Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove the cloud-init package during server installation #5771

Merged
merged 1 commit into from
Feb 4, 2021
Merged

Remove the cloud-init package during server installation #5771

merged 1 commit into from
Feb 4, 2021

Conversation

rmol
Copy link
Contributor

@rmol rmol commented Feb 3, 2021
edited by emkll
Loading

Status

Ready for review

Description of Changes

Towards #5663

We don't want Ubuntu's cloud-init package on the servers, not least because it can make them take ten minutes or more to boot, apparently while waiting for systemd-random-seed to initialize.

Testing

  1. Prepare two fresh Ubuntu Focal servers.
  2. On your admin workstation, check out this branch and run the installation:
    • git fetch --all
    • git checkout -b remove-cloud-init origin/remove-cloud-init
    • ./securedrop-admin install
  3. Observe that the installation does not fail because of timeouts waiting ten minutes for the servers to reboot.
  4. Verify that cloud-init is no longer installed on either server.
  5. Run the configuration tests:
    • ./securedrop-admin tailsconfig
    • ./securedrop-admin verify
    • The common/test_system_hardening.py::test_unused_packages_are_removed test should pass.

Deployment

We don't have cloud-init on existing Xenial instances, and this change means we also won't on new Focal systems.

Checklist

If you made non-trivial code changes:

  • I have written a test plan and validated it for this PR

Choose one of the following:

  • I have opened a PR in the docs repo for these changes, or will do so later
  • I would appreciate help with the documentation
  • These changes do not require documentation

@rmol
Remove the cloud-init package during server installation
5a96ed7 
We don't want Ubuntu's cloud-init package on the servers, not least
because it can make them take ten minutes or more to boot, apparently
while waiting for systemd-random-seed to initialize.
@emkll emkll self-assigned this Feb 3, 2021
@rmol
Copy link
Contributor Author

rmol commented Feb 3, 2021
edited
Loading

More findings:

Just trying to document for posterity, since we don't want cloud-init at any rate, but should we ever need it, it should be fine as long as we're on a Focal-era kernel.

@eloquence eloquence added this to the 1.8.0 milestone Feb 4, 2021
emkll
emkll approved these changes Feb 4, 2021
View reviewed changes
Copy link
Contributor

@emkll emkll left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @rmol this addressed the issue for my NUC, but not on Mac Mini. As you identify in #5771 (comment), running a 5.4 series kernel fully resolves the issue on all hardware I've tested against. Regardless, cloud-init is something we want to remove from Focal SecureDrop instances.

I do have other testinfra tests failing on a Focal install, but unrelated to this PR.

@emkll emkll merged commit 31d1b7a into develop Feb 4, 2021
@emkll emkll deleted the remove-cloud-init branch February 4, 2021 19:47
@kushaldas kushaldas mentioned this pull request Feb 26, 2021
Closed
27 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emkll emkll emkll approved these changes

@conorsch conorsch Awaiting requested review from conorsch

@kushaldas kushaldas Awaiting requested review from kushaldas

Assignees

@emkll emkll

Labels
release blocker
Projects
None yet
Milestone
1.8.0
Development

Successfully merging this pull request may close these issues.
3 participants
@rmol @emkll @eloquence