Bento Box 2.2.9 does not include tmux

[psivesely]

tmux is launched upon SSH login for our staging and prod VMs and our production installs. In the latest Bento Box (version 2.2.9) this dependency is missing. Since Bento Boxes simply run the Ubuntu installer, they should include the packages in a default Ubuntu install--no more or less. The current script for building these boxes is using Ubuntu 14.04.1 ISO [1], which is actually out of date and we should make a PR to bump them up to Ubuntu 14.04.5 (but that's a side note). The solution is to, with Ansible, explicitly ensure that tmux is installed across all VMs (and thus also for our production installs).

[1] https://github.com/chef/bento/blob/master/ubuntu-14.04-amd64.json#L254

[psivesely]

I've confirmed that this issue will affect new installs as Ubuntu 14.04.5 does not ship tmux [1].

[1] http://releases.ubuntu.com/14.04/ubuntu-14.04.5-desktop-amd64.manifest

[psivesely]

Unconfirmed! That manifest is for the desktop image. It actually is included: http://releases.ubuntu.com/14.04/ubuntu-14.04.5-server-amd64.list.

[psivesely]

Hmm, it should be in the Bento Box then too: http://old-releases.ubuntu.com/releases/14.04.1/ubuntu-14.04.1-server-amd64.list.

[heartsucker]

As an addendum to this, can we add some of the basics things devs probably want (vim, emacs)?

[conorsch]

@heartsucker see #1369 for dev tools. I agree with your wishes.

[conorsch]

Hmm, it should be in the Bento Box then too: http://old-releases.ubuntu.com/releases/14.04.1/ubuntu-14.04.1-server-amd64.list.

Also surprised by the omission. Can't explain the divergence yet, but I suspect this line in the preseed config may be related. Will need to run through a build to confirm that assumption.

[conorsch]

Figured it out. The preseed file selects two tasks (which are bundles of packages): standardand ubuntu-server. Looks like what it should be doing is standard and server. The latter is where tmux gets included:

$ tasksel --task-packages server | grep tmux
tmux

The ubuntu/trusty64 box has the server task enabled, whereas the bento box does not. The ubuntu-server task doesn't seem to exist anywhere:

$ tasksel --list-tasks | grep server
i server        Basic Ubuntu server
i openssh-server        OpenSSH server
u dns-server    DNS server
u lamp-server   LAMP server
u mail-server   Mail server
u postgresql-server     PostgreSQL database
u print-server  Print server
u samba-server  Samba file server
u tomcat-server Tomcat Java server

Patching the bento preseed config like so fixes the issue, and the resultant box includes tmux, as expected:

diff --git a/http/ubuntu-14.04/preseed.cfg b/http/ubuntu-14.04/preseed.cfg
index b1350ec..56bfa6b 100644
--- a/http/ubuntu-14.04/preseed.cfg
+++ b/http/ubuntu-14.04/preseed.cfg
@@ -28,4 +28,4 @@ d-i pkgsel/upgrade select full-upgrade
 d-i time/zone string UTC
 d-i user-setup/allow-password-weak boolean true
 d-i user-setup/encrypt-home boolean false
-tasksel tasksel/first multiselect standard, ubuntu-server
+tasksel tasksel/first multiselect standard, server

Not sure where the ubuntu-server task is coming from, but it appears in other preseed configs as well, so perhaps it's been renamed recently. Will dig deeper. Already considering a custom build that matches the SD installation docs so we know exactly what's in the images we're testing.

[psivesely]

You should try to upstream that diff @conorsch. Perhaps the ubuntu-server task used to exist, but has been renamed the server task, and the Chef team just didn't notice. That beats maintaining our own boxes. They should also bump to 14.04.5 as well.

[psivesely]

Okay, filed. https://github.com/chef/bento/issues/652 & https://github.com/chef/bento/issues/653.

[conorsch]

You should try to upstream that diff @conorsch.

@fowlslegs Done: https://github.com/chef/bento/pull/654

That beats maintaining our own boxes.

Agreed! Additionally, the presence of a swapfile in the base box can work to our advantage—our Ansible config currently doesn't fully deactivate swap partitions as intended, which the Serverspec tests caught while running against the new Bento base boxes (see #1387).

They should also bump to 14.04.5 as well.

Mentioned in https://github.com/chef/bento/issues/652, but bears repeating here: the build process does upgrade the box to 14.04.5, and the base of 14.04.1 is intentional.

[psivesely]

This should be fixed soon as https://github.com/chef/bento/pull/654 was merged yesterday.

[conorsch]

Version 2.3.0 of the bento boxes resolves the issue, and tmux is included in the bento/ubuntu-14.04 boxes. Leaving issue open because it's sane to install tmux, given that our config explicitly requires it.

[psivesely]

Going to assign you to include tmux in the relevant role @conorsch.

[conorsch]

The SecureDrop config requires tmux for interactive shells, and assumes that tmux is present during install time—but doesn't explicitly ensure presence at install time. We should update the common role to install tmux explicitly, otherwise interactive shell sessions on the servers may fail if an Admin did not follow the server install guide carefully.

To be clear, the VMs used for testing and development do indeed include tmux again, so this is no longer an issue for the development environment.