Trento Installation Automation

Automated testing infrastructure for Trento release candidate artifacts. This tool is used to provision Azure VMs and install Trento using the official Ansible collection to validate RPM packages before release on supported versions of SUSE SLES for SAP.

Overview

The workflow:

  1. Provision Azure VMs (control and target nodes) using Terraform

  2. Register SUSE machines and activates required modules

  3. Configure package sources from Azure Blob Storage or the Trento rolling repository from OBS

  4. Set up local RPM repositories on target machines when using packages from Azure Blob Storage

  5. Install the Trento Ansible collection on control machines

  6. Configure HTTPS certificates signed by a test certificate authority

  7. Run the suse.trento.site Ansible playbook to install Trento & Trento agent (Agents are installed on same machine as Trento server).

  8. Verify Healthcheck endpoints in every Trento instance from the runner

  9. Run Cypress end-to-end tests against every target node

Infrastructure

The infrastructure consists of paired VMs for each supported SLES version:

  • Control nodes (control*): Run Ansible playbooks to install Trento on their paired target node

  • Target nodes (target*): Where Trento server gets installed

VM naming convention: {control|target}{slesVersion}sp{spVersion}

Example: control15sp6 and target15sp6 for SLES 15 SP6.

Prerequisites

Azure Blob Storage Structure

RPMs must be uploaded to Azure Blob Storage with the following structure:

<container>/
├── 15/
│   ├── 4/
│   │   ├── trento-web-*.rpm
│   │   ├── trento-wanda-*.rpm
│   │   ├── trento-checks-*.rpm
│   │   ├── trento-agent-*.rpm
│   │   └── ansible-trento-*.rpm
│   ├── 5/
│   │   └── ...
│   └── 6/
│       └── ...
└── 16/
    └── 0/
        └── ...

The directory structure follows the pattern: <sles_major_version>/<sp_version>/

Each version directory should contain:

  • trento-web-*.rpm - Trento web server

  • trento-wanda-*.rpm - Trento checks engine

  • trento-checks-*.rpm - Trento checks catalog

  • trento-agent-*.rpm - Trento agent

  • ansible-trento-*.rpm - Ansible collection for Trento installation

When install_rolling is disabled, packages available in Azure Blob Storage are configured with the highest repository priority. If a package is not provided in blob storage, it will be installed from the official SUSE release sources instead. This is useful when you want to test only a specific package (e.g., Ansible) while installing the rest from official SUSE release sources, or vice versa. When install_rolling is enabled, the Trento rolling repository from OBS is configured with the highest repository priority and Azure Blob Storage is skipped.

GitHub Configuration

Secrets

Secret Description

AZURE_CREDENTIALS

Azure service principal credentials (JSON)

PRIVATE_SSH_KEY_CONTENT

SSH private key for VM access

AZURE_BLOB_STORAGE_SAS_TOKEN

SAS token for blob storage access

SUSE_REGISTRATION_CODE

SUSE subscription registration code

SUSE_REGISTRATION_EMAIL

SUSE subscription email

WEB_ADMIN_PASSWORD

Trento web admin password

TRENTO_TEST_CA_KEY

Private key of the test certificate authority used to sign Trento HTTPS certificates
Test certificate authority

TRENTO_TEST_CA_CRT and TRENTO_TEST_CA_KEY must belong to the same test certificate authority. The workflow uses them to sign the HTTPS certificates configured in the Trento reverse proxy, and the runner trusts TRENTO_TEST_CA_CRT before running health checks and Cypress tests.

TRENTO_TEST_CA_CRT is public and should be stored as a GitHub Actions variable. It can be imported locally by developers who need to access the generated Trento environments from a browser. TRENTO_TEST_CA_KEY is sensitive and should only be stored in GitHub Actions secrets and the team’s password vault.

Variables

Variable Description

AZURE_RESOURCE_GROUP

Azure resource group name

AZURE_OWNER_TAG

Owner tag for Azure resources

AZURE_BLOB_STORAGE

Storage account name

AZURE_BLOB_STORAGE_CONTAINER

Container with RPMs

AZURE_BLOB_STORAGE_TF_STATE_CONTAINER

Container for Terraform state

PUBLIC_SSH_KEY_CONTENT

SSH public key for VM access

TRENTO_TEST_CA_CRT

Public certificate of the test certificate authority used to sign Trento HTTPS certificates

Supported OS Versions

15.4
15.5
15.6
15.7
16.0

Each entry creates a control and target VM pair for that SLES version. The format is {major}.{sp}, for example 15.6 for SLES 15 SP6 and 16.0 for SLES 16.

The manual workflows expose one boolean input per supported version so you can choose the target OS versions directly when launching the workflow.

Usage

Running Tests

  1. Go to Actions > Trento Installation Tests

  2. Click Run workflow

  3. Select the SLES versions you want to deploy to

  4. Optionally enable install_rolling to install packages from the Trento rolling repository from OBS instead of Azure Blob Storage

  5. Optionally enable skip_cypress to stop after deployment and health verification

  6. Click Run workflow

The workflow always recreates the Terraform-managed infrastructure before installing Trento. After installation, Cypress end-to-end tests run against each target node unless skip_cypress is enabled. If Cypress fails, screenshots are uploaded as workflow artifacts.

Cleanup

To destroy all provisioned infrastructure:

  1. Go to Actions > Terraform Destroy

  2. Click Run workflow

Supported SLES Versions

  • SLES 15 SP4

  • SLES 15 SP5

  • SLES 15 SP6

  • SLES 15 SP7

  • SLES 16

License

See LICENSE file.