Skip to content

Commit

Permalink
Removes virtualbox support in VM scenarios
Browse files Browse the repository at this point in the history
The team isn't using virtualbox actively, and for e.g. macos we have a
much more convenient docker dev env for making app code changes.
Let's remove virtualbox support entirely, until we have a pressing
reason for it.
  • Loading branch information
Conor Schaefer committed May 4, 2021
1 parent 4276758 commit aafbe73
Show file tree
Hide file tree
Showing 5 changed files with 8 additions and 84 deletions.
72 changes: 3 additions & 69 deletions Vagrantfile
Original file line number Diff line number Diff line change
Expand Up @@ -11,57 +11,6 @@ Vagrant.configure("2") do |config|
# so the key insertion feature should be disabled.
config.ssh.insert_key = false

# The staging hosts are just like production but allow non-Tor access
# for the web interfaces and ssh.
config.vm.define 'mon-staging', autostart: false do |staging|
if ENV['SECUREDROP_SSH_OVER_TOR']
config.ssh.host = find_ssh_aths("mon-ssh-aths")
config.ssh.proxy_command = tor_ssh_proxy_command
config.ssh.port = 22
elsif ARGV[0] == "ssh"
config.ssh.host = "10.0.1.3"
config.ssh.port = 22
end
staging.vm.hostname = "mon-staging"
staging.vm.box = "bento/ubuntu-20.04"
staging.vm.network "private_network", ip: "10.0.1.3"
staging.vm.synced_folder './', '/vagrant', disabled: true
staging.vm.provider "libvirt" do |lv, override|
lv.video_type = "virtio"
end
end

config.vm.define 'app-staging', autostart: false do |staging|
if ENV['SECUREDROP_SSH_OVER_TOR']
config.ssh.host = find_ssh_aths("app-ssh-aths")
config.ssh.proxy_command = tor_ssh_proxy_command
config.ssh.port = 22
elsif ARGV[0] == "ssh"
config.ssh.host = "10.0.1.2"
config.ssh.port = 22
end
staging.vm.hostname = "app-staging"
staging.vm.box = "bento/ubuntu-20.04"
staging.vm.network "private_network", ip: "10.0.1.2"
staging.vm.synced_folder './', '/vagrant', disabled: true
staging.vm.provider "virtualbox" do |v|
v.memory = 1024
end
staging.vm.provider "libvirt" do |lv, override|
lv.memory = 1024
lv.video_type = "virtio"
end
staging.vm.provision "ansible" do |ansible|
ansible.playbook = "install_files/ansible-base/securedrop-staging.yml"
ansible.inventory_path = "install_files/ansible-base/inventory-staging"
ansible.verbose = 'v'
# Taken from the parallel execution tips and tricks
# https://docs.vagrantup.com/v2/provisioning/ansible.html
ansible.limit = 'all,localhost'
ansible.raw_arguments = Shellwords.shellsplit(ENV['ANSIBLE_ARGS']) if ENV['ANSIBLE_ARGS']
end
end

# The prod hosts are just like production but are virtualized.
# All access to SSH and the web interfaces is only over Tor.
config.vm.define 'mon-prod', autostart: false do |prod|
Expand All @@ -72,7 +21,7 @@ Vagrant.configure("2") do |config|
end
prod.vm.hostname = "mon-prod"
prod.vm.box = "bento/ubuntu-20.04"
prod.vm.network "private_network", ip: "10.0.1.5", virtualbox__intnet: internal_network_name
prod.vm.network "private_network", ip: "10.0.1.5"
prod.vm.synced_folder './', '/vagrant', disabled: true
prod.vm.provider "libvirt" do |lv, override|
lv.video_type = "virtio"
Expand All @@ -87,11 +36,8 @@ Vagrant.configure("2") do |config|
end
prod.vm.hostname = "app-prod"
prod.vm.box = "bento/ubuntu-20.04"
prod.vm.network "private_network", ip: "10.0.1.4", virtualbox__intnet: internal_network_name
prod.vm.network "private_network", ip: "10.0.1.4"
prod.vm.synced_folder './', '/vagrant', disabled: true
prod.vm.provider "virtualbox" do |v|
v.memory = 1024
end
prod.vm.provider "libvirt" do |lv, override|
lv.memory = 1024
lv.video_type = "virtio"
Expand All @@ -116,11 +62,8 @@ Vagrant.configure("2") do |config|
config.vm.define 'apt-local', autostart: false do |prod|
prod.vm.hostname = "apt-local"
prod.vm.box = "bento/ubuntu-20.04"
prod.vm.network "private_network", ip: "10.0.1.7", virtualbox__intnet: internal_network_name
prod.vm.network "private_network", ip: "10.0.1.7"
prod.vm.synced_folder './', '/vagrant', disabled: true
prod.vm.provider "virtualbox" do |v|
v.memory = 1024
end
prod.vm.provider "libvirt" do |lv, override|
lv.memory = 1024
lv.video_type = "virtio"
Expand Down Expand Up @@ -177,12 +120,3 @@ def tor_ssh_proxy_command
end
return "#{base_cmd} 127.0.0.1:9050 %h %p"
end

# Create a unique name for the VirtualBox internal network,
# based on the directory name of the repo. This is to avoid
# accidental IP collisions when running multiple instances
# of the staging or prod environment concurrently.
def internal_network_name
repo_root = File.expand_path(File.dirname(__FILE__))
return File.basename(repo_root)
end
1 change: 0 additions & 1 deletion devops/scripts/create-staging-env
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
# Wrapper script to determine which VM driver is appropriate for the staging
# environment, given the host OS and available tooling. Supports:
#
# * VirtualBox (the default)
# * Libvirt/KVM
# * Qubes (via Admin API)
#
Expand Down
6 changes: 3 additions & 3 deletions devops/scripts/select-staging-env
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
# Wrapper script to determine which VM driver is appropriate for the staging
# environment, given the host OS and available tooling. Supports:
#
# * VirtualBox (the default)
# * Libvirt/KVM
# * Qubes (via Admin API)
#
Expand All @@ -26,8 +25,9 @@ elif [[ "${OSTYPE:-}" == "linux-gnu" ]]; then
# Default to Libvirt for Linux users, which works well with Tails VM virtualization.
securedrop_vm_provider="libvirt"
else
# Default to VirtualBox, since it's the safest bet.
securedrop_vm_provider="virtualbox"
# We previously maintained Virtualbox support, but don't any longer. Should we?
echo "WARNING: Unsupported platform. Libvirt staging environment may not work properly."
securedrop_vm_provider="libvirt"
fi

# Expect the scenario to reside in the molecule/ directory.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@
tags:
- dns

# These services will be inside staging VMs via the Bento boxes,
# even if those boxes are running on libvirt.
- name: Disable VirtualBox services to avoid conflict with systemd-timesyncd.
systemd:
name: "{{ item }}"
Expand Down
11 changes: 0 additions & 11 deletions molecule/testinfra/common/test_grsecurity.py
Original file line number Diff line number Diff line change
Expand Up @@ -140,17 +140,6 @@ def test_grsecurity_paxtest(host):
host.run("apt-get remove -y paxtest")


@pytest.mark.skip_in_prod
def test_grub_pc_marked_manual(host):
"""
Ensure the `grub-pc` packaged is marked as manually installed.
This is necessary for VirtualBox with Vagrant.
"""
c = host.run('apt-mark showmanual grub-pc')
assert c.rc == 0
assert c.stdout.strip() == "grub-pc"


def test_apt_autoremove(host):
"""
Ensure old packages have been autoremoved.
Expand Down

0 comments on commit aafbe73

Please sign in to comment.