From 1038a67694bf2a9f27716990b0bd1160037acee0 Mon Sep 17 00:00:00 2001
From: Conor Schaefer <conor@freedom.press>
Date: Wed, 27 Feb 2019 17:38:14 -0800
Subject: [PATCH 1/4] Makes upgrade box naming more explicit

Storing the version string and platform directly in the box filename
now. The docs for maintaining the "upgrade" boxes have long included
a manual step to rename files with the version number; that's now
done automatically.

The addition of the platform in the filename is required to support
multiplatforms, specifically Trusty & Xenial. Eventually we'll drop
support for Trusty altogether, but for now we must maintain both.
---
 devops/scripts/vagrant_package.sh    |  4 ++++
 molecule/vagrant_packager/package.py | 10 +++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/devops/scripts/vagrant_package.sh b/devops/scripts/vagrant_package.sh
index 84b8c812d3..4b7e860900 100755
--- a/devops/scripts/vagrant_package.sh
+++ b/devops/scripts/vagrant_package.sh
@@ -1,7 +1,11 @@
 #!/bin/bash
+# Wrapper script to create Vagrant boxes for use with the "upgrade"
+# scenario.
 
 molecule test -s vagrant_packager && \
 # Unfortunately since we need to prompt the user for sudo creds..
 # I had to break the actual vagrant package logic outside of molecule
 molecule/vagrant_packager/package.py && \
 molecule destroy -s vagrant_packager
+
+
diff --git a/molecule/vagrant_packager/package.py b/molecule/vagrant_packager/package.py
index 1aee9dae16..7f59613014 100755
--- a/molecule/vagrant_packager/package.py
+++ b/molecule/vagrant_packager/package.py
@@ -120,6 +120,14 @@ def main():
     SCENARIO_PATH = os.path.dirname(os.path.realpath(__file__))
     BOX_PATH = join(SCENARIO_PATH, "build")
     EPHEMERAL_DIRS = {}
+    TARGET_VERSION_FILE = os.path.join(SCENARIO_PATH, os.path.pardir, "shared", "stable.ver")
+    with open(TARGET_VERSION_FILE, 'r') as f:
+        TARGET_VERSION = f.read().strip()
+    try:
+        TARGET_PLATFORM = os.environ['SECUREDROP_TARGET_PLATFORM']
+    except KeyError:
+        msg = "Set SECUREDROP_TARGET_PLATFORM env var to 'trusty' or 'xenial'"
+        raise Exception(msg)
 
     for srv in ["app-staging", "mon-staging"]:
 
@@ -174,7 +182,7 @@ def main():
                         join(EPHEMERAL_DIRS['build'], 'Vagrantfile'))
 
         print("Creating tar file")
-        box_file = join(BOX_PATH, srv+".box")
+        box_file = join(BOX_PATH, "{}-{}_{}.box".format(srv, TARGET_PLATFORM, TARGET_VERSION))
         with tarfile.open(box_file, "w|gz") as tar:
             for boxfile in ["box.img", "Vagrantfile", "metadata.json"]:
                 tar.add(join(EPHEMERAL_DIRS["build"], boxfile),

From a84484175077124d82ff1836bc7e2aca0681fc36 Mon Sep 17 00:00:00 2001
From: Conor Schaefer <conor@freedom.press>
Date: Thu, 28 Feb 2019 09:51:55 -0800
Subject: [PATCH 2/4] Adds prepare-servers role to upgrade VM playbook

The prepare-servers role was added to the main prod/staging playbooks,
but wasn't added to the derivative playbook used for building the
"upgrade" Vagrant boxes. Ideally we'd have all role includes
conditionally set, so that we can reuse the same playbook in all
contexts and disable specific roles via vars per scenario.
---
 molecule/vagrant_packager/playbook.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/molecule/vagrant_packager/playbook.yml b/molecule/vagrant_packager/playbook.yml
index f06541cf3c..0d5711c8ea 100644
--- a/molecule/vagrant_packager/playbook.yml
+++ b/molecule/vagrant_packager/playbook.yml
@@ -1,4 +1,13 @@
 ---
+- name: Prepare servers for installation
+  hosts: securedrop
+  gather_facts: no
+  max_fail_percentage: 0
+  any_errors_fatal: yes
+  become: yes
+  roles:
+    - { role: prepare-servers }
+
 - name: Add FPF apt repository and install base packages.
   hosts: securedrop
   max_fail_percentage: 0

From 5046bb9bd23573bb9a6818a347283a765638166b Mon Sep 17 00:00:00 2001
From: Conor Schaefer <conor@freedom.press>
Date: Thu, 28 Feb 2019 13:38:01 -0800
Subject: [PATCH 3/4] Renames "upgrade" box metadata references with platform

Updated the metadata references for the "upgrade" Trusty boxes
to include the platform explicitly, since we plan to add Xenial
boxes for use in "upgrade" testing for 0.12.0, as well.
---
 molecule/upgrade/molecule.yml                             | 8 ++++----
 .../{app_metadata.json => app_trusty_metadata.json}       | 2 +-
 .../{mon_metadata.json => mon_trusty_metadata.json}       | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)
 rename molecule/vagrant_packager/box_files/{app_metadata.json => app_trusty_metadata.json} (97%)
 rename molecule/vagrant_packager/box_files/{mon_metadata.json => mon_trusty_metadata.json} (97%)

diff --git a/molecule/upgrade/molecule.yml b/molecule/upgrade/molecule.yml
index ba43b2e4ef..5d07ce8c41 100644
--- a/molecule/upgrade/molecule.yml
+++ b/molecule/upgrade/molecule.yml
@@ -10,8 +10,8 @@ lint:
 
 platforms:
   - name: app-staging
-    box: fpf/securedrop-app
-    box_url: "../vagrant_packager/box_files/app_metadata.json"
+    box: fpf/securedrop-app-trusty
+    box_url: "../vagrant_packager/box_files/app_trusty_metadata.json"
     instance_raw_config_args:
       - "ssh.insert_key = false"
     provider_override_args:
@@ -24,8 +24,8 @@ platforms:
       - staging
 
   - name: mon-staging
-    box: fpf/securedrop-mon
-    box_url: "../vagrant_packager/box_files/mon_metadata.json"
+    box: fpf/securedrop-mon-trusty
+    box_url: "../vagrant_packager/box_files/mon_trusty_metadata.json"
     instance_raw_config_args:
       - "ssh.insert_key = false"
     provider_override_args:
diff --git a/molecule/vagrant_packager/box_files/app_metadata.json b/molecule/vagrant_packager/box_files/app_trusty_metadata.json
similarity index 97%
rename from molecule/vagrant_packager/box_files/app_metadata.json
rename to molecule/vagrant_packager/box_files/app_trusty_metadata.json
index 40cd9c4ed9..9e30e71d73 100644
--- a/molecule/vagrant_packager/box_files/app_metadata.json
+++ b/molecule/vagrant_packager/box_files/app_trusty_metadata.json
@@ -1,5 +1,5 @@
 {
-  "name": "fpf/securedrop-app",
+  "name": "fpf/securedrop-app-trusty",
   "description": "This box contains securedrop app server.",
   "versions": [
     {
diff --git a/molecule/vagrant_packager/box_files/mon_metadata.json b/molecule/vagrant_packager/box_files/mon_trusty_metadata.json
similarity index 97%
rename from molecule/vagrant_packager/box_files/mon_metadata.json
rename to molecule/vagrant_packager/box_files/mon_trusty_metadata.json
index 71a42863d7..c1f9dcb74e 100644
--- a/molecule/vagrant_packager/box_files/mon_metadata.json
+++ b/molecule/vagrant_packager/box_files/mon_trusty_metadata.json
@@ -1,5 +1,5 @@
 {
-  "name": "fpf/securedrop-mon",
+  "name": "fpf/securedrop-mon-trusty",
   "description": "This box contains securedrop monitor server.",
   "versions": [
     {

From cd0b17278753b378c326cedd855d6124b2aeb4e7 Mon Sep 17 00:00:00 2001
From: Conor Schaefer <conor@freedom.press>
Date: Thu, 28 Feb 2019 11:30:42 -0800
Subject: [PATCH 4/4] Adds "upgrade" boxes for 0.12.0 (Trusty)

Used the standard procedure to generate the base boxes, but
updated the metadata references to reference the platform explicitly,
since we plan to add Xenial boxes for use in "upgrade" testing for
0.12.0, as well.

Unsure if this is sufficient change; we may have to update the metadata
stored inside the .box file as part of the packaging process, as well.
---
 .../box_files/app_trusty_metadata.json                | 11 +++++++++++
 .../box_files/mon_trusty_metadata.json                | 11 +++++++++++
 2 files changed, 22 insertions(+)

diff --git a/molecule/vagrant_packager/box_files/app_trusty_metadata.json b/molecule/vagrant_packager/box_files/app_trusty_metadata.json
index 9e30e71d73..8aa495cbc5 100644
--- a/molecule/vagrant_packager/box_files/app_trusty_metadata.json
+++ b/molecule/vagrant_packager/box_files/app_trusty_metadata.json
@@ -56,6 +56,17 @@
           "checksum": "e832c4940ef10e8d999033271454f7220c85f4b0a89f378906895d4a82478eee"
         }
       ]
+    },
+    {
+      "version": "0.12.0",
+      "providers": [
+        {
+          "name": "libvirt",
+          "url": "https://s3.amazonaws.com/securedrop-vagrant/app-staging-trusty_0.12.0.box",
+          "checksum_type": "sha256",
+          "checksum": "db9f077d0b9f960c5d36a8a804a791151271009c7490fe3a4c715b71998afcd8"
+        }
+      ]
     }
   ]
 }
diff --git a/molecule/vagrant_packager/box_files/mon_trusty_metadata.json b/molecule/vagrant_packager/box_files/mon_trusty_metadata.json
index c1f9dcb74e..21ebddba5a 100644
--- a/molecule/vagrant_packager/box_files/mon_trusty_metadata.json
+++ b/molecule/vagrant_packager/box_files/mon_trusty_metadata.json
@@ -56,6 +56,17 @@
           "checksum": "bbc8ed55fab20ed96c3b090126b69baabbd41e95faa60676dff72bc69af67376"
         }
       ]
+    },
+    {
+      "version": "0.12.0",
+      "providers": [
+        {
+          "name": "libvirt",
+          "url": "https://s3.amazonaws.com/securedrop-vagrant/mon-staging-trusty_0.12.0.box",
+          "checksum_type": "sha256",
+          "checksum": "0ac7538f52b3450a1791a06b8a02fe81b65637da92bb00a61b669beccef87f8d"
+        }
+      ]
     }
   ]
 }