From 424854915718f59d6b704126d76277a278c04302 Mon Sep 17 00:00:00 2001 From: Conor Schaefer Date: Tue, 16 Feb 2021 13:15:54 -0500 Subject: [PATCH] Installs release-upgrader in prepare-servers role Closes #5781. Adds the package to an early run, mostly to satisfy dev/testing environments where deb packages are installed directly as part of test runs. Also updates the "python" -> "python3" in the same task, since on Focal the former would result in (EOL'd) python2 being unnecessarily installed. Updated tests to match. --- .../ansible-base/roles/prepare-servers/tasks/main.yml | 10 +++++----- molecule/testinfra/common/test_release_upgrades.py | 10 ++++++++++ molecule/testinfra/common/test_system_hardening.py | 1 + 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/install_files/ansible-base/roles/prepare-servers/tasks/main.yml b/install_files/ansible-base/roles/prepare-servers/tasks/main.yml index dc2ffda12c..d9a765611a 100644 --- a/install_files/ansible-base/roles/prepare-servers/tasks/main.yml +++ b/install_files/ansible-base/roles/prepare-servers/tasks/main.yml @@ -21,6 +21,11 @@ SecureDrop cannot be installed. For details, see https://github.com/freedomofpress/securedrop/issues/4058 +- name: Install python and packages required by installer + raw: apt install -y python3 apt-transport-https dnsutils ubuntu-release-upgrader-core + register: _apt_install_prereqs_results + changed_when: "'0 upgraded, 0 newly installed, 0 to remove' not in _apt_install_prereqs_results.stdout" + - name: Remove cloud-init apt: name: cloud-init @@ -28,8 +33,3 @@ purge: yes tags: - apt - -- name: Install python and packages required by installer - raw: apt install -y python apt-transport-https dnsutils - register: _apt_install_prereqs_results - changed_when: "'0 upgraded, 0 newly installed, 0 to remove' not in _apt_install_prereqs_results.stdout" diff --git a/molecule/testinfra/common/test_release_upgrades.py b/molecule/testinfra/common/test_release_upgrades.py index 23c42d8f84..15b45be7e3 100644 --- a/molecule/testinfra/common/test_release_upgrades.py +++ b/molecule/testinfra/common/test_release_upgrades.py @@ -4,6 +4,16 @@ testinfra_hosts = [test_vars.app_hostname, test_vars.monitor_hostname] +def test_release_manager_installed(host): + """ + The securedrop-config package munges `do-release-upgrade` settings + that assume the release-upgrader logic is installed. On hardware + installs of Ubuntu, it is, but the VM images we use in CI may + remove it to make the boxes leaner. + """ + assert host.package("ubuntu-release-upgrader-core").is_installed + + def test_release_manager_upgrade_channel(host): """ Ensures that the `do-release-upgrade` command will not diff --git a/molecule/testinfra/common/test_system_hardening.py b/molecule/testinfra/common/test_system_hardening.py index 1b6f38aed3..4f52287452 100644 --- a/molecule/testinfra/common/test_system_hardening.py +++ b/molecule/testinfra/common/test_system_hardening.py @@ -148,6 +148,7 @@ def test_no_ecrypt_messages_in_logs(host, logfile): @pytest.mark.parametrize('package', [ 'cloud-init', 'libiw30', + 'python-is-python2', 'snapd', 'wireless-tools', 'wpasupplicant',