diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2020-07-10 23:42:23 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2020-07-10 23:42:23 +0200 |
| commit | c9df5dcce462af13685236bf7a1d4dd896b1406b (patch) | |
| tree | 8b7ed8bd765bb1a3a338bb4f587665b439d6b24d /roles/installer/debian/base | |
| parent | openbsd installer: move to single version per invocation (diff) | |
major refactoring of installer roles
Diffstat (limited to 'roles/installer/debian/base')
| -rw-r--r-- | roles/installer/debian/base/defaults/main.yml | 12 | ||||
| -rw-r--r-- | roles/installer/debian/base/filter_plugins/main.py | 27 | ||||
| -rw-r--r-- | roles/installer/debian/base/tasks/main.yml | 43 | ||||
| -rw-r--r-- | roles/installer/debian/base/tasks/verify-debian.yml | 46 | ||||
| -rw-r--r-- | roles/installer/debian/base/tasks/verify-ubuntu.yml | 35 | ||||
| -rw-r--r-- | roles/installer/debian/base/vars/main.yml | 13 |
6 files changed, 13 insertions, 163 deletions
diff --git a/roles/installer/debian/base/defaults/main.yml b/roles/installer/debian/base/defaults/main.yml deleted file mode 100644 index eebc59bf..00000000 --- a/roles/installer/debian/base/defaults/main.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# debian_installer_distro: debian -# debian_installer_codename: buster -debian_installer_arch: amd64 -# debian_installer_variant: netboot - -debian_installer_force_download: no -debian_installer_url: -# debian: "https://debian.ffgraz.net/debian" -# ubuntu: "https://debian.ffgraz.net/ubuntu" - debian: "http://deb.debian.org/debian" - ubuntu: "http://archive.ubuntu.com/ubuntu" diff --git a/roles/installer/debian/base/filter_plugins/main.py b/roles/installer/debian/base/filter_plugins/main.py deleted file mode 100644 index 298e7efd..00000000 --- a/roles/installer/debian/base/filter_plugins/main.py +++ /dev/null @@ -1,27 +0,0 @@ -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -from ansible import errors - - -def di_images_path(data): - try: - if data[0] != 'ubuntu': - return 'images' - - if data[1] in ['xenial', 'bionic']: - return 'images' - - return 'legacy-images' - except Exception as e: - raise errors.AnsibleFilterError("mountpoint_exists(): %s" % str(e)) - - -class FilterModule(object): - - filter_map = { - 'di_images_path': di_images_path, - } - - def filters(self): - return self.filter_map diff --git a/roles/installer/debian/base/tasks/main.yml b/roles/installer/debian/base/tasks/main.yml index 65110c91..119b3670 100644 --- a/roles/installer/debian/base/tasks/main.yml +++ b/roles/installer/debian/base/tasks/main.yml @@ -1,35 +1,18 @@ --- -- name: prepare directories for installer files +- name: prepare directory keyrings file: - name: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}" + name: "{{ installer_base_path }}/keyrings" state: directory -- name: download and verify installer files - block: - - name: fetch and verify installer checksums - include_tasks: "verify-{{ install_distro }}.yml" +- name: copy debian keyring files + loop: "{{ lookup('fileglob', global_files_dir+'/common/keyrings/debian-*.gpg', wantlist=True) }}" + loop_control: + label: "{{ item | basename }}" + copy: + src: "{{ item }}" + dest: "{{ installer_base_path }}/keyrings/{{ item | basename }}" - - name: download installer kernel image - get_url: - url: "{{ debian_installer_base_url }}/{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}" - dest: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ debian_installer_variant_kernal_image_name }}" - checksum: "{{ debian_installer_kernel_checksum }}" - force: "{{ debian_installer_force_download }}" - mode: 0644 - - - name: download installer initrd.gz - get_url: - url: "{{ debian_installer_base_url }}/{{ debian_installer_variant_path }}/initrd.gz" - dest: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/initrd.gz" - checksum: "{{ debian_installer_initrd_checksum }}" - force: "{{ debian_installer_force_download }}" - mode: 0644 - - rescue: - - name: remove all downloaded files - file: - name: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}" - state: absent - - - fail: - msg: "download/verification of installer files failed" +- name: copy ubuntu keyring file + copy: + src: "{{ global_files_dir }}/common/keyrings/ubuntu-archive.gpg" + dest: "{{ installer_base_path }}/keyrings/ubuntu-archive.gpg" diff --git a/roles/installer/debian/base/tasks/verify-debian.yml b/roles/installer/debian/base/tasks/verify-debian.yml deleted file mode 100644 index 5a890b1d..00000000 --- a/roles/installer/debian/base/tasks/verify-debian.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -- name: download Release and Signature file - loop: - - Release - - Release.gpg - get_url: - url: "{{ debian_installer_base_url | dirname | dirname | dirname | dirname }}/{{ item }}" - dest: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ item }}" - -- name: verfiy signature of Release file - command: >- - gpg --no-options --trust-model always --no-default-keyring --secret-keyring /dev/null - --keyring "{{ global_files_dir }}/common/keyrings/debian-{{ install_codename }}.gpg" - --verify "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release.gpg" - "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release" - changed_when: False - register: debian_installer_gpg_result - -- debug: - var: debian_installer_gpg_result.stderr_lines - -- name: extract checksum file hash from Release file - command: grep -E "^ [0-9a-z]{64} .* main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}/SHA256SUMS$" "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release" - changed_when: false - register: debian_installer_inrelease_sha256 - -- name: download SHA256SUMS - get_url: - url: "{{ debian_installer_base_url }}/SHA256SUMS" - dest: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" - checksum: "sha256:{{ (debian_installer_inrelease_sha256.stdout | trim).split(' ') | first }}" - -- name: extract kernel image hash from SHA256SUMS - command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}$" "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" - changed_when: false - register: debian_installer_sha256sums_kernel - -- name: extract inital ramdisk hash from SHA256SUMS - command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/initrd.gz$" "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" - changed_when: false - register: debian_installer_sha256sums_initrd - -- name: set checksum variables - set_fact: - debian_installer_kernel_checksum: "sha256:{{ debian_installer_sha256sums_kernel.stdout.split(' ') | first }}" - debian_installer_initrd_checksum: "sha256:{{ debian_installer_sha256sums_initrd.stdout.split(' ') | first }}" diff --git a/roles/installer/debian/base/tasks/verify-ubuntu.yml b/roles/installer/debian/base/tasks/verify-ubuntu.yml deleted file mode 100644 index f2b75492..00000000 --- a/roles/installer/debian/base/tasks/verify-ubuntu.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -- name: download SHA256SUMS and signature file - loop: - - SHA256SUMS - - SHA256SUMS.gpg - get_url: - url: "{{ debian_installer_base_url }}/{{ item }}" - dest: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ item }}" - -- name: verfiy signature of SHA256SUMS.gpg file - command: >- - gpg --no-options --trust-model always --no-default-keyring --secret-keyring /dev/null - --keyring "{{ global_files_dir }}/common/keyrings/ubuntu-archive.gpg" - --verify "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS.gpg" - "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" - changed_when: False - register: debian_installer_gpg_result - -- debug: - var: debian_installer_gpg_result.stderr_lines - -- name: extract kernel image hash from SHA256SUMS - command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}$" "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" - changed_when: false - register: debian_installer_sha256sums_kernel - -- name: extract inital ramdisk hash from SHA256SUMS - command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/initrd.gz$" "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" - changed_when: false - register: debian_installer_sha256sums_initrd - -- name: set checksum variables - set_fact: - debian_installer_kernel_checksum: "sha256:{{ debian_installer_sha256sums_kernel.stdout.split(' ') | first }}" - debian_installer_initrd_checksum: "sha256:{{ debian_installer_sha256sums_initrd.stdout.split(' ') | first }}" diff --git a/roles/installer/debian/base/vars/main.yml b/roles/installer/debian/base/vars/main.yml deleted file mode 100644 index 404b571a..00000000 --- a/roles/installer/debian/base/vars/main.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -debian_installer_base_url: "{{ debian_installer_url[debian_installer_distro] }}/dists/{{ debian_installer_codename }}/main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}" - -_debian_installer_variant_path_: - netboot: "netboot/{{ debian_installer_distro }}-installer/{{ debian_installer_arch }}" - hd-media: "hd-media" - -_debian_installer_variant_kernel_image_name_: - netboot: "linux" - hd-media: "vmlinuz" - -debian_installer_variant_path: "{{ _debian_installer_variant_path_[debian_installer_variant] }}" -debian_installer_variant_kernal_image_name: "{{ _debian_installer_variant_kernel_image_name_[debian_installer_variant] }}" |