From d7c3cce604c9c859bea820e93c1f182290a14781 Mon Sep 17 00:00:00 2001 From: Jonathan Rosser Date: Tue, 25 Jun 2024 15:51:26 +0100 Subject: [PATCH] Add utility playbook to download required binaries for all roles Usage: ansible-playbook vexxhost.kubernetes.download_binaries -e target=localhost This playbook uses the existing download_artifact role and downloads all versions of all binaries required for all roles. Pass extra variables with -e as required to configure download_artifact. --- molecule/download_binaries/converge.yml | 4 ++ molecule/download_binaries/molecule.yml | 39 ++++++++++++++++ molecule/download_binaries/prepare.yml | 33 ++++++++++++++ molecule/download_binaries/verify.yml | 40 +++++++++++++++++ playbooks/download_binaries.yml | 60 +++++++++++++++++++++++++ 5 files changed, 176 insertions(+) create mode 100644 molecule/download_binaries/converge.yml create mode 100644 molecule/download_binaries/molecule.yml create mode 100644 molecule/download_binaries/prepare.yml create mode 100644 molecule/download_binaries/verify.yml create mode 100644 playbooks/download_binaries.yml diff --git a/molecule/download_binaries/converge.yml b/molecule/download_binaries/converge.yml new file mode 100644 index 00000000..b61fd2b2 --- /dev/null +++ b/molecule/download_binaries/converge.yml @@ -0,0 +1,4 @@ +- name: include playbook + ansible.builtin.import_playbook: vexxhost.kubernetes.download_binaries + vars: + target: instance diff --git a/molecule/download_binaries/molecule.yml b/molecule/download_binaries/molecule.yml new file mode 100644 index 00000000..a986c4bf --- /dev/null +++ b/molecule/download_binaries/molecule.yml @@ -0,0 +1,39 @@ +# Copyright (c) 2023 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +dependency: + name: galaxy +driver: + name: docker +platforms: + - name: instance + image: geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2204}-ansible:latest + command: ${MOLECULE_DOCKER_COMMAND:-""} + privileged: true + cgroupns_mode: host + pre_build_image: true + environment: + container: docker + security_opts: + - apparmor=unconfined + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - /lib/modules:/lib/modules:ro +provisioner: + name: ansible + config_options: + connection: + pipelining: true +verifier: + name: ansible diff --git a/molecule/download_binaries/prepare.yml b/molecule/download_binaries/prepare.yml new file mode 100644 index 00000000..f144066a --- /dev/null +++ b/molecule/download_binaries/prepare.yml @@ -0,0 +1,33 @@ +# Copyright (c) 2023 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Prepare + hosts: all + become: true + pre_tasks: + - name: Wait for systemd to complete initialization + ansible.builtin.command: systemctl is-system-running + register: systemctl_status + until: > + 'running' in systemctl_status.stdout or + 'degraded' in systemctl_status.stdout + retries: 30 + delay: 5 + changed_when: false + failed_when: systemctl_status.rc > 1 + tasks: + - name: Run APT update + ansible.builtin.apt: + update_cache: yes + when: ansible_facts['pkg_mgr'] == "apt" diff --git a/molecule/download_binaries/verify.yml b/molecule/download_binaries/verify.yml new file mode 100644 index 00000000..5af6a92b --- /dev/null +++ b/molecule/download_binaries/verify.yml @@ -0,0 +1,40 @@ +# Copyright (c) 2023 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Verify + hosts: all + become: true + vars: + dir: /var/lib/downloads + tasks: + - name: Stat target dir + ansible.builtin.stat: + path: "{{ dir }}" + register: _dir_stat + + - name: Assert that target dir is created + ansible.builtin.assert: + that: + - _dir_stat.stat.exists + - _dir_stat.stat.isdir + + - name: Find target files + ansible.builtin.find: + paths: "{{ dir }}" + register: _dir_find + + - name: Assert that some files were downloaded + ansible.builtin.assert: + that: + - _dir_find.matched > 0 diff --git a/playbooks/download_binaries.yml b/playbooks/download_binaries.yml new file mode 100644 index 00000000..4c6538a2 --- /dev/null +++ b/playbooks/download_binaries.yml @@ -0,0 +1,60 @@ +- name: Download all binaries required at runtime for ansible-collection-kubernetes + hosts: "{{ target | default('all') }}" + gather_facts: false + vars: + # some role defaults use vars only defined in the download_artifact role + _download_artifact_goarch_groups: + x86_64: amd64 + aarch64: arm64 + armv7l: arm + + download_artifact_goarch: >- + {%- if ansible_facts['architecture'] in _download_artifact_goarch_groups -%} + {{ _download_artifact_goarch_groups[ansible_facts['architecture']] }} + {%- else -%} + {{ ansible_facts['architecture'] }} + {%- endif -%} + + download_artifact_work_directory: /var/lib/downloads + + role_location: "{{ playbook_dir }}/../roles" + tasks: + - name: Gather minimal facts + ansible.builtin.setup: + gather_subset: min + delegate_to: localhost + + - name: Find all subdirectories in the role location + ansible.builtin.find: + file_type: directory + paths: "{{ role_location }}" + recurse: true + register: role_paths + delegate_to: localhost + + - name: Select only defaults/ directories and load vars + # also load vars from download_artifact to get architecture mappings + ansible.builtin.include_vars: + dir: "{{ item }}" + with_items: + - "{{ role_paths.files | selectattr('path', 'search', 'defaults') | map(attribute='path') }}" + delegate_to: localhost + + - name: Generate list of all binaries for all roles + vexxhost.containers.binary_downloads: + prefixes: "{{ query('varnames', '_download_url$') | map('replace', '_download_url', '') }}" + register: binaries + delegate_to: localhost + + - name: Include download_artifact role + ansible.builtin.include_role: + name: vexxhost.containers.download_artifact + vars: + download_artifact_url: "{{ item.url }}" + download_artifact_dest: "{{ item.dest }}" + download_artifact_checksum: "sha256:{{ item.checksum }}" + download_artifact_owner: "{{ ansible_user }}" + download_artifact_mode: "0755" + download_artifact_unarchive: false + download_artifact_no_log: false + with_items: "{{ binaries.downloads }}"