Merge pull request #990 from mkllnk/ubuntu24

Add support for Ubuntu 22 and Ubuntu 24
openfoodfoundation · Jan 21, 2025 · 461822b · 461822b
2 parents a91ec3e + 40078bc
commit 461822b
Show file tree

Hide file tree

Showing 8 changed files with 42 additions and 43 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -7,14 +7,14 @@ on:
 
 jobs:
   ansible-lint:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@v3
 
       - uses: actions/setup-python@v4
         with:
-          python-version: '3.10.15'
+          python-version: '3.10.16'
 
       - name: Set up Ansible
         run: |
@@ -25,7 +25,17 @@ jobs:
         run: bin/lint
 
   playbook-tests-lxc:
+    # Ubuntu 22 and newer install lxd via snap which complicates things.
+    # When we need to update from Ubuntu 20 then we can use incus which is
+    # now the better fork of lxd.
     runs-on: ubuntu-20.04
+    strategy:
+      fail-fast: false
+      matrix:
+        image:
+          - "ubuntu:20.04"
+          - "ubuntu:22.04"
+          - "ubuntu:24.04"
     steps:
       - uses: actions/checkout@v3
 
@@ -54,37 +64,7 @@ jobs:
           sudo lxd init --auto
           sudo usermod -aG lxd "$USER"
           ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
-          sudo su -c "`pwd`/bin/setup-lxc" - "$USER"
+          sudo su -c "LXC_IMAGE='${{ matrix.image }}' `pwd`/bin/setup-lxc" - "$USER"
 
       - name: Test Playbooks
         run: ansible-playbook tests/suite.yml --limit lxc
-
-  playbook-tests:
-    runs-on: ubuntu-20.04
-    steps:
-      - uses: actions/checkout@v3
-
-      - uses: actions/setup-python@v4
-        with:
-          python-version: '3.10.15'
-
-      - name: Set up Ansible
-        run: |
-          pip install -r requirements.txt
-          bin/setup
-
-      - name: Cache Ruby binary compiling
-        id: cache-ruby
-        uses: actions/cache@v3
-        with:
-          path: ~/.rbenv
-          key: ${{ runner.os }}-ruby-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-ruby-
-            ${{ runner.os }}-
-
-      - name: Uninstall conflicting packages
-        run: sudo apt remove nginx libgd3
-
-      - name: Test Playbooks
-        run: ansible-playbook tests/suite.yml --limit test --connection local
diff --git a/Vagrantfile b/Vagrantfile
@@ -15,7 +15,9 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
   # options are documented and commented below. For a complete reference,
   # please see the online documentation at vagrantup.com.
 
-  config.vm.box = "generic/ubuntu2004"
+  # Not available in the generic repository yet.
+  #config.vm.box = "generic/ubuntu2404"
+  config.vm.box = "alvistack/ubuntu-24.04"
 
   # VM network config.
   config.vm.network "forwarded_port", guest: 22, host: 2222

diff --git a/bin/requirements.yml b/bin/requirements.yml
@@ -2,6 +2,8 @@
 - src: geerlingguy.security
   version: 1.5.0
 
+# TODO: replace with own role
+# Source repository has been archived without explanation.
 - src: jdauphant.nginx
   version: v2.21.2
 
@@ -13,7 +15,7 @@
   version: v2.0.14
 
 - src: geerlingguy.postgresql
-  version: 3.5.0
+  version: 3.5.2
 
 - src: libre_ops.multi_redis
   version: 1.0.1

diff --git a/bin/setup-lxc b/bin/setup-lxc
@@ -20,7 +20,10 @@
 
 set -e
 
-lxc launch ubuntu:20.04 ofn-dev
+: ${LXC_IMAGE='ubuntu:24.04'}
+
+echo "Launching $LXC_IMAGE container:"
+lxc launch "$LXC_IMAGE" ofn-dev
 
 # The launch can take some time.
 while ! lxc exec ofn-dev -- sh -c 'cat >> .ssh/authorized_keys' < ~/.ssh/id_rsa.pub; do

diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
@@ -82,7 +82,7 @@ postgres_encoding: en_US.utf8
 # Entries marked custom_* can be defined in /host_vars files, and will be appended
 # to the defaults if present. Make sure you use the "list" notation with the dashes!
 
-postgresql_version: "{% if ansible_distribution_major_version == '16' %}9.5{% elif ansible_distribution_major_version == '18' %}10{% else %}12{% endif %}"
+postgresql_version: "{% if ansible_distribution_major_version == '16' %}9.5{% elif ansible_distribution_major_version == '18' %}10{% elif ansible_distribution_major_version == '20' %}12{% elif ansible_distribution_major_version == '22' %}14{% else %}16{% endif %}"
 postgresql_data_dir: "/var/lib/postgresql/{{ postgresql_version }}/main"
 postgresql_bin_path: "/usr/lib/postgresql/{{ postgresql_version }}/bin"
 postgresql_config_path: "/etc/postgresql/{{ postgresql_version }}/main"
@@ -127,8 +127,6 @@ postgresql_global_config_options:
   - option: log_directory
     value: "log"
 
-debezium_version: "0.10.0.Final"
-
 #----------------------------------------------------------------------
 # App variables
 app: openfoodnetwork
@@ -244,9 +242,12 @@ ssl_certificate_key:  "/etc/letsencrypt/live/{{ certbot_cert_name | default(doma
 
 nginx_official_repo: True
 
-nginx_extra_root_params:
-  - load_module modules/ngx_http_brotli_filter_module.so
-  - load_module modules/ngx_http_brotli_static_module.so
+possible_nginx_extra_root_params:
+  - "{{ (ansible_distribution_major_version <= '20') | ternary('load_module modules/ngx_http_brotli_filter_module.so','') }}"
+  - "{{ (ansible_distribution_major_version <= '20') | ternary('load_module modules/ngx_http_brotli_static_module.so','') }}"
+
+# Filter out empty items:
+nginx_extra_root_params: "{{ possible_nginx_extra_root_params | select }}"
 
 nginx_http_params:
   - sendfile "on"
@@ -337,8 +338,10 @@ nginx_sites:
       gzip_types text/css text/javascript text/plain application/javascript application/x-javascript application/json;
       gzip_disable "msie6";
 
+      {% if ansible_distribution_major_version <= "20" %}
       brotli on;
       brotli_types text/css text/javascript text/plain application/javascript application/x-javascript application/json;
+      {% endif %}
 
       try_files $uri/index.html $uri @rails;
 
@@ -368,7 +371,9 @@ nginx_sites:
       location ~ ^/(assets)/ {
         {{ nginx_valid_methods }}
         gzip_static on;
+        {% if ansible_distribution_major_version <= "20" %}
         brotli_static on;
+        {% endif %}
         expires max;
         add_header Cache-Control public;
       }

diff --git a/playbooks/provision.yml b/playbooks/provision.yml
@@ -84,6 +84,7 @@
       tags: certbot
 
     - role: brotli_nginx
+      when: ansible_distribution_major_version <= '20'
       tags: brotli
 
     - role: jdauphant.nginx

diff --git a/roles/app_user/tasks/main.yml b/roles/app_user/tasks/main.yml
@@ -9,6 +9,12 @@
     shell: /bin/bash
   become: yes
 
+- name: Open home directory for reading by nginx
+  file:
+    path: "{{ app_user_home_path }}"
+    mode: "o+x" # Add execute to directory for other users.
+  become: yes
+
 - name: add ssh key
   authorized_key:
     user: "{{ app_user }}"

diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
@@ -14,7 +14,7 @@
   vars:
     packages:
       # Ansible support
-      - python-pycurl
+      - python3-pycurl
       - python3-psycopg2
 
       # unknown why or if needed