diff options
Diffstat (limited to 'roles')
5 files changed, 53 insertions, 28 deletions
diff --git a/roles/installer/openbsd/autoinstall/tasks/main.yml b/roles/installer/openbsd/autoinstall/tasks/main.yml index 5170ea9b..b8e88b53 100644 --- a/roles/installer/openbsd/autoinstall/tasks/main.yml +++ b/roles/installer/openbsd/autoinstall/tasks/main.yml @@ -2,21 +2,11 @@ - name: create temporary directories loop: - files/etc - - files/sets - site/ file: path: "{{ obsd_autoinstall_tmpdir }}/{{ item }}" state: directory -- name: extract installer files from iso - iso_extract: - image: "{{ installer_path }}/openbsd-{{ obsd_autoinstall_version }}/{{ obsd_autoinstall_arch }}/install.iso" - dest: "{{ obsd_autoinstall_tmpdir }}/files" - files: - - "{{ obsd_autoinstall_version }}/{{ obsd_autoinstall_arch }}/cdbr" - - "{{ obsd_autoinstall_version }}/{{ obsd_autoinstall_arch }}/cdboot" - - "{{ obsd_autoinstall_version }}/{{ obsd_autoinstall_arch }}/bsd.rd" - - name: generate bootloader and installer configuration loop: - auto_install.conf @@ -28,18 +18,20 @@ - name: generate random seed shell: "head -c512 < /dev/random > {{ obsd_autoinstall_tmpdir }}/files/etc/random.seed" -- name: extract file-sets from iso +- name: extract installer files from iso vars: - set_names: + installer_files: + - cdbr + - cdboot - bsd - bsd.mp - bsd.rd - "INSTALL.{{ obsd_autoinstall_arch }}" - "{{ obsd_autoinstall_file_sets | product([obsd_autoinstall_version_short+'.tgz']) | map('join') | list }}" iso_extract: - image: "{{ installer_path }}/openbsd-{{ obsd_autoinstall_version }}/{{ obsd_autoinstall_arch }}/install.iso" - dest: "{{ obsd_autoinstall_tmpdir }}/files/sets" - files: "{{ [obsd_autoinstall_version+'/'+obsd_autoinstall_arch+'/'] | product(set_names | flatten) | map('join') | list }}" + image: "{{ installer_path }}/openbsd-{{ obsd_autoinstall_version }}/{{ obsd_autoinstall_arch }}/install{{ obsd_autoinstall_version | replace('.', '') }}.iso" + dest: "{{ obsd_autoinstall_tmpdir }}/files" + files: "{{ [obsd_autoinstall_version+'/'+obsd_autoinstall_arch+'/'] | product(installer_files | flatten) | map('join') | list }}" - name: generate install.site script template: @@ -50,7 +42,7 @@ - name: generate site tarball archive: path: "{{ obsd_autoinstall_tmpdir }}/site/" - dest: "{{ obsd_autoinstall_tmpdir }}/files/sets/site{{ obsd_autoinstall_version_short }}.tgz" + dest: "{{ obsd_autoinstall_tmpdir }}/files/site{{ obsd_autoinstall_version_short }}.tgz" - name: generate host specific installer image command: 'genisoimage -RTLldDN -o "install.iso" -no-emul-boot -b "cdbr" -c "boot.catalog" files/' diff --git a/roles/installer/openbsd/autoinstall/templates/auto_install.conf.j2 b/roles/installer/openbsd/autoinstall/templates/auto_install.conf.j2 index 1e0c8c0c..767242d9 100644 --- a/roles/installer/openbsd/autoinstall/templates/auto_install.conf.j2 +++ b/roles/installer/openbsd/autoinstall/templates/auto_install.conf.j2 @@ -13,7 +13,7 @@ DNS nameservers = {{ hostvars[install_hostname].network_cooked.nameservers | joi {% if obsd_autoinstall_serial_device is defined %} Change the default console to {{ obsd_autoinstall_serial_device }} = yes -Which speed should {{ obsd_autoinstall_serial_device }} use = {{ obsd_autoinstall_tty_serial | default(115200) }} +Which speed should {{ obsd_autoinstall_serial_device }} use = {{ obsd_autoinstall_serial_baudrate | default(115200) }} {% endif %} {# we will install only one key for now, install.site will install the rest #} @@ -26,7 +26,7 @@ Allow root ssh login = prohibit-password What timezone are you in = Europe/Vienna Location of sets = cd0 -Pathname to the sets = sets/ +Pathname to the sets = / Set name(s) = all -{# iso-images don't contain the SHA256.sig file but are verified when downloading the iso-file #} +{# iso-images don't contain the SHA256.sig file but have been verified after downloading them #} Directory does not contain SHA256.sig. Continue without verification = yes diff --git a/roles/installer/openbsd/autoinstall/templates/boot.conf.j2 b/roles/installer/openbsd/autoinstall/templates/boot.conf.j2 index d6cdcfeb..b8d09519 100644 --- a/roles/installer/openbsd/autoinstall/templates/boot.conf.j2 +++ b/roles/installer/openbsd/autoinstall/templates/boot.conf.j2 @@ -1,5 +1,5 @@ {% if obsd_autoinstall_serial_device is defined %} -stty {{ obsd_autoinstall_serial_device }} {{ obsd_autoinstall_tty_serial | default(115200) }} +stty {{ obsd_autoinstall_serial_device }} {{ obsd_autoinstall_serial_baudrate | default(115200) }} set tty {{ obsd_autoinstall_serial_device }} {% endif %} set image /bsd.rd diff --git a/roles/installer/openbsd/base/defaults/main.yml b/roles/installer/openbsd/base/defaults/main.yml index c852e00a..10e9c840 100644 --- a/roles/installer/openbsd/base/defaults/main.yml +++ b/roles/installer/openbsd/base/defaults/main.yml @@ -4,5 +4,10 @@ openbsd_versions: - amd64 - i386 +openbsd_signing_keys: + 6.7: | + untrusted comment: openbsd 6.7 base public key + RWRmkIA877Io3oCILSZoJGhAswifJbFK4r18ICoia+3c0PfwANueolNj + openbsd_installer_force_download: no openbsd_installer_url: "https://cdn.openbsd.org/pub/OpenBSD" diff --git a/roles/installer/openbsd/base/tasks/main.yml b/roles/installer/openbsd/base/tasks/main.yml index 0d5053d5..2d6e905e 100644 --- a/roles/installer/openbsd/base/tasks/main.yml +++ b/roles/installer/openbsd/base/tasks/main.yml @@ -1,4 +1,12 @@ -- name: prepare directories for installer isos +--- +- name: install genisoimage and openbsd signify + apt: + name: + - genisoimage + - signify-openbsd + state: present + +- name: prepare directories for installer iso files loop: "{{ openbsd_versions | subelements('arch') }}" loop_control: label: "openbsd-{{ item.0.version }} {{ item.1 }}" @@ -6,19 +14,39 @@ name: "{{ installer_path }}/openbsd-{{ item.0.version }}/{{ item.1 }}" state: directory -- name: download installer isos +- name: download installer iso files loop: "{{ openbsd_versions | subelements('arch') }}" loop_control: label: "openbsd-{{ item.0.version }} {{ item.1 }}" get_url: url: "{{ openbsd_installer_url }}/{{ item.0.version }}/{{ item.1 }}/install{{ item.0.version | replace('.', '') }}.iso" - dest: "{{ installer_path }}/openbsd-{{ item.0.version }}/{{ item.1 }}/install.iso" + dest: "{{ installer_path }}/openbsd-{{ item.0.version }}/{{ item.1 }}/install{{ item.0.version | replace('.', '') }}.iso" + mode: 0644 + force: "{{ openbsd_installer_force_download }}" + +- name: download signed sha256 files + loop: "{{ openbsd_versions | subelements('arch') }}" + loop_control: + label: "openbsd-{{ item.0.version }} {{ item.1 }}" + get_url: + url: "{{ openbsd_installer_url }}/{{ item.0.version }}/{{ item.1 }}/SHA256.sig" + dest: "{{ installer_path }}/openbsd-{{ item.0.version }}/{{ item.1 }}/SHA256.sig" mode: 0644 force: "{{ openbsd_installer_force_download }}" -# TODO: verify the image using openbsd-signify +- name: create signing key files + loop: "{{ openbsd_versions }}" + loop_control: + label: "openbsd-{{ item.version }}" + copy: + content: "{{ openbsd_signing_keys[item.version] }}" + dest: "{{ installer_path }}/openbsd-{{ item.version }}/openbsd-{{ item.version | replace('.', '') }}-base.pub" -- name: install genisoimage - apt: - name: genisoimage - state: present +- name: verfiy downloaded iso files + loop: "{{ openbsd_versions | subelements('arch') }}" + loop_control: + label: "openbsd-{{ item.0.version }} {{ item.1 }}" + command: "signify-openbsd -Cp ../openbsd-{{ item.0.version | replace('.', '') }}-base.pub -x SHA256.sig install{{ item.0.version | replace('.', '') }}.iso" + args: + chdir: "{{ installer_path }}/openbsd-{{ item.0.version }}/{{ item.1 }}" + changed_when: false |