Hi folks,
Last year I started a project to manage Koji resources with Ansible
modules. The project is
https://github.com/ktdreyer/koji-ansible
There are several modules now:
koji_archivetype
koji_btype
koji_call (in progress at
https://github.com/ktdreyer/koji-ansible/pull/64)
koji_cg
koji_external_repo
koji_host
koji_tag_inheritance
koji_tag
koji_target
koji_user
I'm using this to manage a couple different Koji instances, and it's
going well so far. Here are some things I've learned along the way.
I have some playbooks that use these modules, and I maintain those
playbooks using Git pull requests. I don't have administrator access
to some of the important Koji instances, so this is a great way for
the administrators to delegate some of the configuration to myself and
other non-admins. In the past there have been some discussions about
increasing the granularity of Koji's ACLs in order to delegate more
configuration to wider groups of users. I think that capturing these
configurations in Ansible is a great way to meet that need without
increasing the complexity of the Koji Hub codebase. In a typical
workflow, I can modify a playbook, run it in "check" mode to verify
that my changes are going to do what I expect, and then I submit the
playbook pull request to the admins to review and merge.
Ansible provides a level of automation that makes large Koji changes
much easier. For some products in Red Hat we have several hundred tags
in Koji that we're managing with Ansible now.
With the level of automation Ansible provides, the accident blast
radius can be large. It's important to have good CI testing here so we
don't destroy things on the hub and fail to notice until it's much too
late. I've found it's tricky to mock or fake Koji's behavior in an
accurate way for anything but the simplest of cases. We do have fakes
and unit tests in koji-ansible for simple test cases, and these are
good for development velocity, but we really need assurance that these
modules will continue to work against real Koji hubs.
To that end, I'm developing an integration test suite for the
koji-ansible project. This integration suite sets up a Koji hub on
Travis CI's environment using Apache, mod_wsgi, SSL authentication,
and a Git clone of Koji's master branch. Once the hub is online, the
test suite runs many different playbooks against the hub, verifying
that the playbooks are doing what I expect. I plan to merge this
integration test suite into master in a week or two.
If you are interested in Koji, please take a look at the modules and
the inline documentation there. This project has taught me a lot about
how Koji's tags, inheritance, external repos, etc fit together, and
I've tried to provide plenty of examples in the module documentation.
- Ken