diff options
Diffstat (limited to 'roles/installer/raspios/image/tasks')
-rw-r--r-- | roles/installer/raspios/image/tasks/fetch.yml | 60 | ||||
-rw-r--r-- | roles/installer/raspios/image/tasks/main.yml | 103 |
2 files changed, 163 insertions, 0 deletions
diff --git a/roles/installer/raspios/image/tasks/fetch.yml b/roles/installer/raspios/image/tasks/fetch.yml new file mode 100644 index 00000000..bbde6bdf --- /dev/null +++ b/roles/installer/raspios/image/tasks/fetch.yml @@ -0,0 +1,60 @@ +--- +- name: Create download directory + file: + dest: "{{ raspios_download_dir }}" + state: directory + +- name: fetch imageutility os list from download server + check_mode: no + uri: + url: "{{ raspios_download_url }}/os_list_imagingutility_v4.json" + body_format: json + register: raspios_os_list_imagingutility + +- set_fact: + raspios_download_url_image: "{{ raspios_os_list_imagingutility.json.os_list | raspios_extract_latest_image_download_url(raspios_variant, raspios_codename, raspios_arch) }}" + +- name: download the raspios image + block: + - name: download sha256sum and signature + loop: + - sha256 + - sig + get_url: + url: "{{ raspios_download_url_image }}.{{ item }}" + dest: "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.{{ item }}" + + - name: extract SHA256 hash of the image archive + command: grep '{{ raspios_download_image_base_name }}' "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.sha256" + changed_when: False + register: sha256 + + - name: download image + get_url: + url: "{{ raspios_download_url_image }}" + dest: "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}" + checksum: sha256:{{ sha256.stdout.split(' ') | first }} + + - name: check OpenPGP signature + command: >- + gpgv --keyring "{{ global_files_dir }}/common/keyrings/raspberrypi-downloads.gpg" + "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.sig" "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}" + changed_when: False + register: raspios_image_gpg_result + + - debug: + var: raspios_image_gpg_result.stderr_lines + + rescue: + - name: delete downloaded artifacts + loop: + - "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}-sha256" + - "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.sig" + - "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}" + file: + path: "{{ item }}" + state: absent + + - name: the download has failed... + fail: + msg: Something borked diff --git a/roles/installer/raspios/image/tasks/main.yml b/roles/installer/raspios/image/tasks/main.yml new file mode 100644 index 00000000..b8296f9a --- /dev/null +++ b/roles/installer/raspios/image/tasks/main.yml @@ -0,0 +1,103 @@ +--- +- name: check if host is member of the raspios group + assert: + msg: "please add the host to the group 'raspios'" + that: + - "'raspios' in group_names" + +- name: fetch base image + run_once: true + import_tasks: fetch.yml + +- name: build the image + block: + - name: create the output directory for built images + file: + path: "{{ raspios_output_dir }}" + state: directory + + - name: extract image + decompress: + src: "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}" + dest: "{{ raspios_output_dir }}" + force: yes + register: raspios_image_extract + + - set_fact: + raspios_output_image_base_name: "{{ raspios_image_extract.files | first | basename }}" + + - name: read partition layout from image + command: "sfdisk -q -r -J '{{ raspios_output_dir }}/{{ raspios_output_image_base_name }}'" + register: raspios_image_sfdisk + + - set_fact: + raspios_image_partitions: "{{ (raspios_image_sfdisk.stdout | from_json)['partitiontable']['partitions'] }}" + + - name: bind loop device for boot partition + command: "udisksctl loop-setup --no-user-interaction -o {{ raspios_image_partitions[0].start * 512 }} -s {{ raspios_image_partitions[0].size * 512 }} -f '{{ raspios_output_dir }}/{{ raspios_output_image_base_name }}'" + register: raspios_image_loop_setup + + - set_fact: + raspios_image_loop_device: "{{ raspios_image_loop_setup.stdout | regex_search('as (/dev/loop[0-9]+)\\.$', '\\1') | first }}" + + - name: mount boot partition + command: "udisksctl mount --no-user-interaction -b '{{ raspios_image_loop_device }}'" + register: raspios_image_mount + + - set_fact: + raspios_image_mount_point: "{{ raspios_image_mount.stdout | regex_search('at (/media/.+)\\.?$', '\\1') | first }}" + + - name: edit boot/config.txt + when: raspios_boot_config is defined + loop: "{{ raspios_boot_config }}" + loop_control: + label: "{{ item.line }}" + lineinfile: + path: "{{ raspios_image_mount_point }}/config.txt" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + + - name: Generate authorized_keys file + authorized_key: + user: root + manage_dir: no + path: "{{ raspios_image_mount_point }}/firstrun.authorized_keys" + key: "{{ ssh_keys_root | join('\n') }}" + + - name: install firstrun.sh script + template: + src: firstrun.sh.j2 + dest: "{{ raspios_image_mount_point }}/firstrun.sh" + mode: 0755 + + - name: edit boot/cmdline.txt + lineinfile: + path: "{{ raspios_image_mount_point }}/cmdline.txt" + regexp: '^(.*)( systemd.run=/boot/firstrun.sh systemd.run_success_action=reboot systemd.run_failure_action=none systemd.unit=kernel-command-line.target)?(.*?)$' + backrefs: yes + line: '\1 systemd.run=/boot/firstrun.sh systemd.run_success_action=reboot systemd.run_failure_action=none systemd.unit=kernel-command-line.target \3' + + always: + - name: unmount image + when: + - not raspios_keep_boot_dir_mounted + - raspios_image_mount_point is defined + - raspios_image_mount_point is mount + command: "udisksctl unmount --no-user-interaction -b '{{ raspios_image_loop_device }}'" + + - name: delete loop_device + when: + - not raspios_keep_boot_dir_mounted + - raspios_image_loop_device is defined + command: "udisksctl loop-delete --no-user-interaction -b '{{ raspios_image_loop_device }}'" + + - name: print temporary build directory information + when: + - raspios_keep_boot_dir_mounted + debug: + msg: "As per request the boot partition of the image is still mounted to: {{ raspios_image_mount_point }}" + +- name: set output image names + set_fact: + output_images: + - "{{ (raspios_output_dir, raspios_output_image_base_name) | path_join | realpath }}" |