rather than in common.sh

Use latest version of deployment diagram and upload as svg

without shadow-utils, mock --init will fail (missing useradd)

We need a replacement for the PostBuildScriptPlugin because:

Distribution of This Plugin Has Been Suspended

currently we do not wait for capsule sync to finish before trying to install and test.

so either we need to make it clear that the test machines must not be behind a capsule or wait with buildtestvms.sh until capsule syncs are finished.

In case of the latter, an crude but workable solution might be
hammer --csv task list --search 'state = running and label = Actions::Katello::ContentView::CapsuleGenerateAndSync' | tail -n +2
run in a loop until we get 0 lines. But more elegant would be to actually wait on jyust the capsule sync we need.

@ericzolf comments?
I'll start poking at this once I know your preference. (just assign ticket to me after you commented)

We need to be able to delete a puppet module from git, and have it deleted from the export repo, and hence from the new CV ver.

As a build engineer, I want to be able to test puppet modules against realworld configuration prior to committing them.

As a user, I do not want to wait for Satellite 6 to run hammer repository synchronize on REPO_ID if no new RPMs were built. The repo sync operation being quite expensive.

The following 2 commands should only run if rpmbuild.sh wrote entries to MODIFIED_CONTENT_FILE

# refresh the upstream yum repo
createrepo ${YUM_REPO}

# use hammer on the satellite to push the RPMs into the repo
# the ID of the ACME Test repository is 16
ssh -q -l ${PUSH_USER} -i /var/lib/jenkins/.ssh/id_rsa ${SATELLITE} \
    "hammer repository synchronize --id ${REPO_ID}" || \
  { err "Repository '${REPO_ID}' couldn't be synchronized."; exit 1; }

Output an Openstack/RHEV-ready image as part of the build.

the pipeline in Jenkins' classic view (aka the "not blue ocean" view) doesn't display stages which come after a failed stage. Therefore the stage view in the job overview page is lost eveytime the number of executed stages differs.
assuming that blue ocean isn't used everywhere, we need to workaround this behaviour.

related open jenkins issues: https://issues.jenkins-ci.org/browse/JENKINS-43995 , which basically means that the display options per step and stage are limited right now, but it's sufficient.

side note: if stages are added / removed / renamed in the pipeline itself, the stage view loses the history again. but that makes sense.

please add a note to both mock config files and the readme.
The user does not only need to take the cert and key from their existing /etc/yum.repos.d/redhat.repo but also the baseurl

As a user of soe-ci, I want any initial puppet run to complete before running the bats tests.

pushtests.sh waits 30 secs between being fairly certain that the box is up

 if [[ ${status} == 3 ]] && ping -c 1 -q $I && nc -w 1 $I 22

and starting the testing ("yum install -y bats rsync" and 'cd tests ; bats -t *.bats').
That's too tight in some setups.
I just ran into a machine that was still busy installing packages that were ensure installed via puppet, so the "yum install -y bats rsync" failed, making my tests fail when there was no reason to.

Ideally we would detect that the initial run has finished before running any of the bats tests.

As a dirty work-around, I've added a 5 min sleep to my current setup (not pushed upstream), but that's not elegant. So fix this properly in the future.

currently:

def loadEnvVars() {
  loadEnvVarsFromFile("script-env-vars.groovy")
  if (params.PUPPET_ONLY == true) {
    loadEnvVarsFromFile("script-env-vars-puppet-only.groovy")
  } else {
    loadEnvVarsFromFile("script-env-vars-rpm.groovy")
  }
}

if you want to use the Jenkinsfile for example with el6 and el7, you need to use another branch or copy it. that's far from good.

PR is coming this week to resolve this.

when I query a host on VMware I get poweredOn / poweredOff and not running / shutoff

could someone using libvirt (maybe @ericzolf or @nstrug ) please verify what they get with Sat 6.1.7 (or later)
hammer host status --id sometesthost.example.com

if it's also poweredOn / poweredOff then I'll make a PR (with a0507bd ) for you.
If OTOH is's still running / shutoff , then the the script buildtestvms.sh needs extending to cover both cases.

We need to provide ansible support as an alternative/addition to puppet.

• provide an ansible-only job/pipeline
• use ansible tower provisioning callback in kickstart template
• ensure ansible user created

ssh -l jenkins -i /var/lib/jenkins/.ssh/id_rsa
satellite.example.com '/usr/bin/hammer template create --file
kickstarts/test-kickstart.erb --name "Kickstart RHEL ACME" --type
provision'
Could not create the config template:
Organization ids Invalid organizations selection, you must select at
least one of yours
Location ids Invalid locations selection, you must select at least one
of yours

If I look at the differences between the RHEL 6 and the RHEL 7 config files for mock, regarding config_opts['chroot_setup_cmd'],

common packages are:
bash
bzip2
cpio
diffutils
gcc-c++
gzip
make
patch
rpm-build
sed
shadow-utils
tar
unzip
which

Packages only for RHEL 6 are:
-coreutils
-findutils
-gawk
-gcc
-grep
-info
-redhat-release
-redhat-rpm-config
-util-linux-ng
-xz

Packages only for RHEL 7 are:
+gdd
+perl

And I don't understand why there should be such differences.

rpmbuild.sh and puppetbuild.sh uses mv
this means we end up with var_lib_t instead of httpd_sys_content_t

note to self: as the jenkins user owns these files a minimal fix is to simply restorecon -F

currently the code does not have a timeout for running puppet-done-test.sh

Ideally we want to wait some maximum (e.g. 30 minutes) and then simply continue so that the test can fail instead of running indefinitely.

It should be sufficient to change the above line to /usr/bin/timeout 30m /root/puppet-done-test.sh

Similar to #83
We should delete RPMs from YUM_REPO if there no longer is a coresponding directory in git

Rewrite README from asciidoc to markdown.

As a user, I do not want to wait for Satellite 6 to run hammer repository synchronize on PUPPET_REPO_ID if no new puppet modules were built. The repo sync operation being quite expensive.

The repo sync command should only run if puppetbuild.sh wrote entries to MODIFIED_CONTENT_FILE.

# use hammer on the satellite to push the modules into the repo
ssh -q -l ${PUSH_USER} -i ${RSA_ID} ${SATELLITE} \
    "hammer repository synchronize --id ${PUPPET_REPO_ID}" || \
  { err "Repository '${PUPPET_REPO_ID}' couldn't be synchronized."; exit 1; }

the rest of puppetpush.sh should run though.

TITO support in rpmbuild.sh

Hello,

how about multiple teams working on different projects (for example we have 100 diff teams working on diff projects ), we created multiple products for them in satellite and repos for them, now issue is .. for a particular consumer you can only bind single content view, if App1 wants to use product or repo from App2 they have to add their repos to App1's content view (but you cant simple assign 2 CV to a particular system).

how to segregate OS related repos and application repos?, so for example if we update OS repo for some erratas, we can just update CV for OS repos only and App CVs are different, but problem is only one CV can be assigned to particular host

Regards,
DJ

I just came across your project and see that adding kickstart functionality is on the to do list. I am the author of the jaks project that makes use of %pre and arguments passed to the kernel via the initramfs argument list to kickstart anaconda based distros. It also slipstreamed post configurations w/ %post.

It is all written in shell so it is portable. Is there a desired place to hook it in? I was looking at the kickstart script currently in place and it looks as if it is just picking up some recently modified .erb files vs. any type of os build.

I currently don't have an environment to facilitate testing and implementation but think it might be a good method of kickstart usage in your project.

There is a MODAUTHOR parameter defined in config.xml but no script is making use of it. As we would have at a typical customer, Puppet modules coming from different sources, I'm not really sure what the purpose of this would be, hence I'd suggest to remove the parameter and I can do it myself, but before I do, I wanted to be sure I didn't oversee anything.

Rewrite scripts to use local hammer on the Jenkins host instead of ssh-ing to satellite.

Hi Nick,

Just noticed a bug in publishcv.sh.

"hammer content-view version promote --content-view "${CV}" --organization "${ORG}"
--lifecycle-environment-id "${TESTVM_ENV}" --id ${VER}"

Should read:
"hammer content-view version promote --content-view "${CV}" --organization "${ORG}"
--to-lifecycle-environment-id "${TESTVM_ENV}" --id ${VER}"

Perhaps this changed in v 6.0.6?

Chris

We need to be able to deploy the entire solution (satellite, jenkins, mock etc and all integration points) from a playbook.

Remove disable selinux instruction in README.md

As a user, I do not want to wait for the extremely expensive hammer content view publish and/or hammer content-view version promote to run if nothing changed (e.g. when debugging buildtestvms.sh).

Ideally only affected (C)CVs are published and promoted.

But that would probably need a cleaner hammer way then grep -E in the following mess

[root@satellite ~]# hammer content-view info  --id 6 --organization-id 1
ID:                     6
Name:                   cv-Jenkins-SOE-el7
Label:                  cv-Jenkins-SOE-el7
Composite:              false
Description:            the CV that the SOE-el7 Jenkins job updates
Content Host Count:     2
Organisation:           Sat Test
Yum Repositories:       
 1) ID:    3
    Name:  Red Hat Satellite Tools 6.2 for RHEL 7 Server RPMs x86_64
    Label: Red_Hat_Satellite_Tools_6_2_for_RHEL_7_Server_RPMs_x86_64
 2) ID:    15
    Name:  Red Hat Enterprise Linux 7 Server - Fastrack RPMs x86_64
    Label: Red_Hat_Enterprise_Linux_7_Server_-_Fastrack_RPMs_x86_64
 3) ID:    1
    Name:  Red Hat Enterprise Linux 7 Server Kickstart x86_64 7.2
    Label: Red_Hat_Enterprise_Linux_7_Server_Kickstart_x86_64_7_2
 4) ID:    2
    Name:  Red Hat Enterprise Linux 7 Server RPMs x86_64 7Server
    Label: Red_Hat_Enterprise_Linux_7_Server_RPMs_x86_64_7Server
 5) ID:    14
    Name:  Red Hat Enterprise Linux 7 Server - Extras RPMs x86_64
    Label: Red_Hat_Enterprise_Linux_7_Server_-_Extras_RPMs_x86_64
 6) ID:    17
    Name:  Red Hat Enterprise Linux 7 Server - Optional Fastrack RPMs x86_64
    Label: Red_Hat_Enterprise_Linux_7_Server_-_Optional_Fastrack_RPMs_x86_64
 7) ID:    16
    Name:  Red Hat Enterprise Linux 7 Server - Optional RPMs x86_64 7Server
    Label: Red_Hat_Enterprise_Linux_7_Server_-_Optional_RPMs_x86_64_7Server
 8) ID:    9
    Name:  EPEL RHEL7 x86_64
    Label: EPEL_RHEL7_x86_64
 9) ID:    70
    Name:  RPMS RHEL7
    Label: RPMS_RHEL7
Docker Repositories:    

OSTree Repositories:    

Puppet Modules:         
 1) ID:      14
    Name:    dmz
    Author:  acme
    Created: 2016/07/30 17:59:29
    Updated: 2016/07/30 17:59:29
 2) ID:      13
    Name:    role
    Author:  acme
    Created: 2016/07/30 17:59:27
    Updated: 2016/07/30 17:59:27
 3) ID:      12
    Name:    qpid
    Author:  acme
    Created: 2016/07/30 17:59:26
    Updated: 2016/07/30 17:59:26
 4) ID:      11
    Name:    bats
    Author:  acme
    Created: 2016/07/30 17:59:24
    Updated: 2016/07/30 17:59:24
 5) ID:      10
    Name:    profile_nfs
    Author:  acme
    Created: 2016/07/30 17:59:22
    Updated: 2016/07/30 17:59:22
 6) ID:      9
    Name:    profile
    Author:  acme
    Created: 2016/07/30 17:59:20
    Updated: 2016/07/30 17:59:20
 7) ID:      8
    Name:    ssh
    Author:  acme
    Created: 2016/07/30 17:59:19
    Updated: 2016/07/30 17:59:19
 8) ID:      7
    Name:    auto
    Author:  acme
    Created: 2016/07/30 17:59:17
    Updated: 2016/07/30 17:59:17
 9) ID:      6
    Name:    role_www
    Author:  acme
    Created: 2016/07/30 17:59:16
    Updated: 2016/07/30 17:59:16
 10)ID:      5
    Name:    role_db
    Author:  acme
    Created: 2016/07/30 17:59:14
    Updated: 2016/07/30 17:59:14
 11)ID:      4
    Name:    profile_apache
    Author:  acme
    Created: 2016/07/30 17:59:12
    Updated: 2016/07/30 17:59:12
 12)ID:      3
    Name:    profile_base
    Author:  acme
    Created: 2016/07/30 17:59:11
    Updated: 2016/07/30 17:59:11
 13)ID:      2
    Name:    firewall
    Author:  acme
    Created: 2016/07/30 17:59:09
    Updated: 2016/07/30 17:59:09
 14)ID:      1
    Name:    profile_postgres
    Author:  acme
    Created: 2016/07/30 17:59:08
    Updated: 2016/07/30 17:59:08
Lifecycle Environments: 
 1) ID:   2
    Name: Engineering
 2) ID:   1
    Name: Library
Versions:               
 1) ID:        6
    Version:   1.0
    Published: 2016/07/30 17:59:34
 2) ID:        7
    Version:   2.0
    Published: 2016/07/30 19:01:46
 3) ID:        8
    Version:   3.0
    Published: 2016/07/30 19:25:58
 4) ID:        9
    Version:   4.0
    Published: 2016/07/30 19:38:19
 5) ID:        10
    Version:   5.0
    Published: 2016/07/30 20:25:07
 6) ID:        11
    Version:   6.0
    Published: 2016/07/31 13:52:05
 7) ID:        12
    Version:   7.0
    Published: 2016/07/31 14:08:27
 8) ID:        13
    Version:   8.0
    Published: 2016/07/31 14:32:49
 9) ID:        14
    Version:   9.0
    Published: 2016/07/31 14:46:36
Components:             

Activation Keys:        
 1) ak-Jenkins-SOE-el7

[root@satellite ~]# 

As a build engineer, I want to be able to write a test that will only execute if the component that it is testing is deployed to the test machine.

request from @pcfe
the VMs should only be shut down when

• configured in the job config
• and build was successful or unstable

right now I tend to put that in a subsequent job because of:

• limitations in the pipeline (status for stages and steps rather than just on the build itself)
• adds the possibility to cleanup and shutdown manually, via cron plus triggered by the pipeline job
• can be reused by all existing soe-ci-pipeline jobs probably

@pcfe: you might want to state your opinion on that first, before i start implementing this

The graphml deployment diagram is out of date, replace it with the latest version, and in svg format.

common.sh introduced info to print information messages
that is not 100% nice since info is a valid shell command, replace with soeci_info or similar

As we also test the scripts when we check a new version in, it would make sense to have a quick check at the beginning, just to avoid the most obvious errors, something like:

for i in scripts/*.sh; do bash -n $i; done

(probably need to concatenate the return values or something like this)

If the Jenkins job has a space in the name this breaks scripts.

In publishcv.sh the variable BUILD_URL is used but it's empty.
This makes finding a specific build a major pain.
Need to fix this.

"hammer content-view publish --name "${cv}" --organization "${ORG}" --description "Build ${BUILD_URL}""

@nstrug do I assume correctly that this is meant to point to jenkins so that a user can determin which CV version got created by which build job?

@ericzolf you touched that line last according to git, did that ever work for you?