Create an unmanaged tenant¶
In this guide, we will create a standalone tenant from scratch where jobs and pipelines are not managed by sfconfig. The tenant will be named org-test, its config org-test-config and its jobs org-test-jobs.
Follow this guide as an admin user on the install server.
Create a new config project¶
The first step is to create a new project, add this file to the resources:
# /root/config/resources/tenant-org-test.yaml
---
resources:
tenants:
org-test:
description: "The org-test tenant."
url: "https://sftests.com/manage"
default-connection: gerrit
projects:
org-test:
tenant: org-test
description: The org-test project
source-repositories:
- org-test-config:
zuul/config-project: True
- org-test-jobs
- zuul-jobs:
connection: gerrit
# Using 'zuul/' prefix, we set zuul tenant config options.
zuul/include: [job]
# Shadow means that job definition in this project are
# overridden by the org-test-jobs.
zuul/shadow: org-test-jobs
repos:
org-test-config:
description: The org-test config repository
acl: org-test-acl
org-test-jobs:
description: The org-test jobs repository
acl: org-test-acl
acls:
org-test-acl:
file: |
[access "refs/*"]
read = group org-test-core
owner = group org-test-ptl
[access "refs/heads/*"]
label-Code-Review = -2..+2 group org-test-core
label-Code-Review = -2..+2 group org-test-ptl
label-Verified = -2..+2 group org-test-ptl
label-Workflow = -1..+1 group org-test-core
label-Workflow = -1..+1 group org-test-ptl
label-Workflow = -1..+0 group Registered Users
abandon = group org-test-core
submit = group org-test-ptl
read = group org-test-core
read = group Registered Users
[access "refs/meta/config"]
read = group org-test-core
read = group Registered Users
[receive]
requireChangeId = true
[submit]
mergeContent = false
action = fast forward only
groups:
- org-test-ptl
- org-test-core
groups:
org-test-ptl:
description: Team lead for the org-test tenant
members:
- admin@sftests.com
org-test-core:
description: Team core for the org-test tenant
members: []
Edit the file:
- Update sftests.com with the fqdn of your deployment.
- Change zuul-jobs location if you used the upstream_zuul_jobs option. Check the /root/config/resources/_internal.yaml file for the zuul-jobs definition.
- Update the org-test-ptl and org-test-core members lists accordingly.
Then submit the file:
cd /root/config
git add resources/tenant-org-test.yaml
git commit -m "Add org-test tenant"
git review
# If zuul verified +1 the review, you can push
git push
After config-update succeed, the tenant is ready to be used.
Access the org-test Zuul tenant¶
On the local status page, you can switch tenant by clicking the “Tenant local” button on the top right. This links to https://sftests.com/zuul/tenants .
Alternatively you can go directly to https://sftests.com/zuul/t/org-test/status .
The next step is to configure the config project to add a pipeline and a base job.
Tenant config repository initialization¶
To configure the tenant, clone its config project:
git clone https://sftests.com/r/org-test-config
cd org-test-config
mkdir -p zuul.d playbooks/base
First you need to create a pipeline:
# org-test-config/zuul.d/pipelines.yaml
---
- pipeline:
name: check
description: |
Newly uploaded patchsets enter this pipeline to receive an
initial +/-1 Verified vote.
manager: independent
require:
gerrit:
open: True
current-patchset: True
trigger:
gerrit:
- event: patchset-created
start:
gerrit:
verified: 0
success:
gerrit:
verified: 1
sqlreporter:
failure:
gerrit:
verified: -1
sqlreporter:
Then you need to create a default base job:
# org-test-config/zuul.d/jobs.yaml
---
- job:
name: base
parent: null
description: The base job.
pre-run: playbooks/base/pre.yaml
post-run: playbooks/base/post.yaml
roles:
# Note: change zuul-jobs name when using the upstream_zuul_job option
# Check /root/config/zuul.d/_jobs-base.yaml for the definition.
- zuul: zuul-jobs
timeout: 1800
attempts: 3
secrets:
- site_sftests_logserver
nodeset:
nodes:
# Note: change the default nodeset
- name: container
label: pod-centos-7
Then you need to create a secret for the log server from the install-server (the zuul_logserver_rsa private key is kept in /var/lib/software-factory):
curl -O https://git.zuul-ci.org/cgit/zuul/plain/tools/encrypt_secret.py
python encrypt_secret.py --tenant org-test \
--infile /var/lib/software-factory/bootstrap-data/ssh_keys/zuul_logserver_rsa \
https://sftests.com/zuul/ org-test-config
Copy the output to a zuul.d file:
# org-test-config/zuul.d/secrets.yaml
---
- secret:
name: site_sftests_logserver
data:
fqdn: sftests.com
path: /var/www/logs
ssh_known_hosts: sftests.com ssh-rsa AAAAB3... # the stdout of ssh-keyscan sftests.com | grep ssh-rsa
ssh_username: loguser
ssh_private_key: !encrypted/pkcs1-oaep
- k9eg8co3TWiAGB73SBnr6tGkm3jITIFFv8Vjm...
...
...
- ...
Note that you could use another private key and logserver location for this tenant.
Finally create the base job playbook:
# org-test-config/playbooks/base/pre.yaml
---
- hosts: localhost
tasks:
- block:
- import_role: name=emit-job-header
- import_role: name=log-inventory
vars:
zuul_log_url: "https://sftests.com/logs"
- hosts: all
roles:
- prepare-workspace
# org-test-config/playbooks/base/post.yaml
---
- hosts: localhost
roles:
- role: add-fileserver
fileserver: "{{ site_sftests_logserver }}"
- hosts: "{{ site_sftests_logserver.fqdn }}"
gather_facts: false
tasks:
- block:
- import_role: name=upload-logs
vars:
zuul_log_url: "https://sftests.com/logs"
zuul_logserver_root: /var/www/logs
Then submit the initial configuration:
git add playbooks/ zuul.d/
git commit -m "Initial configuration"
git push git+ssh://sftests.com:29418/org-test-config master
On the status page a new “check” pipeline is now configured, and there shouldn’t be any config-errors indicated by a yellow bell on the top right.
Validate the base job¶
In the org-test-jobs project, create a first job:
git clone https://sftests.com/r/org-test-jobs
cd org-test-jobs
mkdir zuul.d
Add a jobs.yaml file
# org-test-jobs/zuul.d/jobs.yaml
---
- job:
name: org-codestyle
parent: run-test-command
vars:
test_command: yamllint .
Configure the job for the org-test-jobs project
# org-test-jobs/zuul.d/project.yaml
---
- project:
check:
jobs:
- org-codestyle
Submit the change and verify the job ran successfully:
git add zuul.d
git commit -m "Add org-codestyle job"
git review
Once the base job and default jobs are working, proceed to the next steps.
Finalize tenant creation¶
- Add gate, post, release and other pipelines by adapting the definition from the local tenant: /root/config/zuul.d/_pipelines.yaml
- Setup check and gate jobs for the org-test-config and org-test-jobs repository.
- Define project-template and define the PTI, see: https://zuul-ci.org/docs/zuul/user/howtos/pti.html