From 47154a01f9e94262f7cab0a63ee7ea038ae51409 Mon Sep 17 00:00:00 2001 From: Adam Miller Date: Nov 03 2017 20:14:48 +0000 Subject: update the README with future plans including AWX Signed-off-by: Adam Miller --- diff --git a/README.rst b/README.rst index ccdaf86..045dec3 100644 --- a/README.rst +++ b/README.rst @@ -104,6 +104,83 @@ and autocloud to perform various levels of testing. +------------------+ | +---------------+ +Master Plan (read: the future) +============================== + +The ultimate goal is to wire up this workflow where playbooks execute via events +coming across `fedmsg`_ and are then fed via `loopabull`_ to `Ansible AWX`_. +Since the `loopabull`_ ``ansible-playbook`` binary is configurable, we can +accomplish this with the AWX CLI util that allows us to perform command and +control in way that triggers a job in AWX over the REST API via the command +line. The side effect here is that we can have full implementation of the Role +Based Access Control as that will be enforced at the point the REST API call +occurs, we will have centralized logging, a convenient web console, and the +ability to delegate access the logs and execution history graphs of the +automated tasks by FAS groups. This way we are protecting the possibility of +a failed run exposing secrets because the access to the centralized logs is just +as it is today, limited by group, but it's easier to visualize, detect, and +inspect failures. + +The proposed strategy for taking this general approach and focusing on `Fedora +Release Engineering`_, we would want `fedmsg`_ messages from `Fedora CI`_ and +`Taskotron`_ to be picked up by `loopabull`_ to trigger a playbook in `Ansible +AWX`_ which would then conditionally perform various release tasks. This +workflow could extend beyond just that, but the initial intent is to target +`Fedora Atomic Host`_ and `Fedora Containers`_ as those release artifacts are +released at a much more rapid cadence than anything else in Fedora. + +:: + + +--------------+ +----------------+ + | | +------------+ | | + | Fedora CI |<--------------+ +----------->+ Taskotron | + | | | fedmsg | | | + | +-------------->| |<-----------+ | + +--------------+ | | +----------------+ + +----+-------+ + | ^ + | | + | | + | | + | | + | | + V | + +-----------------------+ + | | + | | + | | + +-----------------------+ + | + | + | + V + +------------------+-----------------+ + | | + | Ansible AWX +-----------+ + | | | + +------------------+-----------------+ | + | | | + | | | + +-----------------+ | | + | | | + | | | + V V | + +-------------+ +--------------+ | + | | | | | + | bodhi | | | | + | | | pungi | | + +-------------+ | | | + | | | + +----------+---+ | + ^ | V + | | +---------------+ + | | | | + | +----------->| koji | + | | | + +------------------+ | + +---------------+ + + Licensing ========= @@ -137,9 +214,15 @@ you can chose between GPL-2.0+ and LGPL-2.1+ licensing. We use the `SPDX Unique License Identifiers`_ here; .. _SPDX: http://spdx.org/ +.. _fedmsg: http://www.fedmsg.com/ .. _Ansible: https://github.com/ansible/ansible +.. _Ansible AWX: https://github.com/ansible/awx .. _Ansible Role: http://docs.ansible.com/ansible/playbooks_roles.html#roles +.. _Fedora CI: https://fedoraproject.org/wiki/CI .. _Fedora Release Engineering: https://pagure.io/releng .. _SPDX Unique License Identifiers: http://spdx.org/licenses/ +.. _Fedora Atomic Host: https://getfedora.org/atomic/ +.. _Fedora Containers: https://src.stg.fedoraproject.org/projects/container/%2A .. _Release Engineering Automation Workflow Engine: https://fedoraproject.org/wiki/Changes/ReleaseEngineeringAutomationWorkflowEngine +