Upgrade Vagrant to Ubuntu 22.04 LTS "Jammy Jellyfish"

[nimmolo]

Heavily commented new Vagrantfile for building an upgraded box, a work in progress.

Adds Ubuntu Firefox for Capybara Selenium webdriver testing!
Needs proofreading.

@mo-nathan It seems that Virtualbox may now work on M1
https://osxdaily.com/2022/10/22/you-can-now-run-virtualbox-on-apple-silicon-m1-m2/
https://download.virtualbox.org/virtualbox/7.0.4/VirtualBox-7.0.4_BETA4-154605-macOSArm64.dmg

[JoeCohen]

1. Is the reason for the upgrade to use Selenium for testing?
2. Does it make sense/is it possible to grab the Ruby version from the production server (instead of freezing it at 3.1.2)?
3. Do we need to make changes to the firewall? Also note Docker issue:

nftables is now the default backend for the firewall. All applications on the system must agree on whether they will use the legacy xtables backend or the newer nftables backend. Bug 1968608 96 provides some context that may be helpful. Docker may not be ready for the new nftables backend 342.

https://discourse.ubuntu.com/t/jammy-jellyfish-release-notes/24668

[pellaea]

1. Yes, Selenium is what prompted this.
2. We shouldn't need to make changes to the firewall, since the browser will be headless. No need to, for example, tunnel X windows through the firewall to give the VM access to our display.

[JoeCohen]

Thanks Jason. My concern was whether deploying this will break the existing firewall blacklist/whitelist. (I obviously don't understand how all the pieces fit together.)

…

On Thu, Dec 1, 2022 at 8:49 AM Jason Hollinger ***@***.***> wrote: 1. Yes, Selenium is what prompted this. 2. We shouldn't need to make changes to the firewall, since the browser will be headless. No need to, for example, tunnel X windows through the firewall to give the VM access to our display. — Reply to this email directly, view it on GitHub <#41 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAALDFDAUKL2FSE32IEQRLDWLDJLHANCNFSM6AAAAAASQJDQCY> . You are receiving this because you commented.Message ID: ***@***.***>

[pellaea]

Okay, then I don't understand enough! I'll let Nimmo answer. :) On Thu, Dec 1, 2022 at 11:55 AM Joseph D. Cohen ***@***.***> wrote:

…

Thanks Jason. My concern was whether deploying this will break the existing firewall blacklist/whitelist. (I obviously don't understand how all the pieces fit together.) On Thu, Dec 1, 2022 at 8:49 AM Jason Hollinger ***@***.***> wrote: > > 1. Yes, Selenium is what prompted this. > 2. We shouldn't need to make changes to the firewall, since the > browser will be headless. No need to, for example, tunnel X windows through > the firewall to give the VM access to our display. > > — > Reply to this email directly, view it on GitHub > < #41 (comment) >, > or unsubscribe > < https://github.com/notifications/unsubscribe-auth/AAALDFDAUKL2FSE32IEQRLDWLDJLHANCNFSM6AAAAAASQJDQCY > > . > You are receiving this because you commented.Message ID: > ***@***.***> > — Reply to this email directly, view it on GitHub <#41 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAYTNNIAO5CZP65KJGZUEITWLDJ7XANCNFSM6AAAAAASQJDQCY> . You are receiving this because you commented.Message ID: ***@***.***>

[nimmolo]

I don’t understand that either… but there’s nothing to worry about. After a completely exhausting 12 hours (!) of trying various syntax in Vagrantfile, i still can’t get Vagrant to bundle rubies on the new build. I’m trying one more iteration before I drop the baton. I’ve barely left this desk since tuesday evening. Joe if you’re around please feel free to jump on Slack where Nathan’s been telling me everything he can remember about getting Vagrant working last time. He may know something about the firewall question. You probably know Selenium allows driving the browser in different modes. One of them apparently opens a browser window right in front of you on the machine, and moves around clicking things. The “headless” mode accesses the page directly via a browser api and does the same things without opening a window. Selenium runs in a separate thread from the MO server, and selenium-webdriver runs on a different port, so it may need firewall access even in headless mode. That would be a good thing to research. My first foray indicates yes, we do need to figure out which port selenium-webdriver runs on and permit it.

…

On Dec 1, 2022, at 9:04 AM, Jason Hollinger ***@***.***> wrote: Okay, then I don't understand enough! I'll let Nimmo answer. :) On Thu, Dec 1, 2022 at 11:55 AM Joseph D. Cohen ***@***.***> wrote: > Thanks Jason. > My concern was whether deploying this will break the existing firewall > blacklist/whitelist. (I obviously don't understand how all the pieces fit > together.) > > On Thu, Dec 1, 2022 at 8:49 AM Jason Hollinger ***@***.***> > wrote: > > > > > 1. Yes, Selenium is what prompted this. > > 2. We shouldn't need to make changes to the firewall, since the > > browser will be headless. No need to, for example, tunnel X windows > through > > the firewall to give the VM access to our display. > > > > — > > Reply to this email directly, view it on GitHub > > < > #41 (comment) > >, > > or unsubscribe > > < > https://github.com/notifications/unsubscribe-auth/AAALDFDAUKL2FSE32IEQRLDWLDJLHANCNFSM6AAAAAASQJDQCY > > > > . > > You are receiving this because you commented.Message ID: > > ***@***.***> > > > > — > Reply to this email directly, view it on GitHub > <#41 (comment)>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AAYTNNIAO5CZP65KJGZUEITWLDJ7XANCNFSM6AAAAAASQJDQCY> > . > You are receiving this because you commented.Message ID: > ***@***.***> > — Reply to this email directly, view it on GitHub <#41 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAO3TP2K2E264FASPVGEPJDWLDLDRANCNFSM6AAAAAASQJDQCY>. You are receiving this because you authored the thread.

[pellaea]

re: port for selenium webdriver -- Even if it runs on a different port, unless it's accessing something on the host, there's no reason for us to change the firewall. It probably just communicates with something else *on the VM* via that port -- that is, it is all happening behind the firewall, no need to give access to the host via that port either direction. For example, if you spin up webrick on port 3000, if you want to access that server *from the host* you need to open up port 3000 in the firewall. But if you were to make a request via curl on the command line *in the VM* there is no reason to open up port 3000 in the firewall. On Thu, Dec 1, 2022 at 1:43 PM andrew nimmo ***@***.***> wrote:

…

I don’t understand that either… but there’s nothing to worry about. After a completely exhausting 12 hours (!) of trying various syntax in Vagrantfile, i still can’t get Vagrant to bundle rubies on the new build. I’m trying one more iteration before I drop the baton. I’ve barely left this desk since tuesday evening. Joe if you’re around please feel free to jump on Slack where Nathan’s been telling me everything he can remember about getting Vagrant working last time. He may know something about the firewall question. You probably know Selenium allows driving the browser in different modes. One of them apparently opens a browser window right in front of you on the machine, and moves around clicking things. The “headless” mode accesses the page directly via a browser api and does the same things without opening a window. Selenium runs in a separate thread from the MO server, and selenium-webdriver runs on a different port, so it may need firewall access even in headless mode. That would be a good thing to research. My first foray indicates yes, we do need to figure out which port selenium-webdriver runs on and permit it. > On Dec 1, 2022, at 9:04 AM, Jason Hollinger ***@***.***> wrote: > > > Okay, then I don't understand enough! I'll let Nimmo answer. :) > > On Thu, Dec 1, 2022 at 11:55 AM Joseph D. Cohen ***@***.***> > wrote: > > > Thanks Jason. > > My concern was whether deploying this will break the existing firewall > > blacklist/whitelist. (I obviously don't understand how all the pieces fit > > together.) > > > > On Thu, Dec 1, 2022 at 8:49 AM Jason Hollinger ***@***.***> > > wrote: > > > > > > > > 1. Yes, Selenium is what prompted this. > > > 2. We shouldn't need to make changes to the firewall, since the > > > browser will be headless. No need to, for example, tunnel X windows > > through > > > the firewall to give the VM access to our display. > > > > > > — > > > Reply to this email directly, view it on GitHub > > > < > > #41 (comment) > > >, > > > or unsubscribe > > > < > > https://github.com/notifications/unsubscribe-auth/AAALDFDAUKL2FSE32IEQRLDWLDJLHANCNFSM6AAAAAASQJDQCY > > > > > > . > > > You are receiving this because you commented.Message ID: > > > ***@***.***> > > > > > > > — > > Reply to this email directly, view it on GitHub > > < #41 (comment) >, > > or unsubscribe > > < https://github.com/notifications/unsubscribe-auth/AAYTNNIAO5CZP65KJGZUEITWLDJ7XANCNFSM6AAAAAASQJDQCY > > > . > > You are receiving this because you commented.Message ID: > > ***@***.***> > > > — > Reply to this email directly, view it on GitHub < #41 (comment)>, or unsubscribe < https://github.com/notifications/unsubscribe-auth/AAO3TP2K2E264FASPVGEPJDWLDLDRANCNFSM6AAAAAASQJDQCY >. > You are receiving this because you authored the thread. > — Reply to this email directly, view it on GitHub <#41 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAYTNNNU4IJZX2LDCKG7QOTWLDWUBANCNFSM6AAAAAASQJDQCY> . You are receiving this because you commented.Message ID: ***@***.***>

[JoeCohen]

Re firewall. Would the upgrade affect the functionality of the firewall on the production server? https://bugs.launchpad.net/ufw/+bug/1968608 On Thu, Dec 1, 2022 at 11:18 AM Jason Hollinger ***@***.***> wrote:

…

re: port for selenium webdriver -- Even if it runs on a different port, unless it's accessing something on the host, there's no reason for us to change the firewall. It probably just communicates with something else *on the VM* via that port -- that is, it is all happening behind the firewall, no need to give access to the host via that port either direction. For example, if you spin up webrick on port 3000, if you want to access that server *from the host* you need to open up port 3000 in the firewall. But if you were to make a request via curl on the command line *in the VM* there is no reason to open up port 3000 in the firewall. On Thu, Dec 1, 2022 at 1:43 PM andrew nimmo ***@***.***> wrote: > I don’t understand that either… but there’s nothing to worry about. > > After a completely exhausting 12 hours (!) of trying various syntax in > Vagrantfile, i still can’t get Vagrant to bundle rubies on the new build. > I’m trying one more iteration before I drop the baton. I’ve barely left > this desk since tuesday evening. > > Joe if you’re around please feel free to jump on Slack where Nathan’s been > telling me everything he can remember about getting Vagrant working last > time. He may know something about the firewall question. > > You probably know Selenium allows driving the browser in different modes. > One of them apparently opens a browser window right in front of you on the > machine, and moves around clicking things. The “headless” mode accesses the > page directly via a browser api and does the same things without opening a > window. Selenium runs in a separate thread from the MO server, and > selenium-webdriver runs on a different port, so it may need firewall access > even in headless mode. > > That would be a good thing to research. My first foray indicates yes, we > do need to figure out which port selenium-webdriver runs on and permit it. > > > > > On Dec 1, 2022, at 9:04 AM, Jason Hollinger ***@***.***> wrote: > > > > > > Okay, then I don't understand enough! I'll let Nimmo answer. :) > > > > On Thu, Dec 1, 2022 at 11:55 AM Joseph D. Cohen ***@***.***> > > wrote: > > > > > Thanks Jason. > > > My concern was whether deploying this will break the existing firewall > > > blacklist/whitelist. (I obviously don't understand how all the pieces > fit > > > together.) > > > > > > On Thu, Dec 1, 2022 at 8:49 AM Jason Hollinger ***@***.***> > > > wrote: > > > > > > > > > > > 1. Yes, Selenium is what prompted this. > > > > 2. We shouldn't need to make changes to the firewall, since the > > > > browser will be headless. No need to, for example, tunnel X windows > > > through > > > > the firewall to give the VM access to our display. > > > > > > > > — > > > > Reply to this email directly, view it on GitHub > > > > < > > > > #41 (comment) > > > >, > > > > or unsubscribe > > > > < > > > > https://github.com/notifications/unsubscribe-auth/AAALDFDAUKL2FSE32IEQRLDWLDJLHANCNFSM6AAAAAASQJDQCY > > > > > > > > . > > > > You are receiving this because you commented.Message ID: > > > > ***@***.***> > > > > > > > > > > — > > > Reply to this email directly, view it on GitHub > > > < > #41 (comment) > >, > > > or unsubscribe > > > < > https://github.com/notifications/unsubscribe-auth/AAYTNNIAO5CZP65KJGZUEITWLDJ7XANCNFSM6AAAAAASQJDQCY > > > > > . > > > You are receiving this because you commented.Message ID: > > > ***@***.***> > > > > > — > > Reply to this email directly, view it on GitHub < > #41 (comment) >, > or unsubscribe < > https://github.com/notifications/unsubscribe-auth/AAO3TP2K2E264FASPVGEPJDWLDLDRANCNFSM6AAAAAASQJDQCY > >. > > You are receiving this because you authored the thread. > > > > — > Reply to this email directly, view it on GitHub > < #41 (comment) >, > or unsubscribe > < https://github.com/notifications/unsubscribe-auth/AAYTNNNU4IJZX2LDCKG7QOTWLDWUBANCNFSM6AAAAAASQJDQCY > > . > You are receiving this because you commented.Message ID: > ***@***.***> > — Reply to this email directly, view it on GitHub <#41 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAALDFHYR34CTHMN4EEHMWTWLD2Z3ANCNFSM6AAAAAASQJDQCY> . You are receiving this because you commented.Message ID: ***@***.***>