Upgrade boxes for 1.8.0 (Xenial)

molecule/upgrade/ansible-override-vars.yml

@@ -30,3 +30,6 @@ rep_dist: xenial
 # Override path to repo root, to use the nested repo on the previous version.
 # See molecule/shared/sd_clone.yml for details on the path structure.
 sd_root_dir: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/sd-orig"
+
+# Set repo origin value
+rep_origin: "SecureDrop"

molecule/upgrade/molecule.yml

@@ -11,11 +11,19 @@ lint: |
 platforms:
   - name: app-staging
     box: fpf/securedrop-app-xenial
+    # We can't pin an explicit version and also provide a custom box URL.
+    # Vagrant claims to pull the newest version of a custom box URL, but
+    # is sometimes satisfied with a local box of the same name, but older
+    # version. That's why we run 'vagrant box add' with the JSON file
+    # in the prepare.yml step.
     box_url: "../vagrant-packager/box_files/app_xenial_metadata.json"
+    # box_version: "1.8.0"
     instance_raw_config_args:
       - "ssh.insert_key = false"
     provider_override_args:
       - "vm.synced_folder './', '/vagrant', disabled: true, type: 'nfs'"
+    provider_options:
+      video_type: '"virtio"'
     memory: 1024
     private_ip: 10.0.1.2
     groups:
@@ -30,6 +38,8 @@ platforms:
       - "ssh.insert_key = false"
     provider_override_args:
       - "vm.synced_folder './', '/vagrant', disabled: true, type: 'nfs'"
+    provider_options:
+      video_type: '"virtio"'
     memory: 1024
     private_ip: 10.0.1.3
     groups:
@@ -64,17 +74,18 @@ provisioner:
       pipelining: True
   playbooks:
     side_effect: side_effect.yml
+    prepare: prepare.yml
   connection_options:
     ansible_ssh_common_args: -o IdentitiesOnly=yes
 
 scenario:
   name: upgrade
   create_sequence:
+    - prepare
     - create
-    - dependency
   converge_sequence:
+    - prepare
     - create
-    - dependency
     - converge
 verifier:
   name: testinfra

molecule/upgrade/prepare.yml

@@ -1,9 +1,21 @@
 ---
-- name: Prepare
-  hosts: all
-  gather_facts: False
+- name: Prepare upgrade boxes
+  hosts: localhost
+  become: no
   tasks:
-    - name: Install python for Ansible
-      raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
-      become: True
-      changed_when: False
+    # Ensure boxes are added from the on-disk (in-repo) JSON metadata file.
+    # We do this to ensure that the latest version declared in that file is
+    # imported to the Vagrant box store before creating new VMs.
+    - name: Fetch custom Vagrant boxes
+      command: vagrant box add ../vagrant-packager/box_files/{{ item }}_xenial_metadata.json
+      register: _box_add_result
+      changed_when: >
+        "The box you're attempting to add already exists" not in _box_add_result.stderr
+      failed_when: >
+        "The box you're attempting to add already exists" not in _box_add_result.stderr and
+        _box_add_result.rc != 0
+      with_items:
+        - app
+        - mon
+
+- import_playbook: ../shared/sd_clone.yml sd_version="{{ lookup('env','SD_UPGRADE_BASE') }}"

molecule/vagrant-packager/box_files/app_xenial_metadata.json

@@ -188,6 +188,28 @@
         }
       ],
       "version": "1.7.1"
+    },
+    {
+      "providers": [
+        {
+          "checksum": "b0c2908dfdf7f705ee1c38949744b04008b4654a201b6ca319eb07fcc688fba8",
+          "checksum_type": "sha256",
+          "name": "libvirt",
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/app-staging-xenial_1.8.0.box"
+        }
+      ],
+      "version": "1.8.0"
+    },
+    {
+      "providers": [
+        {
+          "checksum": "f05ec782c52714a66af8fe70e109e325c2674db590243e4555964c9adc9e6f3d",
+          "checksum_type": "sha256",
+          "name": "libvirt",
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/app-staging-xenial_1.8.0.box"
+        }
+      ],
+      "version": "1.8.0"
     }
   ]
 }

molecule/vagrant-packager/box_files/mon_xenial_metadata.json

@@ -188,6 +188,28 @@
         }
       ],
       "version": "1.7.1"
+    },
+    {
+      "providers": [
+        {
+          "checksum": "ec8296ef496ceac6fd72c8cd570cd6b5f513683849b0e55250565e55f58130e5",
+          "checksum_type": "sha256",
+          "name": "libvirt",
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/mon-staging-xenial_1.8.0.box"
+        }
+      ],
+      "version": "1.8.0"
+    },
+    {
+      "providers": [
+        {
+          "checksum": "317114e1927ee09f0da788dc4cf310beb38404ab8ee237cfc9ca4222a16e0c9e",
+          "checksum_type": "sha256",
+          "name": "libvirt",
+          "url": "https://dev-bin.ops.securedrop.org/vagrant/mon-staging-xenial_1.8.0.box"
+        }
+      ],
+      "version": "1.8.0"
     }
   ]
 }

molecule/vagrant-packager/prepare.yml

@@ -7,3 +7,12 @@
       raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
       become: True
       changed_when: False
+
+    # More recent Bento boxes dropped this dependency, but our packages assume it's present,
+    # since it is on a default ISO install of Ubuntu Server.
+    - name: Install release-updater-core pkg
+      apt:
+        name: ubuntu-release-updater-core
+        state: present
+        update_cache: yes
+        cache_valid_time: 3600