-
Notifications
You must be signed in to change notification settings - Fork 687
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Slims down upgrade testing logic #5960
Conversation
Makes a few changes to refresh the upgrade testing logic for compatibility with Focal VMs. Specifically: * Prod VMs are now configured via Molecule * Removes all use of custom-built Vagrant boxes * Clarifies upgrade steps (see also related docs PR) Docs will be updated separately.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- molecule prod VM scenario works great
-
make upgrade-start
also good, no issues setting up apt server - Repeated fails on the
securedrop-apt-local.yml
playbook, failing to add the 10.0.1.7 repo - once repo added,
sudo unattended-upgrades -d
works fine, upgrading packages to local versions.
This is a good simplification overall and spares the effort of maintaining the upgrade boxes - there is some flakiness on my system wrt. the playbook Add local repo
step, which occasionally fails for one or both servers with an "apt cache update failed" message (this is existing code tho so not the fault of this PR).
Holding off on approving to poke at that playbook error but otherwise this looks OK to go.
Might be more straightforward to debug if you break that up into several tasks, like a |
Context for the many fun and interesting ways in which this can fail both deterministically and non- : ansible/ansible#30754 |
Can't reproduce the apt cache update failure on two fresh installs, calling it a flake and merging. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved, LGTM as apt cache issue is unrelated to changes.
Status
Ready for review
Description of Changes
Resolves a few issues:
Changes proposed in this pull request:
Makes a few changes to refresh the upgrade testing logic for
compatibility with Focal VMs. Specifically:
Docs will be updated separately.
Testing
The docs PR at freedomofpress/securedrop-docs#227 should be reviewed in tandem with this PR. Check those docs and make sure the procedures there work for the use case of SD pre-release QA. At a high-level, those steps are:
molecule create -s libvirt-prod-focal
./securedrop-admin install
make build-debs
on host (ok to run this in parallel with step 2 to save time)make upgrade-start
on host, to set up local apt reposecuredrop-apt-local.yml
(make sure to source the admin venv first, see docs)Deployment
Dev-only.