From 9f0e2a07848cd1e315af997fa62a2b2c176b7ea5 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Tue, 29 Jun 2021 15:00:08 +0200 Subject: add ubuntu insaller fetch and base --- roles/installer/ubuntu/base/tasks/main.yml | 15 ++++++++ roles/installer/ubuntu/fetch/defaults/main.yml | 7 ++++ .../installer/ubuntu/fetch/tasks/fetch-latest.yml | 13 +++++++ .../installer/ubuntu/fetch/tasks/fetch-version.yml | 41 +++++++++++++++++++++ roles/installer/ubuntu/fetch/tasks/main.yml | 43 ++++++++++++++++++++++ roles/installer/ubuntu/fetch/vars/main.yml | 2 + 6 files changed, 121 insertions(+) create mode 100644 roles/installer/ubuntu/base/tasks/main.yml create mode 100644 roles/installer/ubuntu/fetch/defaults/main.yml create mode 100644 roles/installer/ubuntu/fetch/tasks/fetch-latest.yml create mode 100644 roles/installer/ubuntu/fetch/tasks/fetch-version.yml create mode 100644 roles/installer/ubuntu/fetch/tasks/main.yml create mode 100644 roles/installer/ubuntu/fetch/vars/main.yml (limited to 'roles/installer/ubuntu') diff --git a/roles/installer/ubuntu/base/tasks/main.yml b/roles/installer/ubuntu/base/tasks/main.yml new file mode 100644 index 00000000..c48ed4b5 --- /dev/null +++ b/roles/installer/ubuntu/base/tasks/main.yml @@ -0,0 +1,15 @@ +--- +- name: install gpgv + apt: + name: gpgv + state: present + +- name: prepare directory keyrings + file: + name: "{{ installer_base_path }}/keyrings" + state: directory + +- name: copy ubuntu cdimage keyring file + copy: + src: "{{ global_files_dir }}/common/keyrings/ubuntu-cdimage.gpg" + dest: "{{ installer_base_path }}/keyrings/ubuntu-cdimage.gpg" diff --git a/roles/installer/ubuntu/fetch/defaults/main.yml b/roles/installer/ubuntu/fetch/defaults/main.yml new file mode 100644 index 00000000..f6ac2bc0 --- /dev/null +++ b/roles/installer/ubuntu/fetch/defaults/main.yml @@ -0,0 +1,7 @@ +--- +# ubuntu_installer_codename: bionic | focal +ubuntu_installer_arch: amd64 +# ubuntu_installer_variant: live-server | desktop +# ubuntu_installer_version: 20.04.1 + +ubuntu_installer_force_download: no diff --git a/roles/installer/ubuntu/fetch/tasks/fetch-latest.yml b/roles/installer/ubuntu/fetch/tasks/fetch-latest.yml new file mode 100644 index 00000000..9baa6d97 --- /dev/null +++ b/roles/installer/ubuntu/fetch/tasks/fetch-latest.yml @@ -0,0 +1,13 @@ +--- +- name: downloading SHA256SUMS and signature file for latest release + loop: + - SHA256SUMS + - SHA256SUMS.gpg + get_url: + url: "https://releases.ubuntu.com/{{ ubuntu_installer_codename }}/{{ item }}" + dest: "{{ ubuntu_installer_target_dir }}/{{ item }}" + force: "{{ ubuntu_installer_force_download }}" + +- name: set download url to releases.ubuntu.com + set_fact: + ubuntu_installer_base_url: "https://releases.ubuntu.com/{{ ubuntu_installer_codename }}" diff --git a/roles/installer/ubuntu/fetch/tasks/fetch-version.yml b/roles/installer/ubuntu/fetch/tasks/fetch-version.yml new file mode 100644 index 00000000..868adc95 --- /dev/null +++ b/roles/installer/ubuntu/fetch/tasks/fetch-version.yml @@ -0,0 +1,41 @@ +--- +## we need to try old-releases.ubuntu.com first because otherwise it would be impossible to download the initial release +## of any codename release. (i.e. 20.04) +- name: try downloading SHA256SUMS and signature file from old-releases.ubuntu.com + loop: + - SHA256SUMS + - SHA256SUMS.gpg + get_url: + url: "https://old-releases.ubuntu.com/releases/{{ ubuntu_installer_version }}/{{ item }}" + dest: "{{ ubuntu_installer_target_dir }}/{{ item }}" + force: yes + register: ubuntu_installer_old + failed_when: "'status_code' in ubuntu_installer_old and ubuntu_installer_old.status_code not in [200, 404]" + +- when: 404 not in (ubuntu_installer_old.results | selectattr('status_code', 'defined') | map(attribute='status_code') | list) + block: + - name: check if SHA256SUM actually contains the correct iso + command: grep -E '^[0-9a-z]{64}\s+\*ubuntu-{{ ubuntu_installer_version }}-{{ ubuntu_installer_variant }}-{{ ubuntu_installer_arch }}.iso$' "{{ ubuntu_installer_target_dir }}/SHA256SUMS" + changed_when: false + failed_when: false + register: ubuntu_installer_old_sha256sum + + - name: set download url to old-releases.ubuntu.com + when: (ubuntu_installer_old_sha256sum.stdout_lines | length) > 0 + set_fact: + ubuntu_installer_base_url: "https://old-releases.ubuntu.com/releases/{{ ubuntu_installer_version }}" + +- when: ubuntu_installer_base_url is not defined + block: + - name: try downloading SHA256SUMS and signature file from releases.ubuntu.com + loop: + - SHA256SUMS + - SHA256SUMS.gpg + get_url: + url: "https://releases.ubuntu.com/{{ ubuntu_installer_version }}/{{ item }}" + dest: "{{ ubuntu_installer_target_dir }}/{{ item }}" + force: yes + + - name: set download url to releases.ubuntu.com + set_fact: + ubuntu_installer_base_url: "https://releases.ubuntu.com/{{ ubuntu_installer_version }}" diff --git a/roles/installer/ubuntu/fetch/tasks/main.yml b/roles/installer/ubuntu/fetch/tasks/main.yml new file mode 100644 index 00000000..618cfd22 --- /dev/null +++ b/roles/installer/ubuntu/fetch/tasks/main.yml @@ -0,0 +1,43 @@ +--- +- name: prepare directories for installer files + file: + name: "{{ ubuntu_installer_target_dir }}" + state: directory + +- include_tasks: "fetch-{{ (ubuntu_installer_version is defined) | ternary('version', 'latest') }}.yml" + +- name: verfiy signature of SHA256SUMS file + command: >- + gpgv --keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/ubuntu-cdimage.gpg" + "{{ ubuntu_installer_target_dir }}/SHA256SUMS.gpg" "{{ ubuntu_installer_target_dir }}/SHA256SUMS" + changed_when: False + register: ubuntu_installer_gpg_result + +- debug: + var: ubuntu_installer_gpg_result.stderr_lines + + +- name: download and verify installer files + block: + - name: extract file hash from SHA256SUMS + command: grep -E '^[0-9a-z]{64}\s+\*ubuntu-{{ ubuntu_installer_version | default("[0-9.]+") }}-{{ ubuntu_installer_variant }}-{{ ubuntu_installer_arch }}.iso$' "{{ ubuntu_installer_target_dir }}/SHA256SUMS" + changed_when: false + register: ubuntu_installer_sha256sum + + - name: extract filename from SHA256SUM + set_fact: + ubuntu_installer_filename: "{{ (ubuntu_installer_sha256sum.stdout.split(' ') | last)[1:] }}" + + - debug: + msg: "will be downloading: {{ ubuntu_installer_base_url }}/{{ ubuntu_installer_filename }} (this will probably take a while...)" + + - name: download/verify installer file + get_url: + url: "{{ ubuntu_installer_base_url }}/{{ ubuntu_installer_filename }}" + dest: "{{ ubuntu_installer_target_dir }}/{{ ubuntu_installer_filename }}" + checksum: "sha256:{{ ubuntu_installer_sha256sum.stdout.split(' ') | first }}" + force: "{{ ubuntu_installer_force_download }}" + + rescue: + - fail: + msg: "download/verification of installer files failed. Is the cd-image variant '{{ ubuntu_installer_variant }}' available for {{ ubuntu_installer_codename }}?" diff --git a/roles/installer/ubuntu/fetch/vars/main.yml b/roles/installer/ubuntu/fetch/vars/main.yml new file mode 100644 index 00000000..caf1fa67 --- /dev/null +++ b/roles/installer/ubuntu/fetch/vars/main.yml @@ -0,0 +1,2 @@ +--- +ubuntu_installer_target_dir: "{{ installer_base_path }}/{{ ubuntu_installer_codename }}/{{ ubuntu_installer_version | default('latest') }}-{{ ubuntu_installer_variant }}" -- cgit v1.2.3