major refactoring of installer roles

author: Christian Pointner <equinox@spreadspace.org> 2020-07-10 23:42:23 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2020-07-10 23:42:23 +0200
commit: c9df5dcce462af13685236bf7a1d4dd896b1406b (patch)
tree: 8b7ed8bd765bb1a3a338bb4f587665b439d6b24d
parent: openbsd installer: move to single version per invocation (diff)
25 files changed, 151 insertions, 107 deletions
diff --git a/chaos-at-home/ch-atlas.yml b/chaos-at-home/ch-atlas.yml
index fe76af09..34fa1141 100644
--- a/chaos-at-home/ch-atlas.yml
+++ b/chaos-at-home/ch-atlas.yml
@@ -5,4 +5,7 @@
   - role: core/sshd
   - role: core/zsh
   - role: vm/host
-#  - role: installer/debian/base
+  ## gpg on this host is too old to open the keyrings.
+  ## to work around this problem the files have been manually converted
+  ## applying the role would break this again!!
+  # - role: installer/debian/base
diff --git a/chaos-at-home/ch-gnocchi.yml b/chaos-at-home/ch-gnocchi.yml
index 27a01839..fd519bfd 100644
--- a/chaos-at-home/ch-gnocchi.yml
+++ b/chaos-at-home/ch-gnocchi.yml
@@ -8,8 +8,8 @@
   - role: core/zsh
   - role: core/cpu-microcode
   - role: vm/host
-#  - role: installer/debian/base
-#  - role: installer/openbsd/base
+  - role: installer/debian/base
+  - role: installer/openbsd/base
   post_tasks:
   # you need to reboot for changes to take effect
   - name: install network interface config
diff --git a/common/usb-install.yml b/common/usb-install.yml
index 27633c15..1776f75b 100644
--- a/common/usb-install.yml
+++ b/common/usb-install.yml
@@ -11,7 +11,8 @@
 
   roles:
   - role: installer/debian/usb
-    installer_path: "{{ global_cache_dir }}/debian-installer"
+    installer_base_path: "{{ global_cache_dir }}/debian-installer"
+    installer_keyrings_path: "{{ global_files_dir }}/common/keyrings"
 
   post_tasks:
   - name: Make the USB disk bootable
diff --git a/dan/sk-2019vm.yml b/dan/sk-2019vm.yml
index a50c1ca1..8859a3c2 100644
--- a/dan/sk-2019vm.yml
+++ b/dan/sk-2019vm.yml
@@ -13,7 +13,7 @@
   - role: apt-repo/spreadspace
   - role: zfs/sanoid
   - role: vm/host
-#  - role: installer/debian/base
+  - role: installer/debian/base
   tasks:
   - name: install post-boot script
     copy:
diff --git a/dan/sk-tomnext.yml b/dan/sk-tomnext.yml
index 23c181e7..b6c3b95a 100644
--- a/dan/sk-tomnext.yml
+++ b/dan/sk-tomnext.yml
@@ -13,7 +13,7 @@
   - role: apt-repo/spreadspace
   - role: zfs/sanoid
   - role: vm/host
-#  - role: installer/debian/base
+  - role: installer/debian/base
   tasks:
   - name: install post-boot script
     copy:
diff --git a/inventory/group_vars/kvmhosts/main.yml b/inventory/group_vars/kvmhosts/main.yml
index 917b41eb..36a5be1d 100644
--- a/inventory/group_vars/kvmhosts/main.yml
+++ b/inventory/group_vars/kvmhosts/main.yml
@@ -1,2 +1,2 @@
 ---
-installer_path: /srv/installer
+installer_base_path: /srv/installer
diff --git a/roles/installer/debian/base/tasks/main.yml b/roles/installer/debian/base/tasks/main.yml
index 65110c91..119b3670 100644
--- a/roles/installer/debian/base/tasks/main.yml
+++ b/roles/installer/debian/base/tasks/main.yml
@@ -1,35 +1,18 @@
 ---
-- name: prepare directories for installer files
+- name: prepare directory keyrings
   file:
-    name: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}"
+    name: "{{ installer_base_path }}/keyrings"
     state: directory
 
-- name: download and verify installer files
-  block:
-  - name: fetch and verify installer checksums
-    include_tasks: "verify-{{ install_distro }}.yml"
+- name: copy debian keyring files
+  loop: "{{ lookup('fileglob', global_files_dir+'/common/keyrings/debian-*.gpg', wantlist=True) }}"
+  loop_control:
+    label: "{{ item | basename }}"
+  copy:
+    src: "{{ item }}"
+    dest: "{{ installer_base_path }}/keyrings/{{ item | basename }}"
 
-  - name: download installer kernel image
-    get_url:
-      url: "{{ debian_installer_base_url }}/{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}"
-      dest: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ debian_installer_variant_kernal_image_name }}"
-      checksum: "{{ debian_installer_kernel_checksum }}"
-      force: "{{ debian_installer_force_download }}"
-      mode: 0644
-
-  - name: download installer initrd.gz
-    get_url:
-      url: "{{ debian_installer_base_url }}/{{ debian_installer_variant_path }}/initrd.gz"
-      dest: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/initrd.gz"
-      checksum: "{{ debian_installer_initrd_checksum }}"
-      force: "{{ debian_installer_force_download }}"
-      mode: 0644
-
-  rescue:
-  - name: remove all downloaded files
-    file:
-      name: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}"
-      state: absent
-
-  - fail:
-      msg: "download/verification of installer files failed"
+- name: copy ubuntu keyring file
+  copy:
+    src: "{{ global_files_dir }}/common/keyrings/ubuntu-archive.gpg"
+    dest: "{{ installer_base_path }}/keyrings/ubuntu-archive.gpg"
diff --git a/roles/installer/debian/base/defaults/main.yml b/roles/installer/debian/fetch/defaults/main.yml
index eebc59bf..eebc59bf 100644
--- a/roles/installer/debian/base/defaults/main.yml
+++ b/roles/installer/debian/fetch/defaults/main.yml
diff --git a/roles/installer/debian/base/filter_plugins/main.py b/roles/installer/debian/fetch/filter_plugins/main.py
index 298e7efd..298e7efd 100644
--- a/roles/installer/debian/base/filter_plugins/main.py
+++ b/roles/installer/debian/fetch/filter_plugins/main.py
diff --git a/roles/installer/debian/fetch/tasks/main.yml b/roles/installer/debian/fetch/tasks/main.yml
new file mode 100644
index 00000000..dc87655f
--- /dev/null
+++ b/roles/installer/debian/fetch/tasks/main.yml
@@ -0,0 +1,35 @@
+---
+- name: prepare directories for installer files
+  file:
+    name: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}"
+    state: directory
+
+- name: download and verify installer files
+  block:
+  - name: fetch and verify installer checksums
+    include_tasks: "verify-{{ install_distro }}.yml"
+
+  - name: download installer kernel image
+    get_url:
+      url: "{{ debian_installer_base_url }}/{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}"
+      dest: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ debian_installer_variant_kernal_image_name }}"
+      checksum: "{{ debian_installer_kernel_checksum }}"
+      force: "{{ debian_installer_force_download }}"
+      mode: 0644
+
+  - name: download installer initrd.gz
+    get_url:
+      url: "{{ debian_installer_base_url }}/{{ debian_installer_variant_path }}/initrd.gz"
+      dest: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/initrd.gz"
+      checksum: "{{ debian_installer_initrd_checksum }}"
+      force: "{{ debian_installer_force_download }}"
+      mode: 0644
+
+  rescue:
+  - name: remove all downloaded files
+    file:
+      name: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}"
+      state: absent
+
+  - fail:
+      msg: "download/verification of installer files failed"
diff --git a/roles/installer/debian/base/tasks/verify-debian.yml b/roles/installer/debian/fetch/tasks/verify-debian.yml
index 5a890b1d..6846451d 100644
--- a/roles/installer/debian/base/tasks/verify-debian.yml
+++ b/roles/installer/debian/fetch/tasks/verify-debian.yml
@@ -5,14 +5,14 @@
   - Release.gpg
   get_url:
     url: "{{ debian_installer_base_url | dirname | dirname | dirname | dirname }}/{{ item }}"
-    dest: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ item }}"
+    dest: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ item }}"
 
 - name: verfiy signature of Release file
   command: >-
     gpg --no-options --trust-model always --no-default-keyring  --secret-keyring /dev/null
-        --keyring "{{ global_files_dir }}/common/keyrings/debian-{{ install_codename }}.gpg"
-        --verify "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release.gpg"
-        "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release"
+        --keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/debian-{{ install_codename }}.gpg"
+        --verify "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release.gpg"
+        "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release"
   changed_when: False
   register: debian_installer_gpg_result
 
@@ -20,23 +20,23 @@
     var: debian_installer_gpg_result.stderr_lines
 
 - name: extract checksum file hash from Release file
-  command: grep -E "^ [0-9a-z]{64} .* main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}/SHA256SUMS$" "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release"
+  command: grep -E "^ [0-9a-z]{64} .* main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}/SHA256SUMS$" "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release"
   changed_when: false
   register: debian_installer_inrelease_sha256
 
 - name: download SHA256SUMS
   get_url:
     url: "{{ debian_installer_base_url }}/SHA256SUMS"
-    dest: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
+    dest: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
     checksum: "sha256:{{ (debian_installer_inrelease_sha256.stdout | trim).split(' ') | first }}"
 
 - name: extract kernel image hash from SHA256SUMS
-  command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}$" "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
+  command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}$" "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
   changed_when: false
   register: debian_installer_sha256sums_kernel
 
 - name: extract inital ramdisk hash from SHA256SUMS
-  command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/initrd.gz$" "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
+  command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/initrd.gz$" "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
   changed_when: false
   register: debian_installer_sha256sums_initrd
 
diff --git a/roles/installer/debian/base/tasks/verify-ubuntu.yml b/roles/installer/debian/fetch/tasks/verify-ubuntu.yml
index f2b75492..e7cff3ae 100644
--- a/roles/installer/debian/base/tasks/verify-ubuntu.yml
+++ b/roles/installer/debian/fetch/tasks/verify-ubuntu.yml
@@ -5,14 +5,14 @@
     - SHA256SUMS.gpg
   get_url:
     url: "{{ debian_installer_base_url }}/{{ item }}"
-    dest: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ item }}"
+    dest: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ item }}"
 
 - name: verfiy signature of SHA256SUMS.gpg file
   command: >-
     gpg --no-options --trust-model always --no-default-keyring  --secret-keyring /dev/null
-        --keyring "{{ global_files_dir }}/common/keyrings/ubuntu-archive.gpg"
-        --verify "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS.gpg"
-        "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
+        --keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/ubuntu-archive.gpg"
+        --verify "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS.gpg"
+        "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
   changed_when: False
   register: debian_installer_gpg_result
 
@@ -20,12 +20,12 @@
     var: debian_installer_gpg_result.stderr_lines
 
 - name: extract kernel image hash from SHA256SUMS
-  command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}$" "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
+  command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}$" "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
   changed_when: false
   register: debian_installer_sha256sums_kernel
 
 - name: extract inital ramdisk hash from SHA256SUMS
-  command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/initrd.gz$" "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
+  command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/initrd.gz$" "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
   changed_when: false
   register: debian_installer_sha256sums_initrd
 
diff --git a/roles/installer/debian/base/vars/main.yml b/roles/installer/debian/fetch/vars/main.yml
index 404b571a..404b571a 100644
--- a/roles/installer/debian/base/vars/main.yml
+++ b/roles/installer/debian/fetch/vars/main.yml
diff --git a/roles/installer/debian/preseed/tasks/main.yml b/roles/installer/debian/preseed/tasks/main.yml
index 3dd106e3..f0dc56cd 100644
--- a/roles/installer/debian/preseed/tasks/main.yml
+++ b/roles/installer/debian/preseed/tasks/main.yml
@@ -2,7 +2,7 @@
 - name: Copy initramfs into position
   copy:
     remote_src: yes
-    src: "{{ installer_path | mandatory }}/{{ install_distro }}-{{ install_codename }}/{{ hostvars[install_hostname].install_cooked.arch | default('amd64') }}-{{ debian_installer_variant }}/initrd.gz"
+    src: "{{ installer_base_path | mandatory }}/{{ install_distro }}-{{ install_codename }}/{{ hostvars[install_hostname].install_cooked.arch | default('amd64') }}-{{ debian_installer_variant }}/initrd.gz"
     dest: "{{ preseed_tmpdir }}/initrd.preseed.gz"
 
 - name: Generate preseed file
diff --git a/roles/installer/debian/usb/tasks/main.yml b/roles/installer/debian/usb/tasks/main.yml
index 4ff03611..478e0d33 100644
--- a/roles/installer/debian/usb/tasks/main.yml
+++ b/roles/installer/debian/usb/tasks/main.yml
@@ -17,7 +17,7 @@
       debian_installer_arch: "{{ install.arch | default('amd64') }}"
       debian_installer_variant: netboot
     import_role:
-      role: installer/debian/base
+      role: installer/debian/fetch
 
   - name: Create temporary workdir
     tempfile:
diff --git a/roles/installer/openbsd/autoinstall/tasks/main.yml b/roles/installer/openbsd/autoinstall/tasks/main.yml
index b8e88b53..86f543ee 100644
--- a/roles/installer/openbsd/autoinstall/tasks/main.yml
+++ b/roles/installer/openbsd/autoinstall/tasks/main.yml
@@ -29,7 +29,7 @@
       - "INSTALL.{{ obsd_autoinstall_arch }}"
       - "{{ obsd_autoinstall_file_sets | product([obsd_autoinstall_version_short+'.tgz']) | map('join') | list }}"
   iso_extract:
-    image: "{{ installer_path }}/openbsd-{{ obsd_autoinstall_version }}/{{ obsd_autoinstall_arch }}/install{{ obsd_autoinstall_version | replace('.', '') }}.iso"
+    image: "{{ installer_base_path }}/openbsd-{{ obsd_autoinstall_version }}/{{ obsd_autoinstall_arch }}/install{{ obsd_autoinstall_version | replace('.', '') }}.iso"
     dest: "{{ obsd_autoinstall_tmpdir }}/files"
     files: "{{ [obsd_autoinstall_version+'/'+obsd_autoinstall_arch+'/'] | product(installer_files | flatten) | map('join') | list }}"
 
diff --git a/roles/installer/openbsd/base/tasks/main.yml b/roles/installer/openbsd/base/tasks/main.yml
index df3db107..412f3680 100644
--- a/roles/installer/openbsd/base/tasks/main.yml
+++ b/roles/installer/openbsd/base/tasks/main.yml
@@ -5,37 +5,3 @@
     - genisoimage
     - signify-openbsd
     state: present
-
-- name: prepare directories for installer iso files
-  file:
-    name: "{{ installer_path }}/openbsd-{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}"
-    state: directory
-
-- name: download installer iso files
-  get_url:
-    url: "{{ openbsd_installer_url }}/{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}/install{{ openbsd_installer_version_short }}.iso"
-    dest: "{{ installer_path }}/openbsd-{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}/install{{ openbsd_installer_version_short }}.iso"
-    mode: 0644
-    force: "{{ openbsd_installer_force_download }}"
-
-- name: download signed sha256 files
-  get_url:
-    url: "{{ openbsd_installer_url }}/{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}/SHA256.sig"
-    dest: "{{ installer_path }}/openbsd-{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}/SHA256.sig"
-    mode: 0644
-    force: "{{ openbsd_installer_force_download }}"
-
-- name: create signing key files
-  copy:
-    content: "{{ openbsd_installer_signing_keys[openbsd_installer_version] }}"
-    dest: "{{ installer_path }}/openbsd-{{ openbsd_installer_version }}/openbsd-{{ openbsd_installer_version_short }}-base.pub"
-
-- name: verfiy downloaded iso files
-  command: "signify-openbsd -Cp ../openbsd-{{ openbsd_installer_version_short }}-base.pub -x SHA256.sig install{{ openbsd_installer_version_short }}.iso"
-  args:
-    chdir: "{{ installer_path }}/openbsd-{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}"
-  changed_when: false
-  register: openbsd_installer_signify_result
-
-- debug:
-    var: openbsd_installer_signify_result.stdout_lines
diff --git a/roles/installer/openbsd/base/defaults/main.yml b/roles/installer/openbsd/fetch/defaults/main.yml
index eeeaf2d0..eeeaf2d0 100644
--- a/roles/installer/openbsd/base/defaults/main.yml
+++ b/roles/installer/openbsd/fetch/defaults/main.yml
diff --git a/roles/installer/openbsd/fetch/tasks/main.yml b/roles/installer/openbsd/fetch/tasks/main.yml
new file mode 100644
index 00000000..0ab9070c
--- /dev/null
+++ b/roles/installer/openbsd/fetch/tasks/main.yml
@@ -0,0 +1,34 @@
+---
+- name: prepare directories for installer iso files
+  file:
+    name: "{{ installer_base_path }}/openbsd-{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}"
+    state: directory
+
+- name: download installer iso files
+  get_url:
+    url: "{{ openbsd_installer_url }}/{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}/install{{ openbsd_installer_version_short }}.iso"
+    dest: "{{ installer_base_path }}/openbsd-{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}/install{{ openbsd_installer_version_short }}.iso"
+    mode: 0644
+    force: "{{ openbsd_installer_force_download }}"
+
+- name: download signed sha256 files
+  get_url:
+    url: "{{ openbsd_installer_url }}/{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}/SHA256.sig"
+    dest: "{{ installer_base_path }}/openbsd-{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}/SHA256.sig"
+    mode: 0644
+    force: "{{ openbsd_installer_force_download }}"
+
+- name: create signing key files
+  copy:
+    content: "{{ openbsd_installer_signing_keys[openbsd_installer_version] }}"
+    dest: "{{ installer_base_path }}/openbsd-{{ openbsd_installer_version }}/openbsd-{{ openbsd_installer_version_short }}-base.pub"
+
+- name: verfiy downloaded iso files
+  command: "signify-openbsd -Cp ../openbsd-{{ openbsd_installer_version_short }}-base.pub -x SHA256.sig install{{ openbsd_installer_version_short }}.iso"
+  args:
+    chdir: "{{ installer_base_path }}/openbsd-{{ openbsd_installer_version }}/{{ openbsd_installer_arch }}"
+  changed_when: false
+  register: openbsd_installer_signify_result
+
+- debug:
+    var: openbsd_installer_signify_result.stdout_lines
diff --git a/roles/installer/openbsd/base/vars/main.yml b/roles/installer/openbsd/fetch/vars/main.yml
index dad9f064..dad9f064 100644
--- a/roles/installer/openbsd/base/vars/main.yml
+++ b/roles/installer/openbsd/fetch/vars/main.yml
diff --git a/roles/vm/define/templates/libvirt-domain.xml.j2 b/roles/vm/define/templates/libvirt-domain.xml.j2
index c4c9e52a..5af12c00 100644
--- a/roles/vm/define/templates/libvirt-domain.xml.j2
+++ b/roles/vm/define/templates/libvirt-domain.xml.j2
@@ -7,7 +7,7 @@
     <type arch='x86_64' machine='pc-0.12'>hvm</type>
 {% if vm_define_installer %}
 {%   if install_distro == 'debian' or install_distro == 'ubuntu' %}
-    <kernel>{{ installer_path }}/{{ install_distro }}-{{ install_codename }}/{{ hostvars[install_hostname].install_cooked.arch | default('amd64') }}/linux</kernel>
+    <kernel>{{ installer_base_path }}/{{ install_distro }}-{{ install_codename }}/{{ hostvars[install_hostname].install_cooked.arch | default('amd64') }}-netboot/linux</kernel>
     <initrd>{{ preseed_tmpdir }}/initrd.preseed.gz</initrd>
     <cmdline>console=ttyS0,115200n8 DEBCONF_DEBUG=5</cmdline>
     <boot dev='hd'/>
diff --git a/roles/vm/host/tasks/main.yml b/roles/vm/host/tasks/main.yml
index 390016a2..4c29970d 100644
--- a/roles/vm/host/tasks/main.yml
+++ b/roles/vm/host/tasks/main.yml
@@ -43,11 +43,11 @@
   - name: mount filesytem
     mount:
       src: "/dev/mapper/{{ installer_lvm.vg | replace('-', '--') }}-{{ installer_lvm.lv | replace('-', '--') }}"
-      path: "{{ installer_path }}"
+      path: "{{ installer_base_path }}"
       fstype: "{{ installer_lvm.fs }}"
       state: mounted
 
 - name: make sure installer directory exists
   file:
-    name: "{{ installer_path }}"
+    name: "{{ installer_base_path }}"
     state: directory
diff --git a/roles/vm/install/tasks/installer-debian.yml b/roles/vm/install/tasks/installer-debian.yml
new file mode 100644
index 00000000..29aae48f
--- /dev/null
+++ b/roles/vm/install/tasks/installer-debian.yml
@@ -0,0 +1,20 @@
+---
+- name: fetch debian installer files
+  vars:
+    debian_installer_distro: "{{ install_distro }}"
+    debian_installer_codename: "{{ install_codename }}"
+    debian_installer_arch: "{{ install_cooked.arch | default('amd64') }}"
+    debian_installer_variant: netboot
+  import_role:
+    name: installer/debian/fetch
+
+- name: generate host specific initial ramdisk
+  vars:
+    ssh_keys_root: "{{ hostvars[install_hostname].ssh_keys_root }}"
+    preseed_tmpdir: "{{ tmpdir.path }}"
+    preseed_virtual_machine: yes
+    preseed_force_net_ifnames_policy: path
+    preseed_no_netplan: yes
+    install_interface: enp1s1
+  import_role:
+    name: installer/debian/preseed
diff --git a/roles/vm/install/tasks/installer-openbsd.yml b/roles/vm/install/tasks/installer-openbsd.yml
new file mode 100644
index 00000000..f3802afd
--- /dev/null
+++ b/roles/vm/install/tasks/installer-openbsd.yml
@@ -0,0 +1,16 @@
+---
+- name: fetch openbsd installer files
+  vars:
+    openbsd_installer_version: "{{ install_codename }}"
+    openbsd_installer_arch: "{{ install_cooked.arch | default('amd64') }}"
+  import_role:
+    name: installer/openbsd/fetch
+
+- name: generate host specific autoinstall iso
+  vars:
+    ssh_keys_root: "{{ hostvars[install_hostname].ssh_keys_root }}"
+    obsd_autoinstall_tmpdir: "{{ tmpdir.path }}"
+    obsd_autoinstall_serial_device: com0
+    install_interface: vio0
+  import_role:
+    name: installer/openbsd/autoinstall
diff --git a/roles/vm/install/tasks/main.yml b/roles/vm/install/tasks/main.yml
index 6b8f9ca7..7f102beb 100644
--- a/roles/vm/install/tasks/main.yml
+++ b/roles/vm/install/tasks/main.yml
@@ -35,24 +35,10 @@
       register: tmpdir
 
     - when: install_distro in ['debian', 'ubuntu']
-      vars:
-        ssh_keys_root: "{{ hostvars[install_hostname].ssh_keys_root }}"
-        preseed_tmpdir: "{{ tmpdir.path }}"
-        preseed_virtual_machine: yes
-        preseed_force_net_ifnames_policy: path
-        preseed_no_netplan: yes
-        install_interface: enp1s1
-      import_role:
-        name: installer/debian/preseed
+      import_tasks: installer-debian.yml
 
     - when: install_distro in ['openbsd']
-      vars:
-        ssh_keys_root: "{{ hostvars[install_hostname].ssh_keys_root }}"
-        obsd_autoinstall_tmpdir: "{{ tmpdir.path }}"
-        obsd_autoinstall_serial_device: com0
-        install_interface: vio0
-      import_role:
-        name: installer/openbsd/autoinstall
+      import_tasks: installer-openbsd.yml
 
     - name: Make installer workdir readable by qemu
       acl:
author	Christian Pointner <equinox@spreadspace.org>	2020-07-10 23:42:23 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2020-07-10 23:42:23 +0200
commit	c9df5dcce462af13685236bf7a1d4dd896b1406b (patch)
tree	8b7ed8bd765bb1a3a338bb4f587665b439d6b24d
parent	openbsd installer: move to single version per invocation (diff)