diff options
Diffstat (limited to 'roles/installer/debian')
-rw-r--r-- | roles/installer/debian/base/tasks/main.yml | 43 | ||||
-rw-r--r-- | roles/installer/debian/fetch/defaults/main.yml (renamed from roles/installer/debian/base/defaults/main.yml) | 0 | ||||
-rw-r--r-- | roles/installer/debian/fetch/filter_plugins/main.py (renamed from roles/installer/debian/base/filter_plugins/main.py) | 0 | ||||
-rw-r--r-- | roles/installer/debian/fetch/tasks/main.yml | 35 | ||||
-rw-r--r-- | roles/installer/debian/fetch/tasks/verify-debian.yml (renamed from roles/installer/debian/base/tasks/verify-debian.yml) | 16 | ||||
-rw-r--r-- | roles/installer/debian/fetch/tasks/verify-ubuntu.yml (renamed from roles/installer/debian/base/tasks/verify-ubuntu.yml) | 12 | ||||
-rw-r--r-- | roles/installer/debian/fetch/vars/main.yml (renamed from roles/installer/debian/base/vars/main.yml) | 0 | ||||
-rw-r--r-- | roles/installer/debian/preseed/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/installer/debian/usb/tasks/main.yml | 2 |
9 files changed, 64 insertions, 46 deletions
diff --git a/roles/installer/debian/base/tasks/main.yml b/roles/installer/debian/base/tasks/main.yml index 65110c91..119b3670 100644 --- a/roles/installer/debian/base/tasks/main.yml +++ b/roles/installer/debian/base/tasks/main.yml @@ -1,35 +1,18 @@ --- -- name: prepare directories for installer files +- name: prepare directory keyrings file: - name: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}" + name: "{{ installer_base_path }}/keyrings" state: directory -- name: download and verify installer files - block: - - name: fetch and verify installer checksums - include_tasks: "verify-{{ install_distro }}.yml" +- name: copy debian keyring files + loop: "{{ lookup('fileglob', global_files_dir+'/common/keyrings/debian-*.gpg', wantlist=True) }}" + loop_control: + label: "{{ item | basename }}" + copy: + src: "{{ item }}" + dest: "{{ installer_base_path }}/keyrings/{{ item | basename }}" - - name: download installer kernel image - get_url: - url: "{{ debian_installer_base_url }}/{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}" - dest: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ debian_installer_variant_kernal_image_name }}" - checksum: "{{ debian_installer_kernel_checksum }}" - force: "{{ debian_installer_force_download }}" - mode: 0644 - - - name: download installer initrd.gz - get_url: - url: "{{ debian_installer_base_url }}/{{ debian_installer_variant_path }}/initrd.gz" - dest: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/initrd.gz" - checksum: "{{ debian_installer_initrd_checksum }}" - force: "{{ debian_installer_force_download }}" - mode: 0644 - - rescue: - - name: remove all downloaded files - file: - name: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}" - state: absent - - - fail: - msg: "download/verification of installer files failed" +- name: copy ubuntu keyring file + copy: + src: "{{ global_files_dir }}/common/keyrings/ubuntu-archive.gpg" + dest: "{{ installer_base_path }}/keyrings/ubuntu-archive.gpg" diff --git a/roles/installer/debian/base/defaults/main.yml b/roles/installer/debian/fetch/defaults/main.yml index eebc59bf..eebc59bf 100644 --- a/roles/installer/debian/base/defaults/main.yml +++ b/roles/installer/debian/fetch/defaults/main.yml diff --git a/roles/installer/debian/base/filter_plugins/main.py b/roles/installer/debian/fetch/filter_plugins/main.py index 298e7efd..298e7efd 100644 --- a/roles/installer/debian/base/filter_plugins/main.py +++ b/roles/installer/debian/fetch/filter_plugins/main.py diff --git a/roles/installer/debian/fetch/tasks/main.yml b/roles/installer/debian/fetch/tasks/main.yml new file mode 100644 index 00000000..dc87655f --- /dev/null +++ b/roles/installer/debian/fetch/tasks/main.yml @@ -0,0 +1,35 @@ +--- +- name: prepare directories for installer files + file: + name: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}" + state: directory + +- name: download and verify installer files + block: + - name: fetch and verify installer checksums + include_tasks: "verify-{{ install_distro }}.yml" + + - name: download installer kernel image + get_url: + url: "{{ debian_installer_base_url }}/{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}" + dest: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ debian_installer_variant_kernal_image_name }}" + checksum: "{{ debian_installer_kernel_checksum }}" + force: "{{ debian_installer_force_download }}" + mode: 0644 + + - name: download installer initrd.gz + get_url: + url: "{{ debian_installer_base_url }}/{{ debian_installer_variant_path }}/initrd.gz" + dest: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/initrd.gz" + checksum: "{{ debian_installer_initrd_checksum }}" + force: "{{ debian_installer_force_download }}" + mode: 0644 + + rescue: + - name: remove all downloaded files + file: + name: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}" + state: absent + + - fail: + msg: "download/verification of installer files failed" diff --git a/roles/installer/debian/base/tasks/verify-debian.yml b/roles/installer/debian/fetch/tasks/verify-debian.yml index 5a890b1d..6846451d 100644 --- a/roles/installer/debian/base/tasks/verify-debian.yml +++ b/roles/installer/debian/fetch/tasks/verify-debian.yml @@ -5,14 +5,14 @@ - Release.gpg get_url: url: "{{ debian_installer_base_url | dirname | dirname | dirname | dirname }}/{{ item }}" - dest: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ item }}" + dest: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ item }}" - name: verfiy signature of Release file command: >- gpg --no-options --trust-model always --no-default-keyring --secret-keyring /dev/null - --keyring "{{ global_files_dir }}/common/keyrings/debian-{{ install_codename }}.gpg" - --verify "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release.gpg" - "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release" + --keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/debian-{{ install_codename }}.gpg" + --verify "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release.gpg" + "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release" changed_when: False register: debian_installer_gpg_result @@ -20,23 +20,23 @@ var: debian_installer_gpg_result.stderr_lines - name: extract checksum file hash from Release file - command: grep -E "^ [0-9a-z]{64} .* main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}/SHA256SUMS$" "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release" + command: grep -E "^ [0-9a-z]{64} .* main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}/SHA256SUMS$" "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release" changed_when: false register: debian_installer_inrelease_sha256 - name: download SHA256SUMS get_url: url: "{{ debian_installer_base_url }}/SHA256SUMS" - dest: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" + dest: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" checksum: "sha256:{{ (debian_installer_inrelease_sha256.stdout | trim).split(' ') | first }}" - name: extract kernel image hash from SHA256SUMS - command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}$" "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" + command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}$" "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" changed_when: false register: debian_installer_sha256sums_kernel - name: extract inital ramdisk hash from SHA256SUMS - command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/initrd.gz$" "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" + command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/initrd.gz$" "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" changed_when: false register: debian_installer_sha256sums_initrd diff --git a/roles/installer/debian/base/tasks/verify-ubuntu.yml b/roles/installer/debian/fetch/tasks/verify-ubuntu.yml index f2b75492..e7cff3ae 100644 --- a/roles/installer/debian/base/tasks/verify-ubuntu.yml +++ b/roles/installer/debian/fetch/tasks/verify-ubuntu.yml @@ -5,14 +5,14 @@ - SHA256SUMS.gpg get_url: url: "{{ debian_installer_base_url }}/{{ item }}" - dest: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ item }}" + dest: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ item }}" - name: verfiy signature of SHA256SUMS.gpg file command: >- gpg --no-options --trust-model always --no-default-keyring --secret-keyring /dev/null - --keyring "{{ global_files_dir }}/common/keyrings/ubuntu-archive.gpg" - --verify "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS.gpg" - "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" + --keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/ubuntu-archive.gpg" + --verify "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS.gpg" + "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" changed_when: False register: debian_installer_gpg_result @@ -20,12 +20,12 @@ var: debian_installer_gpg_result.stderr_lines - name: extract kernel image hash from SHA256SUMS - command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}$" "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" + command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}$" "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" changed_when: false register: debian_installer_sha256sums_kernel - name: extract inital ramdisk hash from SHA256SUMS - command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/initrd.gz$" "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" + command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/initrd.gz$" "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" changed_when: false register: debian_installer_sha256sums_initrd diff --git a/roles/installer/debian/base/vars/main.yml b/roles/installer/debian/fetch/vars/main.yml index 404b571a..404b571a 100644 --- a/roles/installer/debian/base/vars/main.yml +++ b/roles/installer/debian/fetch/vars/main.yml diff --git a/roles/installer/debian/preseed/tasks/main.yml b/roles/installer/debian/preseed/tasks/main.yml index 3dd106e3..f0dc56cd 100644 --- a/roles/installer/debian/preseed/tasks/main.yml +++ b/roles/installer/debian/preseed/tasks/main.yml @@ -2,7 +2,7 @@ - name: Copy initramfs into position copy: remote_src: yes - src: "{{ installer_path | mandatory }}/{{ install_distro }}-{{ install_codename }}/{{ hostvars[install_hostname].install_cooked.arch | default('amd64') }}-{{ debian_installer_variant }}/initrd.gz" + src: "{{ installer_base_path | mandatory }}/{{ install_distro }}-{{ install_codename }}/{{ hostvars[install_hostname].install_cooked.arch | default('amd64') }}-{{ debian_installer_variant }}/initrd.gz" dest: "{{ preseed_tmpdir }}/initrd.preseed.gz" - name: Generate preseed file diff --git a/roles/installer/debian/usb/tasks/main.yml b/roles/installer/debian/usb/tasks/main.yml index 4ff03611..478e0d33 100644 --- a/roles/installer/debian/usb/tasks/main.yml +++ b/roles/installer/debian/usb/tasks/main.yml @@ -17,7 +17,7 @@ debian_installer_arch: "{{ install.arch | default('amd64') }}" debian_installer_variant: netboot import_role: - role: installer/debian/base + role: installer/debian/fetch - name: Create temporary workdir tempfile: |