summaryrefslogtreecommitdiff
path: root/roles/installer
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2021-06-29 15:00:08 +0200
committerChristian Pointner <equinox@spreadspace.org>2021-06-29 15:00:08 +0200
commit9f0e2a07848cd1e315af997fa62a2b2c176b7ea5 (patch)
treebe317237ee28d864dbec16203695c3b88544bbc5 /roles/installer
parentch-equinox-* install ddrecsue (diff)
add ubuntu insaller fetch and base
Diffstat (limited to 'roles/installer')
-rw-r--r--roles/installer/debian/base/tasks/main.yml2
-rw-r--r--roles/installer/ubuntu/base/tasks/main.yml15
-rw-r--r--roles/installer/ubuntu/fetch/defaults/main.yml7
-rw-r--r--roles/installer/ubuntu/fetch/tasks/fetch-latest.yml13
-rw-r--r--roles/installer/ubuntu/fetch/tasks/fetch-version.yml41
-rw-r--r--roles/installer/ubuntu/fetch/tasks/main.yml43
-rw-r--r--roles/installer/ubuntu/fetch/vars/main.yml2
7 files changed, 122 insertions, 1 deletions
diff --git a/roles/installer/debian/base/tasks/main.yml b/roles/installer/debian/base/tasks/main.yml
index 662b8acb..56ca7dc0 100644
--- a/roles/installer/debian/base/tasks/main.yml
+++ b/roles/installer/debian/base/tasks/main.yml
@@ -17,7 +17,7 @@
src: "{{ item }}"
dest: "{{ installer_base_path }}/keyrings/{{ item | basename }}"
-- name: copy ubuntu keyring file
+- name: copy ubuntu archive keyring file
copy:
src: "{{ global_files_dir }}/common/keyrings/ubuntu-archive.gpg"
dest: "{{ installer_base_path }}/keyrings/ubuntu-archive.gpg"
diff --git a/roles/installer/ubuntu/base/tasks/main.yml b/roles/installer/ubuntu/base/tasks/main.yml
new file mode 100644
index 00000000..c48ed4b5
--- /dev/null
+++ b/roles/installer/ubuntu/base/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+- name: install gpgv
+ apt:
+ name: gpgv
+ state: present
+
+- name: prepare directory keyrings
+ file:
+ name: "{{ installer_base_path }}/keyrings"
+ state: directory
+
+- name: copy ubuntu cdimage keyring file
+ copy:
+ src: "{{ global_files_dir }}/common/keyrings/ubuntu-cdimage.gpg"
+ dest: "{{ installer_base_path }}/keyrings/ubuntu-cdimage.gpg"
diff --git a/roles/installer/ubuntu/fetch/defaults/main.yml b/roles/installer/ubuntu/fetch/defaults/main.yml
new file mode 100644
index 00000000..f6ac2bc0
--- /dev/null
+++ b/roles/installer/ubuntu/fetch/defaults/main.yml
@@ -0,0 +1,7 @@
+---
+# ubuntu_installer_codename: bionic | focal
+ubuntu_installer_arch: amd64
+# ubuntu_installer_variant: live-server | desktop
+# ubuntu_installer_version: 20.04.1
+
+ubuntu_installer_force_download: no
diff --git a/roles/installer/ubuntu/fetch/tasks/fetch-latest.yml b/roles/installer/ubuntu/fetch/tasks/fetch-latest.yml
new file mode 100644
index 00000000..9baa6d97
--- /dev/null
+++ b/roles/installer/ubuntu/fetch/tasks/fetch-latest.yml
@@ -0,0 +1,13 @@
+---
+- name: downloading SHA256SUMS and signature file for latest release
+ loop:
+ - SHA256SUMS
+ - SHA256SUMS.gpg
+ get_url:
+ url: "https://releases.ubuntu.com/{{ ubuntu_installer_codename }}/{{ item }}"
+ dest: "{{ ubuntu_installer_target_dir }}/{{ item }}"
+ force: "{{ ubuntu_installer_force_download }}"
+
+- name: set download url to releases.ubuntu.com
+ set_fact:
+ ubuntu_installer_base_url: "https://releases.ubuntu.com/{{ ubuntu_installer_codename }}"
diff --git a/roles/installer/ubuntu/fetch/tasks/fetch-version.yml b/roles/installer/ubuntu/fetch/tasks/fetch-version.yml
new file mode 100644
index 00000000..868adc95
--- /dev/null
+++ b/roles/installer/ubuntu/fetch/tasks/fetch-version.yml
@@ -0,0 +1,41 @@
+---
+## we need to try old-releases.ubuntu.com first because otherwise it would be impossible to download the initial release
+## of any codename release. (i.e. 20.04)
+- name: try downloading SHA256SUMS and signature file from old-releases.ubuntu.com
+ loop:
+ - SHA256SUMS
+ - SHA256SUMS.gpg
+ get_url:
+ url: "https://old-releases.ubuntu.com/releases/{{ ubuntu_installer_version }}/{{ item }}"
+ dest: "{{ ubuntu_installer_target_dir }}/{{ item }}"
+ force: yes
+ register: ubuntu_installer_old
+ failed_when: "'status_code' in ubuntu_installer_old and ubuntu_installer_old.status_code not in [200, 404]"
+
+- when: 404 not in (ubuntu_installer_old.results | selectattr('status_code', 'defined') | map(attribute='status_code') | list)
+ block:
+ - name: check if SHA256SUM actually contains the correct iso
+ command: grep -E '^[0-9a-z]{64}\s+\*ubuntu-{{ ubuntu_installer_version }}-{{ ubuntu_installer_variant }}-{{ ubuntu_installer_arch }}.iso$' "{{ ubuntu_installer_target_dir }}/SHA256SUMS"
+ changed_when: false
+ failed_when: false
+ register: ubuntu_installer_old_sha256sum
+
+ - name: set download url to old-releases.ubuntu.com
+ when: (ubuntu_installer_old_sha256sum.stdout_lines | length) > 0
+ set_fact:
+ ubuntu_installer_base_url: "https://old-releases.ubuntu.com/releases/{{ ubuntu_installer_version }}"
+
+- when: ubuntu_installer_base_url is not defined
+ block:
+ - name: try downloading SHA256SUMS and signature file from releases.ubuntu.com
+ loop:
+ - SHA256SUMS
+ - SHA256SUMS.gpg
+ get_url:
+ url: "https://releases.ubuntu.com/{{ ubuntu_installer_version }}/{{ item }}"
+ dest: "{{ ubuntu_installer_target_dir }}/{{ item }}"
+ force: yes
+
+ - name: set download url to releases.ubuntu.com
+ set_fact:
+ ubuntu_installer_base_url: "https://releases.ubuntu.com/{{ ubuntu_installer_version }}"
diff --git a/roles/installer/ubuntu/fetch/tasks/main.yml b/roles/installer/ubuntu/fetch/tasks/main.yml
new file mode 100644
index 00000000..618cfd22
--- /dev/null
+++ b/roles/installer/ubuntu/fetch/tasks/main.yml
@@ -0,0 +1,43 @@
+---
+- name: prepare directories for installer files
+ file:
+ name: "{{ ubuntu_installer_target_dir }}"
+ state: directory
+
+- include_tasks: "fetch-{{ (ubuntu_installer_version is defined) | ternary('version', 'latest') }}.yml"
+
+- name: verfiy signature of SHA256SUMS file
+ command: >-
+ gpgv --keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/ubuntu-cdimage.gpg"
+ "{{ ubuntu_installer_target_dir }}/SHA256SUMS.gpg" "{{ ubuntu_installer_target_dir }}/SHA256SUMS"
+ changed_when: False
+ register: ubuntu_installer_gpg_result
+
+- debug:
+ var: ubuntu_installer_gpg_result.stderr_lines
+
+
+- name: download and verify installer files
+ block:
+ - name: extract file hash from SHA256SUMS
+ command: grep -E '^[0-9a-z]{64}\s+\*ubuntu-{{ ubuntu_installer_version | default("[0-9.]+") }}-{{ ubuntu_installer_variant }}-{{ ubuntu_installer_arch }}.iso$' "{{ ubuntu_installer_target_dir }}/SHA256SUMS"
+ changed_when: false
+ register: ubuntu_installer_sha256sum
+
+ - name: extract filename from SHA256SUM
+ set_fact:
+ ubuntu_installer_filename: "{{ (ubuntu_installer_sha256sum.stdout.split(' ') | last)[1:] }}"
+
+ - debug:
+ msg: "will be downloading: {{ ubuntu_installer_base_url }}/{{ ubuntu_installer_filename }} (this will probably take a while...)"
+
+ - name: download/verify installer file
+ get_url:
+ url: "{{ ubuntu_installer_base_url }}/{{ ubuntu_installer_filename }}"
+ dest: "{{ ubuntu_installer_target_dir }}/{{ ubuntu_installer_filename }}"
+ checksum: "sha256:{{ ubuntu_installer_sha256sum.stdout.split(' ') | first }}"
+ force: "{{ ubuntu_installer_force_download }}"
+
+ rescue:
+ - fail:
+ msg: "download/verification of installer files failed. Is the cd-image variant '{{ ubuntu_installer_variant }}' available for {{ ubuntu_installer_codename }}?"
diff --git a/roles/installer/ubuntu/fetch/vars/main.yml b/roles/installer/ubuntu/fetch/vars/main.yml
new file mode 100644
index 00000000..caf1fa67
--- /dev/null
+++ b/roles/installer/ubuntu/fetch/vars/main.yml
@@ -0,0 +1,2 @@
+---
+ubuntu_installer_target_dir: "{{ installer_base_path }}/{{ ubuntu_installer_codename }}/{{ ubuntu_installer_version | default('latest') }}-{{ ubuntu_installer_variant }}"
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 12:21:57 +0000