Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Removes virtualbox support in VM scenarios #5922

Merged
merged 1 commit into from
May 19, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
72 changes: 3 additions & 69 deletions Vagrantfile
Original file line number Diff line number Diff line change
Expand Up @@ -11,57 +11,6 @@ Vagrant.configure("2") do |config|
# so the key insertion feature should be disabled.
config.ssh.insert_key = false

# The staging hosts are just like production but allow non-Tor access
# for the web interfaces and ssh.
config.vm.define 'mon-staging', autostart: false do |staging|
if ENV['SECUREDROP_SSH_OVER_TOR']
config.ssh.host = find_ssh_aths("mon-ssh-aths")
config.ssh.proxy_command = tor_ssh_proxy_command
config.ssh.port = 22
elsif ARGV[0] == "ssh"
config.ssh.host = "10.0.1.3"
config.ssh.port = 22
end
staging.vm.hostname = "mon-staging"
staging.vm.box = "bento/ubuntu-20.04"
staging.vm.network "private_network", ip: "10.0.1.3"
staging.vm.synced_folder './', '/vagrant', disabled: true
staging.vm.provider "libvirt" do |lv, override|
lv.video_type = "virtio"
end
end

config.vm.define 'app-staging', autostart: false do |staging|
if ENV['SECUREDROP_SSH_OVER_TOR']
config.ssh.host = find_ssh_aths("app-ssh-aths")
config.ssh.proxy_command = tor_ssh_proxy_command
config.ssh.port = 22
elsif ARGV[0] == "ssh"
config.ssh.host = "10.0.1.2"
config.ssh.port = 22
end
staging.vm.hostname = "app-staging"
staging.vm.box = "bento/ubuntu-20.04"
staging.vm.network "private_network", ip: "10.0.1.2"
staging.vm.synced_folder './', '/vagrant', disabled: true
staging.vm.provider "virtualbox" do |v|
v.memory = 1024
end
staging.vm.provider "libvirt" do |lv, override|
lv.memory = 1024
lv.video_type = "virtio"
end
staging.vm.provision "ansible" do |ansible|
ansible.playbook = "install_files/ansible-base/securedrop-staging.yml"
ansible.inventory_path = "install_files/ansible-base/inventory-staging"
ansible.verbose = 'v'
# Taken from the parallel execution tips and tricks
# https://docs.vagrantup.com/v2/provisioning/ansible.html
ansible.limit = 'all,localhost'
ansible.raw_arguments = Shellwords.shellsplit(ENV['ANSIBLE_ARGS']) if ENV['ANSIBLE_ARGS']
end
end

# The prod hosts are just like production but are virtualized.
# All access to SSH and the web interfaces is only over Tor.
config.vm.define 'mon-prod', autostart: false do |prod|
Expand All @@ -72,7 +21,7 @@ Vagrant.configure("2") do |config|
end
prod.vm.hostname = "mon-prod"
prod.vm.box = "bento/ubuntu-20.04"
prod.vm.network "private_network", ip: "10.0.1.5", virtualbox__intnet: internal_network_name
prod.vm.network "private_network", ip: "10.0.1.5"
prod.vm.synced_folder './', '/vagrant', disabled: true
prod.vm.provider "libvirt" do |lv, override|
lv.video_type = "virtio"
Expand All @@ -87,11 +36,8 @@ Vagrant.configure("2") do |config|
end
prod.vm.hostname = "app-prod"
prod.vm.box = "bento/ubuntu-20.04"
prod.vm.network "private_network", ip: "10.0.1.4", virtualbox__intnet: internal_network_name
prod.vm.network "private_network", ip: "10.0.1.4"
prod.vm.synced_folder './', '/vagrant', disabled: true
prod.vm.provider "virtualbox" do |v|
v.memory = 1024
end
prod.vm.provider "libvirt" do |lv, override|
lv.memory = 1024
lv.video_type = "virtio"
Expand All @@ -116,11 +62,8 @@ Vagrant.configure("2") do |config|
config.vm.define 'apt-local', autostart: false do |prod|
prod.vm.hostname = "apt-local"
prod.vm.box = "bento/ubuntu-20.04"
prod.vm.network "private_network", ip: "10.0.1.7", virtualbox__intnet: internal_network_name
prod.vm.network "private_network", ip: "10.0.1.7"
prod.vm.synced_folder './', '/vagrant', disabled: true
prod.vm.provider "virtualbox" do |v|
v.memory = 1024
end
prod.vm.provider "libvirt" do |lv, override|
lv.memory = 1024
lv.video_type = "virtio"
Expand Down Expand Up @@ -177,12 +120,3 @@ def tor_ssh_proxy_command
end
return "#{base_cmd} 127.0.0.1:9050 %h %p"
end

# Create a unique name for the VirtualBox internal network,
# based on the directory name of the repo. This is to avoid
# accidental IP collisions when running multiple instances
# of the staging or prod environment concurrently.
def internal_network_name
repo_root = File.expand_path(File.dirname(__FILE__))
return File.basename(repo_root)
end
1 change: 0 additions & 1 deletion devops/scripts/create-staging-env
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
# Wrapper script to determine which VM driver is appropriate for the staging
# environment, given the host OS and available tooling. Supports:
#
# * VirtualBox (the default)
# * Libvirt/KVM
# * Qubes (via Admin API)
#
Expand Down
6 changes: 3 additions & 3 deletions devops/scripts/select-staging-env
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
# Wrapper script to determine which VM driver is appropriate for the staging
# environment, given the host OS and available tooling. Supports:
#
# * VirtualBox (the default)
# * Libvirt/KVM
# * Qubes (via Admin API)
#
Expand All @@ -26,8 +25,9 @@ elif [[ "${OSTYPE:-}" == "linux-gnu" ]]; then
# Default to Libvirt for Linux users, which works well with Tails VM virtualization.
securedrop_vm_provider="libvirt"
else
# Default to VirtualBox, since it's the safest bet.
securedrop_vm_provider="virtualbox"
# We previously maintained Virtualbox support, but don't any longer. Should we?
echo "WARNING: Unsupported platform. Libvirt staging environment may not work properly."
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good thanking

securedrop_vm_provider="libvirt"
fi

# Expect the scenario to reside in the molecule/ directory.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@
tags:
- dns

# These services will be inside staging VMs via the Bento boxes,
# even if those boxes are running on libvirt.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🌈

- name: Disable VirtualBox services to avoid conflict with systemd-timesyncd.
systemd:
name: "{{ item }}"
Expand Down
11 changes: 0 additions & 11 deletions molecule/testinfra/common/test_grsecurity.py
Original file line number Diff line number Diff line change
Expand Up @@ -140,17 +140,6 @@ def test_grsecurity_paxtest(host):
host.run("apt-get remove -y paxtest")


@pytest.mark.skip_in_prod
def test_grub_pc_marked_manual(host):
"""
Ensure the `grub-pc` packaged is marked as manually installed.
This is necessary for VirtualBox with Vagrant.
"""
c = host.run('apt-mark showmanual grub-pc')
assert c.rc == 0
assert c.stdout.strip() == "grub-pc"


def test_apt_autoremove(host):
"""
Ensure old packages have been autoremoved.
Expand Down