Provision in stages

2026-03-21 11:41:51 +00:00 · 2021-09-04 04:07:07 +00:00
parent 9fec0008b5
commit fe50a21cfd
12 changed files with 131 additions and 227 deletions
--- a/.ci/provision/build.sh
+++ b/.ci/provision/build.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+set -ex
+
+# Build omnibus package
+cd /vagrant/omnibus
+sudo mkdir -p /opt/firezone
+sudo chown -R ${USER} /opt/firezone
+bin/omnibus build firezone
--- a/.ci/provision/centos_7.sh
+++ b/.ci/provision/centos_7.sh
@@ -30,31 +30,3 @@ sudo localectl set-locale LANG=en_US.UTF-8
 sudo yum install -y epel-release elrepo-release
 sudo yum install -y yum-plugin-elrepo
 sudo yum install -y kmod-wireguard
-
-# Install asdf ruby
-if [ ! -d $HOME/.asdf ]; then
-  git clone --depth 1 https://github.com/asdf-vm/asdf.git $HOME/.asdf
-fi
-grep -qxF '. $HOME/.asdf/asdf.sh' $HOME/.bashrc || echo '. $HOME/.asdf/asdf.sh' >> $HOME/.bashrc
-grep -qxF '. $HOME/.asdf/completions/asdf.bash' $HOME/.bashrc || echo '. $HOME/.asdf/completions/asdf.bash' >> $HOME/.bashrc
-. $HOME/.asdf/asdf.sh
-asdf list ruby || asdf plugin-add ruby
-cd /vagrant
-asdf install
-
-# Install omnibus
-cd omnibus
-gem install bundler
-bundle install --binstubs
-
-# Build omnibus package
-sudo mkdir -p /opt/firezone
-sudo chown -R ${USER} /opt/firezone
-bin/omnibus build firezone
-
-sudo rpm -i pkg/firezone*.rpm
-
-# Usually fails the first time
-sudo firezone-ctl reconfigure || true
-
-sudo firezone-ctl restart
--- a/.ci/provision/centos_8.sh
+++ b/.ci/provision/centos_8.sh
@@ -24,31 +24,3 @@ sudo localectl set-locale LANG=en_US.UTF-8
 # Install WireGuard module
 sudo yum install -y epel-release elrepo-release
 sudo yum install -y kmod-wireguard
-
-# Install asdf ruby
-if [ ! -d $HOME/.asdf ]; then
-  git clone --depth 1 https://github.com/asdf-vm/asdf.git $HOME/.asdf
-fi
-grep -qxF '. $HOME/.asdf/asdf.sh' $HOME/.bashrc || echo '. $HOME/.asdf/asdf.sh' >> $HOME/.bashrc
-grep -qxF '. $HOME/.asdf/completions/asdf.bash' $HOME/.bashrc || echo '. $HOME/.asdf/completions/asdf.bash' >> $HOME/.bashrc
-. $HOME/.asdf/asdf.sh
-asdf list ruby || asdf plugin-add ruby
-cd /vagrant
-asdf install
-
-# Install omnibus
-cd omnibus
-gem install bundler
-bundle install --binstubs
-
-# Build omnibus package
-sudo mkdir -p /opt/firezone
-sudo chown -R ${USER} /opt/firezone
-bin/omnibus build firezone
-
-sudo rpm -i pkg/firezone*.rpm
-
-# Usually fails the first time
-sudo firezone-ctl reconfigure || true
-
-sudo firezone-ctl restart
--- a/.ci/provision/debian_10.sh
+++ b/.ci/provision/debian_10.sh
@@ -25,7 +25,7 @@ sudo apt-get install -y -q \

 # Bug in the latest libcurl3-gnutls causes git to fail.
 # See https://superuser.com/questions/1642858/git-on-debian-10-backports-throws-fatal-unable-to-access-https-github-com-us
-sudo apt-get install -y -q libcurl3-gnutls=7.64.0-4+deb10u2
+sudo apt-get install -y -q --allow-downgrades libcurl3-gnutls=7.64.0-4+deb10u2

 # Set locale
 sudo sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen
@@ -33,31 +33,3 @@ sudo locale-gen
 export LANG=en_US.UTF-8
 export LANGUAGE=en_US:en
 export LC_ALL=en_US.UTF-8
-
-# Install asdf
-if [ ! -d $HOME/.asdf ]; then
-  git clone --depth 1 https://github.com/asdf-vm/asdf.git $HOME/.asdf
-fi
-grep -qxF '. $HOME/.asdf/asdf.sh' $HOME/.bashrc || echo '. $HOME/.asdf/asdf.sh' >> $HOME/.bashrc
-grep -qxF '. $HOME/.asdf/completions/asdf.bash' $HOME/.bashrc || echo '. $HOME/.asdf/completions/asdf.bash' >> $HOME/.bashrc
-. $HOME/.asdf/asdf.sh
-asdf list ruby || asdf plugin-add ruby
-cd /vagrant
-asdf install
-
-# Install omnibus
-cd omnibus
-gem install bundler
-bundle install --binstubs
-
-# Build omnibus package
-sudo mkdir -p /opt/firezone
-sudo chown -R ${USER} /opt/firezone
-bin/omnibus build firezone
-
-sudo dpkg -i pkg/firezone*.deb
-
-# Usually fails the first time
-sudo firezone-ctl reconfigure || true
-
-sudo firezone-ctl restart
--- a/.ci/provision/debian_11.sh
+++ b/.ci/provision/debian_11.sh
@@ -29,31 +29,3 @@ sudo locale-gen
 export LANG=en_US.UTF-8
 export LANGUAGE=en_US:en
 export LC_ALL=en_US.UTF-8
-
-# Install asdf
-if [ ! -d $HOME/.asdf ]; then
-  git clone --depth 1 https://github.com/asdf-vm/asdf.git $HOME/.asdf
-fi
-grep -qxF '. $HOME/.asdf/asdf.sh' $HOME/.bashrc || echo '. $HOME/.asdf/asdf.sh' >> $HOME/.bashrc
-grep -qxF '. $HOME/.asdf/completions/asdf.bash' $HOME/.bashrc || echo '. $HOME/.asdf/completions/asdf.bash' >> $HOME/.bashrc
-. $HOME/.asdf/asdf.sh
-asdf list ruby || asdf plugin-add ruby
-cd /vagrant
-asdf install
-
-# Install omnibus
-cd omnibus
-gem install bundler
-bundle install --binstubs
-
-# Build omnibus package
-sudo mkdir -p /opt/firezone
-sudo chown -R ${USER} /opt/firezone
-bin/omnibus build firezone
-
-sudo dpkg -i pkg/firezone*.deb
-
-# Usually fails the first time
-sudo firezone-ctl reconfigure || true
-
-sudo firezone-ctl restart
--- a/.ci/provision/fedora_33.sh
+++ b/.ci/provision/fedora_33.sh
@@ -22,31 +22,3 @@ sudo yum install -y \
 # Set locale
 sudo bash -c 'echo "LANG=en_US.UTF-8" > /etc/locale.conf'
 sudo localectl set-locale LANG=en_US.UTF-8
-
-# Install asdf
-if [ ! -d $HOME/.asdf ]; then
-  git clone --depth 1 https://github.com/asdf-vm/asdf.git $HOME/.asdf
-fi
-grep -qxF '. $HOME/.asdf/asdf.sh' $HOME/.bashrc || echo '. $HOME/.asdf/asdf.sh' >> $HOME/.bashrc
-grep -qxF '. $HOME/.asdf/completions/asdf.bash' $HOME/.bashrc || echo '. $HOME/.asdf/completions/asdf.bash' >> $HOME/.bashrc
-. $HOME/.asdf/asdf.sh
-asdf list ruby || asdf plugin-add ruby
-cd /vagrant
-asdf install
-
-# Install omnibus
-cd omnibus
-gem install bundler
-bundle install --binstubs
-
-# Build omnibus package
-sudo mkdir -p /opt/firezone
-sudo chown -R ${USER} /opt/firezone
-bin/omnibus build firezone
-
-sudo rpm -i pkg/firezone*.rpm
-
-# Usually fails the first time
-sudo firezone-ctl reconfigure || true
-
-sudo firezone-ctl restart
--- a/.ci/provision/fedora_34.sh
+++ b/.ci/provision/fedora_34.sh
@@ -22,31 +22,3 @@ sudo yum install -y \
 # Set locale
 sudo bash -c 'echo "LANG=en_US.UTF-8" > /etc/locale.conf'
 sudo localectl set-locale LANG=en_US.UTF-8
-
-# Install asdf
-if [ ! -d $HOME/.asdf ]; then
-  git clone --depth 1 https://github.com/asdf-vm/asdf.git $HOME/.asdf
-fi
-grep -qxF '. $HOME/.asdf/asdf.sh' $HOME/.bashrc || echo '. $HOME/.asdf/asdf.sh' >> $HOME/.bashrc
-grep -qxF '. $HOME/.asdf/completions/asdf.bash' $HOME/.bashrc || echo '. $HOME/.asdf/completions/asdf.bash' >> $HOME/.bashrc
-. $HOME/.asdf/asdf.sh
-asdf list ruby || asdf plugin-add ruby
-cd /vagrant
-asdf install
-
-# Install omnibus
-cd omnibus
-gem install bundler
-bundle install --binstubs
-
-# Build omnibus package
-sudo mkdir -p /opt/firezone
-sudo chown -R ${USER} /opt/firezone
-bin/omnibus build firezone
-
-sudo rpm -i pkg/firezone*.rpm
-
-# Usually fails the first time
-sudo firezone-ctl reconfigure || true
-
-sudo firezone-ctl restart
--- a/.ci/provision/initialize.sh
+++ b/.ci/provision/initialize.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+set -ex
+
+which rpm
+if [ $? -eq 0 ]; then
+  sudo rpm -i pkg/firezone*.rpm
+else
+  sudo dpkg -i pkg/firezone*.deb
+fi
+
+# Usually fails the first time
+sudo firezone-ctl reconfigure || true
+sudo firezone-ctl restart
--- a/.ci/provision/ruby.sh
+++ b/.ci/provision/ruby.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+set -ex
+
+# Install asdf ruby
+if [ ! -d $HOME/.asdf ]; then
+  git clone --depth 1 https://github.com/asdf-vm/asdf.git $HOME/.asdf
+fi
+grep -qxF '. $HOME/.asdf/asdf.sh' $HOME/.bashrc || echo '. $HOME/.asdf/asdf.sh' >> $HOME/.bashrc
+grep -qxF '. $HOME/.asdf/completions/asdf.bash' $HOME/.bashrc || echo '. $HOME/.asdf/completions/asdf.bash' >> $HOME/.bashrc
+. $HOME/.asdf/asdf.sh
+asdf list ruby || asdf plugin-add ruby
+cd /vagrant
+asdf install
+
+# Install omnibus
+cd omnibus
+gem install bundler
+bundle install --binstubs
--- a/.ci/provision/ubuntu_18.04.sh
+++ b/.ci/provision/ubuntu_18.04.sh
@@ -29,31 +29,3 @@ sudo locale-gen
 export LANG=en_US.UTF-8
 export LANGUAGE=en_US:en
 export LC_ALL=en_US.UTF-8
-
-# Install asdf ruby
-if [ ! -d $HOME/.asdf ]; then
-  git clone --depth 1 https://github.com/asdf-vm/asdf.git $HOME/.asdf
-fi
-grep -qxF '. $HOME/.asdf/asdf.sh' $HOME/.bashrc || echo '. $HOME/.asdf/asdf.sh' >> $HOME/.bashrc
-grep -qxF '. $HOME/.asdf/completions/asdf.bash' $HOME/.bashrc || echo '. $HOME/.asdf/completions/asdf.bash' >> $HOME/.bashrc
-. $HOME/.asdf/asdf.sh
-asdf list ruby || asdf plugin-add ruby
-cd /vagrant
-asdf install
-
-# Install omnibus
-cd omnibus
-gem install bundler
-bundle install --binstubs
-
-# Build omnibus package
-sudo mkdir -p /opt/firezone
-sudo chown -R ${USER} /opt/firezone
-bin/omnibus build firezone
-
-sudo dpkg -i pkg/firezone*.deb
-
-# Usually fails the first time
-sudo firezone-ctl reconfigure || true
-
-sudo firezone-ctl restart
--- a/.ci/provision/ubuntu_20.04.sh
+++ b/.ci/provision/ubuntu_20.04.sh
@@ -29,31 +29,3 @@ sudo locale-gen
 export LANG=en_US.UTF-8
 export LANGUAGE=en_US:en
 export LC_ALL=en_US.UTF-8
-
-# Install asdf ruby
-if [ ! -d $HOME/.asdf ]; then
-  git clone --depth 1 https://github.com/asdf-vm/asdf.git $HOME/.asdf
-fi
-grep -qxF '. $HOME/.asdf/asdf.sh' $HOME/.bashrc || echo '. $HOME/.asdf/asdf.sh' >> $HOME/.bashrc
-grep -qxF '. $HOME/.asdf/completions/asdf.bash' $HOME/.bashrc || echo '. $HOME/.asdf/completions/asdf.bash' >> $HOME/.bashrc
-. $HOME/.asdf/asdf.sh
-asdf list ruby || asdf plugin-add ruby
-cd /vagrant
-asdf install
-
-# Install omnibus
-cd omnibus
-gem install bundler
-bundle install --binstubs
-
-# Build omnibus package
-sudo mkdir -p /opt/firezone
-sudo chown -R ${USER} /opt/firezone
-bin/omnibus build firezone
-
-sudo dpkg -i pkg/firezone*.deb
-
-# Usually fails the first time
-sudo firezone-ctl reconfigure || true
-
-sudo firezone-ctl restart
--- a/93
+++ b/93
@@ -24,12 +24,24 @@ Vagrant.configure("2") do |config|
    centos7.vm.box = "generic/centos7"
    centos7.vm.box_url = "https://home.cloudfirenetwork.com/vb/centos7.box"
    centos7.vm.network "forwarded_port", guest: 8800, host: ENV.fetch("PORT", 8800)
+
+    # Set up base OS
+    centos7.vm.provision "shell", path: ".ci/provision/centos_7.sh", privileged: false
+
+    # Set up ruby
+    centos7.vm.privision "shell", path: ".ci/provision/ruby.sh", privileged: false
+
+    # Build FireZone
+    centos7.vm.provision "shell", path: ".ci/provision/build.sh", privileged: false
+
    # Install a newer kernel with proper nftables support
    centos7.vm.provision "shell", reboot: true, inline: <<~SHELL
      yum install -y elrepo-release
      yum --enablerepo=elrepo-kernel install -y kernel-lt
    SHELL
-    centos7.vm.provision "shell", path: ".ci/provision/centos_7.sh", privileged: false
+
+    # Initialize and start
+    centos7.vm.provision "shell", path: ".ci/provision/initialize.sh", privileged: false
  end

  config.vm.define "centos_8" do |centos8|
@@ -37,6 +49,15 @@ Vagrant.configure("2") do |config|
    centos8.vm.box_url = "https://home.cloudfirenetwork.com/vb/centos8.box"
    centos8.vm.network "forwarded_port", guest: 8800, host: ENV.fetch("PORT", 8801)
    centos8.vm.provision "shell", path: ".ci/provision/centos_8.sh", privileged: false
+
+    # Set up ruby
+    centos8.vm.privision "shell", path: ".ci/provision/ruby.sh", privileged: false
+
+    # Build FireZone
+    centos8.vm.provision "shell", path: ".ci/provision/build.sh", privileged: false
+
+    # Initialize and start
+    centos8.vm.provision "shell", path: ".ci/provision/initialize.sh", privileged: false
  end

  config.vm.define "debian_10" do |debian10|
@@ -44,6 +65,27 @@ Vagrant.configure("2") do |config|
    debian10.vm.box_url = "https://home.cloudfirenetwork.com/vb/debian10.box"
    debian10.vm.network "forwarded_port", guest: 8800, host: ENV.fetch("PORT", 8802)
    debian10.vm.provision "shell", path: ".ci/provision/debian_10.sh", privileged: false
+
+    # Set up ruby
+    debian10.vm.privision "shell", path: ".ci/provision/ruby.sh", privileged: false
+
+    # Build FireZone
+    debian10.vm.provision "shell", path: ".ci/provision/build.sh", privileged: false
+
+    # Install newer kernel
+    debian10.vm.provision "shell", reboot: true, inline: <<~SHELL
+      sudo DEBIAN_FRONTEND=noninteractive apt-get remove -y --purge apt-listchanges
+
+      # Add Backports repo
+      sudo bash -c 'echo "deb http://deb.debian.org/debian buster-backports main" > /etc/apt/sources.list.d/backports.list'
+      sudo apt-get -q update
+
+      # Install newer kernel
+      sudo DEBIAN_FRONTEND=noninteractive apt-get -y -t buster-backports dist-upgrade
+    SHELL
+
+    # Initialize and start
+    debian10.vm.provision "shell", path: ".ci/provision/initialize.sh", privileged: false
  end

  config.vm.define "fedora_33" do |fedora33|
@@ -51,6 +93,15 @@ Vagrant.configure("2") do |config|
    fedora33.vm.box_url = "https://home.cloudfirenetwork.com/vb/fedora33.box"
    fedora33.vm.network "forwarded_port", guest: 8800, host: ENV.fetch("PORT", 8803)
    fedora33.vm.provision "shell", path: ".ci/provision/fedora_33.sh", privileged: false
+
+    # Set up ruby
+    fedora33.vm.privision "shell", path: ".ci/provision/ruby.sh", privileged: false
+
+    # Build FireZone
+    fedora33.vm.provision "shell", path: ".ci/provision/build.sh", privileged: false
+
+    # Initialize and start
+    fedora33.vm.provision "shell", path: ".ci/provision/initialize.sh", privileged: false
  end

  config.vm.define "fedora_34" do |fedora34|
@@ -58,18 +109,38 @@ Vagrant.configure("2") do |config|
    fedora34.vm.box_url = "https://home.cloudfirenetwork.com/vb/fedora34.box"
    fedora34.vm.network "forwarded_port", guest: 8800, host: ENV.fetch("PORT", 8804)
    fedora34.vm.provision "shell", path: ".ci/provision/fedora_34.sh", privileged: false
+
+    # Set up ruby
+    fedora34.vm.privision "shell", path: ".ci/provision/ruby.sh", privileged: false
+
+    # Build FireZone
+    fedora34.vm.provision "shell", path: ".ci/provision/build.sh", privileged: false
+
+    # Initialize and start
+    fedora34.vm.provision "shell", path: ".ci/provision/initialize.sh", privileged: false
  end

  config.vm.define "ubuntu_18.04" do |ubuntu1804|
    ubuntu1804.vm.box = "generic/ubuntu1804"
    ubuntu1804.vm.box_url = "https://home.cloudfirenetwork.com/vb/ubuntu1804.box"
    ubuntu1804.vm.network "forwarded_port", guest: 8800, host: ENV.fetch("PORT", 8805)
+    ubuntu1804.vm.provision "shell", path: ".ci/provision/ubuntu_18.04.sh", privileged: false
+
+    # Set up ruby
+    ubuntu1804.vm.privision "shell", path: ".ci/provision/ruby.sh", privileged: false
+
+    # Build FireZone
+    ubuntu1804.vm.provision "shell", path: ".ci/provision/build.sh", privileged: false
+
+    # Upgrade kernel
    ubuntu1804.vm.provision "shell", reboot: true, inline: <<~SHELL
      export DEBIAN_FRONTEND=noninteractive
      sudo apt-get -q update
      sudo apt-get install -y linux-image-generic-hwe-18.04 linux-headers-generic-hwe-18.04
    SHELL
-    ubuntu1804.vm.provision "shell", path: ".ci/provision/ubuntu_18.04.sh", privileged: false
+
+    # Initialize and start
+    ubuntu1804.vm.provision "shell", path: ".ci/provision/initialize.sh", privileged: false
  end

  config.vm.define "ubuntu_20.04" do |ubuntu2004|
@@ -77,6 +148,15 @@ Vagrant.configure("2") do |config|
    ubuntu2004.vm.box_url = "https://home.cloudfirenetwork.com/vb/ubuntu2004.box"
    ubuntu2004.vm.network "forwarded_port", guest: 8800, host: ENV.fetch("PORT", 8806)
    ubuntu2004.vm.provision "shell", path: ".ci/provision/ubuntu_20.04.sh", privileged: false
+
+    # Set up ruby
+    ubuntu2004.vm.privision "shell", path: ".ci/provision/ruby.sh", privileged: false
+
+    # Build FireZone
+    ubuntu2004.vm.provision "shell", path: ".ci/provision/build.sh", privileged: false
+
+    # Initialize and start
+    ubuntu2004.vm.provision "shell", path: ".ci/provision/initialize.sh", privileged: false
  end

  config.vm.define "debian_11" do |debian11|
@@ -84,5 +164,14 @@ Vagrant.configure("2") do |config|
    debian11.vm.box_url = "https://home.cloudfirenetwork.com/vb/debian11.box"
    debian11.vm.network "forwarded_port", guest: 8800, host: ENV.fetch("PORT", 8807)
    debian11.vm.provision "shell", path: ".ci/provision/debian_11.sh", privileged: false
+
+    # Set up ruby
+    debian11.vm.privision "shell", path: ".ci/provision/ruby.sh", privileged: false
+
+    # Build FireZone
+    debian11.vm.provision "shell", path: ".ci/provision/build.sh", privileged: false
+
+    # Initialize and start
+    debian11.vm.provision "shell", path: ".ci/provision/initialize.sh", privileged: false
  end
 end