Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Slims down upgrade testing logic #5960

Merged
merged 1 commit into from
Jun 7, 2021

Conversation

conorsch
Copy link
Contributor

@conorsch conorsch commented May 24, 2021

Status

Ready for review

Description of Changes

Resolves a few issues:

Changes proposed in this pull request:

Makes a few changes to refresh the upgrade testing logic for
compatibility with Focal VMs. Specifically:

  • Prod VMs are now configured via Molecule
  • Removes all use of custom-built Vagrant boxes
  • Clarifies upgrade steps (see also related docs PR)

Docs will be updated separately.

Testing

The docs PR at freedomofpress/securedrop-docs#227 should be reviewed in tandem with this PR. Check those docs and make sure the procedures there work for the use case of SD pre-release QA. At a high-level, those steps are:

  1. Make sure you're using libvirt-based VMs (upgrade scenario does not support Qubes env)
  2. molecule create -s libvirt-prod-focal
  3. Boot up admin workstation and install against those prod VMs with ./securedrop-admin install
  4. make build-debs on host (ok to run this in parallel with step 2 to save time)
  5. make upgrade-start on host, to set up local apt repo
  6. Back in admin workstation, run the playbook securedrop-apt-local.yml (make sure to source the admin venv first, see docs)
  7. Confirm you can upgrade packages inside the VMs

Deployment

Dev-only.

Makes a few changes to refresh the upgrade testing logic for
compatibility with Focal VMs. Specifically:

  * Prod VMs are now configured via Molecule
  * Removes all use of custom-built Vagrant boxes
  * Clarifies upgrade steps (see also related docs PR)

Docs will be updated separately.
@conorsch conorsch requested a review from zenmonkeykstop May 24, 2021 18:25
@conorsch conorsch marked this pull request as ready for review May 24, 2021 18:27
@conorsch conorsch requested a review from a team as a code owner May 24, 2021 18:27
@eloquence eloquence added this to the 2.0.0 milestone Jun 1, 2021
@zenmonkeykstop zenmonkeykstop self-assigned this Jun 3, 2021
Copy link
Contributor

@zenmonkeykstop zenmonkeykstop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • molecule prod VM scenario works great
  • make upgrade-start also good, no issues setting up apt server
  • Repeated fails on the securedrop-apt-local.yml playbook, failing to add the 10.0.1.7 repo
  • once repo added, sudo unattended-upgrades -d works fine, upgrading packages to local versions.

This is a good simplification overall and spares the effort of maintaining the upgrade boxes - there is some flakiness on my system wrt. the playbook Add local repo step, which occasionally fails for one or both servers with an "apt cache update failed" message (this is existing code tho so not the fault of this PR).

Holding off on approving to poke at that playbook error but otherwise this looks OK to go.

@conorsch
Copy link
Contributor Author

conorsch commented Jun 7, 2021

Add local repo step, which occasionally fails for one or both servers with an "apt cache update failed" message

Might be more straightforward to debug if you break that up into several tasks, like a copy to write the repo, then a separate task to update apt lists afterward. I've seen that error before while testing, but it was inconsistent, and I don't have a better suggestion for debugging than separating the steps involved.

@zenmonkeykstop
Copy link
Contributor

Context for the many fun and interesting ways in which this can fail both deterministically and non- : ansible/ansible#30754

@zenmonkeykstop
Copy link
Contributor

Can't reproduce the apt cache update failure on two fresh installs, calling it a flake and merging.

Copy link
Contributor

@zenmonkeykstop zenmonkeykstop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved, LGTM as apt cache issue is unrelated to changes.

@zenmonkeykstop zenmonkeykstop merged commit 74a84f3 into develop Jun 7, 2021
@conorsch conorsch mentioned this pull request Jun 8, 2021
1 task
@rmol rmol deleted the 5512-remove-upgrade-scenario branch June 23, 2021 13:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
3 participants