Ubuntu 20.04 support (#1782)

* ubuntu 20.04 support * purge snapd for 20.04 * strongswan-starter fix
2025-04-16 22:27:20 +02:00 · 2020-05-10 13:48:30 +03:00 · 2020-05-10 13:48:30 +03:00 · c14ff0d611
commit c14ff0d611
parent 7695372e2b
11 changed files with 60 additions and 35 deletions
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -29,7 +29,7 @@ jobs:
    runs-on: ubuntu-16.04
    strategy:
      matrix:
-        UBUNTU_VERSION: ["18.04", "19.10"]
+        UBUNTU_VERSION: ["18.04", "20.04"]
    steps:
      - uses: actions/checkout@v1
      - uses: actions/setup-python@v1
@ -98,7 +98,7 @@ jobs:
    runs-on: ubuntu-16.04
    strategy:
      matrix:
-        UBUNTU_VERSION: ["18.04", "19.10"]
+        UBUNTU_VERSION: ["18.04", "20.04"]
    steps:
      - uses: actions/checkout@v1
      - uses: actions/setup-python@v1
--- a/config.cfg
+++ b/config.cfg
@ -156,10 +156,14 @@ SSH_keys:
 cloud_providers:
  azure:
    size: Standard_B1S
-    image: 19.10-DAILY
+    image:
+      publisher: Canonical
+      offer: 0001-com-ubuntu-server-focal-daily
+      sku: 20_04-daily-lts
+      version: latest
  digitalocean:
    size: s-1vcpu-1gb
-    image: "ubuntu-19-10-x64"
+    image: "ubuntu-20-04-x64"
  ec2:
    # Change the encrypted flag to "false" to disable AWS volume encryption.
    encrypted: true
@ -168,31 +172,31 @@ cloud_providers:
    use_existing_eip: false
    size: t2.micro
    image:
-      name: "ubuntu-eoan-19.10"
+      name: "ubuntu-focal-20.04"
      owner: "099720109477"
  gce:
    size: f1-micro
-    image: ubuntu-1910
+    image: ubuntu-2004-lts
    external_static_ip: false
  lightsail:
    size: nano_1_0
    image: ubuntu_18_04
  scaleway:
    size: DEV1-S
-    image: Ubuntu Bionic Beaver
+    image: Ubuntu 20.04 Focal Fossa
    arch: x86_64
  hetzner:
    server_type: cx11
-    image: ubuntu-18.04
+    image: ubuntu-20.04
  openstack:
    flavor_ram: ">=512"
    image:  Ubuntu-18.04
  cloudstack:
    size: Micro
-    image: Linux Ubuntu 19.10 64-bit
+    image: Linux Ubuntu 20.04 LTS 64-bit
    disk: 10
  vultr:
-    os: Ubuntu 19.10 x64
+    os: Ubuntu 20.04 x64
    size: 1024 MB RAM,25 GB SSD,1.00 TB BW
  local:

--- a/docs/deploy-to-ubuntu.md
+++ b/docs/deploy-to-ubuntu.md
@ -4,7 +4,7 @@ You can use Algo to configure a pre-existing server as an AlgoVPN rather than us

 To perform a local installation, install the Algo scripts following the normal installation instructions, then choose:
 ```
-Install to existing Ubuntu 18.04 or 19.10 server (for more advanced users)
+Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users)
 ```
 Make sure your target server is running an unmodified copy of the operating system version specified. The target can be the same system where you've installed the Algo scripts, or a remote system that you are able to access as root via SSH without needing to enter the SSH key passphrase (such as when using `ssh-agent`).

--- a/docs/deploy-to-unsupported-cloud.md
+++ b/docs/deploy-to-unsupported-cloud.md
@ -2,7 +2,7 @@

 Algo officially supports the [cloud providers listed here](https://github.com/trailofbits/algo/blob/master/README.md#deploy-the-algo-server). If you want to deploy Algo on another virtual hosting provider, that provider must support:

-1. the base operating system image that Algo uses (Ubuntu 18.04 or 19.10), and
+1. the base operating system image that Algo uses (Ubuntu 18.04 or 20.04), and
 2. a minimum of certain kernel modules required for the strongSwan IPsec server.

 Please see the [Required Kernel Modules](https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules) documentation from strongSwan for a list of the specific required modules and a script to check for them. As a first step, we recommend running their shell script to determine initial compatibility with your new hosting provider.
--- a/docs/troubleshooting.md
+++ b/docs/troubleshooting.md
@ -283,7 +283,7 @@ TASK [wireguard : Generate public keys] ****************************************

 fatal: [localhost]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: configs/xxx.xxx.xxx.xxx/wireguard//private/dan"}
 ```
-This error is usually hit when using the local install option on a server that isn't Ubuntu 18.04. You should upgrade your server to Ubuntu 18.04. If this doesn't work, try removing `*.lock` files at /etc/wireguard/ as follows:
+This error is usually hit when using the local install option on a server that isn't Ubuntu 18.04 or later. You should upgrade your server to Ubuntu 18.04 or later. If this doesn't work, try removing `*.lock` files at /etc/wireguard/ as follows:

 ```ssh
 sudo rm -rf /etc/wireguard/*.lock
--- a/input.yml
+++ b/input.yml
@ -21,7 +21,7 @@
      - { name: Scaleway, alias: scaleway}
      - { name: OpenStack (DreamCompute optimised), alias: openstack }
      - { name: CloudStack (Exoscale optimised), alias: cloudstack }
-      - { name: "Install to existing Ubuntu 18.04 or 19.10 server (for more advanced users)", alias: local }
+      - { name: "Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users)", alias: local }
  vars_files:
    - config.cfg

--- a/roles/cloud-azure/files/deployment.json
+++ b/roles/cloud-azure/files/deployment.json
@ -11,9 +11,18 @@
    "vmSize": {
      "type": "string"
    },
+    "imageReferencePublisher": {
+      "type": "string"
+    },
+    "imageReferenceOffer": {
+      "type": "string"
+    },
    "imageReferenceSku": {
      "type": "string"
    },
+    "imageReferenceVersion": {
+      "type": "string"
+    },
    "SshPort": {
      "type": "int"
    },
@ -182,10 +191,10 @@
        },
        "storageProfile": {
          "imageReference": {
-            "publisher": "Canonical",
-            "offer": "UbuntuServer",
+            "publisher": "[parameters('imageReferencePublisher')]",
+            "offer": "[parameters('imageReferenceOffer')]",
            "sku": "[parameters('imageReferenceSku')]",
-            "version": "latest"
+            "version": "[parameters('imageReferenceVersion')]"
          },
          "osDisk": {
            "createOption": "FromImage"
--- a/roles/cloud-azure/tasks/main.yml
+++ b/roles/cloud-azure/tasks/main.yml
@ -29,8 +29,14 @@
        value: "{{ wireguard_port }}"
      vmSize:
        value: "{{ cloud_providers.azure.size }}"
+      imageReferencePublisher:
+        value: "{{ cloud_providers.azure.image.publisher }}"
+      imageReferenceOffer:
+        value: "{{ cloud_providers.azure.image.offer }}"
      imageReferenceSku:
-        value: "{{ cloud_providers.azure.image }}"
+        value: "{{ cloud_providers.azure.image.sku }}"
+      imageReferenceVersion:
+        value: "{{ cloud_providers.azure.image.version }}"
      SshPort:
        value: "{{ ssh_port }}"
      UserData:
--- a/roles/strongswan/defaults/main.yml
+++ b/roles/strongswan/defaults/main.yml
@ -3,7 +3,7 @@ ipsec_config_path: "configs/{{ IP_subject_alt_name }}/ipsec/"
 ipsec_pki_path: "{{ ipsec_config_path }}/.pki/"
 strongswan_shell: /usr/sbin/nologin
 strongswan_home: /var/lib/strongswan
-strongswan_service: "{{ 'strongswan-starter' if ansible_distribution_major_version|int > 19 else 'strongswan' }}"
+strongswan_service: "{{ 'strongswan-starter' if ansible_facts['distribution_version'] is version('20.04', '>=') else 'strongswan' }}"
 BetweenClients_DROP: true
 algo_ondemand_cellular: false
 algo_ondemand_wifi: false
--- a/roles/wireguard/tasks/ubuntu.yml
+++ b/roles/wireguard/tasks/ubuntu.yml
@ -1,12 +1,22 @@
 ---
- name: WireGuard repository configured
-  apt_repository:
-    repo: ppa:wireguard/wireguard
-    state: present
-  register: result
-  until: result is succeeded
-  retries: 10
-  delay: 3
+- block:
+  - name: WireGuard repository configured
+    apt_repository:
+      repo: ppa:wireguard/wireguard
+      state: present
+    register: result
+    until: result is succeeded
+    retries: 10
+    delay: 3
+
+  - name: Configure unattended-upgrades
+    copy:
+      src: 50-wireguard-unattended-upgrades
+      dest: /etc/apt/apt.conf.d/50-wireguard-unattended-upgrades
+      owner: root
+      group: root
+      mode: 0644
+  when: ansible_facts['distribution_version'] is version('20.04', '<')

 - name: WireGuard installed
  apt:
@ -19,14 +29,6 @@
    dest: /etc/wireguard/.reload-module-on-update
    state: touch

- name: Configure unattended-upgrades
-  copy:
-    src: 50-wireguard-unattended-upgrades
-    dest: /etc/apt/apt.conf.d/50-wireguard-unattended-upgrades
-    owner: root
-    group: root
-    mode: 0644
-
 - name: Set OS specific facts
  set_fact:
    service_name: "wg-quick@{{ wireguard_interface }}"
--- a/tests/pre-deploy.sh
+++ b/tests/pre-deploy.sh
@ -25,6 +25,10 @@ lxc profile set default security.privileged true
 lxc profile show default
 lxc launch ubuntu:${UBUNTU_VERSION} algo

+if [[ ${UBUNTU_VERSION} == "20.04" ]]; then
+  lxc exec algo -- apt remove snapd --purge -y || true
+fi
+
 ip addr

 until dig A +short algo.lxd @10.0.8.1 | grep -vE '^$' > /dev/null; do