Skip to content


Folders and files

Last commit message
Last commit date

Latest commit


Repository files navigation

Deploy your own Xtesting CI/CD toolchains

For the time being, the ansible playbooks automatically deploy the next components (they are configured to allow running testcases directly):

  • Jenkins
  • Minio
  • S3www
  • MongoDB
  • TestAPI
  • Docker Registry
  • PostgreSQL
  • Cachet
  • GitLab
  • InfluxDB
  • Grafana

Here are the default TCP ports which have to be free or updated (see

  • Jenkins: 8080
  • Minio: 9000
  • S3www: 8181
  • TestAPI: 8000
  • Docker Registry: 5000
  • PostgreSQL: 5432
  • Cachet: 8001
  • GitLab: 80
  • InfluxDB: 8086
  • Grafana: 3000

Xtesting is designed to allow running your own containers based on that framework even out of the Infrastracture domain (e.g. ONAP).

Be free to list them into suites!

Note that running MongoDB 5.0+ requires avx CPU instruction set that is usually shipped in all recent x86 hardware processors. Though, it may not be available in your virtualized environments. For example, Qemu avx support is only available since version 7.2 and must be explicitly enabled (e.g. with the argument -cpu max).

You can check the presence of the avx CPU instruction set on your processor with the following command.

grep '^processor\|^flags.* avx' /proc/cpuinfo

Add Xtesting user (Optional)

It should be noted the ansible user must be allowed to run tasks with the root privileges via sudo. NOPASSWD may be an help but you could rather prompt the password (e.g. sudo ls) before deploying the toolchains.

Create Xtesting user

sudo useradd -s /bin/bash -m xtesting
echo "xtesting ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/xtesting
sudo su - xtesting

Create a virtualenv (Optional)

It should be noted that ansible 2.10 or newer is required and that a few python packages are installed via pip. Therefore you may create a python virtualenv. It's worth mentioning that CentOS forces us to give the virtual environment access to the global site-packages (libselinux-python wouldn't be available).

Create Xtesting virtualenv (Debian)

sudo apt update && sudo apt install virtualenv -y
virtualenv xtesting -p python3 --system-site-packages
. xtesting/bin/activate
pip install ansible

Create Xtesting virtualenv (CentOS)

sudo yum install epel-release -y
sudo yum install virtualenv -y
virtualenv xtesting -p python3 --system-site-packages
. xtesting/bin/activate
pip install ansible

Install dependencies

Xtesting Continous Integration helper only depends on ansible>=2.9. In case of Debian Buster, ansible should be installed via pip as the official Debian package is too old. It should be installed via pip in Ubuntu as well to avoid mismatches between ansible and virtualenv Ubuntu packages. It should be noted that git is only needed for the following playbooks.

Install dependencies (Debian Buster):

sudo apt update -y && sudo apt install git -y
[ -z "$VIRTUAL_ENV" ] && sudo apt install python3-pip -y && sudo pip3 install ansible
ansible-galaxy install collivier.xtesting
ansible-galaxy collection install ansible.posix community.general community.grafana \
  community.kubernetes community.docker community.postgresql community.crypto

Install dependencies (Debian Bullseye):

sudo apt update -y && sudo apt install git -y
[ -z "$VIRTUAL_ENV" ] && sudo apt install ansible -y
ansible-galaxy install collivier.xtesting
ansible-galaxy collection install ansible.posix community.general community.grafana \
  community.kubernetes community.docker community.postgresql community.crypto

Install dependencies (Ubuntu Bionic):

sudo apt update -y && sudo apt install git -y
[ -z "$VIRTUAL_ENV" ] && sudo apt install python3-pip -y && sudo pip3 install ansible
ansible-galaxy install collivier.xtesting
ansible-galaxy collection install ansible.posix community.general community.grafana \
  community.kubernetes community.docker community.postgresql community.crypto

Install dependencies (Ubuntu Focal):

sudo apt update -y && sudo apt install git -y
[ -z "$VIRTUAL_ENV" ] && sudo apt install python3-pip -y && sudo pip3 install ansible
ansible-galaxy install collivier.xtesting
ansible-galaxy collection install ansible.posix community.general community.grafana \
  community.kubernetes community.docker community.postgresql community.crypto

Install dependencies (Ubuntu Jammy):

sudo apt update -y && sudo apt install git -y
[ -z "$VIRTUAL_ENV" ] && sudo apt install ansible -y
ansible-galaxy install collivier.xtesting
ansible-galaxy collection install ansible.posix community.general community.grafana \
  community.kubernetes community.docker community.postgresql community.crypto

Install dependencies (CentOS 7):

sudo yum install epel-release -y
sudo yum install git python3 python36-cryptography python36-PyYAML -y
[ -z "$VIRTUAL_ENV" ] && sudo pip3 install ansible
ansible-galaxy install collivier.xtesting
ansible-galaxy collection install ansible.posix community.general community.grafana \
  community.kubernetes community.docker community.postgresql community.crypto

Install dependencies (CentOS Stream 8):

sudo yum install epel-release -y
sudo yum install git python3 -y
[ -z "$VIRTUAL_ENV" ] && sudo yum install ansible -y
ansible-galaxy install collivier.xtesting
ansible-galaxy collection install ansible.posix community.general community.grafana \
  community.kubernetes community.docker community.postgresql community.crypto

Install dependencies (CentOS Stream 9):

sudo yum install epel-release -y
sudo yum install git -y
[ -z "$VIRTUAL_ENV" ] && sudo yum install ansible -y
ansible-galaxy install collivier.xtesting
ansible-galaxy collection install ansible.posix community.general community.grafana \
  community.kubernetes community.docker community.postgresql community.crypto

Install dependencies (Alpine 3.16):

sudo apk update && sudo apk add git
[ -z "$VIRTUAL_ENV" ] && sudo apk add ansible
ansible-galaxy install collivier.xtesting
ansible-galaxy collection install ansible.posix community.general community.grafana \
  community.kubernetes community.docker community.postgresql community.crypto

Install dependencies (Alpine 3.17):

sudo apk update && sudo apk add git
[ -z "$VIRTUAL_ENV" ] && sudo apk add ansible
ansible-galaxy install collivier.xtesting
ansible-galaxy collection install ansible.posix community.general community.grafana \
  community.kubernetes community.docker community.postgresql community.crypto

If proxy

All Xtesting CI playbooks could be executed behind a proxy and the proxy settings would be copied in docker daemon configuration files. You can set the remote environment at the play level.

Here is the configuration used in the gates

diff --git a/ansible/site.yml b/ansible/site.yml
index ed71e7c3..612b65bc 100644
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -14,3 +14,7 @@
         - container: xtesting-mts
             - seventh
+  environment:
+    http_proxy: 'http://admin:admin@{{ ansible_default_ipv4.address }}:3128'
+    https_proxy: 'http://admin:admin@{{ ansible_default_ipv4.address }}:3128'
+    no_proxy: '{{ ansible_default_ipv4.address }}'

Deploy your Xtesting CI/CD toolchain (Jenkins)

Deploy your own Xtesting toolchain

git clone functest-xtesting-src
ansible-playbook functest-xtesting-src/ansible/site.yml

Access to the different dashboards:

Deploy your Xtesting CI/CD toolchain (GitLab CI/CD)

Deploy your own Xtesting toolchain

git clone functest-xtesting-src
pushd functest-xtesting-src
patch -p1 << EOF
diff --git a/ansible/site.yml b/ansible/site.yml
index 8fa19688..a4260cd8 100644
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -2,6 +2,9 @@
 - hosts:
     - role: collivier.xtesting
+      gitlab_deploy: true
+      jenkins_deploy: false
           - repo: _
ansible-playbook functest-xtesting-src/ansible/site.yml

Access to the different dashboards:

Deploy your Functest CI/CD toolchain

Deploy your own Functest toolchain

git clone functest-src
ansible-playbook functest-src/ansible/site.yml

Note: By default, the latest version is considered, if you want to create a gate for a specific Functest version (i.e. a specific OpenStack version), you can checkout the right branch.

Deploy your own Functest Hunter toolchain

git clone functest-src
(cd functest-src && git checkout -b stable/hunter origin/stable/hunter)
ansible-playbook functest-src/ansible/site.yml

As a reminder the version table can be summarized as follows:

Functest releases OpenStack releases
Hunter Rocky
Iruya Stein
Jerma Train
Kali Ussuri
Leguer Victoria
Master next Wallaby

Here are the default Functest tree as proposed in Run Alpine Functest containers (master):

  • /home/opnfv/functest/openstack.creds
  • /home/opnfv/functest/images

Deploy your CNTT API Compliance CI/CD toolchain

Deploy your own CNTT Nile toolchain

git clone functest-src
ansible-playbook functest-src/ansible/site.cntt.yml

Note: By default, CNTT Nile is considered, if you want to create a gate for a specific CNTT version, you can checkout the right branch.

Deploy your own CNTT Kali toolchain

git clone functest-src
(cd functest-src && git checkout -b stable/leguer origin/stable/leguer)
ansible-playbook functest-src/ansible/site.cntt.yml

As a reminder the version table can be summarized as follows:

Functest releases OpenStack releases CNTT releases
Jerma Train Kali
Kali Ussuri Kali
Leguer Victoria Kali
Wallaby Wallaby Nile
Xena Xena Nile
Yoga Yoga Nile
Master next Antelope Nile

Here are the default Functest tree as proposed in Run Alpine Functest containers (master):

  • /home/opnfv/functest/openstack.creds
  • /home/opnfv/functest/images

Deploy your Functest Kubernetes CI/CD toolchain

Deploy your own Functest toolchain

git clone functest-kubernetes-src
ansible-playbook functest-kubernetes-src/ansible/site.yml

Note: By default, the latest version is considered, if you want to create a gate for a specific Functest version (i.e. a specific Kubernetes version), you can checkout the right branch:

Deploy your own Functest Kubernetes Hunter toolchain

git clone functest-kubernetes-src
(cd functest-kubernetes-src && git checkout -b stable/v1.25 origin/stable/v1.25)
ansible-playbook functest-kubernetes-src/ansible/site.yml

As a reminder the version table can be summarized as follows:

Functest releases Kubernetes releases
v1.22 v1.22
v1.23 v1.23
v1.24 v1.24
v1.25 v1.25
v1.26 v1.26
Master v1.27.0-alpha.0 (rolling)

Here is the default Functest Kubernetes tree as proposed in Run kubernetes testcases (master):

  • /home/opnfv/functest-kubernetes/config

Deploy your own CI/CD toolchain from scratch

Write hello.robot

*** Settings ***
Documentation    Example using the space separated plain text format.
Library          OperatingSystem

*** Variables ***
${MESSAGE}       Hello, world!

*** Test Cases ***
My Test
    [Documentation]    Example test
    Log    ${MESSAGE}
    My Keyword    /tmp

Another Test
    Should Be Equal    ${MESSAGE}    Hello, world!

*** Keywords ***
My Keyword
    [Arguments]    ${path}
    Directory Should Exist    ${path}

Write Dockerfile

FROM opnfv/xtesting:yoga

COPY hello.robot /home/opnfv/hello.robot
COPY testcases.yaml /etc/xtesting/testcases.yaml

Write testcases.yaml

  - name: hello
      - case_name: hello
        project_name: helloworld
          name: robotframework
              - /home/opnfv/hello.robot

Build your container

sudo docker build -t .

Run your new container

sudo docker run -t
|     TEST CASE     |      PROJECT       |      TIER     |     DURATION     |     RESULT     |
|       hello       |     helloworld     |     hello     |      00:00       |      PASS      |

Write site.yml

- hosts:
    - role: collivier.xtesting
      project: helloworld
      registry_deploy: true
      dport: 5000
        - container: hello
            - hello

Deploy your own Xtesting toolchain

ansible-playbook site.yml
PLAY RECAP ****************************************************************                  : ok=17   changed=11   unreachable=0    failed=0

Publish your container on your local registry

sudo docker push

Deploy in production

Encrypt your passwords

The default XtestingCI passwords are simple and clear text on purpose. But it must be noted that XtestingCI allows overriding any password (via encryped values or not). Here are basic instructions to encrypt XtestingCI content with Ansible Vault. Please see Encrypting content with Ansible Vault for more details

Create a password file:

echo foo > a_password_file

Encrypt a new Jenkins password (here jenkins_password):

ansible-vault encrypt_string --vault-id a_password_file jenkins_password --name jenkins_password

Copy the encrypted password in site.yml

- hosts:
    - role: collivier.xtesting
      jenkins_password: !vault |

Deploy your own toolchain

ansible-playbook --vault-password-file a_password_file vault.yml

Use verified Docker images

XtestingCI priorly selects the official images as proposed by the upstream projects. Be free to use any custom image if it fits your security best practices or any other enterprise choice. It's worth mentioning that all specific XtestingCI Docker containers are built on a daily basis and verified via Trivy to warn the endusers about any CVE known for the containerized services or for the underlying distributions.

In the same manner, XtestingCI selects an official PostgreSQL container based on Alpine. Here is a simple example picking another one based on Debian.

- hosts:
    - role: collivier.xtesting
      postgres_docker_tag: 13-bullseye

The following example switches from Gitlab Community Edition to Gitlab Enterprise Edition:

- hosts:
    - role: collivier.xtesting
      jenkins_deploy: false
      gitlab_deploy: true
      gitlab_docker_image: gitlab/gitlab-ee
      gitlab_docker_tag: 13.12.11-ee.0

Enable HTTPS

XtestingCI can deploy and configure NGINX as a reverse proxy to enable HTTPS for Jenkins, S3www and TestAPI. The following example would ask XtestingCI to generate a private key and self-signed certificate:

- hosts:
    - role: collivier.xtesting
      nginx_deploy: true
      http_dst_url: https://{{ external_ipaddress }}{{ nginx_s3_location }}
      testapi_ext_url: https://{{ external_ipaddress }}{{ nginx_testapi_location}}/api/v1

Be free to specify the server certificate and private key files as below :

- hosts:
    - role: collivier.xtesting
      nginx_deploy: true
      http_dst_url: https://{{ external_ipaddress }}{{ nginx_s3_location }}
      testapi_ext_url: https://{{ external_ipaddress }}{{ nginx_testapi_location}}/api/v1
      ssl_certificate: /tmp/foo.crt
      ssl_certificate_key: /tmp/foo.key

Access to the different dashboards:

Tune your Continuous Integration toolchain

XtestingCI supports multiple deployment models such as all-in-one (in Docker or in Kubernetes), centralized services (e.g. OPNFV toolchain) or a mix of both.

It follows the KISS principle, by spliting all deployment and configuration steps and by leveraging urls for any configuration action. The same operations can be applied whatever the services are deployed via Docker, via Kubernetes or via any other way out of XtestingCI.

XtestingCI defines lots of variables to finely select the services (Jenkins vs GitLab, Minio vs Ceph radosgw, etc.) or the steps you want to execute. For instance, jenkins_deploy decides if you install Jenkins or not, jenkins_configure (in addition to jenkins_url) if you configure it. The same model is generalized for all the services.

The default configuration setups the following services in a single host but you're free to change it at your convenience; it's just about setting booleans and urls:

  • Jenkins
  • MongoDB
  • TestAPI
  • Minio
  • PostgreSQL
  • Cachet

Please see the following Katacoda training courses which quickly highlight a few distributed scenarios:

Note: Kubernetes allows defining Pod Security Policies in case the priviledged test cases must be forbidden.

- hosts:
    - role: collivier.xtesting
      kubernetes_deploy: true

Deploy your own CI/CD toolchain via the official virtual machine image

XtestingCI offers diskimage-builder's elements to build virtual machines ready for the CI/CD toolchain deployment.

These disk image files mostly contain the Ansible role and playbooks as offered by XtestingCI but also all the container images needed for an offline deployment.

Download the latest XtestingCI image:


Boot the virtual machine (Please fine tune the RAM size, CPUs and the tcp ports according to the host capabilities)

sudo apt-get install qemu-system-x86 -y
sudo qemu-system-x86_64 -m 2048 -hda xtestingci-latest.qcow2 -nographic \
	-smp 4 -cpu host -accel kvm -device e1000,netdev=net0 \
	-netdev user,id=net0,hostfwd=tcp::10022-:22,hostfwd=tcp::8080-:8080,hostfwd=tcp::8181-:8181,hostfwd=tcp::8000-:8000

Connect as debian/debian to the virtual machine

ssh debian@localhost -p 10022

Download the official playbook running the Xtesting tescases by Jenkins and then modify it to take both TestAPI and S3 redirections into consideration.

cat << EOF >> jenkins.yml

(Optional) Pepare an offline deployment

tar -cC /data/docker/xtestingci . | sudo docker load
cat << EOF >> jenkins.yml
      offline: true

Deploy your own Xtesting toolchain

ansible-playbook jenkins.yml

Access to the different dashboards:

Please note also the following virtual machine images derivated from the XtestingCI elements:

That's all folks!