From 5a43431df17cd8f671acb83e11c6f3f1d2490082 Mon Sep 17 00:00:00 2001 From: Conor Schaefer Date: Tue, 16 Feb 2021 13:15:54 -0500 Subject: [PATCH] Installs release-upgrader in prepare-servers role Closes #5781. Adds the package to an early run, mostly to satisfy dev/testing environments where deb packages are installed directly as part of test runs. Also updates the "python" -> "python3" in the same task, since on Focal the former would result in (EOL'd) python2 being unnecessarily installed. Updated tests to match. --- .../ansible-base/roles/prepare-servers/tasks/main.yml | 10 +++++----- molecule/testinfra/common/test_release_upgrades.py | 9 +++++++++ molecule/testinfra/common/test_system_hardening.py | 1 + 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/install_files/ansible-base/roles/prepare-servers/tasks/main.yml b/install_files/ansible-base/roles/prepare-servers/tasks/main.yml index dc2ffda12ca..d9a765611a4 100644 --- a/install_files/ansible-base/roles/prepare-servers/tasks/main.yml +++ b/install_files/ansible-base/roles/prepare-servers/tasks/main.yml @@ -21,6 +21,11 @@ SecureDrop cannot be installed. For details, see https://github.com/freedomofpress/securedrop/issues/4058 +- name: Install python and packages required by installer + raw: apt install -y python3 apt-transport-https dnsutils ubuntu-release-upgrader-core + register: _apt_install_prereqs_results + changed_when: "'0 upgraded, 0 newly installed, 0 to remove' not in _apt_install_prereqs_results.stdout" + - name: Remove cloud-init apt: name: cloud-init @@ -28,8 +33,3 @@ purge: yes tags: - apt - -- name: Install python and packages required by installer - raw: apt install -y python apt-transport-https dnsutils - register: _apt_install_prereqs_results - changed_when: "'0 upgraded, 0 newly installed, 0 to remove' not in _apt_install_prereqs_results.stdout" diff --git a/molecule/testinfra/common/test_release_upgrades.py b/molecule/testinfra/common/test_release_upgrades.py index 23c42d8f844..d97894e00c1 100644 --- a/molecule/testinfra/common/test_release_upgrades.py +++ b/molecule/testinfra/common/test_release_upgrades.py @@ -3,6 +3,15 @@ test_vars = testutils.securedrop_test_vars testinfra_hosts = [test_vars.app_hostname, test_vars.monitor_hostname] +def test_release_manager_installed(host): + """ + The securedrop-config package munges `do-release-upgrade` settings + that assume the release-upgrader logic is installed. On hardware + installs of Ubuntu, it is, but the VM images we use in CI may + remove it to make the boxes leaner. + """ + assert host.package("ubuntu-release-upgrader-core").is_installed + def test_release_manager_upgrade_channel(host): """ diff --git a/molecule/testinfra/common/test_system_hardening.py b/molecule/testinfra/common/test_system_hardening.py index 1b6f38aed31..4f52287452c 100644 --- a/molecule/testinfra/common/test_system_hardening.py +++ b/molecule/testinfra/common/test_system_hardening.py @@ -148,6 +148,7 @@ def test_no_ecrypt_messages_in_logs(host, logfile): @pytest.mark.parametrize('package', [ 'cloud-init', 'libiw30', + 'python-is-python2', 'snapd', 'wireless-tools', 'wpasupplicant',