Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds libvirt staging environment for Focal #5486

Merged
merged 5 commits into from
Sep 15, 2020

Conversation

conorsch
Copy link
Contributor

@conorsch conorsch commented Sep 4, 2020

Status

Ready for review.

Towards #5468.

Description of Changes

Early stages of Focal support for staging VMs. It's partial progress—areas not currently working are:

  • drivers other than libvirt (no virtualbox, no qubes support for staging env)
  • kernel tasks must be skipped
  • testinfra tests are not passing (mostly kernel tasks & version strings, e.g. python paths)

Testing

First, prepare the boxes for libvirt, same as required for Xenial:

vagrant box add bento/ubuntu-20.04
vagrant box mutate bento/ubuntu-20.04 libvirt
molecule converge -s libvirt-staging-focal -- --skip-tags grsecurity

Then browse to the Source Interface and interact with the app. Report any problems.

Deployment

Yes, provisioning logic has changed a bit. An attempt was made to alter only Focal-related logic where possible, but in two places in particular Xenial-related logic was changed:

  • the aptitude tasks for deciding whether to mark tor as held now uses failed_when=false, for Focal compatibility
  • the base apt dependencies in the "common" role now use dist-specific vars, to handle Xenial & Focal differently.

Checklist

If you made changes to the server application code:

  • Linting (make lint) and tests (make test) pass in the development container

If you made changes to securedrop-admin:

  • Linting and tests (make -C admin test) pass in the admin development container

If you made changes to the system configuration:

If you made non-trivial code changes:

  • I have written a test plan and validated it for this PR

If you made changes to documentation:

  • Doc linting (make docs-lint) passed locally

If you added or updated a code dependency:

Choose one of the following:

  • I have performed a diff review and pasted the contents to the packaging wiki
  • I would like someone else to do the diff review

@kushaldas
Copy link
Contributor

This is now blocked on #5443

@kushaldas
Copy link
Contributor

Tested this draft PR using the builder image in #5484 + the osseg dependency fix from this PR, and #5489 PR for symlink. I can build a proper staging on Focal (- grsec)

Conor Schaefer added 3 commits September 14, 2020 15:35
Starting with a naive copy/paste from the libvirt-staging-xenial
scenario. Will tweak settings as required to get it to run.
The bare minimum required to get the copy/pasted Xenial libvirt scenario
working under Focal. Commiting separately to make the changes a bit
easier to inspect.
In order to ease the transition to Focal, let's use different vars for
packages depending on platform. When running the Xenial logic against
Focal, the kernel removal tasks failed since several of the package
names were not found.

Also adding a "grsecurity" tag since the grsec story for Focal still
needs work, so it's easy to skip now.
@conorsch conorsch force-pushed the 5468-libvirt-staging-focal branch from 8edba49 to 21b2369 Compare September 14, 2020 22:35
Between the version of aptitude on Xenial and that on Focal, empty
searches started returning 1, causing `Check whether tor will be
upgraded` to fail. Let's ignore the exit code, since what we care
about is whether "tor" is in the stdout.

We could use `apt list --upgradable`, but that command warns about
lack of a stable CLI, and additionally we'd have to munge the output
further to inspect it.
@conorsch conorsch force-pushed the 5468-libvirt-staging-focal branch from 21b2369 to d0ddfc5 Compare September 14, 2020 23:35
Configures a libvirt VM staging environment based on Focal.
Far from complete, but it's a start.
@conorsch conorsch removed the blocked label Sep 14, 2020
@conorsch conorsch requested review from rmol and kushaldas September 14, 2020 23:58
@conorsch conorsch marked this pull request as ready for review September 15, 2020 00:01
@conorsch conorsch requested a review from emkll as a code owner September 15, 2020 00:01
Copy link
Contributor

@kushaldas kushaldas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Testing

  • vagrant box add bento/ubuntu-20.04
  • vagrant box mutate bento/ubuntu-20.04 libvirt
  • molecule converge -s libvirt-staging-focal -- --skip-tags grsecurity
  • Can see the source interface

This is ready to merged in the current state.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants