Fix tests (#14319)

.github/workflows/main.yml

@@ -4,7 +4,7 @@ on: [push, pull_request]
 
 jobs:
   lint:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-20.04
     steps:
       - uses: actions/checkout@v2
       - uses: actions/setup-python@v2.2.2
@@ -26,12 +26,12 @@ jobs:
           ansible-lint -x experimental,package-latest,unnamed-task -v *.yml roles/{local,cloud-*}/*/*.yml
 
   scripted-deploy:
-    runs-on: ubuntu-16.04
+    runs-on: ubuntu-20.04
     strategy:
       matrix:
         UBUNTU_VERSION: ["18.04", "20.04"]
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v2
       - uses: actions/setup-python@v2.2.2
         with:
           python-version: '3.7'
@@ -40,29 +40,20 @@ jobs:
         run: |
           sudo apt update -y
           sudo apt install -y \
-            python3-pip \
-            lxd \
-            expect-dev \
-            debootstrap \
-            tree \
-            bridge-utils \
-            dnsutils \
-            build-essential \
-            libssl-dev \
-            libffi-dev \
-            python3-dev \
-            linux-headers-$(uname -r) \
             wireguard \
             libxml2-utils \
             crudini \
             fping \
             strongswan \
             libstrongswan-standard-plugins \
-            resolvconf
+            openresolv
 
           python3 -m pip install --upgrade pip
           python3 -m pip install -r requirements.txt
 
+          sudo snap refresh lxd
+          sudo lxd init --auto
+
       - name: Provision
         env:
           DEPLOY: cloud-init
@@ -93,13 +84,13 @@ jobs:
           sudo -E bash -x ./tests/wireguard-client.sh
           sudo env "PATH=$PATH" ./tests/ipsec-client.sh
 
-  local-deploy:
-    runs-on: ubuntu-16.04
+  docker-deploy:
+    runs-on: ubuntu-20.04
     strategy:
       matrix:
         UBUNTU_VERSION: ["18.04", "20.04"]
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v2
       - uses: actions/setup-python@v2.2.2
         with:
           python-version: '3.7'
@@ -107,32 +98,22 @@ jobs:
       - name: Install dependencies
         run: |
           set -x
-          sudo add-apt-repository -yu ppa:ubuntu-lxc/stable
           sudo apt update -y
           sudo apt install -y \
-            python3-pip \
-            lxd \
-            expect-dev \
-            debootstrap \
-            tree \
-            bridge-utils \
-            dnsutils \
-            build-essential \
-            libssl-dev \
-            libffi-dev \
-            python3-dev \
-            linux-headers-$(uname -r) \
             wireguard \
             libxml2-utils \
             crudini \
             fping \
             strongswan \
             libstrongswan-standard-plugins \
-            resolvconf
+            openresolv
 
           python3 -m pip install --upgrade pip
           python3 -m pip install -r requirements.txt
 
+          sudo snap refresh lxd
+          sudo lxd init --auto
+
       - name: Provision
         env:
           DEPLOY: docker

install.sh

@@ -22,16 +22,7 @@ installRequirements() {
   export DEBIAN_FRONTEND=noninteractive
   apt-get update
   apt-get install \
-    software-properties-common \
-    git \
-    build-essential \
-    libssl-dev \
-    libffi-dev \
-    python3-dev \
-    python3-pip \
-    python3-setuptools \
     python3-virtualenv \
-    bind9-host \
     jq -y
 }
 

main.yml

@@ -31,7 +31,7 @@
 
     - name: Verify Python meets Algo VPN requirements
       assert:
-        that: (ansible_python.version.major|string + '.' + ansible_python.version.minor|string)|float is version('3.6', '>=')
+        that: (ansible_python.version.major|string + '.' + ansible_python.version.minor|string) is version('3.6', '>=')
         msg: >
           Python version is not supported.
           You must upgrade to at least Python 3.6 to use this version of Algo.

roles/client/handlers/main.yml

@@ -1,3 +1,3 @@
 ---
 - name: restart strongswan
-  service: name=strongswan state=restarted
+  service: name={{ strongswan_service }} state=restarted

tests/algo.conf

@@ -1 +0,0 @@
-dhcp-host=algo,10.0.8.100

tests/lxd-bridge

@@ -1,16 +0,0 @@
-USE_LXD_BRIDGE="true"
-LXD_BRIDGE="lxdbr0"
-UPDATE_PROFILE="true"
-LXD_CONFILE="/etc/default/algo.conf"
-LXD_DOMAIN="lxd"
-LXD_IPV4_ADDR="10.0.8.1"
-LXD_IPV4_NETMASK="255.255.255.0"
-LXD_IPV4_NETWORK="10.0.8.0/24"
-LXD_IPV4_DHCP_RANGE="10.0.8.2,10.0.8.254"
-LXD_IPV4_DHCP_MAX="250"
-LXD_IPV4_NAT="true"
-LXD_IPV6_ADDR=""
-LXD_IPV6_MASK=""
-LXD_IPV6_NETWORK=""
-LXD_IPV6_NAT="false"
-LXD_IPV6_PROXY="false"

tests/pre-deploy.sh

@@ -4,10 +4,6 @@ set -euxo pipefail
 
 sysctl net.ipv6.conf.all.disable_ipv6=0
 
-tar xf $HOME/lxc/cache.tar -C / || echo "Didn't extract cache."
-cp -f tests/lxd-bridge /etc/default/lxd-bridge
-cp -f tests/algo.conf /etc/default/algo.conf
-
 export REPOSITORY=${REPOSITORY:-${GITHUB_REPOSITORY}}
 export _BRANCH=${BRANCH#refs/heads/}
 export BRANCH=${_BRANCH:-${GITHUB_REF#refs/heads/}}
@@ -18,12 +14,16 @@ else
   echo -e "#cloud-config\nssh_authorized_keys:\n - $(cat ~/.ssh/id_rsa.pub)" | lxc profile set default user.user-data -
 fi
 
-systemctl restart lxd-bridge.service lxd-containers.service lxd.service
+lxc network set lxdbr0 ipv4.address 10.0.8.1/24
 
-lxc profile set default raw.lxc lxc.aa_profile=unconfined
+lxc profile set default raw.lxc 'lxc.apparmor.profile = unconfined'
 lxc profile set default security.privileged true
 lxc profile show default
-lxc launch ubuntu:${UBUNTU_VERSION} algo
+
+lxc init ubuntu:${UBUNTU_VERSION} algo
+lxc network attach lxdbr0 algo eth0 eth0
+lxc config device set algo eth0 ipv4.address 10.0.8.100
+lxc start algo
 
 if [[ ${UBUNTU_VERSION} == "20.04" ]]; then
   lxc exec algo -- apt remove snapd --purge -y || true