diff options
author | Christian Pointner <equinox@spreadspace.org> | 2022-03-28 22:57:54 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2022-03-28 22:57:54 +0200 |
commit | 3353e25592248dad6a0c067ab9c00ed6c3645a47 (patch) | |
tree | 414a519c70156807011e6971adca918dfc4f37c0 | |
parent | add ch-epimetheus to monitoring (diff) |
raspios/image: initial commit
-rw-r--r-- | files/common/keyrings/raspios.gpg | bin | 0 -> 2530 bytes | |||
-rw-r--r-- | inventory/group_vars/chaos-at-home/network.yml | 1 | ||||
-rw-r--r-- | inventory/host_vars/ch-mc-pi.yml | 15 | ||||
-rw-r--r-- | inventory/hosts.ini | 1 | ||||
-rw-r--r-- | roles/raspios/image/defaults/main.yml | 10 | ||||
-rw-r--r-- | roles/raspios/image/tasks/fetch.yml | 52 | ||||
-rw-r--r-- | roles/raspios/image/tasks/main.yml | 55 | ||||
-rw-r--r-- | roles/raspios/image/vars/main.yml | 6 |
8 files changed, 140 insertions, 0 deletions
diff --git a/files/common/keyrings/raspios.gpg b/files/common/keyrings/raspios.gpg Binary files differnew file mode 100644 index 00000000..fb800c19 --- /dev/null +++ b/files/common/keyrings/raspios.gpg diff --git a/inventory/group_vars/chaos-at-home/network.yml b/inventory/group_vars/chaos-at-home/network.yml index cf8046f9..2957a24a 100644 --- a/inventory/group_vars/chaos-at-home/network.yml +++ b/inventory/group_vars/chaos-at-home/network.yml @@ -14,6 +14,7 @@ network_zones: offsets: ch-equinox-ws: 1 ch-mc: 10 + ch-mc-pi: 11 ch-telesto: 20 ch-calypso: 21 ch-thetys: 22 diff --git a/inventory/host_vars/ch-mc-pi.yml b/inventory/host_vars/ch-mc-pi.yml new file mode 100644 index 00000000..a8701c54 --- /dev/null +++ b/inventory/host_vars/ch-mc-pi.yml @@ -0,0 +1,15 @@ +--- +## TODO: remove once autodetection works... +raspios_release_date: "2022-01-28" +#raspios_variant: desktop +raspios_arch: arm64 + +network: + nameservers: "{{ network_zones.lan.dns }}" + domain: "{{ host_domain }}" + primary: &_network_primary_ + name: eth0 + address: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address/prefix') }}" + gateway: "{{ network_zones.lan.gateway }}" + interfaces: + - *_network_primary_ diff --git a/inventory/hosts.ini b/inventory/hosts.ini index e530a847..dfd92646 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -37,6 +37,7 @@ ch-mon host_name=mon ch-omd host_name=omd ch-epimetheus host_name=epimetheus ch-mc host_name=mc +ch-mc-pi host_name=mc-pi ch-atlas host_name=atlas ch-pan host_name=pan ch-keyserver host_name=keyserver diff --git a/roles/raspios/image/defaults/main.yml b/roles/raspios/image/defaults/main.yml new file mode 100644 index 00000000..197d1f7f --- /dev/null +++ b/roles/raspios/image/defaults/main.yml @@ -0,0 +1,10 @@ +--- +raspios_variant: lite ## (lite|desktop|full) +# raspios_release_date: +raspios_codename: "{{ install_codename }}" +# raspios_arch: (arm64|armhf) +raspios_download_dir: "{{ global_cache_dir }}/raspios" + +raspios_output_dir: "{{ global_artifacts_dir }}/{{ inventory_hostname }}/raspios" + +raspios_keep_temporary_build_dir: False diff --git a/roles/raspios/image/tasks/fetch.yml b/roles/raspios/image/tasks/fetch.yml new file mode 100644 index 00000000..c95f1dea --- /dev/null +++ b/roles/raspios/image/tasks/fetch.yml @@ -0,0 +1,52 @@ +--- +- name: Create download directory + file: + dest: "{{ raspios_download_dir }}" + state: directory + +- name: download the raspios image + block: + - name: download sha256sum + get_url: + url: "{{ raspios_download_base_url }}/{{ raspios_download_image_base_name }}.zip.sha256" + dest: "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sha256" + + - name: download signature + get_url: + url: "{{ raspios_download_base_url }}/{{ raspios_download_image_base_name }}.zip.sig" + dest: "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sig" + + - name: extract SHA256 hash of the image archive + command: grep '{{ raspios_download_image_base_name }}.zip' "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sha256" + changed_when: False + register: sha256 + + - name: download image + get_url: + url: "{{ raspios_download_base_url }}/{{ raspios_download_image_base_name }}.zip" + dest: "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip" + checksum: sha256:{{ sha256.stdout.split(' ') | first }} + + - name: check OpenPGP signature + command: >- + gpgv --keyring "{{ global_files_dir }}/common/keyrings/raspios.gpg" + "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sig" "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip" + changed_when: False + register: raspios_image_gpg_result + + - debug: + var: raspios_image_gpg_result.stderr_lines + + rescue: + - name: delete downloaded artifacts + loop: + - "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sha256" + - "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sig" + - "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip" + file: + path: "{{ item }}" + state: absent + + - name: the download has failed... + fail: + msg: Something borked diff --git a/roles/raspios/image/tasks/main.yml b/roles/raspios/image/tasks/main.yml new file mode 100644 index 00000000..284b24a4 --- /dev/null +++ b/roles/raspios/image/tasks/main.yml @@ -0,0 +1,55 @@ +--- +- name: fetch base image + run_once: true + import_tasks: fetch.yml + +- name: build the image + block: + - name: create the output directory for built images + file: + path: "{{ raspios_output_dir }}" + state: directory + + - name: Create temporary build directory + tempfile: + state: directory + register: tmpdir + + - name: build the raspios image + command: >- + bash -c "cp '{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip' '{{ tmpdir.path }}/output.zip'; echo 'TODO: extract image...'" + register: raspios_build + + - name: copy newly built raspios image + copy: + src: "{{ tmpdir.path }}/output.zip" + dest: "{{ raspios_output_dir }}/{{ raspios_output_image_base_name }}.zip" + + - name: set output image names + set_fact: + output_images: + - "{{ raspios_output_dir }}/{{ raspios_output_image_base_name }}.zip" + + always: + - name: save stdout build-log to output directory + when: raspios_build is defined + copy: + content: "{{ raspios_build.stdout }}\n" + dest: "{{ raspios_output_dir }}/build-stdout.log" + + - name: save stderr build-log to output directory + when: raspios_build is defined + copy: + content: "{{ raspios_build.stderr }}\n" + dest: "{{ raspios_output_dir }}/build-stderr.log" + + - name: delete the temporary build directory + when: not raspios_keep_temporary_build_dir + file: + path: "{{ tmpdir.path }}" + state: absent + + - name: print temporary build directory information + when: raspios_keep_temporary_build_dir + debug: + msg: "The temporary build directory has not been deleted, the path to the directory is: {{ tmpdir.path }}" diff --git a/roles/raspios/image/vars/main.yml b/roles/raspios/image/vars/main.yml new file mode 100644 index 00000000..f04f9eba --- /dev/null +++ b/roles/raspios/image/vars/main.yml @@ -0,0 +1,6 @@ +--- +raspios_download_base_path: "raspios{{ (raspios_variant == 'desktop') | ternary('', '_'+raspios_variant) }}_{{ raspios_arch }}" + +raspios_download_base_url: "https://downloads.raspberrypi.org/{{ raspios_download_base_path }}/images/{{ raspios_download_base_path }}-{{ raspios_release_date }}" +raspios_download_image_base_name: "{{ raspios_release_date }}-raspios-{{ raspios_codename }}-{{ raspios_arch }}{{ (raspios_variant == 'desktop') | ternary('', '-'+raspios_variant) }}" +raspios_output_image_base_name: "raspios-{{ raspios_codename }}-{{ raspios_arch }}{{ (raspios_variant == 'desktop') | ternary('', '-'+raspios_variant) }}" |