Skip to content

Instantly share code, notes, and snippets.

@conorsch
Last active October 5, 2021 03:51
Show Gist options
  • Save conorsch/e7556624df59b2a0f8b81f7c0c4f9b7d to your computer and use it in GitHub Desktop.
Save conorsch/e7556624df59b2a0f8b81f7c0c4f9b7d to your computer and use it in GitHub Desktop.
QA playbook for testing SD RC debs
---
# Playbook to update SecureDrop VMs configured with the latest stable release
# to use the release candiate packages from apt-test.freedom.press (rather
# than apt.freedom.press). Updates the apt repo pubkey with a testing pubkey,
# and alters the apt source lists to point to the test server.
#
# Steps to use this playbook:
#
# 1. `git checkout 0.7.0`
# 2. Provision prod VMs.
# 3. Switch to Admin Workstation.
# 4. `./securedrop-admin tailsconfig`
# 5. `source .venv/bin/activate` (so ansible commands work)
# 6. `cd install_files/ansible-base`
# 7. `ansible-playbook -vv --diff securedrop-qa.yml`
# 8. `ssh app` # start interactive session
# 9. `sudo cron-apt -i -s`
# 10. Repeat steps 8 & 9 on mon.
- name: Configure prod host to accept Release Candidate packages.
hosts: securedrop
vars:
apt_files_to_modify:
- /etc/apt/sources.list.d/apt_freedom_press.list
- /etc/apt/security.list
tasks:
- name: Add apt public key for release-candidate repo.
apt_key:
url: 'https://gist.githubusercontent.com/conorsch/ec4008b111bc3142fca522693f3cce7e/raw/2968621e8ad92db4505a31fcc5776422d7d26729/apt-test%2520apt%2520pubkey'
state: present
- name: Switch apt repo URLs to staging.
replace:
dest: "{{ item }}"
replace: "apt-test.freedom.press"
regexp: 'apt\.freedom\.press'
backup: yes
with_items: "{{ apt_files_to_modify }}"
notify: update apt cache
handlers:
- name: update apt cache
apt:
update_cache: yes
sudo: yes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment