Closed emkll closed 3 years ago
(Blocked on #5638)
Now that we have packages on apt-test, this should be unblocked. @rmol will do a first install attempt on NUC7s during the 1/6-1/20 sprint and document findings here.
This is still a very high priority but slipped due to competing QA requirements for 1.7.0. @rmol and @emkll will lead this investigation during the 1/21-2/3 sprint.
Next steps discussed in sprint planning today:
Relatedly, in support of https://github.com/freedomofpress/securedrop-docs/issues/135, @rmol and @zenmonkeykstop will start drafting an outline (can be in the wiki for now) of what the install process looks like (especially the Ubuntu 20.04 install, which is substantially different from our current docs), informed by these initial install runs.
Preliminary findings, based on Mac Mini testing (testing in progress, will edit this comment):
some testinfra test failures when running against the hardware instance on Focal, several of which are app-related which is strange, as the application and its helper services appear to be running correctly:
test_apparmor_enforced
for dhclient
for app, looks like a test issue, aa-status
reports the apparmor profile as being enforced.test_aa_no_denies_in_syslog
for app (lxc/snapd AppArmor violations in syslog, we may need to revisit this test )test_securedrop_rqworker_service
test_securedrop_shredder_service
(looks like a test string issue)test_securedrop_source_deleter_service
test_cron_apt_cron_jobs
x4 (soon to be replaced in #5162 test_ip6tables_drop_everything
looks like FORWARD is set to ACCEPT
, likely due to snap/lxc, more research required@zenmonkeykstop has committed to additional testing on 1U hardware in the next few days; once that's done, we can transition to tracking QA via the release ticket (#5794) and a formal QA matrix.
Successfully installed Focal + SecureDrop on NUC7i7DNHEs, further testing to be documented.
A note for anyone else new to QA-ing is that updating the apt repo to apt-test
and using the apt-test signing key, as well as having Focal installed on the servers, is sufficient for a Focal install (editing securedrop_target_distribution
in install_files/ansible-base/group_vars/all/securedrop
is not required).
Closing this pre-QA ticket; additional reports will be tracked during QA on #5794 and in the QA matrix.
As part of the Focal epic , we have now all (application and infra) tests passing in CI in Focal https://github.com/freedomofpress/securedrop/pull/5638 .
CI and staging environments are virtualized, and as such there can be differences in kernel support, but also with packages installed. This will also help us begin to document any differences in documentation during the install steps of the underlying OS.
This ticket is to track the install of SecureDrop on a hardware server running Ubuntu 20.04 focal. We should
make build-debs focal
app
andmon
servers on the latest Ubuntu 20.04 ISO (20.04.1 as of this writing)focal
channel)