From fe50a21cfd997dbfd6d9908e342c2230247e2d37 Mon Sep 17 00:00:00 2001
From: Jamil Bou Kheir <jamil@elbii.com>
Date: Sat, 4 Sep 2021 04:07:07 +0000
Subject: [PATCH] Provision in stages

---
 .ci/provision/build.sh        |  8 +++
 .ci/provision/centos_7.sh     | 28 -----------
 .ci/provision/centos_8.sh     | 28 -----------
 .ci/provision/debian_10.sh    | 30 +----------
 .ci/provision/debian_11.sh    | 28 -----------
 .ci/provision/fedora_33.sh    | 28 -----------
 .ci/provision/fedora_34.sh    | 28 -----------
 .ci/provision/initialize.sh   | 13 +++++
 .ci/provision/ruby.sh         | 18 +++++++
 .ci/provision/ubuntu_18.04.sh | 28 -----------
 .ci/provision/ubuntu_20.04.sh | 28 -----------
 Vagrantfile                   | 93 ++++++++++++++++++++++++++++++++++-
 12 files changed, 131 insertions(+), 227 deletions(-)
 create mode 100755 .ci/provision/build.sh
 create mode 100755 .ci/provision/initialize.sh
 create mode 100755 .ci/provision/ruby.sh

diff --git a/.ci/provision/build.sh b/.ci/provision/build.sh
new file mode 100755
index 000000000..38ae42e22
--- /dev/null
+++ b/.ci/provision/build.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+set -ex
+
+# Build omnibus package
+cd /vagrant/omnibus
+sudo mkdir -p /opt/firezone
+sudo chown -R ${USER} /opt/firezone
+bin/omnibus build firezone
diff --git a/.ci/provision/centos_7.sh b/.ci/provision/centos_7.sh
index 483fd1215..cc2b2bcbd 100755
--- a/.ci/provision/centos_7.sh
+++ b/.ci/provision/centos_7.sh
@@ -30,31 +30,3 @@ sudo localectl set-locale LANG=en_US.UTF-8
 sudo yum install -y epel-release elrepo-release
 sudo yum install -y yum-plugin-elrepo
 sudo yum install -y kmod-wireguard
-
-# Install asdf ruby
-if [ ! -d $HOME/.asdf ]; then
-  git clone --depth 1 https://github.com/asdf-vm/asdf.git $HOME/.asdf
-fi
-grep -qxF '. $HOME/.asdf/asdf.sh' $HOME/.bashrc || echo '. $HOME/.asdf/asdf.sh' >> $HOME/.bashrc
-grep -qxF '. $HOME/.asdf/completions/asdf.bash' $HOME/.bashrc || echo '. $HOME/.asdf/completions/asdf.bash' >> $HOME/.bashrc
-. $HOME/.asdf/asdf.sh
-asdf list ruby || asdf plugin-add ruby
-cd /vagrant
-asdf install
-
-# Install omnibus
-cd omnibus
-gem install bundler
-bundle install --binstubs
-
-# Build omnibus package
-sudo mkdir -p /opt/firezone
-sudo chown -R ${USER} /opt/firezone
-bin/omnibus build firezone
-
-sudo rpm -i pkg/firezone*.rpm
-
-# Usually fails the first time
-sudo firezone-ctl reconfigure || true
-
-sudo firezone-ctl restart
diff --git a/.ci/provision/centos_8.sh b/.ci/provision/centos_8.sh
index 384574fa6..c54d4d813 100755
--- a/.ci/provision/centos_8.sh
+++ b/.ci/provision/centos_8.sh
@@ -24,31 +24,3 @@ sudo localectl set-locale LANG=en_US.UTF-8
 # Install WireGuard module
 sudo yum install -y epel-release elrepo-release
 sudo yum install -y kmod-wireguard
-
-# Install asdf ruby
-if [ ! -d $HOME/.asdf ]; then
-  git clone --depth 1 https://github.com/asdf-vm/asdf.git $HOME/.asdf
-fi
-grep -qxF '. $HOME/.asdf/asdf.sh' $HOME/.bashrc || echo '. $HOME/.asdf/asdf.sh' >> $HOME/.bashrc
-grep -qxF '. $HOME/.asdf/completions/asdf.bash' $HOME/.bashrc || echo '. $HOME/.asdf/completions/asdf.bash' >> $HOME/.bashrc
-. $HOME/.asdf/asdf.sh
-asdf list ruby || asdf plugin-add ruby
-cd /vagrant
-asdf install
-
-# Install omnibus
-cd omnibus
-gem install bundler
-bundle install --binstubs
-
-# Build omnibus package
-sudo mkdir -p /opt/firezone
-sudo chown -R ${USER} /opt/firezone
-bin/omnibus build firezone
-
-sudo rpm -i pkg/firezone*.rpm
-
-# Usually fails the first time
-sudo firezone-ctl reconfigure || true
-
-sudo firezone-ctl restart
diff --git a/.ci/provision/debian_10.sh b/.ci/provision/debian_10.sh
index fcff7a6c9..726a1d9d8 100755
--- a/.ci/provision/debian_10.sh
+++ b/.ci/provision/debian_10.sh
@@ -25,7 +25,7 @@ sudo apt-get install -y -q \
 
 # Bug in the latest libcurl3-gnutls causes git to fail.
 # See https://superuser.com/questions/1642858/git-on-debian-10-backports-throws-fatal-unable-to-access-https-github-com-us
-sudo apt-get install -y -q libcurl3-gnutls=7.64.0-4+deb10u2
+sudo apt-get install -y -q --allow-downgrades libcurl3-gnutls=7.64.0-4+deb10u2
 
 # Set locale
 sudo sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen
@@ -33,31 +33,3 @@ sudo locale-gen
 export LANG=en_US.UTF-8
 export LANGUAGE=en_US:en
 export LC_ALL=en_US.UTF-8
-
-# Install asdf
-if [ ! -d $HOME/.asdf ]; then
-  git clone --depth 1 https://github.com/asdf-vm/asdf.git $HOME/.asdf
-fi
-grep -qxF '. $HOME/.asdf/asdf.sh' $HOME/.bashrc || echo '. $HOME/.asdf/asdf.sh' >> $HOME/.bashrc
-grep -qxF '. $HOME/.asdf/completions/asdf.bash' $HOME/.bashrc || echo '. $HOME/.asdf/completions/asdf.bash' >> $HOME/.bashrc
-. $HOME/.asdf/asdf.sh
-asdf list ruby || asdf plugin-add ruby
-cd /vagrant
-asdf install
-
-# Install omnibus
-cd omnibus
-gem install bundler
-bundle install --binstubs
-
-# Build omnibus package
-sudo mkdir -p /opt/firezone
-sudo chown -R ${USER} /opt/firezone
-bin/omnibus build firezone
-
-sudo dpkg -i pkg/firezone*.deb
-
-# Usually fails the first time
-sudo firezone-ctl reconfigure || true
-
-sudo firezone-ctl restart
diff --git a/.ci/provision/debian_11.sh b/.ci/provision/debian_11.sh
index b84bc4c9f..b40131f2b 100755
--- a/.ci/provision/debian_11.sh
+++ b/.ci/provision/debian_11.sh
@@ -29,31 +29,3 @@ sudo locale-gen
 export LANG=en_US.UTF-8
 export LANGUAGE=en_US:en
 export LC_ALL=en_US.UTF-8
-
-# Install asdf
-if [ ! -d $HOME/.asdf ]; then
-  git clone --depth 1 https://github.com/asdf-vm/asdf.git $HOME/.asdf
-fi
-grep -qxF '. $HOME/.asdf/asdf.sh' $HOME/.bashrc || echo '. $HOME/.asdf/asdf.sh' >> $HOME/.bashrc
-grep -qxF '. $HOME/.asdf/completions/asdf.bash' $HOME/.bashrc || echo '. $HOME/.asdf/completions/asdf.bash' >> $HOME/.bashrc
-. $HOME/.asdf/asdf.sh
-asdf list ruby || asdf plugin-add ruby
-cd /vagrant
-asdf install
-
-# Install omnibus
-cd omnibus
-gem install bundler
-bundle install --binstubs
-
-# Build omnibus package
-sudo mkdir -p /opt/firezone
-sudo chown -R ${USER} /opt/firezone
-bin/omnibus build firezone
-
-sudo dpkg -i pkg/firezone*.deb
-
-# Usually fails the first time
-sudo firezone-ctl reconfigure || true
-
-sudo firezone-ctl restart
diff --git a/.ci/provision/fedora_33.sh b/.ci/provision/fedora_33.sh
index 5b25367af..316a7c2f0 100755
--- a/.ci/provision/fedora_33.sh
+++ b/.ci/provision/fedora_33.sh
@@ -22,31 +22,3 @@ sudo yum install -y \
 # Set locale
 sudo bash -c 'echo "LANG=en_US.UTF-8" > /etc/locale.conf'
 sudo localectl set-locale LANG=en_US.UTF-8
-
-# Install asdf
-if [ ! -d $HOME/.asdf ]; then
-  git clone --depth 1 https://github.com/asdf-vm/asdf.git $HOME/.asdf
-fi
-grep -qxF '. $HOME/.asdf/asdf.sh' $HOME/.bashrc || echo '. $HOME/.asdf/asdf.sh' >> $HOME/.bashrc
-grep -qxF '. $HOME/.asdf/completions/asdf.bash' $HOME/.bashrc || echo '. $HOME/.asdf/completions/asdf.bash' >> $HOME/.bashrc
-. $HOME/.asdf/asdf.sh
-asdf list ruby || asdf plugin-add ruby
-cd /vagrant
-asdf install
-
-# Install omnibus
-cd omnibus
-gem install bundler
-bundle install --binstubs
-
-# Build omnibus package
-sudo mkdir -p /opt/firezone
-sudo chown -R ${USER} /opt/firezone
-bin/omnibus build firezone
-
-sudo rpm -i pkg/firezone*.rpm
-
-# Usually fails the first time
-sudo firezone-ctl reconfigure || true
-
-sudo firezone-ctl restart
diff --git a/.ci/provision/fedora_34.sh b/.ci/provision/fedora_34.sh
index 5b25367af..316a7c2f0 100755
--- a/.ci/provision/fedora_34.sh
+++ b/.ci/provision/fedora_34.sh
@@ -22,31 +22,3 @@ sudo yum install -y \
 # Set locale
 sudo bash -c 'echo "LANG=en_US.UTF-8" > /etc/locale.conf'
 sudo localectl set-locale LANG=en_US.UTF-8
-
-# Install asdf
-if [ ! -d $HOME/.asdf ]; then
-  git clone --depth 1 https://github.com/asdf-vm/asdf.git $HOME/.asdf
-fi
-grep -qxF '. $HOME/.asdf/asdf.sh' $HOME/.bashrc || echo '. $HOME/.asdf/asdf.sh' >> $HOME/.bashrc
-grep -qxF '. $HOME/.asdf/completions/asdf.bash' $HOME/.bashrc || echo '. $HOME/.asdf/completions/asdf.bash' >> $HOME/.bashrc
-. $HOME/.asdf/asdf.sh
-asdf list ruby || asdf plugin-add ruby
-cd /vagrant
-asdf install
-
-# Install omnibus
-cd omnibus
-gem install bundler
-bundle install --binstubs
-
-# Build omnibus package
-sudo mkdir -p /opt/firezone
-sudo chown -R ${USER} /opt/firezone
-bin/omnibus build firezone
-
-sudo rpm -i pkg/firezone*.rpm
-
-# Usually fails the first time
-sudo firezone-ctl reconfigure || true
-
-sudo firezone-ctl restart
diff --git a/.ci/provision/initialize.sh b/.ci/provision/initialize.sh
new file mode 100755
index 000000000..3b134fe85
--- /dev/null
+++ b/.ci/provision/initialize.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+set -ex
+
+which rpm
+if [ $? -eq 0 ]; then
+  sudo rpm -i pkg/firezone*.rpm
+else
+  sudo dpkg -i pkg/firezone*.deb
+fi
+
+# Usually fails the first time
+sudo firezone-ctl reconfigure || true
+sudo firezone-ctl restart
diff --git a/.ci/provision/ruby.sh b/.ci/provision/ruby.sh
new file mode 100755
index 000000000..982cfe055
--- /dev/null
+++ b/.ci/provision/ruby.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+set -ex
+
+# Install asdf ruby
+if [ ! -d $HOME/.asdf ]; then
+  git clone --depth 1 https://github.com/asdf-vm/asdf.git $HOME/.asdf
+fi
+grep -qxF '. $HOME/.asdf/asdf.sh' $HOME/.bashrc || echo '. $HOME/.asdf/asdf.sh' >> $HOME/.bashrc
+grep -qxF '. $HOME/.asdf/completions/asdf.bash' $HOME/.bashrc || echo '. $HOME/.asdf/completions/asdf.bash' >> $HOME/.bashrc
+. $HOME/.asdf/asdf.sh
+asdf list ruby || asdf plugin-add ruby
+cd /vagrant
+asdf install
+
+# Install omnibus
+cd omnibus
+gem install bundler
+bundle install --binstubs
diff --git a/.ci/provision/ubuntu_18.04.sh b/.ci/provision/ubuntu_18.04.sh
index 3f7d181db..1bc0a199d 100755
--- a/.ci/provision/ubuntu_18.04.sh
+++ b/.ci/provision/ubuntu_18.04.sh
@@ -29,31 +29,3 @@ sudo locale-gen
 export LANG=en_US.UTF-8
 export LANGUAGE=en_US:en
 export LC_ALL=en_US.UTF-8
-
-# Install asdf ruby
-if [ ! -d $HOME/.asdf ]; then
-  git clone --depth 1 https://github.com/asdf-vm/asdf.git $HOME/.asdf
-fi
-grep -qxF '. $HOME/.asdf/asdf.sh' $HOME/.bashrc || echo '. $HOME/.asdf/asdf.sh' >> $HOME/.bashrc
-grep -qxF '. $HOME/.asdf/completions/asdf.bash' $HOME/.bashrc || echo '. $HOME/.asdf/completions/asdf.bash' >> $HOME/.bashrc
-. $HOME/.asdf/asdf.sh
-asdf list ruby || asdf plugin-add ruby
-cd /vagrant
-asdf install
-
-# Install omnibus
-cd omnibus
-gem install bundler
-bundle install --binstubs
-
-# Build omnibus package
-sudo mkdir -p /opt/firezone
-sudo chown -R ${USER} /opt/firezone
-bin/omnibus build firezone
-
-sudo dpkg -i pkg/firezone*.deb
-
-# Usually fails the first time
-sudo firezone-ctl reconfigure || true
-
-sudo firezone-ctl restart
diff --git a/.ci/provision/ubuntu_20.04.sh b/.ci/provision/ubuntu_20.04.sh
index 3f7d181db..1bc0a199d 100755
--- a/.ci/provision/ubuntu_20.04.sh
+++ b/.ci/provision/ubuntu_20.04.sh
@@ -29,31 +29,3 @@ sudo locale-gen
 export LANG=en_US.UTF-8
 export LANGUAGE=en_US:en
 export LC_ALL=en_US.UTF-8
-
-# Install asdf ruby
-if [ ! -d $HOME/.asdf ]; then
-  git clone --depth 1 https://github.com/asdf-vm/asdf.git $HOME/.asdf
-fi
-grep -qxF '. $HOME/.asdf/asdf.sh' $HOME/.bashrc || echo '. $HOME/.asdf/asdf.sh' >> $HOME/.bashrc
-grep -qxF '. $HOME/.asdf/completions/asdf.bash' $HOME/.bashrc || echo '. $HOME/.asdf/completions/asdf.bash' >> $HOME/.bashrc
-. $HOME/.asdf/asdf.sh
-asdf list ruby || asdf plugin-add ruby
-cd /vagrant
-asdf install
-
-# Install omnibus
-cd omnibus
-gem install bundler
-bundle install --binstubs
-
-# Build omnibus package
-sudo mkdir -p /opt/firezone
-sudo chown -R ${USER} /opt/firezone
-bin/omnibus build firezone
-
-sudo dpkg -i pkg/firezone*.deb
-
-# Usually fails the first time
-sudo firezone-ctl reconfigure || true
-
-sudo firezone-ctl restart
diff --git a/Vagrantfile b/Vagrantfile
index 802293230..07df13777 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -24,12 +24,24 @@ Vagrant.configure("2") do |config|
     centos7.vm.box = "generic/centos7"
     centos7.vm.box_url = "https://home.cloudfirenetwork.com/vb/centos7.box"
     centos7.vm.network "forwarded_port", guest: 8800, host: ENV.fetch("PORT", 8800)
+
+    # Set up base OS
+    centos7.vm.provision "shell", path: ".ci/provision/centos_7.sh", privileged: false
+
+    # Set up ruby
+    centos7.vm.privision "shell", path: ".ci/provision/ruby.sh", privileged: false
+
+    # Build FireZone
+    centos7.vm.provision "shell", path: ".ci/provision/build.sh", privileged: false
+
     # Install a newer kernel with proper nftables support
     centos7.vm.provision "shell", reboot: true, inline: <<~SHELL
       yum install -y elrepo-release
       yum --enablerepo=elrepo-kernel install -y kernel-lt
     SHELL
-    centos7.vm.provision "shell", path: ".ci/provision/centos_7.sh", privileged: false
+
+    # Initialize and start
+    centos7.vm.provision "shell", path: ".ci/provision/initialize.sh", privileged: false
   end
 
   config.vm.define "centos_8" do |centos8|
@@ -37,6 +49,15 @@ Vagrant.configure("2") do |config|
     centos8.vm.box_url = "https://home.cloudfirenetwork.com/vb/centos8.box"
     centos8.vm.network "forwarded_port", guest: 8800, host: ENV.fetch("PORT", 8801)
     centos8.vm.provision "shell", path: ".ci/provision/centos_8.sh", privileged: false
+
+    # Set up ruby
+    centos8.vm.privision "shell", path: ".ci/provision/ruby.sh", privileged: false
+
+    # Build FireZone
+    centos8.vm.provision "shell", path: ".ci/provision/build.sh", privileged: false
+
+    # Initialize and start
+    centos8.vm.provision "shell", path: ".ci/provision/initialize.sh", privileged: false
   end
 
   config.vm.define "debian_10" do |debian10|
@@ -44,6 +65,27 @@ Vagrant.configure("2") do |config|
     debian10.vm.box_url = "https://home.cloudfirenetwork.com/vb/debian10.box"
     debian10.vm.network "forwarded_port", guest: 8800, host: ENV.fetch("PORT", 8802)
     debian10.vm.provision "shell", path: ".ci/provision/debian_10.sh", privileged: false
+
+    # Set up ruby
+    debian10.vm.privision "shell", path: ".ci/provision/ruby.sh", privileged: false
+
+    # Build FireZone
+    debian10.vm.provision "shell", path: ".ci/provision/build.sh", privileged: false
+
+    # Install newer kernel
+    debian10.vm.provision "shell", reboot: true, inline: <<~SHELL
+      sudo DEBIAN_FRONTEND=noninteractive apt-get remove -y --purge apt-listchanges
+
+      # Add Backports repo
+      sudo bash -c 'echo "deb http://deb.debian.org/debian buster-backports main" > /etc/apt/sources.list.d/backports.list'
+      sudo apt-get -q update
+
+      # Install newer kernel
+      sudo DEBIAN_FRONTEND=noninteractive apt-get -y -t buster-backports dist-upgrade
+    SHELL
+
+    # Initialize and start
+    debian10.vm.provision "shell", path: ".ci/provision/initialize.sh", privileged: false
   end
 
   config.vm.define "fedora_33" do |fedora33|
@@ -51,6 +93,15 @@ Vagrant.configure("2") do |config|
     fedora33.vm.box_url = "https://home.cloudfirenetwork.com/vb/fedora33.box"
     fedora33.vm.network "forwarded_port", guest: 8800, host: ENV.fetch("PORT", 8803)
     fedora33.vm.provision "shell", path: ".ci/provision/fedora_33.sh", privileged: false
+
+    # Set up ruby
+    fedora33.vm.privision "shell", path: ".ci/provision/ruby.sh", privileged: false
+
+    # Build FireZone
+    fedora33.vm.provision "shell", path: ".ci/provision/build.sh", privileged: false
+
+    # Initialize and start
+    fedora33.vm.provision "shell", path: ".ci/provision/initialize.sh", privileged: false
   end
 
   config.vm.define "fedora_34" do |fedora34|
@@ -58,18 +109,38 @@ Vagrant.configure("2") do |config|
     fedora34.vm.box_url = "https://home.cloudfirenetwork.com/vb/fedora34.box"
     fedora34.vm.network "forwarded_port", guest: 8800, host: ENV.fetch("PORT", 8804)
     fedora34.vm.provision "shell", path: ".ci/provision/fedora_34.sh", privileged: false
+
+    # Set up ruby
+    fedora34.vm.privision "shell", path: ".ci/provision/ruby.sh", privileged: false
+
+    # Build FireZone
+    fedora34.vm.provision "shell", path: ".ci/provision/build.sh", privileged: false
+
+    # Initialize and start
+    fedora34.vm.provision "shell", path: ".ci/provision/initialize.sh", privileged: false
   end
 
   config.vm.define "ubuntu_18.04" do |ubuntu1804|
     ubuntu1804.vm.box = "generic/ubuntu1804"
     ubuntu1804.vm.box_url = "https://home.cloudfirenetwork.com/vb/ubuntu1804.box"
     ubuntu1804.vm.network "forwarded_port", guest: 8800, host: ENV.fetch("PORT", 8805)
+    ubuntu1804.vm.provision "shell", path: ".ci/provision/ubuntu_18.04.sh", privileged: false
+
+    # Set up ruby
+    ubuntu1804.vm.privision "shell", path: ".ci/provision/ruby.sh", privileged: false
+
+    # Build FireZone
+    ubuntu1804.vm.provision "shell", path: ".ci/provision/build.sh", privileged: false
+
+    # Upgrade kernel
     ubuntu1804.vm.provision "shell", reboot: true, inline: <<~SHELL
       export DEBIAN_FRONTEND=noninteractive
       sudo apt-get -q update
       sudo apt-get install -y linux-image-generic-hwe-18.04 linux-headers-generic-hwe-18.04
     SHELL
-    ubuntu1804.vm.provision "shell", path: ".ci/provision/ubuntu_18.04.sh", privileged: false
+
+    # Initialize and start
+    ubuntu1804.vm.provision "shell", path: ".ci/provision/initialize.sh", privileged: false
   end
 
   config.vm.define "ubuntu_20.04" do |ubuntu2004|
@@ -77,6 +148,15 @@ Vagrant.configure("2") do |config|
     ubuntu2004.vm.box_url = "https://home.cloudfirenetwork.com/vb/ubuntu2004.box"
     ubuntu2004.vm.network "forwarded_port", guest: 8800, host: ENV.fetch("PORT", 8806)
     ubuntu2004.vm.provision "shell", path: ".ci/provision/ubuntu_20.04.sh", privileged: false
+
+    # Set up ruby
+    ubuntu2004.vm.privision "shell", path: ".ci/provision/ruby.sh", privileged: false
+
+    # Build FireZone
+    ubuntu2004.vm.provision "shell", path: ".ci/provision/build.sh", privileged: false
+
+    # Initialize and start
+    ubuntu2004.vm.provision "shell", path: ".ci/provision/initialize.sh", privileged: false
   end
 
   config.vm.define "debian_11" do |debian11|
@@ -84,5 +164,14 @@ Vagrant.configure("2") do |config|
     debian11.vm.box_url = "https://home.cloudfirenetwork.com/vb/debian11.box"
     debian11.vm.network "forwarded_port", guest: 8800, host: ENV.fetch("PORT", 8807)
     debian11.vm.provision "shell", path: ".ci/provision/debian_11.sh", privileged: false
+
+    # Set up ruby
+    debian11.vm.privision "shell", path: ".ci/provision/ruby.sh", privileged: false
+
+    # Build FireZone
+    debian11.vm.provision "shell", path: ".ci/provision/build.sh", privileged: false
+
+    # Initialize and start
+    debian11.vm.provision "shell", path: ".ci/provision/initialize.sh", privileged: false
   end
 end