From cebd7c39601c8ef683742ced6fb8b955b3abe3b8 Mon Sep 17 00:00:00 2001
From: Jack Ivanov <e601809@gmail.com>
Date: Sat, 9 May 2020 17:46:35 +0300
Subject: [PATCH] ubuntu 20.04 support

---
 .github/workflows/main.yml              |  4 +--
 config.cfg                              | 20 +++++++++------
 docs/deploy-to-ubuntu.md                |  2 +-
 docs/deploy-to-unsupported-cloud.md     |  2 +-
 docs/troubleshooting.md                 |  2 +-
 input.yml                               |  2 +-
 roles/cloud-azure/files/deployment.json | 15 ++++++++---
 roles/cloud-azure/tasks/main.yml        |  8 +++++-
 roles/wireguard/tasks/ubuntu.yml        | 34 +++++++++++++------------
 tests/pre-deploy.sh                     |  1 +
 10 files changed, 56 insertions(+), 34 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 662f7c8ed..e0187ab6b 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -29,7 +29,7 @@ jobs:
     runs-on: ubuntu-16.04
     strategy:
       matrix:
-        UBUNTU_VERSION: ["18.04", "19.10"]
+        UBUNTU_VERSION: ["18.04", "20.04"]
     steps:
       - uses: actions/checkout@v1
       - uses: actions/setup-python@v1
@@ -98,7 +98,7 @@ jobs:
     runs-on: ubuntu-16.04
     strategy:
       matrix:
-        UBUNTU_VERSION: ["18.04", "19.10"]
+        UBUNTU_VERSION: ["18.04", "20.04"]
     steps:
       - uses: actions/checkout@v1
       - uses: actions/setup-python@v1
diff --git a/config.cfg b/config.cfg
index 894eb2780..7df5d3fe9 100644
--- a/config.cfg
+++ b/config.cfg
@@ -156,10 +156,14 @@ SSH_keys:
 cloud_providers:
   azure:
     size: Standard_B1S
-    image: 19.10-DAILY
+    image:
+      publisher: Canonical
+      offer: 0001-com-ubuntu-server-focal-daily
+      sku: 20_04-daily-lts
+      version: latest
   digitalocean:
     size: s-1vcpu-1gb
-    image: "ubuntu-19-10-x64"
+    image: "ubuntu-20-04-x64"
   ec2:
     # Change the encrypted flag to "false" to disable AWS volume encryption.
     encrypted: true
@@ -168,31 +172,31 @@ cloud_providers:
     use_existing_eip: false
     size: t2.micro
     image:
-      name: "ubuntu-eoan-19.10"
+      name: "ubuntu-focal-20.04"
       owner: "099720109477"
   gce:
     size: f1-micro
-    image: ubuntu-1910
+    image: ubuntu-2004-lts
     external_static_ip: false
   lightsail:
     size: nano_1_0
     image: ubuntu_18_04
   scaleway:
     size: DEV1-S
-    image: Ubuntu Bionic Beaver
+    image: Ubuntu 20.04 Focal Fossa
     arch: x86_64
   hetzner:
     server_type: cx11
-    image: ubuntu-18.04
+    image: ubuntu-20.04
   openstack:
     flavor_ram: ">=512"
     image:  Ubuntu-18.04
   cloudstack:
     size: Micro
-    image: Linux Ubuntu 19.10 64-bit
+    image: Linux Ubuntu 20.04 LTS 64-bit
     disk: 10
   vultr:
-    os: Ubuntu 19.10 x64
+    os: Ubuntu 20.04 x64
     size: 1024 MB RAM,25 GB SSD,1.00 TB BW
   local:
 
diff --git a/docs/deploy-to-ubuntu.md b/docs/deploy-to-ubuntu.md
index 55a37ae87..2734af541 100644
--- a/docs/deploy-to-ubuntu.md
+++ b/docs/deploy-to-ubuntu.md
@@ -4,7 +4,7 @@ You can use Algo to configure a pre-existing server as an AlgoVPN rather than us
 
 To perform a local installation, install the Algo scripts following the normal installation instructions, then choose:
 ```
-Install to existing Ubuntu 18.04 or 19.10 server (for more advanced users)
+Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users)
 ```
 Make sure your target server is running an unmodified copy of the operating system version specified. The target can be the same system where you've installed the Algo scripts, or a remote system that you are able to access as root via SSH without needing to enter the SSH key passphrase (such as when using `ssh-agent`).
 
diff --git a/docs/deploy-to-unsupported-cloud.md b/docs/deploy-to-unsupported-cloud.md
index 4d6866392..6e1a5f95e 100644
--- a/docs/deploy-to-unsupported-cloud.md
+++ b/docs/deploy-to-unsupported-cloud.md
@@ -2,7 +2,7 @@
 
 Algo officially supports the [cloud providers listed here](https://github.com/trailofbits/algo/blob/master/README.md#deploy-the-algo-server). If you want to deploy Algo on another virtual hosting provider, that provider must support:
 
-1. the base operating system image that Algo uses (Ubuntu 18.04 or 19.10), and
+1. the base operating system image that Algo uses (Ubuntu 18.04 or 20.04), and
 2. a minimum of certain kernel modules required for the strongSwan IPsec server.
 
 Please see the [Required Kernel Modules](https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules) documentation from strongSwan for a list of the specific required modules and a script to check for them. As a first step, we recommend running their shell script to determine initial compatibility with your new hosting provider.
diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
index 5e1700661..6388c7491 100644
--- a/docs/troubleshooting.md
+++ b/docs/troubleshooting.md
@@ -283,7 +283,7 @@ TASK [wireguard : Generate public keys] ****************************************
 
 fatal: [localhost]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: configs/xxx.xxx.xxx.xxx/wireguard//private/dan"}
 ```
-This error is usually hit when using the local install option on a server that isn't Ubuntu 18.04. You should upgrade your server to Ubuntu 18.04. If this doesn't work, try removing `*.lock` files at /etc/wireguard/ as follows:
+This error is usually hit when using the local install option on a server that isn't Ubuntu 18.04 or later. You should upgrade your server to Ubuntu 18.04 or later. If this doesn't work, try removing `*.lock` files at /etc/wireguard/ as follows:
 
 ```ssh
 sudo rm -rf /etc/wireguard/*.lock
diff --git a/input.yml b/input.yml
index 3ee625777..1b06dec6d 100644
--- a/input.yml
+++ b/input.yml
@@ -21,7 +21,7 @@
       - { name: Scaleway, alias: scaleway}
       - { name: OpenStack (DreamCompute optimised), alias: openstack }
       - { name: CloudStack (Exoscale optimised), alias: cloudstack }
-      - { name: "Install to existing Ubuntu 18.04 or 19.10 server (for more advanced users)", alias: local }
+      - { name: "Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users)", alias: local }
   vars_files:
     - config.cfg
 
diff --git a/roles/cloud-azure/files/deployment.json b/roles/cloud-azure/files/deployment.json
index bb055072f..bfc1d6f07 100644
--- a/roles/cloud-azure/files/deployment.json
+++ b/roles/cloud-azure/files/deployment.json
@@ -11,9 +11,18 @@
     "vmSize": {
       "type": "string"
     },
+    "imageReferencePublisher": {
+      "type": "string"
+    },
+    "imageReferenceOffer": {
+      "type": "string"
+    },
     "imageReferenceSku": {
       "type": "string"
     },
+    "imageReferenceVersion": {
+      "type": "string"
+    },
     "SshPort": {
       "type": "int"
     },
@@ -182,10 +191,10 @@
         },
         "storageProfile": {
           "imageReference": {
-            "publisher": "Canonical",
-            "offer": "UbuntuServer",
+            "publisher": "[parameters('imageReferencePublisher')]",
+            "offer": "[parameters('imageReferenceOffer')]",
             "sku": "[parameters('imageReferenceSku')]",
-            "version": "latest"
+            "version": "[parameters('imageReferenceVersion')]"
           },
           "osDisk": {
             "createOption": "FromImage"
diff --git a/roles/cloud-azure/tasks/main.yml b/roles/cloud-azure/tasks/main.yml
index 80b72f804..27615447b 100644
--- a/roles/cloud-azure/tasks/main.yml
+++ b/roles/cloud-azure/tasks/main.yml
@@ -29,8 +29,14 @@
         value: "{{ wireguard_port }}"
       vmSize:
         value: "{{ cloud_providers.azure.size }}"
+      imageReferencePublisher:
+        value: "{{ cloud_providers.azure.image.publisher }}"
+      imageReferenceOffer:
+        value: "{{ cloud_providers.azure.image.offer }}"
       imageReferenceSku:
-        value: "{{ cloud_providers.azure.image }}"
+        value: "{{ cloud_providers.azure.image.sku }}"
+      imageReferenceVersion:
+        value: "{{ cloud_providers.azure.image.version }}"
       SshPort:
         value: "{{ ssh_port }}"
       UserData:
diff --git a/roles/wireguard/tasks/ubuntu.yml b/roles/wireguard/tasks/ubuntu.yml
index 603c065ad..c7cab99cb 100644
--- a/roles/wireguard/tasks/ubuntu.yml
+++ b/roles/wireguard/tasks/ubuntu.yml
@@ -1,12 +1,22 @@
 ---
-- name: WireGuard repository configured
-  apt_repository:
-    repo: ppa:wireguard/wireguard
-    state: present
-  register: result
-  until: result is succeeded
-  retries: 10
-  delay: 3
+- block:
+  - name: WireGuard repository configured
+    apt_repository:
+      repo: ppa:wireguard/wireguard
+      state: present
+    register: result
+    until: result is succeeded
+    retries: 10
+    delay: 3
+
+  - name: Configure unattended-upgrades
+    copy:
+      src: 50-wireguard-unattended-upgrades
+      dest: /etc/apt/apt.conf.d/50-wireguard-unattended-upgrades
+      owner: root
+      group: root
+      mode: 0644
+  when: ansible_facts['distribution_version'] is version('20.04', '<')
 
 - name: WireGuard installed
   apt:
@@ -19,14 +29,6 @@
     dest: /etc/wireguard/.reload-module-on-update
     state: touch
 
-- name: Configure unattended-upgrades
-  copy:
-    src: 50-wireguard-unattended-upgrades
-    dest: /etc/apt/apt.conf.d/50-wireguard-unattended-upgrades
-    owner: root
-    group: root
-    mode: 0644
-
 - name: Set OS specific facts
   set_fact:
     service_name: "wg-quick@{{ wireguard_interface }}"
diff --git a/tests/pre-deploy.sh b/tests/pre-deploy.sh
index d9965159f..69274f0ef 100755
--- a/tests/pre-deploy.sh
+++ b/tests/pre-deploy.sh
@@ -24,6 +24,7 @@ lxc profile set default raw.lxc lxc.aa_profile=unconfined
 lxc profile set default security.privileged true
 lxc profile show default
 lxc launch ubuntu:${UBUNTU_VERSION} algo
+lxc exec algo -- apt remove snapd --purge -y || true
 
 ip addr