From 2ccdc4546d38ed0e9d6784668168c4d566311f6f Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 28 Apr 2024 18:46:49 +0200 Subject: move raspios and openwrt folders to installer/ --- .../deploy/action_plugins/openwrt_sysupgrade.py | 57 +++++++++++ roles/installer/openwrt/deploy/tasks/main.yml | 5 + roles/installer/openwrt/image/README.md | 8 ++ roles/installer/openwrt/image/defaults/main.yml | 19 ++++ roles/installer/openwrt/image/tasks/fetch.yml | 57 +++++++++++ roles/installer/openwrt/image/tasks/main.yml | 65 ++++++++++++ roles/installer/openwrt/image/tasks/prepare.yml | 110 +++++++++++++++++++++ roles/installer/openwrt/image/templates/group.j2 | 21 ++++ roles/installer/openwrt/image/templates/passwd.j2 | 9 ++ roles/installer/openwrt/image/templates/uci.j2 | 15 +++ 10 files changed, 366 insertions(+) create mode 100644 roles/installer/openwrt/deploy/action_plugins/openwrt_sysupgrade.py create mode 100644 roles/installer/openwrt/deploy/tasks/main.yml create mode 100644 roles/installer/openwrt/image/README.md create mode 100644 roles/installer/openwrt/image/defaults/main.yml create mode 100644 roles/installer/openwrt/image/tasks/fetch.yml create mode 100644 roles/installer/openwrt/image/tasks/main.yml create mode 100644 roles/installer/openwrt/image/tasks/prepare.yml create mode 100644 roles/installer/openwrt/image/templates/group.j2 create mode 100644 roles/installer/openwrt/image/templates/passwd.j2 create mode 100644 roles/installer/openwrt/image/templates/uci.j2 (limited to 'roles/installer/openwrt') diff --git a/roles/installer/openwrt/deploy/action_plugins/openwrt_sysupgrade.py b/roles/installer/openwrt/deploy/action_plugins/openwrt_sysupgrade.py new file mode 100644 index 00000000..16772937 --- /dev/null +++ b/roles/installer/openwrt/deploy/action_plugins/openwrt_sysupgrade.py @@ -0,0 +1,57 @@ +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +import os + +from ansible.errors import AnsibleError, AnsibleAction, AnsibleActionFail, AnsibleActionSkip, AnsibleConnectionFailure +from ansible.module_utils._text import to_native +from ansible.plugins.action import ActionBase + + +class ActionModule(ActionBase): + TRANSFERS_FILES = True + + def run(self, tmp=None, task_vars=None): + if task_vars is None: + task_vars = dict() + + if self._task.environment and any(self._task.environment): + self._display.warning('openwrt_sysupgrade module does not support the environment keyword') + + result = super(ActionModule, self).run(tmp, task_vars) + del tmp # tmp no longer has any effect + self._cleanup_remote_tmp = False + + try: + if self._play_context.check_mode: + raise AnsibleActionSkip('Check mode is not supported for this task.') + + result['changed'] = True + + try: + image = to_native(self._task.args.get('image', ''), errors='surrogate_or_strict') + image = self._loader.get_real_file(self._find_needle('files', image), decrypt=False) + except AnsibleError as e: + raise AnsibleActionFail(to_native(e)) + + tmp_img = self._connection._shell.join_path(self._connection._shell.tmpdir, os.path.basename(image)) + self._transfer_file(image, tmp_img) + self._fixup_perms2((self._connection._shell.tmpdir, tmp_img), execute=False) + + args = to_native(self._task.args.get('args', ''), errors='surrogate_or_strict') + + script_cmd = ' '.join(['sysupgrade', args, tmp_img]) + script_cmd = self._connection._shell.wrap_for_exec(script_cmd) + + try: + result.update(self._low_level_execute_command(cmd=script_cmd)) + except AnsibleConnectionFailure as e: + result['rc'] = 0 + + if 'rc' in result and result['rc'] != 0: + raise AnsibleActionFail('non-zero return code') + + except AnsibleAction as e: + result.update(e.result) + + return result diff --git a/roles/installer/openwrt/deploy/tasks/main.yml b/roles/installer/openwrt/deploy/tasks/main.yml new file mode 100644 index 00000000..06fb28ad --- /dev/null +++ b/roles/installer/openwrt/deploy/tasks/main.yml @@ -0,0 +1,5 @@ +--- +- name: copy image and run sysupgrade + openwrt_sysupgrade: + image: "{{ output_images | first }}" + args: -n diff --git a/roles/installer/openwrt/image/README.md b/roles/installer/openwrt/image/README.md new file mode 100644 index 00000000..95d9d106 --- /dev/null +++ b/roles/installer/openwrt/image/README.md @@ -0,0 +1,8 @@ +# Build OpenWRT images with Ansible + +TODO: add possibility to disable root logins using /etc/shadow + this will also take care of the annoying + "There is no root password defined ..." + message when you log in. + +## Configuration diff --git a/roles/installer/openwrt/image/defaults/main.yml b/roles/installer/openwrt/image/defaults/main.yml new file mode 100644 index 00000000..9f867053 --- /dev/null +++ b/roles/installer/openwrt/image/defaults/main.yml @@ -0,0 +1,19 @@ +--- +openwrt_variant: openwrt +openwrt_release: "{{ install_codename }}" +openwrt_download_dir: "{{ global_cache_dir }}/openwrt" +openwrt_tarball_basename: "{{ openwrt_variant }}-imagebuilder-{{ openwrt_release }}-{{ openwrt_arch }}-{{ openwrt_target }}.Linux-x86_64" +openwrt_tarball_name: "{{ openwrt_tarball_basename }}.tar.xz" +openwrt_target: generic + +openwrt_output_dir: "{{ global_artifacts_dir }}/{{ inventory_hostname }}/openwrt" +openwrt_output_image_name_base: "{{ openwrt_variant }}-{{ openwrt_release }}-{{ openwrt_arch }}{% if openwrt_target != 'generic' %}-{{ openwrt_target }}{% endif %}" +openwrt_output_image_suffixes: + - squashfs-sysupgrade.bin + - squashfs-factory.bin + +openwrt_packages_remove: [] +openwrt_packages_add: [] +openwrt_packages_extra: [] + +openwrt_keep_temporary_build_dir: false diff --git a/roles/installer/openwrt/image/tasks/fetch.yml b/roles/installer/openwrt/image/tasks/fetch.yml new file mode 100644 index 00000000..1dc5728d --- /dev/null +++ b/roles/installer/openwrt/image/tasks/fetch.yml @@ -0,0 +1,57 @@ +--- +- name: Create download directory + file: + dest: "{{ openwrt_download_dir }}" + state: directory + +- name: download the openwrt image builder + block: + - name: Generate OpenWrt download URLs + set_fact: + openwrt_url: + https://downloads.openwrt.org/releases/{{ openwrt_release }}/targets/{{ openwrt_arch | mandatory }}/{{ openwrt_target }} + + - name: Download sha256sums + get_url: + url: "{{ openwrt_url }}/sha256sums" + dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" + + - name: Download sha256sums.asc + get_url: + url: "{{ openwrt_url }}/sha256sums.asc" + dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc" + + - name: Check OpenPGP signature + command: >- + gpgv --keyring "{{ global_files_dir }}/common/keyrings/openwrt-{{ [0, 1] | map('extract', (openwrt_release | split('.'))) | join('.') }}.gpg" + "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc" "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" + changed_when: False + register: openwrt_image_gpg_result + + - debug: + var: openwrt_image_gpg_result.stderr_lines + + - name: Extract SHA256 hash of the imagebuilder archive + command: grep '{{ openwrt_tarball_name }}' "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" + changed_when: False + register: sha256 + + - name: Download imagebuilder + get_url: + url: "{{ openwrt_url }}/{{ openwrt_tarball_name }}" + dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}" + checksum: sha256:{{ sha256.stdout.split(' ') | first }} + + rescue: + - name: Delete downloaded artifacts + loop: + - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" + - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc" + - "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}" + file: + path: "{{ item }}" + state: absent + + - name: the download has failed... + fail: + msg: Something borked diff --git a/roles/installer/openwrt/image/tasks/main.yml b/roles/installer/openwrt/image/tasks/main.yml new file mode 100644 index 00000000..5bf07d04 --- /dev/null +++ b/roles/installer/openwrt/image/tasks/main.yml @@ -0,0 +1,65 @@ +--- +- name: fetch imagebuilder + when: openwrt_imgbuilder_tarball is not defined + run_once: true + import_tasks: fetch.yml + +- name: build the image + block: + - import_tasks: prepare.yml + + - name: Create the output directory for built images + file: + path: "{{ openwrt_output_dir }}" + state: directory + + - name: generate list of packages to add or remove + set_fact: + openwrt_packages: >- + {{ openwrt_packages_remove | map('regex_replace', '^', '-') | join(' ') }} + {{ openwrt_packages_add | join(' ') }} + {{ openwrt_packages_extra | join(' ') }} + + - name: Build the OpenWrt image + command: >- + make -C {{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }} image + {% if openwrt_profile is defined %}PROFILE="{{ openwrt_profile }}" {% endif %} + FILES="{{ openwrt_imgbuilder_files }}" + PACKAGES="{{ openwrt_packages }}" + {% if openwrt_extra_name is defined %} EXTRA_IMAGE_NAME="{{ openwrt_extra_name }}" {% endif %} + {% if openwrt_rootfs_partsize is defined %} ROOTFS_PARTSIZE="{{ openwrt_rootfs_partsize }}" {% endif %} + register: openwrt_build + + - name: Copy newly built OpenWrt image + loop: "{{ openwrt_output_image_suffixes }}" + copy: + src: "{{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }}/bin/targets/{{ openwrt_arch }}/{{ openwrt_target }}/{{ openwrt_output_image_name_base }}-{{ item }}" + dest: "{{ openwrt_output_dir }}" + + - name: set output image names + set_fact: + output_images: "{{ [(openwrt_output_dir, openwrt_output_image_name_base) | path_join | realpath] | product(openwrt_output_image_suffixes) | map('join', '-') }}" + + always: + - name: save stdout build-log to output directory + when: openwrt_build is defined + copy: + content: "{{ openwrt_build.stdout }}\n" + dest: "{{ openwrt_output_dir }}/build-stdout.log" + + - name: save stderr build-log to output directory + when: openwrt_build is defined + copy: + content: "{{ openwrt_build.stderr }}\n" + dest: "{{ openwrt_output_dir }}/build-stderr.log" + + - name: delete the temporary build directory + when: not openwrt_keep_temporary_build_dir + file: + path: "{{ openwrt_imgbuilder_dir }}" + state: absent + + - name: print temporary build directory information + when: openwrt_keep_temporary_build_dir + debug: + msg: "The temporary build directory has not been deleted, the path to the directory is: {{ openwrt_imgbuilder_dir }}" diff --git a/roles/installer/openwrt/image/tasks/prepare.yml b/roles/installer/openwrt/image/tasks/prepare.yml new file mode 100644 index 00000000..f685540c --- /dev/null +++ b/roles/installer/openwrt/image/tasks/prepare.yml @@ -0,0 +1,110 @@ +--- +- name: Create temporary build directory + tempfile: + state: directory + register: tmpdir + +- name: set variables needed to build images + set_fact: + openwrt_imgbuilder_dir: "{{ tmpdir.path }}" + openwrt_imgbuilder_files: "{{ tmpdir.path }}/files" + +- name: Create the directories for mixins + loop: "{{ mixin_directories | flatten }}" + vars: + mixin_directories: + - "{{ openwrt_download_dir }}/dl/{{ openwrt_arch }}" + - "{{ openwrt_imgbuilder_files }}/etc/config" + - "{{ openwrt_mixin | map('dirname') | map('regex_replace', '^', openwrt_imgbuilder_files) | unique | list }}" + file: + path: "{{ item }}" + state: directory + mode: '0755' + + +- name: Copy mixins in place [1/3] + loop: "{{ openwrt_mixin | dict2items | selectattr('value.link', 'defined') | list }}" + loop_control: + label: "{{ item.key }}" + file: + dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}" + src: "{{ item.value.link }}" + force: yes + follow: no + state: link + +- name: Copy mixins in place [2/3] + loop: "{{ openwrt_mixin | dict2items | selectattr('value.file', 'defined') | list }}" + loop_control: + label: "{{ item.key }}" + copy: + src: "{{ item.value.file }}" + dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}" + mode: "{{ item.value.mode | default('0644') }}" + +- name: Copy mixins in place [3/3] + loop: "{{ openwrt_mixin | dict2items | selectattr('value.content', 'defined') | list }}" + loop_control: + label: "{{ item.key }}" + copy: + content: "{{ item.value.content }}" + dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}" + mode: "{{ item.value.mode | default('0644') }}" + +- name: Generate /etc/fstab + when: openwrt_mounts is defined + loop: "{{ openwrt_mounts }}" + loop_control: + label: "{{ item.path }}" + mount: + fstab: "{{ openwrt_imgbuilder_files }}/etc/fstab" + state: present + src: "{{ item.src | default(omit) }}" + path: "{{ item.path | default(omit) }}" + fstype: "{{ item.fstype | default(omit) }}" + opts: "{{ item.opts | default(omit) }}" + boot: "{{ item.boot | default(omit) }}" + dump: "{{ item.dump | default(omit) }}" + passno: "{{ item.passno | default(omit) }}" + + +- name: Create UCI configuration files + loop: "{{ openwrt_uci | dict2items }}" + loop_control: + label: "{{ item.key }}" + template: + src: uci.j2 + dest: "{{ openwrt_imgbuilder_files }}/etc/config/{{ item.key }}" + mode: 0644 + trim_blocks: yes +# force: no ## TODO: fail when overwriting a file + +- name: Create /etc/passwd + when: openwrt_users is defined + template: + src: passwd.j2 + dest: "{{ openwrt_imgbuilder_files }}/etc/passwd" + mode: 0644 + trim_blocks: yes + +- name: Create /etc/group + when: openwrt_groups is defined or openwrt_users is defined + template: + src: group.j2 + dest: "{{ openwrt_imgbuilder_files }}/etc/group" + mode: 0644 + trim_blocks: yes + +- name: extract image builder tarball + environment: ### TODO: remove once this lands in ansible: https://github.com/ansible/ansible/pull/76542 + LANGUAGE: en_US.utf8 + unarchive: + src: "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}" + remote_src: yes + dest: "{{ openwrt_imgbuilder_dir }}" + +- name: Symlink the cache repository + file: + state: link + src: "{{ openwrt_download_dir }}/dl/{{ openwrt_arch }}" + path: "{{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }}/dl" diff --git a/roles/installer/openwrt/image/templates/group.j2 b/roles/installer/openwrt/image/templates/group.j2 new file mode 100644 index 00000000..cb433b88 --- /dev/null +++ b/roles/installer/openwrt/image/templates/group.j2 @@ -0,0 +1,21 @@ +{{ ansible_managed | comment }} +root:x:0: +daemon:x:1: +adm:x:4: +mail:x:8: +audio:x:29: +www-data:x:33: +ftp:x:55: +users:x:100: +network:x:101: +{% for name, opt in openwrt_users.items() %} +{% if 'group_id' not in opt %} +{{ name }}:x:{{ opt.id | default(loop.index + 110) }}: +{% endif %} +{% endfor %} +{% if openwrt_groups is defined %} +{% for name, opt in openwrt_groups.items() %} +{{ name }}:x:{{ opt.id | default(loop.index + 200) }}: +{% endfor %} +{% endif %} +nogroup:x:65534: diff --git a/roles/installer/openwrt/image/templates/passwd.j2 b/roles/installer/openwrt/image/templates/passwd.j2 new file mode 100644 index 00000000..9beaeb61 --- /dev/null +++ b/roles/installer/openwrt/image/templates/passwd.j2 @@ -0,0 +1,9 @@ +{{ ansible_managed | comment }} +root:x:0:0:root:/root:/bin/ash +daemon:*:1:1:daemon:/var:/bin/false +ftp:*:55:55:ftp:/home/ftp:/bin/false +network:*:101:101:network:/var:/bin/false +{% for name, opt in openwrt_users.items() %} +{{ name }}:*:{{ opt.id | default(loop.index + 110) }}:{{ opt.gid | default(loop.index + 110) }}:{{ name }}:{{ opt.home | default('/nonexistent') }}:{{ opt.shell | default('/bin/false') }} +{% endfor %} +nobody:*:65534:65534:nobody:/var:/bin/false diff --git a/roles/installer/openwrt/image/templates/uci.j2 b/roles/installer/openwrt/image/templates/uci.j2 new file mode 100644 index 00000000..3cc480b2 --- /dev/null +++ b/roles/installer/openwrt/image/templates/uci.j2 @@ -0,0 +1,15 @@ +{{ ansible_managed | comment }} + +{% for section in item.value %} +config {{ section.name }} +{% for option, value in section.options.items() %} +{% if value is iterable and value is not string %} +{% for v in value %} + list {{ option }} '{{ v }}' +{% endfor %} +{% else %} + option {{ option }} '{{ value }}' +{% endif %} +{% endfor %} + +{% endfor %} -- cgit v1.2.3