Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: Script to upgrade from focal to noble #7406

Draft
wants to merge 1 commit into
base: develop
Choose a base branch
from

Conversation

legoktm
Copy link
Member

@legoktm legoktm commented Jan 7, 2025

Status

Work in progress

Description of Changes

The script is split into various stages where progress is tracked on-disk. The script is able to resume where it was at any point, and needs to, given multiple reboots in the middle.

The new noble-upgrade.json file shipped in the securedrop-config package is used to control the upgrade process.

Fixes #7332.

Testing

How should the reviewer test this PR?

TK

Deployment

Any special considerations for deployment? Consider both:

  1. Upgrading existing production instances.
  2. New installs.

Checklist

If you made changes to the server application code:

  • Linting (make lint) and tests (make test) pass in the development container

If you made changes to securedrop-admin:

  • Linting and tests (make -C admin test) pass in the admin development container

If you made changes to the system configuration:

If you added or removed a file deployed with the application:

  • I have updated AppArmor rules to include the change

If you made non-trivial code changes:

  • I have written a test plan and validated it for this PR

Choose one of the following:

  • I have opened a PR in the docs repo for these changes, or will do so later
  • I would appreciate help with the documentation
  • These changes do not require documentation

If you added or updated a reference to a production code dependency:

Production code dependencies are defined in:

  • admin/requirements.in
  • admin/requirements-ansible.in
  • securedrop/requirements/python3/requirements.in
  • securedrop/requirements/python3/translation.in (used in the build
    container)

If you changed another requirements.in file that applies only to development
or testing environments, then no diff review is required, and you can skip
(remove) this section.

Choose one of the following:

  • I have performed a diff review and pasted the contents to the packaging wiki
  • I would like someone else to do the diff review
  • I am silencing an alert related to a production dependency, because (please explain below):

@legoktm legoktm force-pushed the stg-upgrade-script branch 3 times, most recently from 843ac2a to ce32f1e Compare January 8, 2025 20:57
@legoktm
Copy link
Member Author

legoktm commented Jan 8, 2025

I think the script is basically complete at this point, but I haven't actually tried it yet. So I need to do that, and then figure out how we're going to do CI on it. I think we should ideally be able to take the focal staging environment, upgrade it, and then re-run testinfra (noble) checks on it.

@legoktm legoktm force-pushed the stg-upgrade-script branch 3 times, most recently from 6b45982 to b72bef2 Compare January 14, 2025 16:52
The script is split into various stages where progress is tracked
on-disk. The script is able to resume where it was at any point, and
needs to, given multiple reboots in the middle.

Given that we want to invoke the check script during the upgrade path,
most of the code is moved into a common lib.rs that can be imported by
both check.rs and upgrade.rs.

The new noble-upgrade.json file shipped in the securedrop-config package
is used to control the upgrade process.

A systemd timer runs every 3 minutes to trigger the upgrade script,
which in most cases will do nothing. We need to run it so frequently
since this is how the script will be restarted after it pauses for a
reboot.

Fixes #7332.
@legoktm legoktm force-pushed the stg-upgrade-script branch from b72bef2 to 6e433aa Compare January 14, 2025 21:28
@legoktm
Copy link
Member Author

legoktm commented Jan 14, 2025

Fixed a number of issues found by actual test runs, currently hit:

# apt-get upgrade --without-new-pkgs --force-confold --force-confdef
E: Command line option --force-confold is not understood in combination with the other options

Will get to that tomorrow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: In Progress
Development

Successfully merging this pull request may close these issues.

Create focal -> noble upgrade script
1 participant