summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2020-07-10 23:42:23 +0200
committerChristian Pointner <equinox@spreadspace.org>2020-07-10 23:42:23 +0200
commitc9df5dcce462af13685236bf7a1d4dd896b1406b (patch)
tree8b7ed8bd765bb1a3a338bb4f587665b439d6b24d
parentopenbsd installer: move to single version per invocation (diff)
major refactoring of installer roles
-rw-r--r--chaos-at-home/ch-atlas.yml5
-rw-r--r--chaos-at-home/ch-gnocchi.yml4
-rw-r--r--common/usb-install.yml3
-rw-r--r--dan/sk-2019vm.yml2
-rw-r--r--dan/sk-tomnext.yml2
-rw-r--r--inventory/group_vars/kvmhosts/main.yml2
-rw-r--r--roles/installer/debian/base/tasks/main.yml43
-rw-r--r--roles/installer/debian/fetch/defaults/main.yml (renamed from roles/installer/debian/base/defaults/main.yml)0
-rw-r--r--roles/installer/debian/fetch/filter_plugins/main.py (renamed from roles/installer/debian/base/filter_plugins/main.py)0
-rw-r--r--roles/installer/debian/fetch/tasks/main.yml35
-rw-r--r--roles/installer/debian/fetch/tasks/verify-debian.yml (renamed from roles/installer/debian/base/tasks/verify-debian.yml)16
-rw-r--r--roles/installer/debian/fetch/tasks/verify-ubuntu.yml (renamed from roles/installer/debian/base/tasks/verify-ubuntu.yml)12
-rw-r--r--roles/installer/debian/fetch/vars/main.yml (renamed from roles/installer/debian/base/vars/main.yml)0
-rw-r--r--roles/installer/debian/preseed/tasks/main.yml2
-rw-r--r--roles/installer/debian/usb/tasks/main.yml2
-rw-r--r--roles/installer/openbsd/autoinstall/tasks/main.yml2
-rw-r--r--roles/installer/openbsd/base/tasks/main.yml34
-rw-r--r--roles/installer/openbsd/fetch/defaults/main.yml (renamed from roles/installer/openbsd/base/defaults/main.yml)0
-rw-r--r--roles/installer/openbsd/fetch/tasks/main.yml34
-rw-r--r--roles/installer/openbsd/fetch/vars/main.yml (renamed from roles/installer/openbsd/base/vars/main.yml)0
-rw-r--r--roles/vm/define/templates/libvirt-domain.xml.j22
-rw-r--r--roles/vm/host/tasks/main.yml4
-rw-r--r--roles/vm/install/tasks/installer-debian.yml20
-rw-r--r--roles/vm/install/tasks/installer-openbsd.yml16
-rw-r--r--roles/vm/install/tasks/main.yml18
25 files changed, 151 insertions, 107 deletions
diff --git a/chaos-at-home/ch-atlas.yml b/chaos-at-home/ch-atlas.yml
index fe76af09..34fa1141 100644
--- a/chaos-at-home/ch-atlas.yml
+++ b/chaos-at-home/ch-atlas.yml
@@ -5,4 +5,7 @@
- role: core/sshd
- role: core/zsh
- role: vm/host
-# - role: installer/debian/base
+ ## gpg on this host is too old to open the keyrings.
+ ## to work around this problem the files have been manually converted
+ ## applying the role would break this again!!
+ # - role: installer/debian/base
diff --git a/chaos-at-home/ch-gnocchi.yml b/chaos-at-home/ch-gnocchi.yml
index 27a01839..fd519bfd 100644
--- a/chaos-at-home/ch-gnocchi.yml
+++ b/chaos-at-home/ch-gnocchi.yml
@@ -8,8 +8,8 @@
- role: core/zsh
- role: core/cpu-microcode
- role: vm/host
-# - role: installer/debian/base
-# - role: installer/openbsd/base
+ - role: installer/debian/base
+ - role: installer/openbsd/base
post_tasks:
# you need to reboot for changes to take effect
- name: install network interface config
diff --git a/common/usb-install.yml b/common/usb-install.yml
index 27633c15..1776f75b 100644
--- a/common/usb-install.yml
+++ b/common/usb-install.yml
@@ -11,7 +11,8 @@
roles:
- role: installer/debian/usb
- installer_path: "{{ global_cache_dir }}/debian-installer"
+ installer_base_path: "{{ global_cache_dir }}/debian-installer"
+ installer_keyrings_path: "{{ global_files_dir }}/common/keyrings"
post_tasks:
- name: Make the USB disk bootable
diff --git a/dan/sk-2019vm.yml b/dan/sk-2019vm.yml
index a50c1ca1..8859a3c2 100644
--- a/dan/sk-2019vm.yml
+++ b/dan/sk-2019vm.yml
@@ -13,7 +13,7 @@
- role: apt-repo/spreadspace
- role: zfs/sanoid
- role: vm/host
-# - role: installer/debian/base
+ - role: installer/debian/base
tasks:
- name: install post-boot script
copy:
diff --git a/dan/sk-tomnext.yml b/dan/sk-tomnext.yml
index 23c181e7..b6c3b95a 100644
--- a/dan/sk-tomnext.yml
+++ b/dan/sk-tomnext.yml
@@ -13,7 +13,7 @@
- role: apt-repo/spreadspace
- role: zfs/sanoid
- role: vm/host
-# - role: installer/debian/base
+ - role: installer/debian/base
tasks:
- name: install post-boot script
copy:
diff --git a/inventory/group_vars/kvmhosts/main.yml b/inventory/group_vars/kvmhosts/main.yml
index 917b41eb..36a5be1d 100644
--- a/inventory/group_vars/kvmhosts/main.yml
+++ b/inventory/group_vars/kvmhosts/main.yml
@@ -1,2 +1,2 @@
---
-installer_path: /srv/installer
+installer_base_path: /srv/installer
diff --git a/roles/installer/debian/base/tasks/main.yml b/roles/installer/debian/base/tasks/main.yml
index 65110c91..119b3670 100644
--- a/roles/installer/debian/base/tasks/main.yml
+++ b/roles/installer/debian/base/tasks/main.yml
@@ -1,35 +1,18 @@
---
-- name: prepare directories for installer files
+- name: prepare directory keyrings
file:
- name: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}"
+ name: "{{ installer_base_path }}/keyrings"
state: directory
-- name: download and verify installer files
- block:
- - name: fetch and verify installer checksums
- include_tasks: "verify-{{ install_distro }}.yml"
+- name: copy debian keyring files
+ loop: "{{ lookup('fileglob', global_files_dir+'/common/keyrings/debian-*.gpg', wantlist=True) }}"
+ loop_control:
+ label: "{{ item | basename }}"
+ copy:
+ src: "{{ item }}"
+ dest: "{{ installer_base_path }}/keyrings/{{ item | basename }}"
- - name: download installer kernel image
- get_url:
- url: "{{ debian_installer_base_url }}/{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}"
- dest: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ debian_installer_variant_kernal_image_name }}"
- checksum: "{{ debian_installer_kernel_checksum }}"
- force: "{{ debian_installer_force_download }}"
- mode: 0644
-
- - name: download installer initrd.gz
- get_url:
- url: "{{ debian_installer_base_url }}/{{ debian_installer_variant_path }}/initrd.gz"
- dest: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/initrd.gz"
- checksum: "{{ debian_installer_initrd_checksum }}"
- force: "{{ debian_installer_force_download }}"
- mode: 0644
-
- rescue:
- - name: remove all downloaded files
- file:
- name: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}"
- state: absent
-
- - fail:
- msg: "download/verification of installer files failed"
+- name: copy ubuntu keyring file
+ copy:
+ src: "{{ global_files_dir }}/common/keyrings/ubuntu-archive.gpg"
+ dest: "{{ installer_base_path }}/keyrings/ubuntu-archive.gpg"
diff --git a/roles/installer/debian/base/defaults/main.yml b/roles/installer/debian/fetch/defaults/main.yml
index eebc59bf..eebc59bf 100644
--- a/roles/installer/debian/base/defaults/main.yml
+++ b/roles/installer/debian/fetch/defaults/main.yml
diff --git a/roles/installer/debian/base/filter_plugins/main.py b/roles/installer/debian/fetch/filter_plugins/main.py
index 298e7efd..298e7efd 100644
--- a/roles/installer/debian/base/filter_plugins/main.py
+++ b/roles/installer/debian/fetch/filter_plugins/main.py
diff --git a/roles/installer/debian/fetch/tasks/main.yml b/roles/installer/debian/fetch/tasks/main.yml
new file mode 100644
index 00000000..dc87655f
--- /dev/null
+++ b/roles/installer/debian/fetch/tasks/main.yml
@@ -0,0 +1,35 @@
+---
+- name: prepare directories for installer files
+ file:
+ name: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}"
+ state: directory
+
+- name: download and verify installer files
+ block:
+ - name: fetch and verify installer checksums
+ include_tasks: "verify-{{ install_distro }}.yml"
+
+ - name: download installer kernel image
+ get_url:
+ url: "{{ debian_installer_base_url }}/{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}"
+ dest: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ debian_installer_variant_kernal_image_name }}"
+ checksum: "{{ debian_installer_kernel_checksum }}"
+ force: "{{ debian_installer_force_download }}"
+ mode: 0644
+
+ - name: download installer initrd.gz
+ get_url:
+ url: "{{ debian_installer_base_url }}/{{ debian_installer_variant_path }}/initrd.gz"
+ dest: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/initrd.gz"
+ checksum: "{{ debian_installer_initrd_checksum }}"
+ force: "{{ debian_installer_force_download }}"
+ mode: 0644
+
+ rescue:
+ - name: remove all downloaded files
+ file:
+ name: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}"
+ state: absent
+
+ - fail:
+ msg: "download/verification of installer files failed"
diff --git a/roles/installer/debian/base/tasks/verify-debian.yml b/roles/installer/debian/fetch/tasks/verify-debian.yml
index 5a890b1d..6846451d 100644
--- a/roles/installer/debian/base/tasks/verify-debian.yml
+++ b/roles/installer/debian/fetch/tasks/verify-debian.yml
@@ -5,14 +5,14 @@
- Release.gpg
get_url:
url: "{{ debian_installer_base_url | dirname | dirname | dirname | dirname }}/{{ item }}"
- dest: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ item }}"
+ dest: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ item }}"
- name: verfiy signature of Release file
command: >-
gpg --no-options --trust-model always --no-default-keyring --secret-keyring /dev/null
- --keyring "{{ global_files_dir }}/common/keyrings/debian-{{ install_codename }}.gpg"
- --verify "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release.gpg"
- "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release"
+ --keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/debian-{{ install_codename }}.gpg"
+ --verify "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release.gpg"
+ "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release"
changed_when: False
register: debian_installer_gpg_result
@@ -20,23 +20,23 @@
var: debian_installer_gpg_result.stderr_lines
- name: extract checksum file hash from Release file
- command: grep -E "^ [0-9a-z]{64} .* main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}/SHA256SUMS$" "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release"
+ command: grep -E "^ [0-9a-z]{64} .* main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}/SHA256SUMS$" "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release"
changed_when: false
register: debian_installer_inrelease_sha256
- name: download SHA256SUMS
get_url:
url: "{{ debian_installer_base_url }}/SHA256SUMS"
- dest: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
+ dest: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
checksum: "sha256:{{ (debian_installer_inrelease_sha256.stdout | trim).split(' ') | first }}"
- name: extract kernel image hash from SHA256SUMS
- command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}$" "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
+ command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}$" "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
changed_when: false
register: debian_installer_sha256sums_kernel
- name: extract inital ramdisk hash from SHA256SUMS
- command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/initrd.gz$" "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
+ command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/initrd.gz$" "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
changed_when: false
register: debian_installer_sha256sums_initrd
diff --git a/roles/installer/debian/base/tasks/verify-ubuntu.yml b/roles/installer/debian/fetch/tasks/verify-ubuntu.yml
index f2b75492..e7cff3ae 100644
--- a/roles/installer/debian/base/tasks/verify-ubuntu.yml
+++ b/roles/installer/debian/fetch/tasks/verify-ubuntu.yml
@@ -5,14 +5,14 @@
- SHA256SUMS.gpg
get_url:
url: "{{ debian_installer_base_url }}/{{ item }}"
- dest: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ item }}"
+ dest: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ item }}"
- name: verfiy signature of SHA256SUMS.gpg file
command: >-
gpg --no-options --trust-model always --no-default-keyring --secret-keyring /dev/null
- --keyring "{{ global_files_dir }}/common/keyrings/ubuntu-archive.gpg"
- --verify "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS.gpg"
- "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
+ --keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/ubuntu-archive.gpg"
+ --verify "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS.gpg"
+ "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
changed_when: False
register: debian_installer_gpg_result
@@ -20,12 +20,12 @@
var: debian_installer_gpg_result.stderr_lines
- name: extract kernel image hash from SHA256SUMS
- command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}$" "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
+ command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}$" "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
changed_when: false
register: debian_installer_sha256sums_kernel
- name: extract inital ramdisk hash from SHA256SUMS
- command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/initrd.gz$" "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
+ command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/initrd.gz$" "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
changed_when: false
register: debian_installer_sha256sums_initrd
diff --git a/roles/installer/debian/base/vars/main.yml b/roles/installer/debian/fetch/vars/main.yml
index 404b571a..404b571a 100644
--- a/roles/installer/debian/base/vars/main.yml
+++ b/roles/installer/debian/fetch/vars/main.yml
diff --git a/roles/installer/debian/preseed/tasks/main.yml b/roles/installer/debian/preseed/tasks/main.yml
index 3dd106e3..f0dc56cd 100644
--- a/roles/installer/debian/preseed/tasks/main.yml
+++ b/roles/installer/debian/preseed/tasks/main.yml
@@ -2,7 +2,7 @@
- name: Copy initramfs into position
copy:
remote_src: yes
- src: "{{ installer_path | mandatory }}/{{ install_distro }}-{{ install_codename }}/{{ hostvars[install_hostname].install_cooked.arch | default('amd64') }}-{{ debian_installer_variant }}/initrd.gz"
+ src: "{{ installer_base_path | mandatory }}/{{ install_distro }}-{{ install_codename }}/{{ hostvars[install_hostname].install_cooked.arch | default('amd64') }}-{{ debian_installer_variant }}/initrd.gz"
dest: "{{ preseed_tmpdir }}/initrd.preseed.gz"
- name: Generate preseed file
diff --git a/roles/installer/debian/usb/tasks/main.yml b/roles/installer/debian/usb/tasks/main.yml
index 4ff03611..478e0d33 100644
--- a/roles/installer/debian/usb/tasks/main.yml
+++ b/roles/installer/debian/usb/tasks/main.yml
@@ -17,7 +17,7 @@
debian_installer_arch: "{{ install.arch | default('amd64') }}"
debian_installer_variant: netboot
import_role:
- role: installer/debian/base
+ role: installer/debian/fetch
- name: Create temporary workdir
tempfile:
diff --git a/roles/installer/openbsd/autoinstall/tasks/main.yml b/roles/installer/openbsd/autoinstall/tasks/main.yml
index b8e88b53..86f543ee 100644
--- a/roles/installer/openbsd/autoinstall/tasks/main.yml
+++ b/roles/installer/openbsd/autoinstall/tasks/main.yml
@@ -29,7 +29,7 @@
- "INSTALL.{{ obsd_autoinstall_arch }}"
- "{{ obsd_autoinstall_file_sets | product([obsd_autoinstall_version_short+'.tgz']) | map('join') | list }}"
iso_extract:
- image: "{{ installer_path }}/openbsd-{{ obsd_autoinstall_version }}/{{ obsd_autoinstall_arch }}/install{{ obsd_autoinstall_version | replace('.', '') }}.iso"
+ image: "{{ installer_base_path }}/openbsd-{{ obsd_autoinstall_version }}/{{ obsd_autoinstall_arch }}/install{{ obsd_autoinstall_version | replace('.', '') }}.iso"
dest: "{{ obsd_autoinstall_tmpdir }}/files"
files: "{{ [obsd_autoinstall_version+'/'+obsd_autoinstall_arch+'/'] | product(installer_files | flatten) | map('join') | list }}"
diff --git a/roles/installer/openbsd/base/tasks/main.yml b/roles/installer/openbsd/base/tasks/main.yml
index df3db107..412f3680 100644
--- a/roles/installer/openbsd/base/tasks/main.yml
+++ b/roles/installer/openbsd/base/tasks/main.yml
@@ -5,37 +5,3 @@
- genisoimage
- signify-openbsd
state: present
-
-- name: prepare directories for installer iso files
- file:
- name: "{{ installer_path }}/openbsd-{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}"
- state: directory
-
-- name: download installer iso files
- get_url:
- url: "{{ openbsd_installer_url }}/{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}/install{{ openbsd_installer_version_short }}.iso"
- dest: "{{ installer_path }}/openbsd-{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}/install{{ openbsd_installer_version_short }}.iso"
- mode: 0644
- force: "{{ openbsd_installer_force_download }}"
-
-- name: download signed sha256 files
- get_url:
- url: "{{ openbsd_installer_url }}/{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}/SHA256.sig"
- dest: "{{ installer_path }}/openbsd-{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}/SHA256.sig"
- mode: 0644
- force: "{{ openbsd_installer_force_download }}"
-
-- name: create signing key files
- copy:
- content: "{{ openbsd_installer_signing_keys[openbsd_installer_version] }}"
- dest: "{{ installer_path }}/openbsd-{{ openbsd_installer_version }}/openbsd-{{ openbsd_installer_version_short }}-base.pub"
-
-- name: verfiy downloaded iso files
- command: "signify-openbsd -Cp ../openbsd-{{ openbsd_installer_version_short }}-base.pub -x SHA256.sig install{{ openbsd_installer_version_short }}.iso"
- args:
- chdir: "{{ installer_path }}/openbsd-{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}"
- changed_when: false
- register: openbsd_installer_signify_result
-
-- debug:
- var: openbsd_installer_signify_result.stdout_lines
diff --git a/roles/installer/openbsd/base/defaults/main.yml b/roles/installer/openbsd/fetch/defaults/main.yml
index eeeaf2d0..eeeaf2d0 100644
--- a/roles/installer/openbsd/base/defaults/main.yml
+++ b/roles/installer/openbsd/fetch/defaults/main.yml
diff --git a/roles/installer/openbsd/fetch/tasks/main.yml b/roles/installer/openbsd/fetch/tasks/main.yml
new file mode 100644
index 00000000..0ab9070c
--- /dev/null
+++ b/roles/installer/openbsd/fetch/tasks/main.yml
@@ -0,0 +1,34 @@
+---
+- name: prepare directories for installer iso files
+ file:
+ name: "{{ installer_base_path }}/openbsd-{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}"
+ state: directory
+
+- name: download installer iso files
+ get_url:
+ url: "{{ openbsd_installer_url }}/{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}/install{{ openbsd_installer_version_short }}.iso"
+ dest: "{{ installer_base_path }}/openbsd-{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}/install{{ openbsd_installer_version_short }}.iso"
+ mode: 0644
+ force: "{{ openbsd_installer_force_download }}"
+
+- name: download signed sha256 files
+ get_url:
+ url: "{{ openbsd_installer_url }}/{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}/SHA256.sig"
+ dest: "{{ installer_base_path }}/openbsd-{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}/SHA256.sig"
+ mode: 0644
+ force: "{{ openbsd_installer_force_download }}"
+
+- name: create signing key files
+ copy:
+ content: "{{ openbsd_installer_signing_keys[openbsd_installer_version] }}"
+ dest: "{{ installer_base_path }}/openbsd-{{ openbsd_installer_version }}/openbsd-{{ openbsd_installer_version_short }}-base.pub"
+
+- name: verfiy downloaded iso files
+ command: "signify-openbsd -Cp ../openbsd-{{ openbsd_installer_version_short }}-base.pub -x SHA256.sig install{{ openbsd_installer_version_short }}.iso"
+ args:
+ chdir: "{{ installer_base_path }}/openbsd-{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}"
+ changed_when: false
+ register: openbsd_installer_signify_result
+
+- debug:
+ var: openbsd_installer_signify_result.stdout_lines
diff --git a/roles/installer/openbsd/base/vars/main.yml b/roles/installer/openbsd/fetch/vars/main.yml
index dad9f064..dad9f064 100644
--- a/roles/installer/openbsd/base/vars/main.yml
+++ b/roles/installer/openbsd/fetch/vars/main.yml
diff --git a/roles/vm/define/templates/libvirt-domain.xml.j2 b/roles/vm/define/templates/libvirt-domain.xml.j2
index c4c9e52a..5af12c00 100644
--- a/roles/vm/define/templates/libvirt-domain.xml.j2
+++ b/roles/vm/define/templates/libvirt-domain.xml.j2
@@ -7,7 +7,7 @@
<type arch='x86_64' machine='pc-0.12'>hvm</type>
{% if vm_define_installer %}
{% if install_distro == 'debian' or install_distro == 'ubuntu' %}
- <kernel>{{ installer_path }}/{{ install_distro }}-{{ install_codename }}/{{ hostvars[install_hostname].install_cooked.arch | default('amd64') }}/linux</kernel>
+ <kernel>{{ installer_base_path }}/{{ install_distro }}-{{ install_codename }}/{{ hostvars[install_hostname].install_cooked.arch | default('amd64') }}-netboot/linux</kernel>
<initrd>{{ preseed_tmpdir }}/initrd.preseed.gz</initrd>
<cmdline>console=ttyS0,115200n8 DEBCONF_DEBUG=5</cmdline>
<boot dev='hd'/>
diff --git a/roles/vm/host/tasks/main.yml b/roles/vm/host/tasks/main.yml
index 390016a2..4c29970d 100644
--- a/roles/vm/host/tasks/main.yml
+++ b/roles/vm/host/tasks/main.yml
@@ -43,11 +43,11 @@
- name: mount filesytem
mount:
src: "/dev/mapper/{{ installer_lvm.vg | replace('-', '--') }}-{{ installer_lvm.lv | replace('-', '--') }}"
- path: "{{ installer_path }}"
+ path: "{{ installer_base_path }}"
fstype: "{{ installer_lvm.fs }}"
state: mounted
- name: make sure installer directory exists
file:
- name: "{{ installer_path }}"
+ name: "{{ installer_base_path }}"
state: directory
diff --git a/roles/vm/install/tasks/installer-debian.yml b/roles/vm/install/tasks/installer-debian.yml
new file mode 100644
index 00000000..29aae48f
--- /dev/null
+++ b/roles/vm/install/tasks/installer-debian.yml
@@ -0,0 +1,20 @@
+---
+- name: fetch debian installer files
+ vars:
+ debian_installer_distro: "{{ install_distro }}"
+ debian_installer_codename: "{{ install_codename }}"
+ debian_installer_arch: "{{ install_cooked.arch | default('amd64') }}"
+ debian_installer_variant: netboot
+ import_role:
+ name: installer/debian/fetch
+
+- name: generate host specific initial ramdisk
+ vars:
+ ssh_keys_root: "{{ hostvars[install_hostname].ssh_keys_root }}"
+ preseed_tmpdir: "{{ tmpdir.path }}"
+ preseed_virtual_machine: yes
+ preseed_force_net_ifnames_policy: path
+ preseed_no_netplan: yes
+ install_interface: enp1s1
+ import_role:
+ name: installer/debian/preseed
diff --git a/roles/vm/install/tasks/installer-openbsd.yml b/roles/vm/install/tasks/installer-openbsd.yml
new file mode 100644
index 00000000..f3802afd
--- /dev/null
+++ b/roles/vm/install/tasks/installer-openbsd.yml
@@ -0,0 +1,16 @@
+---
+- name: fetch openbsd installer files
+ vars:
+ openbsd_installer_version: "{{ install_codename }}"
+ openbsd_installer_arch: "{{ install_cooked.arch | default('amd64') }}"
+ import_role:
+ name: installer/openbsd/fetch
+
+- name: generate host specific autoinstall iso
+ vars:
+ ssh_keys_root: "{{ hostvars[install_hostname].ssh_keys_root }}"
+ obsd_autoinstall_tmpdir: "{{ tmpdir.path }}"
+ obsd_autoinstall_serial_device: com0
+ install_interface: vio0
+ import_role:
+ name: installer/openbsd/autoinstall
diff --git a/roles/vm/install/tasks/main.yml b/roles/vm/install/tasks/main.yml
index 6b8f9ca7..7f102beb 100644
--- a/roles/vm/install/tasks/main.yml
+++ b/roles/vm/install/tasks/main.yml
@@ -35,24 +35,10 @@
register: tmpdir
- when: install_distro in ['debian', 'ubuntu']
- vars:
- ssh_keys_root: "{{ hostvars[install_hostname].ssh_keys_root }}"
- preseed_tmpdir: "{{ tmpdir.path }}"
- preseed_virtual_machine: yes
- preseed_force_net_ifnames_policy: path
- preseed_no_netplan: yes
- install_interface: enp1s1
- import_role:
- name: installer/debian/preseed
+ import_tasks: installer-debian.yml
- when: install_distro in ['openbsd']
- vars:
- ssh_keys_root: "{{ hostvars[install_hostname].ssh_keys_root }}"
- obsd_autoinstall_tmpdir: "{{ tmpdir.path }}"
- obsd_autoinstall_serial_device: com0
- install_interface: vio0
- import_role:
- name: installer/openbsd/autoinstall
+ import_tasks: installer-openbsd.yml
- name: Make installer workdir readable by qemu
acl: