Last active
October 5, 2021 03:51
-
-
Save conorsch/e7556624df59b2a0f8b81f7c0c4f9b7d to your computer and use it in GitHub Desktop.
QA playbook for testing SD RC debs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# Playbook to update SecureDrop VMs configured with the latest stable release | |
# to use the release candiate packages from apt-test.freedom.press (rather | |
# than apt.freedom.press). Updates the apt repo pubkey with a testing pubkey, | |
# and alters the apt source lists to point to the test server. | |
# | |
# Steps to use this playbook: | |
# | |
# 1. `git checkout 0.7.0` | |
# 2. Provision prod VMs. | |
# 3. Switch to Admin Workstation. | |
# 4. `./securedrop-admin tailsconfig` | |
# 5. `source .venv/bin/activate` (so ansible commands work) | |
# 6. `cd install_files/ansible-base` | |
# 7. `ansible-playbook -vv --diff securedrop-qa.yml` | |
# 8. `ssh app` # start interactive session | |
# 9. `sudo cron-apt -i -s` | |
# 10. Repeat steps 8 & 9 on mon. | |
- name: Configure prod host to accept Release Candidate packages. | |
hosts: securedrop | |
vars: | |
apt_files_to_modify: | |
- /etc/apt/sources.list.d/apt_freedom_press.list | |
- /etc/apt/security.list | |
tasks: | |
- name: Add apt public key for release-candidate repo. | |
apt_key: | |
url: 'https://gist.githubusercontent.com/conorsch/ec4008b111bc3142fca522693f3cce7e/raw/2968621e8ad92db4505a31fcc5776422d7d26729/apt-test%2520apt%2520pubkey' | |
state: present | |
- name: Switch apt repo URLs to staging. | |
replace: | |
dest: "{{ item }}" | |
replace: "apt-test.freedom.press" | |
regexp: 'apt\.freedom\.press' | |
backup: yes | |
with_items: "{{ apt_files_to_modify }}" | |
notify: update apt cache | |
handlers: | |
- name: update apt cache | |
apt: | |
update_cache: yes | |
sudo: yes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment