Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump upgrade testing box to 0.9.1 #3819

Merged
merged 7 commits into from
Sep 28, 2018
Merged

Bump upgrade testing box to 0.9.1 #3819

merged 7 commits into from
Sep 28, 2018

Conversation

msheiny
Copy link
Contributor

@msheiny msheiny commented Sep 15, 2018

Status

Ready for review

Description of Changes

Fixes #3816

Changes proposed in this pull request:

  • Built and uploaded a 0.9.1 vagrant box to our global s3 buckets
  • Tweaked upgrade_version.sh logic to upgrade a stable.ver file (used for vagrant builder ingestion)
  • Made a few Makefile targets and helpers
  • Added ability (well mandate really) to select baseline version to use with the upgrade scenario.

Testing

How should the reviewer test this PR?

First off, this will only work for Linux users with vagrant + libvirt-vagrant installed (sorry @redshiftzero !!). To test:

$ make upgrade_start
# Confirm you see 0.9.1 in the securedrop-config versions
$ ansible -i /tmp/molecule/securedrop/upgrade/ansible_inventory.yml all -l mon-staging,app-staging -m shell -a "dpkg -s securedrop-config | grep Version"

Deployment

Any special considerations for deployment? Consider both:

Only affects upgrade testing

@msheiny
Update upgrade/packager sd_clone logic
8840aef 
* read the stable version from a shared file instead of hard-coding it
* utilize the exact same file since the logic is the same for both
upgrade and vagrant package molecule scenarios
@msheiny
Bump upgrade box to 0.9.1 stable base
e9547e4
@msheiny
Upgrade vagrant builder logic on stable bump
ac2a134
@msheiny
Allow env-var over-ride for upgrade test scenario
d0fa2f5 
Instead of hard-coding into the molecule.yml file, lets look for an
env var that a user can pass when kicking off the scenario. To not
affect the vagrant packager logic, fall back to the stable.ver file
contents since really we will never been building upgrade boxes from
non-stable releases.

This also required version changes to the metadata vagrant json files -
so the tag targets exactly match the vagrant version targets
@msheiny
Add make helper cmds surrounding upgrade testing
8bb32e3 
I'm not sure the Makefile is the best place for it... this file is
getting out of hand - but for now... yep.

By default lets start the upgrade scenario from the latest stable..
obviously this will be problematic when we release and there is a lag in
publishing the latest baseline VMs but I dont see this as a huge issue.
Just gotta get better at updating the boxes post release.
@msheiny msheiny requested a review from conorsch as a code owner September 15, 2018 01:03
@codecov-io
Copy link

codecov-io commented Sep 20, 2018
edited
Loading

Codecov Report

Merging #3819 into develop will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           develop   #3819   +/-   ##
=======================================
  Coverage     84.7%   84.7%           
=======================================
  Files           44      44           
  Lines         2759    2759           
  Branches       298     298           
=======================================
  Hits          2337    2337           
  Misses         354     354           
  Partials        68      68

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ceb20d0...8bb32e3. Read the comment docs.

@heartsucker
Copy link
Contributor

I can't test this because my version of Vagrant (2.1.1) doesn't work with the Vagrantfile.

There was an error loading a Vagrantfile. The file being loaded
and the error message are shown below. This is usually caused by
a syntax error.

Path: /home/heartsucker/code/freedomofpress/securedrop/Vagrantfile
Line number: 5
Message: RuntimeError: can't modify frozen String

And if I comment out that link, I get:

    TASK [Create molecule instance(s)] *********************************************
    failed: [localhost] (item={'box': u'fpf/securedrop-app', 'name': u'app-staging', 'provider_override_args': [u"vm.synced_folder './', '/vagrant', disabled: true, type: 'nfs'"], 'box_url': u'../vagrant_packager/box_files/app_metadata.json', 'instance_raw_config_args': [u'ssh.insert_key = false'], 'groups': [u'securedrop_application_server', u'securedrop', u'staging'], 'memory': 1024, 'private_ip': u'10.0.1.2'}) => {"changed": false, "item": {"box": "fpf/securedrop-app", "box_url": "../vagrant_packager/box_files/app_metadata.json", "groups": ["securedrop_application_server", "securedrop", "staging"], "instance_raw_config_args": ["ssh.insert_key = false"], "memory": 1024, "name": "app-staging", "private_ip": "10.0.1.2", "provider_override_args": ["vm.synced_folder './', '/vagrant', disabled: true, type: 'nfs'"]}, "msg": "ERROR: See log file '/tmp/molecule/securedrop/upgrade/vagrant-app-staging.err'"}
    failed: [localhost] (item={'box': u'fpf/securedrop-mon', 'name': u'mon-staging', 'provider_override_args': [u"vm.synced_folder './', '/vagrant', disabled: true, type: 'nfs'"], 'box_url': u'../vagrant_packager/box_files/mon_metadata.json', 'instance_raw_config_args': [u'ssh.insert_key = false'], 'groups': [u'securedrop_monitor_server', u'securedrop', u'staging'], 'memory': 1024, 'private_ip': u'10.0.1.3'}) => {"changed": false, "item": {"box": "fpf/securedrop-mon", "box_url": "../vagrant_packager/box_files/mon_metadata.json", "groups": ["securedrop_monitor_server", "securedrop", "staging"], "instance_raw_config_args": ["ssh.insert_key = false"], "memory": 1024, "name": "mon-staging", "private_ip": "10.0.1.3", "provider_override_args": ["vm.synced_folder './', '/vagrant', disabled: true, type: 'nfs'"]}, "msg": "ERROR: See log file '/tmp/molecule/securedrop/upgrade/vagrant-mon-staging.err'"}
    failed: [localhost] (item={'box': u'bento/ubuntu-14.04', 'provider_override_args': [u"vm.synced_folder './', '/vagrant', disabled: true, type: 'nfs'"], 'name': u'apt', 'groups': [u'aptservers'], 'memory': 256}) => {"changed": false, "item": {"box": "bento/ubuntu-14.04", "groups": ["aptservers"], "memory": 256, "name": "apt", "provider_override_args": ["vm.synced_folder './', '/vagrant', disabled: true, type: 'nfs'"]}, "module_stderr": "", "module_stdout": "--> Validating schema /home/heartsucker/code/freedomofpress/securedrop/molecule/upgrade/molecule.yml.\nValidation completed successfully.\n", "msg": "MODULE FAILURE", "rc": 0}

And the error log is:

### 2018-09-25 12:50:41 ###
### 2018-09-25 12:50:41 ###
The box you're attempting to add doesn't support the provider
you requested. Please find an alternate box or use an alternate
provider. Double-check your requested provider to verify you didn't
simply misspell it.

If you're adding a box from HashiCorp's Vagrant Cloud, make sure the box is
released.

Name: fpf/securedrop-mon
Address: file:///home/heartsucker/code/freedomofpress/securedrop/molecule/vagrant_packager/box_files/mon_metadata.json
Requested provider: [:virtualbox]
### 2018-09-25 12:52:06 ###
### 2018-09-25 12:52:06 ###
The box you're attempting to add doesn't support the provider
you requested. Please find an alternate box or use an alternate
provider. Double-check your requested provider to verify you didn't
simply misspell it.

If you're adding a box from HashiCorp's Vagrant Cloud, make sure the box is
released.

Name: fpf/securedrop-mon
Address: file:///home/heartsucker/code/freedomofpress/securedrop/molecule/vagrant_packager/box_files/mon_metadata.json
Requested provider: [:virtualbox]

@zenmonkeykstop
Copy link
Contributor

@heartsucker it probably shouldn't be using the vlrtualbox provider, but libvirt. Have you previously done the libvirt conversion dance as described here?: https://docs.securedrop.org/en/release-0.9/development/virtual_environments.html#switch-vagrant-provider-to-libvirt

Gonna run through test plan now myself, see if I can get the same error.

@msheiny
Copy link
Contributor Author

msheiny commented Sep 25, 2018

Yeppp - I think @zenmonkeykstop is on the right path. I got a ticket here to add support for virtualbox support (and thus mac OSX and friends) but right now its stuck at libvirt cause my system doesnt support virtualbox (grrrrrrrsec!! shakes fist at sky).

@zenmonkeykstop
Copy link
Contributor

On Ubuntu 18.04, checked out branch fresh and ran:

make build-debs
make upgrade_start

This failed for me, saying it couldn't find the tor-hidden-services role.

Poked about a bit and changed ANSIBLE_ROLES_PATH in /molecule/upgrade/molecule.yml to ../shared/.molecule/sd-orig/install_files/ansible-base/roles:.molecule/roles, and ran make upgrade_start again. It failed again, but near the very end:

    TASK [Spit out tor details] ****************************************************
 [WARNING]: Unable to find '.molecule/sd-orig/install_files/ansible-base/app-
source-ths' in expected paths.

    fatal: [localhost]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: .molecule/sd-orig/install_files/ansible-base/app-source-ths"}

Updated molecule/upgrade/molecule.yml to find source interface details at ../shared/.molecule/sd-orig/install_files/ansible-base/app-source-ths, ran make upgrade_start again. It completed successfully!

Then checked securedrop-config versions:

mon-staging | SUCCESS | rc=0 >>
Version: 0.1.1+0.9.1

app-staging | SUCCESS | rc=0 >>
Version: 0.1.1+0.9.1

SUCCESS! (with path tweaks as mentioned above, which may just be coz something is weird on my side).

@msheiny
Add upgrade destroy make file target
29752a8 
Because why not makefile all the things at this point!? YAY
@msheiny
Hacky work-around for ephemeral directory move
b582d50 
At some point in molecule dev, the ephemeral directory was moved from
the local scenario dir + `.molecule` to a path in
/tmp/molecule/${git_dir}/${scenario_dir} . This is a welcome change
EXCEPT that there could be an edge case where someone clones in
securedrop without the default `securedrop` dir path. This is
problematic because the molecule.yml will not take dynamic interpolation
AND its the only spot i could figure out to specify the ansible roles
dir.

So I wanted to take advantage of the new location of the ephermeral
directory while also having a hard-coded roles_dir that wont change. The
work around here is moving the git clone to the official molecule
ephemeral dir, but using the legacy spot to make a roles symlink. There
is some DRY improvements that can obviously be made but since this is
already a crazy commit I tried to hold my self back from more
refactoring.
@msheiny
Copy link
Contributor Author

msheiny commented Sep 27, 2018

yo @zenmonkeykstop you found a super interesting bug that didnt show up on my box due to the way we are git ignoring the .molecule ephemeral directory. At some point, molecule moved this directory to /tmp/molecule.....

I pushed a commit that should fix this and move that SD clone action to /tmp so it should really get wiped upon reboots and we dont have to count on someone running a molecule destroy action. thanks for flagging and let me know if you are still seeing the error on latest branch HEAD here.

@zenmonkeykstop
Copy link
Contributor

Tested as above on a fresh clone, it completed successfully with the /tmp/molecule change. 👍

redshiftzero
redshiftzero approved these changes Sep 28, 2018
View reviewed changes
Copy link
Contributor

@redshiftzero redshiftzero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@zenmonkeykstop confirms successful test, so merging

@redshiftzero redshiftzero merged commit da386d0 into develop Sep 28, 2018
@redshiftzero redshiftzero deleted the UpgradeBump091 branch September 28, 2018 21:37
@conorsch conorsch mentioned this pull request Oct 1, 2018
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@redshiftzero redshiftzero redshiftzero approved these changes

@conorsch conorsch Awaiting requested review from conorsch

@emkll emkll Awaiting requested review from emkll

@kushaldas kushaldas Awaiting requested review from kushaldas

@heartsucker heartsucker Awaiting requested review from heartsucker

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@msheiny @codecov-io @heartsucker @zenmonkeykstop @redshiftzero