Skip to content

Commit

Permalink
Merge pull request #260 from simonfelding/fix-airgap
Browse files Browse the repository at this point in the history
fix airgap deploy
  • Loading branch information
MonolithProjects authored Nov 4, 2024
2 parents e334c67 + 9cd3979 commit fe5c10f
Show file tree
Hide file tree
Showing 2 changed files with 149 additions and 41 deletions.
189 changes: 148 additions & 41 deletions tasks/rke2.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,53 +5,102 @@
url: "{{ rke2_install_bash_url }}"
dest: "{{ rke2_install_script_dir }}/rke2.sh"
mode: 0700
when: (not rke2_airgap_mode) or rke2_airgap_implementation == 'download'
when: not rke2_airgap_mode

- name: Copy local RKE2 installation script
ansible.builtin.copy:
src: "{{ rke2_airgap_copy_sourcepath }}/rke2.sh"
dest: "{{ rke2_install_script_dir }}/rke2.sh"
mode: 0700
force: yes
when: rke2_airgap_mode and rke2_airgap_implementation == 'copy'
when:
- rke2_airgap_mode
- rke2_airgap_implementation == 'copy'

- name: Create RKE2 artifacts folder
ansible.builtin.file:
path: "{{ rke2_artifact_path }}"
state: directory
mode: 0700
when: rke2_airgap_mode
when:
- rke2_airgap_mode
- rke2_airgap_implementation != 'exists'

- name: Download RKE2 checksum and artifacts
when: rke2_airgap_mode and rke2_airgap_implementation == 'download'
- name: Download RKE2 checksum and artifacts (try to download remotely first - fallback to local download and push)
when:
- rke2_airgap_mode
- rke2_airgap_implementation == 'download'
block:
- name: Download sha256 checksum file
ansible.builtin.get_url:
url: "{{ rke2_artifact_url }}/{{ rke2_version }}/sha256sum-{{ rke2_architecture }}.txt"
dest: "{{ rke2_artifact_path }}/sha256sum-{{ rke2_architecture }}.txt"
force: yes
mode: 0644
mode: 0640
timeout: 30
- name: Download RKE2 artifacts and compare with checksums
ansible.builtin.get_url:
url: "{{ rke2_artifact_url }}/{{ rke2_version }}/{{ item }}"
dest: "{{ rke2_artifact_path }}/{{ item }}"
mode: 0644
mode: 0640
checksum: "sha256:{{ rke2_artifact_url }}/{{ rke2_version }}/sha256sum-{{ rke2_architecture }}.txt"
timeout: 30
with_items: "{{ rke2_artifact | reject('search', 'sha256sum') | list }}"
rescue:
- name: "Remote downloading failed: Downloading locally and pushing to remote hosts"
ansible.builtin.pause: # Slight delay to make sure you know it's gonna happen and have time to cancel
seconds: 7
- name: "Create {{ rke2_airgap_copy_sourcepath }}"
delegate_to: localhost
run_once: true
ansible.builtin.file:
path: "{{ rke2_airgap_copy_sourcepath }}"
state: directory
- name: Download RKE2 checksum locally
delegate_to: localhost
run_once: true
register: checksum_file
ansible.builtin.get_url:
url: "{{ rke2_artifact_url }}/{{ rke2_version }}/sha256sum-{{ rke2_architecture }}.txt"
dest: "{{ rke2_airgap_copy_sourcepath }}/"
force: yes
mode: 0640
timeout: 30
- name: Downloading RKE2 artifacts locally
delegate_to: localhost
run_once: true
ansible.builtin.get_url:
force: yes
url: "{{ item }}"
dest: "{{ rke2_airgap_copy_sourcepath }}/"
with_items: "{{ [rke2_artifact_url+'/'+rke2_version+'/'] | product(rke2_artifact) | map('join') | list + [rke2_install_bash_url] }}"
- name: Copy local RKE2 files to remote hosts
ansible.builtin.copy:
src: "{{ rke2_airgap_copy_sourcepath }}/{{ item }}"
dest: "{{ rke2_artifact_path }}/{{ item }}"
mode: 0640
with_items: "{{ rke2_artifacts + ['rke2.sh'] }}"
- name: Set RKE2 install script permissions
ansible.builtin.file:
path: "{{ rke2_artifact_path }}/rke2.sh"
mode: 0750

- name: Copy local RKE2 artifacts
ansible.builtin.copy:
src: "{{ rke2_airgap_copy_sourcepath }}/{{ item }}"
dest: "{{ rke2_artifact_path }}/{{ item }}"
mode: 0644
mode: 0640
force: yes
with_items: "{{ rke2_artifact }}"
when: rke2_airgap_mode and rke2_airgap_implementation == 'copy'
when:
- rke2_airgap_mode
- rke2_airgap_implementation == 'copy'

- name: Airgap mode - additional images tarballs
when: rke2_airgap_mode and ( rke2_airgap_copy_additional_tarballs | length > 0 )
when:
- rke2_airgap_mode
- ( rke2_airgap_copy_additional_tarballs | length > 0 )
- rke2_airgap_implementation != 'exists'
block:
- name: Create additional images tarballs folder
ansible.builtin.file:
Expand All @@ -62,10 +111,45 @@
ansible.builtin.copy:
src: "{{ rke2_airgap_copy_sourcepath }}/{{ item }}"
dest: "{{ rke2_tarball_images_path }}/{{ item }}"
mode: 0644
mode: 0640
force: yes
with_items: "{{ rke2_airgap_copy_additional_tarballs }}"

- name: Airgap mode - ensure artifacts exist and have acceptable permissions # only modifies permissions if they are overprivileged
when:
- rke2_airgap_mode
- rke2_airgap_implementation == 'exists'
block:
- name: Register artifacts
ansible.builtin.stat:
path: "{{ rke2_artifact_path }}/{{ item }}"
with_items: "{{ rke2_artifact }}"
register: artifacts
- name: Register install script
ansible.builtin.stat:
path: "{{ rke2_install_script_dir }}/rke2.sh"
register: install_script
- name: Register artifact facts
ansible.builtin.set_fact:
artifacts_writeable: "{{ artifacts.values() | map(attribute='writeable') | list | bool }}"
- name: Make the artifacts read-only
ansible.builtin.file:
path: "{{ rke2_artifact_path }}/{{ item }}"
mode: 0640
with_items: "{{ rke2_artifact }}"
when: artifacts_writeable
- name: Make the install script executable.
ansible.builtin.file:
path: "{{ rke2_install_script_dir }}/rke2.sh"
mode: 0700
when:
- install_script.stat.writeable
- not install_script.stat.executable
- name: Install script must be executable
ansible.builtin.fail:
msg: "The install script at {{ rke2_install_script_dir }}/rke2.sh must be executable."
when: not install_script.stat.executable

- name: Populate service facts
ansible.builtin.service_facts:

Expand Down Expand Up @@ -119,26 +203,28 @@
vars:
versions: "{{ versions_check.stdout | from_json }}"

- name: Run AirGap RKE2 script
ansible.builtin.command:
cmd: "{{ rke2_install_script_dir }}/rke2.sh"
environment:
INSTALL_RKE2_ARTIFACT_PATH: "{{ rke2_artifact_path }}"
INSTALL_RKE2_AGENT_IMAGES_DIR: "{{ rke2_data_path }}/agent/images"
changed_when: false
when: not ansible_check_mode and rke2_version != installed_version and rke2_airgap_mode

- name: Run RKE2 script
ansible.builtin.command:
cmd: "{{ rke2_install_script_dir }}/rke2.sh"
environment:
INSTALL_RKE2_VERSION: "{{ rke2_version }}"
INSTALL_RKE2_CHANNEL_URL: "{{ rke2_channel_url }}"
INSTALL_RKE2_CHANNEL: "{{ rke2_channel }}"
INSTALL_RKE2_METHOD: "{{ rke2_method }}"
INSTALL_RKE2_TYPE: "{{ rke2_type }}"
changed_when: false
when: not ansible_check_mode and rke2_version != installed_version and not rke2_airgap_mode
- name: Run RKE2 install script
when: rke2_version != installed_version
block:
- name: Run the script with airgap variables
ansible.builtin.command:
cmd: "{{ rke2_install_script_dir }}/rke2.sh"
environment:
INSTALL_RKE2_ARTIFACT_PATH: "{{ rke2_artifact_path }}"
INSTALL_RKE2_AGENT_IMAGES_DIR: "{{ rke2_data_path }}/agent/images"
INSTALL_RKE2_METHOD: "{{ rke2_method }}"
changed_when: false
when: rke2_airgap_mode
- name: Run RKE2 script without airgap variables
ansible.builtin.command:
cmd: "{{ rke2_install_script_dir }}/rke2.sh"
environment:
INSTALL_RKE2_VERSION: "{{ rke2_version }}"
INSTALL_RKE2_CHANNEL_URL: "{{ rke2_channel_url }}"
INSTALL_RKE2_CHANNEL: "{{ rke2_channel }}"
INSTALL_RKE2_METHOD: "{{ rke2_method }}"
changed_when: false
when: not ansible_check_mode and not rke2_airgap_mode

- name: Copy Custom Manifests
ansible.builtin.template:
Expand All @@ -150,15 +236,34 @@
with_items: "{{ rke2_custom_manifests }}"
when: rke2_custom_manifests

- name: Copy Static Pods
ansible.builtin.copy:
src: "{{ item }}"
dest: "{{ rke2_data_path }}/agent/pod-manifests/"
owner: root
group: root
mode: 0644
with_items: "{{ rke2_static_pods }}"
when: rke2_static_pods
- name: Create /server/manifests directory
when: rke2_custom_manifests or rke2_static_pods
block:
- name: Create directory
ansible.builtin.file:
path: "{{ rke2_data_path }}/server/manifests"
state: directory
mode: 0755
- name: Copy Custom Manifests
ansible.builtin.template:
src: "{{ item }}"
dest: "{{ rke2_data_path }}/server/manifests/{{ item | basename | regex_replace('\\.j2$', '') }}"
owner: root
group: root
mode: 0644
with_fileglob: "{{ rke2_custom_manifests }}/*"
when:
- rke2_custom_manifests
- inventory_hostname == groups[rke2_servers_group_name].0
- name: Copy Static Pods
ansible.builtin.copy:
src: "{{ item }}"
dest: "{{ rke2_data_path }}/agent/pod-manifests/{{ item | basename | regex_replace('\\.j2$', '') }}"
owner: root
group: root
mode: 0644
with_fileglob: "{{ rke2_static_pods }}/*"
when: rke2_static_pods

- name: Copy RKE2 environment file
ansible.builtin.template:
Expand All @@ -167,4 +272,6 @@
owner: root
group: root
mode: 0644
when: rke2_environment_options is defined and rke2_environment_options|length > 0
when:
- rke2_environment_options is defined
- rke2_environment_options|length > 0
1 change: 1 addition & 0 deletions tasks/summary.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
become: false
when:
- not ansible_check_mode
- not rke2_airgap_mode
- rke2_download_kubeconf | bool

- name: Summary
Expand Down

0 comments on commit fe5c10f

Please sign in to comment.