Run packit-service deployment test inside tmt

This commit breaks vagrant test!
To be able to run OpenShift Local inside a local provisione tmt virtual machine you need to change tmt sources:
change DEFAULT_CPU_COUNT in tmt/steps/provision/testcloud.py to 6
2 cpus are not enough for Openshift Local and is is not custumizable (will open an issue in tmt but our goal is to provision the machine in the cloud so this is not strictly necessary, for local usage is probably better to make vagrant work again)

Makefile

@@ -11,7 +11,8 @@ VAGRANT_SSH_USER = "$(shell cd containers && vagrant ssh-config | awk '/User/{pr
 VAGRANT_SSH_GUEST = "$(shell cd containers && vagrant ssh-config | awk '/HostName/{print $$2}')"
 VAGRANT_SSH_IDENTITY_FILE = "$(shell cd containers && vagrant ssh-config | awk '/IdentityFile/{print $$2}')"
 VAGRANT_SSH_CONFIG = $(shell cd containers && vagrant ssh-config | awk 'NR>1 {print " -o "$$1"="$$2}')
-VAGRANT_SHARED_DIR = "/vagrant"
+#VAGRANT_SHARED_DIR = "/vagrant"
+VAGRANT_SHARED_DIR = "/home/tmt/deployment"
 
 CENTOS_VAGRANT_BOX = CentOS-Stream-Vagrant-8-latest.x86_64.vagrant-libvirt.box
 CENTOS_VAGRANT_URL = https://cloud.centos.org/centos/8-stream/x86_64/images/$(CENTOS_VAGRANT_BOX)
@@ -80,11 +81,23 @@ oc-cluster-ssh: oc-cluster-up
 	ssh $(VAGRANT_SSH_CONFIG) localhost
 
 test-deploy:
-# to be run inside VM where the oc cluster is running! Call make tmt-tests instead.
+# to be run inside VM where the oc cluster is running! Call make tmt-vagrant-tests instead from outside the vagrant machine.
 	DEPLOYMENT=dev $(AP) playbooks/generate-local-secrets.yml
 	DEPLOYMENT=dev $(AP) -e '{"src_dir": $(VAGRANT_SHARED_DIR)}' playbooks/test_deploy_setup.yml
-	DEPLOYMENT=dev $(AP) -e '{"container_engine": "podman", "registry": "default-route-openshift-image-registry.apps-crc.testing", "registry_user": "kubeadmin", "src_dir": $(VAGRANT_SHARED_DIR)}' playbooks/deploy.yml
-	DEPLOYMENT=dev $(AP) -e '{"container_engine": "podman", "registry": "default-route-openshift-image-registry.apps-crc.testing", "registry_user": "kubeadmin", "src_dir": $(VAGRANT_SHARED_DIR)}' playbooks/check.yml
+	cd $(VAGRANT_SHARED_DIR); DEPLOYMENT=dev $(AP) -e '{"container_engine": "podman", "registry": "default-route-openshift-image-registry.apps-crc.testing", "registry_user": "kubeadmin", "src_dir": $(VAGRANT_SHARED_DIR)}' playbooks/test_deploy.yml
 
-tmt-tests:
+tmt-vagrant-test:
 	tmt run --all provision --how connect --user vagrant --guest $(VAGRANT_SSH_GUEST) --port $(VAGRANT_SSH_PORT) --key $(VAGRANT_SSH_IDENTITY_FILE)
+
+tf-deploy:
+	 testing-farm request --compose Fedora-Rawhide --git-url https://github.com/majamassarini/deployment --git-ref tf-openshift-tests --plan deployment
+
+# tmt run --id packit-service-deployment --until execute
+# tmt run --id packit-service-deployment prepare --force
+# tmt run --id packit-service-deployment login --step prepare:start
+# tmt run --id packit-service-deployment execute --force
+# tmt run --id packit-service-deployment login --step execute:start
+# tmt run --id packit-service-deployment finish
+# tmt run --id packit-service-deployment clean
+
+# virsh list --all

plans/deployment.fmf

@@ -0,0 +1,63 @@
+tier: 1
+
+execute:
+  how: tmt
+
+environment:
+  DEPLOYMENT: dev
+  #ANSIBLE_DEBUG: 1
+
+report:
+  how: display
+
+discover:
+  how: fmf
+  test:
+    - deployment
+
+/local:
+  summary: Run packit-service deployment test on a local machine managed by tmt
+  discover:
+    how: fmf
+    test:
+      - deployment
+  provision:
+    how: virtual
+    image: centos-stream
+    disk: 100
+    memory: 14336
+    # cpu.cores: 6 # I can not customize cpu cores in virtual testcloud prepare plugin
+    # but OpenShift Cluster will not start without 4 cores at least
+    # change DEFAULT_CPU_COUNT in tmt/steps/provision/testcloud.py to 6
+  prepare:
+    - how: ansible
+      playbook: playbooks/oc-cluster-user.yml
+      extra-args: '-vvv'
+    - how: ansible
+      playbook: playbooks/oc-cluster-setup.yml
+      extra-args: '-vvv'
+    - how: ansible
+      playbook: playbooks/oc-cluster-run.yml
+      extra-args: '-vvv --extra-vars @./secrets/openshift-local-pull-secret.yml'
+    - how: ansible
+      playbook: playbooks/oc-cluster-tests-setup.yml
+      extra-args: '-vvv'
+    #- how: ansible
+    #  playbook: playbooks/generate-local-secrets.yml
+    #  extra-args: '-vvv --extra-vars generate_secrets_project_dir="./"'
+    #- how: ansible
+    #  playbook: playbooks/test_deploy_setup.yml
+    #  extra-args: '-vvv'
+
+#/vagrant:
+#  summary: Run packit-service deployment test on a vagrant machine already up and running
+#
+#  description:
+#    guest, port and key details are taken from the tmt-vagrant-test Makefile target.
+#    This provision is meant to be used just locally with the Vagrant machine already up
+#    and running. To start the Vagrant machine use the oc-cluster-up Makefile target.
+#    To access the Vagrant machine use the oc-cluster-ssh Makefile target.
+#
+#  provision:
+#    how: connect
+#    user: vagrant

playbooks/oc-cluster-run.yml

@@ -1,10 +1,13 @@
 ---
 - name: Start Openshift Local cluster
   hosts: all
+  become: true
+  become_user: tmt
   gather_facts: False
   vars:
-    pull_secret: "!!!TAKEN FROM VAGRANT FILE!!!"
+    pull_secret: "!!!TAKEN FROM ANSIBLE ENV!!!"
     dest_pull_secret_file: /tmp/openshift-local-pull-secret.txt
+    crc_path: /home/tmt/.local/bin
   tasks:
     - name: Show pull secret
       ansible.builtin.debug:
@@ -14,6 +17,28 @@
         content: "{{ pull_secret }}"
         dest: "{{ dest_pull_secret_file }}"
         mode: "0640"
+        owner: tmt
+
+    - name: Find user uid
+      ansible.builtin.command: "id -u tmt"
+      register: user_uid
+      changed_when: false
+
+    - name: Determine XDG_RUNTIME_DIR
+      ansible.builtin.set_fact:
+        xdg_runtime_dir: "/run/user/{{ user_uid.stdout }}"
+      changed_when: false
+
     - name: Start cluster
-      ansible.builtin.command: crc start -p {{ dest_pull_secret_file }}
+      ansible.builtin.command: "{{ crc_path }}/crc start -c 6 -m 12000 -p {{ dest_pull_secret_file }}"
+      #ansible.builtin.command: "crc start -p {{ dest_pull_secret_file }}"
       changed_when: False
+
+    - name: Create symbolic link to oc
+      ansible.builtin.file:
+        #    src: "/tmp/{{ unarchive.files[0] }}/crc"
+        src: /home/tmt/.crc/bin/oc/oc
+        #    dest: "{{ crc_path }}/crc"
+        dest: /home/tmt/.local/bin/oc
+        state: link
+        force: True

playbooks/oc-cluster-setup.yml

@@ -1,52 +1,69 @@
 ---
 - name: Install an Openshift Local cluster
+  become: true
+  become_user: tmt
   hosts: all
   vars:
     crc_download_link: https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/crc/latest/crc-linux-amd64.tar.xz
+    crc_path: /home/tmt/.local/bin
+    user: tmt
   tasks:
-    - name: Add vagrant user to sudoers
-      become: True
-      ansible.builtin.lineinfile:
-        path: /etc/sudoers
-        state: present
-        line: "vagrant ALL=(ALL) NOPASSWD: ALL"
-        validate: /usr/sbin/visudo -cf %s
     - name: Download CRC
       ansible.builtin.get_url:
         url: "{{ crc_download_link }}"
         dest: /tmp
-        mode: "0664"
+        mode: "0777"
       register: download
     - name: Unarchive tarball
       ansible.builtin.unarchive:
         src: "{{ download.dest }}"
         dest: /tmp
         list_files: True
         remote_src: True
+        owner: tmt
       register: unarchive
-    - name: Show crc executable path
-      ansible.builtin.debug:
-        msg: "/tmp/{{ unarchive.files[0] }}crc"
     - name: Create ~/.local/bin if it does not exist
       ansible.builtin.file:
-        path: ~/.local/bin
+        path: "{{ crc_path }}"
         state: directory
         mode: "0755"
-    - name: Create symbolic link to crc
-      ansible.builtin.file:
+    - name: Show crc executable path
+      ansible.builtin.debug:
+        msg: "/tmp/{{ unarchive.files[0] }}crc"
+    - name: Copy crc to tmt usr
+      ansible.builtin.copy:
         src: "/tmp/{{ unarchive.files[0] }}/crc"
-        dest: ~/.local/bin/crc
-        state: link
+        remote_src: true
+        dest: "{{ crc_path }}/crc"
+        mode: "0755"
         force: True
+
     - name: Setup consent-telemetry no
-      ansible.builtin.command: crc config set consent-telemetry no
+      ansible.builtin.command: "{{ crc_path }}/crc config set consent-telemetry no"
+      changed_when: False
+    - name: Setup disable-update-check true
+      ansible.builtin.command: "{{ crc_path }}/crc config set disable-update-check true"
+      changed_when: False
+    - name: Setup monitoring no
+      ansible.builtin.command: "{{ crc_path }}/crc config set enable-cluster-monitoring false"
       changed_when: False
     - name: Setup minimum packit-service memory requirements
-      ansible.builtin.command: crc config set memory 13312 MiB
+      ansible.builtin.command: "{{ crc_path }}/crc config set memory 13312 MiB"
       changed_when: False
     - name: Setup minimum packit-service disk space requirements
-      ansible.builtin.command: crc config set disk-size 60 Gi
+      ansible.builtin.command: "{{ crc_path }}/crc config set disk-size 60 Gi"
       changed_when: False
+
+    - name: Find user uid
+      ansible.builtin.command: "id -u tmt"
+      register: user_uid
+      changed_when: false
+
+    - name: Determine XDG_RUNTIME_DIR
+      ansible.builtin.set_fact:
+        xdg_runtime_dir: "/run/user/{{ user_uid.stdout }}"
+      changed_when: false
+
     - name: Setup cluster
-      ansible.builtin.command: crc setup
+      ansible.builtin.command: "{{ crc_path }}/crc setup"
       changed_when: False

playbooks/oc-cluster-tests-setup.yml

@@ -2,23 +2,15 @@
 # SPDX-License-Identifier: MIT
 
 ---
-- name: Create vars/packit/dev.yml and deploy
+- name: Install packit-service dependencies
   hosts: all
   vars:
     oc_download_link: https://mirror.openshift.com/pub/openshift-v4/amd64/clients/ocp/stable/openshift-client-linux.tar.gz
-    test_project_name: myproject
-    crc_url: https://api.crc.testing:6443
-    image: quay.io/packit/packit-service:stg
-    image_worker: quay.io/packit/packit-worker:stg
-    image_fedmsg: quay.io/packit/packit-service-fedmsg:stg
-    image_dashboard: quay.io/packit/dashboard:stg
-    image_tokman: quay.io/packit/tokman:stg
   tasks:
     - name: Enable EPEL repositories
       ansible.builtin.package:
         name:
           - epel-release
-      become: true
     - name: Install packages for deployment
       ansible.builtin.package:
         name:
@@ -28,18 +20,16 @@
           - python3-passlib # for using htpasswd ansible module
           - make
           - podman
-      become: true
 
-    - name: Download OC
-      ansible.builtin.get_url:
-        url: "{{ oc_download_link }}"
-        dest: /tmp
-        mode: "0644"
-      register: download
-    - name: Unarchive tarball in /usr/bin
-      become: True
-      ansible.builtin.unarchive:
-        src: "{{ download.dest }}"
-        dest: /usr/bin
-        list_files: True
-        remote_src: True
+    #- name: Download OC
+    #  ansible.builtin.get_url:
+    #    url: "{{ oc_download_link }}"
+    #    dest: /tmp
+    #    mode: "0644"
+    #  register: download
+    #- name: Unarchive tarball in /usr/bin
+    #  ansible.builtin.unarchive:
+    #    src: "{{ download.dest }}"
+    #    dest: /usr/bin
+    #    list_files: True
+    #    remote_src: True

playbooks/oc-cluster-user.yml

@@ -0,0 +1,19 @@
+---
+- name: Configure a user able to run a Openshift Local Cluster
+  hosts: all
+  tasks:
+    - name: Add tmt user
+      ansible.builtin.user:
+        name: tmt
+        append: true
+        groups: wheel
+    - name: Add tmt user to sudoers
+      ansible.builtin.lineinfile:
+        path: /etc/sudoers
+        state: present
+        #line: "{{ user }} ALL=(ALL) NOPASSWD: ALL"
+        line: "tmt ALL=(ALL) NOPASSWD: ALL"
+        validate: /usr/sbin/visudo -cf %s
+    - name: Enable lingering for tmt
+      ansible.builtin.command: loginctl enable-linger tmt
+      changed_when: False

playbooks/roles/deploy/defaults/main.yml

@@ -0,0 +1,62 @@
+---
+validate_certs: true # noqa: var-naming[no-role-prefix]
+service: "{{ lookup('env', 'SERVICE') | default('packit', True) }}" # noqa: var-naming[no-role-prefix]
+deployment: "{{ lookup('env', 'DEPLOYMENT') }}" # noqa: var-naming[no-role-prefix]
+tenant: packit # noqa: var-naming[no-role-prefix] # MP+ tenant
+with_tokman: true # noqa: var-naming[no-role-prefix]
+with_fedmsg: true # noqa: var-naming[no-role-prefix]
+with_redis: false # noqa: var-naming[no-role-prefix]
+with_redict: true # noqa: var-naming[no-role-prefix]
+with_redis_commander: false # noqa: var-naming[no-role-prefix]
+with_flower: false # noqa: var-naming[no-role-prefix]
+with_dashboard: true # noqa: var-naming[no-role-prefix]
+with_beat: true # noqa: var-naming[no-role-prefix]
+with_pushgateway: true # noqa: var-naming[no-role-prefix]
+with_repository_cache: true # noqa: var-naming[no-role-prefix]
+repository_cache_storage: 4Gi # noqa: var-naming[no-role-prefix]
+push_dev_images: false # noqa: var-naming[no-role-prefix]
+with_fluentd_sidecar: false # noqa: var-naming[no-role-prefix]
+postgres_version: 13 # noqa: var-naming[no-role-prefix]
+image: quay.io/packit/packit-service:{{ deployment }} # noqa: var-naming[no-role-prefix]
+image_worker: quay.io/packit/packit-worker:{{ deployment }} # noqa: var-naming[no-role-prefix]
+image_fedmsg: quay.io/packit/packit-service-fedmsg:{{ deployment }} # noqa: var-naming[no-role-prefix]
+image_dashboard: quay.io/packit/dashboard:{{ deployment }} # noqa: var-naming[no-role-prefix]
+image_tokman: quay.io/packit/tokman:{{ deployment }} # noqa: var-naming[no-role-prefix]
+image_fluentd: quay.io/packit/fluentd-splunk-hec:latest # noqa: var-naming[no-role-prefix]
+# project_dir is set in tasks/project-dir.yml
+path_to_secrets: "{{ project_dir }}/secrets/{{ service }}/{{ deployment }}" # noqa: var-naming[no-role-prefix]
+# to be used in Image streams as importPolicy:scheduled value
+auto_import_images: true # noqa: var-naming[no-role-prefix]
+# used in dev/zuul deployment to tag & push images to cluster
+# https://github.com/packit/deployment/issues/112#issuecomment-673343049
+# container_engine: "{{ lookup('pipe', 'command -v podman 2> /dev/null || echo docker') }}"
+container_engine: docker # noqa: var-naming[no-role-prefix]
+celery_app: packit_service.worker.tasks # noqa: var-naming[no-role-prefix]
+celery_retry_limit: 2 # noqa: var-naming[no-role-prefix]
+celery_retry_backoff: 3 # noqa: var-naming[no-role-prefix]
+workers_all_tasks: 1 # noqa: var-naming[no-role-prefix]
+workers_short_running: 0 # noqa: var-naming[no-role-prefix]
+workers_long_running: 0 # noqa: var-naming[no-role-prefix]
+distgit_url: https://src.fedoraproject.org/ # noqa: var-naming[no-role-prefix]
+distgit_namespace: rpms # noqa: var-naming[no-role-prefix]
+sourcegit_namespace: "" # noqa: var-naming[no-role-prefix] # fedora-source-git only
+pushgateway_address: http://pushgateway # noqa: var-naming[no-role-prefix]
+# Check that the deployment repo is up-to-date
+check_up_to_date: true # noqa: var-naming[no-role-prefix]
+# Check that the current vars file is up-to-date with the template
+check_vars_template_diff: true # noqa: var-naming[no-role-prefix]
+deployment_repo_url: https://github.com/packit/deployment.git # noqa: var-naming[no-role-prefix]
+# used by a few tasks below
+k8s_apply: false # noqa: var-naming[no-role-prefix]
+tokman: # noqa: var-naming[no-role-prefix]
+  workers: 1
+  resources:
+    requests:
+      memory: "88Mi"
+      cpu: "5m"
+    limits:
+      memory: "128Mi"
+      cpu: "50m"
+appcode: PCKT-002 # noqa: var-naming[no-role-prefix]
+registry: 172.30.1.1:5000 # noqa: var-naming[no-role-prefix]
+registry_user: developer # noqa: var-naming[no-role-prefix]