diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index e05f6f82a3..445bc83c74 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -17,7 +17,7 @@ RUN : INSTALL APT REQUIREMENTS \ jq libc6-dev libcap2-bin libffi-dev lsb-release \ make musl-dev openssh-client procps \ psmisc ruby-full sudo tar \ - unzip vim \ + unzip vim rsync \ && apt-get -q autoremove -y \ && apt-get -q clean -y \ && rm -rf /var/lib/apt/lists/* diff --git a/Dockerfile b/Dockerfile index d9a7272aea..e0651329ae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,7 +14,7 @@ COPY . /epicli RUN : INSTALL APT REQUIREMENTS \ && apt-get update \ && apt-get install --no-install-recommends -y \ - autossh curl gcc jq libcap2-bin libc6-dev libffi-dev make musl-dev openssh-client procps psmisc ruby-full sudo tar unzip vim \ + autossh curl gcc jq libcap2-bin libc6-dev libffi-dev make musl-dev openssh-client procps psmisc ruby-full sudo tar unzip vim rsync \ \ && : INSTALL HELM BINARY \ && curl -fsSLO https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz \ diff --git a/ansible/playbooks/roles/repository/files/client/Debian/enable-system-repos.sh b/ansible/playbooks/roles/repository/files/client/Debian/enable-system-repos.sh deleted file mode 100644 index 12fa5c1aba..0000000000 --- a/ansible/playbooks/roles/repository/files/client/Debian/enable-system-repos.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -eu - -REPOS_BACKUP_FILE=/var/tmp/enabled-system-repos.tar - -tar -C / --absolute-name -xvf ${REPOS_BACKUP_FILE} 2>&1 \ No newline at end of file diff --git a/ansible/playbooks/roles/repository/files/download-requirements/download-requirements.py b/ansible/playbooks/roles/repository/files/download-requirements/download-requirements.py new file mode 100644 index 0000000000..cbf24ed459 --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/download-requirements.py @@ -0,0 +1,41 @@ +#!/usr/bin/python3 +import datetime +import logging +import sys +from os import getuid +from typing import Dict, List + +from src.config import Config, OSType +from src.error import CriticalError +from src.mode.base_mode import BaseMode +from src.mode.debian_family_mode import DebianFamilyMode +from src.mode.red_hat_family_mode import RedHatFamilyMode + + +MODES: Dict[OSType, BaseMode] = { + OSType.Ubuntu: DebianFamilyMode, + OSType.RedHat: RedHatFamilyMode, + OSType.CentOS: RedHatFamilyMode +} + + +def main(argv: List[str]) -> int: + try: + time_begin = datetime.datetime.now() + if getuid() != 0: + print('Error: Needs to be run as root!') + return 1 + + config = Config(argv) + + MODES[config.os_type](config).run() + + time_end = datetime.datetime.now() - time_begin + logging.info(f'Total execution time: {str(time_end).split(".")[0]}') + except CriticalError: + return 1 + + return 0 + +if __name__ == '__main__': + sys.exit(main(sys.argv)) diff --git a/ansible/playbooks/roles/repository/files/download-requirements/repositories/x86_64/ubuntu.yml b/ansible/playbooks/roles/repository/files/download-requirements/repositories/x86_64/ubuntu.yml new file mode 100644 index 0000000000..bd21e8d6fa --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/repositories/x86_64/ubuntu.yml @@ -0,0 +1,53 @@ +--- +repositories: + elastic_6: + key: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + content: 'deb https://artifacts.elastic.co/packages/oss-6.x/apt stable main' + path: '/etc/apt/sources.list.d/elastic-6.x.list' + + kubernetes': + key: 'https://packages.cloud.google.com/apt/doc/apt-key.gpg' + content: 'deb http://apt.kubernetes.io/ kubernetes-xenial main' + path: '/etc/apt/sources.list.d/kubernetes.list' + + erlang_solutions': + key: 'https://packages.erlang-solutions.com/ubuntu/erlang_solutions.asc' + content: 'deb https://packages.erlang-solutions.com/ubuntu focal contrib' + path: '/etc/apt/sources.list.d/erlang-23.x.list' + + rabbitmq_server': + key: 'https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey' + content: 'deb https://packagecloud.io/rabbitmq/rabbitmq-server/ubuntu bionic main' + path: '/etc/apt/sources.list.d/rabbitmq.list' + + docker_ce': + key: 'https://download.docker.com/linux/ubuntu/gpg' + content: 'deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable' + path: '/etc/apt/sources.list.d/docker-ce.list' + + elastic_7': + key: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + content: 'deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main' + path: '/etc/apt/sources.list.d/elastic-7.x.list' + + opendistroforelasticsearch': + key: 'https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch' + content: 'deb https://d3g5vo6xdbdb9a.cloudfront.net/apt stable main' + path: '/etc/apt/sources.list.d/opendistroforelasticsearch.list' + + postgresql': + key: 'https://www.postgresql.org/media/keys/ACCC4CF8.asc' + content: 'deb http://apt.postgresql.org/pub/repos/apt focal-pgdg main' + path: '/etc/apt/sources.list.d/pgdg.list' + + # Historical packages from apt.postgresql.org + postgresql-archive': + key: 'https://www.postgresql.org/media/keys/ACCC4CF8.asc' + content: 'deb http://apt-archive.postgresql.org/pub/repos/apt focal-pgdg-archive main' + path: '/etc/apt/sources.list.d/pgdg-archive.list' + + # Provides repmgr + 2ndquadrant': + key: 'https://dl.2ndquadrant.com/gpg-key.asc' + content: 'deb https://dl.2ndquadrant.com/default/release/apt focal-2ndquadrant main' + path: '/etc/apt/sources.list.d/2ndquadrant-dl-default-release.list' diff --git a/ansible/playbooks/roles/repository/files/download-requirements/requirements/crane.yml b/ansible/playbooks/roles/repository/files/download-requirements/requirements/crane.yml new file mode 100644 index 0000000000..ae1b001ffe --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/requirements/crane.yml @@ -0,0 +1,4 @@ +--- +crane: + - url: 'https://github.com/google/go-containerregistry/releases/download/v0.4.1/go-containerregistry_Linux_x86_64.tar.gz' + sha256: def1364f9483d133ccc6b1c4876f59a653d024c8866d96ecda026561d38c349b diff --git a/ansible/playbooks/roles/repository/files/download-requirements/requirements/dashboards.yml b/ansible/playbooks/roles/repository/files/download-requirements/requirements/dashboards.yml new file mode 100644 index 0000000000..444f770583 --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/requirements/dashboards.yml @@ -0,0 +1,66 @@ +--- +dashboards: + # Kubernetes Cluster + - name: grafana_dashboard_7249 + url: 'https://grafana.com/api/dashboards/7249/revisions/1/download' + sha256: 41cc2794b1cc9fc537baf045fee12d086d23632b4c8b2e88985274bb9862e731 + + # Kubernetes cluster monitoring (via Prometheus) + - name: grafana_dashboard_315 + url: 'https://grafana.com/api/dashboards/315/revisions/3/download' + sha256: ee46dd6e68a9950aa78e8c88ae5e565c8ebde6cbdbe08972a70f06c5486618fb + + # Node Exporter for Prometheus + - name: grafana_dashboard_11074 + url: 'https://grafana.com/api/dashboards/11074/revisions/9/download' + sha256: 151b23305da46eab84930e99175e1c07e375af73dbbb4b8f501ca25f5ac62785 + + # Node Exporter Server Metrics + - name: grafana_dashboard_405 + url: 'https://grafana.com/api/dashboards/405/revisions/8/download' + sha256: 97675027cbd5b7241e93a2b598654c4b466bc909eeb6358ba123d500094d913c + + # Postgres Overview + - name: grafana_dashboard_455 + url: 'https://grafana.com/api/dashboards/455/revisions/2/download' + sha256: c66b91ab8d258b0dc005d3ee4dac3a5634a627c79cc8053875f76ab1e369a362 + + # PostgreSQL Database + - name: grafana_dashboard_9628 + url: 'https://grafana.com/api/dashboards/9628/revisions/7/download' + sha256: c64cc38ad9ebd7af09551ee83e669a38f62a76e7c80929af5668a5852732b376 + + # RabbitMQ Monitoring + - name: grafana_dashboard_4279 + url: 'https://grafana.com/api/dashboards/4279/revisions/4/download' + sha256: 74d47be868da52c145240ab5586d91ace9e9218ca775af988f9d60e501907a25 + + # Node Exporter Full + - name: grafana_dashboard_1860 + url: 'https://grafana.com/api/dashboards/1860/revisions/23/download' + sha256: 225faab8bf35c1723af14d4c069882ccb92b455d1941c6b1cf3d95a1576c13d7 + + # Kafka Exporter Overview + - name: grafana_dashboard_7589 + url: 'https://grafana.com/api/dashboards/7589/revisions/5/download' + sha256: cf020e14465626360418e8b5746818c80d77c0301422f3060879fddc099c2151 + + # HaProxy backend (or frontend/servers) + - name: grafana_dashboard_789 + url: 'https://grafana.com/api/dashboards/789/revisions/1/download' + sha256: 6a9b4bdc386062287af4f7d56781103a2e45a51813596a65f03c1ae1d4d3e919 + + # Docker and Host Monitoring w/ Prometheus + - name: grafana_dashboard_179 + url: 'https://grafana.com/api/dashboards/179/revisions/7/download' + sha256: 8d67350ff74e715fb1463f2406f24a73377357d90344f8200dad9d1b2a8133c2 + + # Kubernetes pod and cluster monitoring (via Prometheus) + - name: grafana_dashboard_6663 + url: 'https://grafana.com/api/dashboards/6663/revisions/1/download' + sha256: d544d88069e1b793ff3d8f6970df641ad9a66217e69b629621e1ecbb2f06aa05 + + # RabbitMQ cluster monitoring (via Prometheus) + - name: grafana_dashboard_10991 + url: 'https://grafana.com/api/dashboards/10991/revisions/11/download' + sha256: 66340fa3256d432287cba75ab5177eb058c77afa7d521a75d58099f95b1bff50 diff --git a/ansible/playbooks/roles/repository/files/download-requirements/requirements/files.yml b/ansible/playbooks/roles/repository/files/download-requirements/requirements/files.yml new file mode 100644 index 0000000000..68d7b1390a --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/requirements/files.yml @@ -0,0 +1,40 @@ +--- +files: + # --- Exporters --- + - url: 'https://github.com/danielqsj/kafka_exporter/releases/download/v1.4.0/kafka_exporter-1.4.0.linux-amd64.tar.gz' + sha256: ffda682e82daede726da8719257a088f8e23dcaa4e2ac8b2b2748a129aea85f0 + + - url: 'https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.16.1/jmx_prometheus_javaagent-0.16.1.jar' + sha256: 0ddc6834f854c03d5795305193c1d33132a24fbd406b4b52828602f5bc30777e + + - url: 'https://github.com/prometheus/node_exporter/releases/download/v1.3.1/node_exporter-1.3.1.linux-amd64.tar.gz' + sha256: 68f3802c2dd3980667e4ba65ea2e1fb03f4a4ba026cca375f15a0390ff850949 + + - url: 'https://github.com/prometheus-community/postgres_exporter/releases/download/v0.10.0/postgres_exporter-0.10.0.linux-amd64.tar.gz' + sha256: 1d1a008c5e29673b404a9ce119b7516fa59974aeda2f47d4a0446d102abce8a1 + + # --- Misc --- + - url: 'https://archive.apache.org/dist/kafka/2.6.0/kafka_2.12-2.6.0.tgz' + sha256: 086bf9ca1fcbe2abe5c62e73d6f172adb1ee5a5b42732e153fb4d4ec82dab69f + + - url: 'https://archive.apache.org/dist/zookeeper/zookeeper-3.5.8/apache-zookeeper-3.5.8-bin.tar.gz' + sha256: c35ed6786d59b73920243f1a324d24c2ddfafb379041d7a350cc9a341c52caf3 + + - url: 'https://github.com/prometheus/alertmanager/releases/download/v0.23.0/alertmanager-0.23.0.linux-amd64.tar.gz' + sha256: 77793c4d9bb92be98f7525f8bc50cb8adb8c5de2e944d5500e90ab13918771fc + + - url: 'https://github.com/prometheus/prometheus/releases/download/v2.31.1/prometheus-2.31.1.linux-amd64.tar.gz' + sha256: 7852dc11cfaa039577c1804fe6f082a07c5eb06be50babcffe29214aedf318b3 + + - url: 'https://get.helm.sh/helm-v3.2.0-linux-amd64.tar.gz' + sha256: 4c3fd562e64005786ac8f18e7334054a24da34ec04bbd769c206b03b8ed6e457 + + - url: 'https://archive.apache.org/dist/logging/log4j/2.17.1/apache-log4j-2.17.1-bin.tar.gz' + sha256: b876c20c9d318d77a39c0c2e095897b2bb1cd100c7859643f8c7c8b0fc6d5961 + + # --- Helm charts --- + - url: 'https://charts.bitnami.com/bitnami/node-exporter-2.3.17.tgz' + sha256: ec586fabb775a4f05510386899cf348391523c89ff5a1d4097b0592e675ade7f + + - url: 'https://helm.elastic.co/helm/filebeat/filebeat-7.9.2.tgz' + sha256: 5140b4c4473ca33a0af4c3f70545dcc89735c0a179d974ebc150f1f28ac229ab diff --git a/ansible/playbooks/roles/repository/files/download-requirements/requirements/images.yml b/ansible/playbooks/roles/repository/files/download-requirements/requirements/images.yml new file mode 100644 index 0000000000..72c3ad4dc8 --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/requirements/images.yml @@ -0,0 +1,158 @@ +--- +images: + - name: 'haproxy:2.2.2-alpine' + sha256: f42019aaa7b8d10a7818a72ecde001b91e83df1d9ad0d1e38805968791880a75 + + - name: 'kubernetesui/dashboard:v2.3.1' + sha256: 1351ee7605362e7fcb84a645cf81c7ae915ce1034de9d9cf00f1246882976f59 + + - name: 'kubernetesui/metrics-scraper:v1.0.7' + sha256: 4fde72c37aa57868f19a5552b89eab71226eccec95fa33801146577880739050 + + - name: 'registry:2' + sha256: bdd3efacf7f73edbca2da6fae2cb46adc0a48999dbbb9f362e56f43187a3e34c + + # applications + - name: 'bitnami/pgpool:4.2.4' + sha256: 3388e83ef861545f363c674b516e58c67dda0e15adf208ed5dee627e4a9a6453 + + - name: 'bitnami/pgbouncer:1.16.0' + sha256: f66d8c29402f03180393cea7bc1a75b708807113a77877e85405fcca1f3f2b0e + + - name: 'epiphanyplatform/keycloak:14.0.0' + sha256: a6c143ab8f2e53f0af73f068cda0d8bd50aa792a6729f901367ace44a6bedf58 + + - name: 'rabbitmq:3.8.9' + sha256: 7f28ecc2db56fb02fa237adc8cef811352ebde18365741b0be6da8d850465e59 + + # K8s + # v1.18.6 + - name: 'k8s.gcr.io/kube-apiserver:v1.18.6' + sha256: 46a6a5db199cf175ddf83dc4f8c4bca9ef852b36ffd8929dbc793a9a5ac7f42e + + - name: 'k8s.gcr.io/kube-controller-manager:v1.18.6' + sha256: 066153685539eb43de5702d8924ed9c7c449a1a6b4557b0aead5e8c80850f5f7 + + - name: 'k8s.gcr.io/kube-scheduler:v1.18.6' + sha256: 257187a3ff641276ad174ef2a01176f4655997e235c83ae5f27a96a3ed5ff01b + + - name: 'k8s.gcr.io/kube-proxy:v1.18.6' + sha256: 6fa027ea9c16e230384617fbfd3b6ba0d70c6f4783fe8b23af03d226ebcb444b + + - name: 'k8s.gcr.io/coredns:1.6.7' + sha256: bc895982dfec04707553353fef5e6f35b8dfc2ec58a4bc67d234eee5dbed814f + + - name: 'k8s.gcr.io/etcd:3.4.3-0' + sha256: 2770a10d5b98167c07b9326167a52b3d58bf9e9241d813ed9ec88472e958e12a + + - name: 'quay.io/coreos/flannel:v0.12.0-amd64' + sha256: 0fd9251d0bed2e9fba12ef21c3443acf461fb7d0d9e469ff7f0ed51f68848bec + + - name: 'quay.io/coreos/flannel:v0.12.0' + sha256: 14c9a68e0038d764992cf06119e67f86e1d1e4489d1c0bac0ee2a69ff484ab44 + + - name: 'calico/cni:v3.15.0' + sha256: 1007ddea91576ff50325e6a8dad83ba7596e7369c5c5f2318118438e029a348a + + - name: 'calico/kube-controllers:v3.15.0' + sha256: 4e13dd977d99a9c846b740531a9e4210ddb7cb5be4b8c05264aad2f541702e28 + + - name: 'calico/node:v3.15.0' + sha256: 8aedb15067f694aa1220589c1cb3e51a3a652d127143a55a41b9be28b0ea7da7 + + - name: 'calico/pod2daemon-flexvol:v3.15.0' + sha256: 4cf6c67db34bdc5598e28fc54429afa0362b299fdc6da064335c6bff8e01ca1a + + # v1.19.15 + - name: 'k8s.gcr.io/kube-apiserver:v1.19.15' + sha256: 5a128204ea5aeae8eb84cfc7cf759b6e31c97eb0fc57652d10199d6406ab7333 + + - name: 'k8s.gcr.io/kube-controller-manager:v1.19.15' + sha256: abdd9350d664f4a235d3a300fa55f9a4a6c5a26d299d7e0ec0e11476be589aea + + - name: 'k8s.gcr.io/kube-scheduler:v1.19.15' + sha256: 08732fd863f4127dd34692fabc2f9e023f6d6d2c238eb34e928cf3ef9c16f0cf + + - name: 'k8s.gcr.io/kube-proxy:v1.19.15' + sha256: 131b72a5d153c153bbc85e5cfbef7fbdc0ff7f43ffb4e9555b1a95b8625f0226 + + # v1.20.12 + - name: 'k8s.gcr.io/kube-apiserver:v1.20.12' + sha256: 618e808f0b2cc5203c4105f417817a8a5cf10a6829493fdc1a5f9c7d3bd45520 + + - name: 'k8s.gcr.io/kube-controller-manager:v1.20.12' + sha256: 30c5431215d61593b0debf5c2a2e3b818f8af83689c55a06817f4f23cf950f70 + + - name: 'k8s.gcr.io/kube-scheduler:v1.20.12' + sha256: f31e3de525f75953ab3494df4879352c4aaf0f7bd95e3960c29e52dfd81783d0 + + - name: 'k8s.gcr.io/kube-proxy:v1.20.12' + sha256: 40bb2f9e229e846034dde56e41a125b14c697be96102dc3b02f60d2b16b5fb4c + + - name: 'k8s.gcr.io/coredns:1.7.0' + sha256: 08368ce06f22002639ffe095a2b2a0d16da50b2a7e821206cb97957d183dde92 + + - name: 'k8s.gcr.io/pause:3.2' + sha256: 64bb6a32f297d03e8b570e58d7dd00a171ed5686295d966b2fd583165fb93f9e + + # v1.21.7 + - name: 'k8s.gcr.io/kube-apiserver:v1.21.7' + sha256: 903a9db6809afa0fd6a35109102916c5648518de931b424e87173dfcfbc98f24 + + - name: 'k8s.gcr.io/kube-controller-manager:v1.21.7' + sha256: e7b9752b044582dc841f7f0ef538835712ca1e5311a1ee667464be2c361c768d + + - name: 'k8s.gcr.io/kube-scheduler:v1.21.7' + sha256: 3c3585da6d26cffa725b40b8c49b4d0720485320144bcdc51013f546cc781f12 + + - name: 'k8s.gcr.io/kube-proxy:v1.21.7' + sha256: 31b1f8a34852b9a66a174df742346927d2ffcf16366ebbc22e71d2fcb01b1b42 + + - name: 'k8s.gcr.io/coredns/coredns:v1.8.0' + sha256: 6bf705594c7676ab6f8fcf22876fe5d33eb71018928e73fff90255b460aded6a + + - name: 'k8s.gcr.io/etcd:3.4.13-0' + sha256: 377554d89698f6c4e7a1aafaa756ad87bcefdc45ea33123fb9945501623aa501 + + - name: 'k8s.gcr.io/pause:3.4.1' + sha256: d8f6de1afe05ef0de2f25368599e9b540da19bbf7a83746d6fbed06bfef4edac + + # v1.22.4 + - name: 'k8s.gcr.io/kube-apiserver:v1.22.4' + sha256: 86c7114f56570eccdf1542eb08b1c17e1d453e56c028795a3751ee39d780d2e7 + + - name: 'k8s.gcr.io/kube-controller-manager:v1.22.4' + sha256: 3651fbadbbd1785244862f6f0ee9e29d267676e1536db3dd89bae3be5a25145e + + - name: 'k8s.gcr.io/kube-scheduler:v1.22.4' + sha256: 129e8dada97246067eede38a2f0634428ee77d05d7a2c38c84258e1977e7a7e6 + + - name: 'k8s.gcr.io/kube-proxy:v1.22.4' + sha256: a5331a2d1b22487cad455d2e6e82e107ecd7e5124a5bf9c6d9044c99231d7c55 + + - name: 'k8s.gcr.io/coredns/coredns:v1.8.4' + sha256: 0db432fb9f3de461a3fbc463628aaef4609f179a55a9ae487b2f1f1af7673939 + + - name: 'k8s.gcr.io/etcd:3.5.0-0' + sha256: b56aff902afec396f75c9f7e8db6b47e1da041730848cd38e69db4ff74b72dfc + + - name: 'k8s.gcr.io/pause:3.5' + sha256: 44269aea9e3efb259c9bd305569e7bd25805958ebb6f1c7f758101d311b9493a + + - name: 'quay.io/coreos/flannel:v0.14.0-amd64' + sha256: bb95008a5b6af496db5ebd120542035952c559eec5b7414ce635aea5cc8592c1 + + - name: 'quay.io/coreos/flannel:v0.14.0' + sha256: d4c7f16b7f39dc4cfa4226a04514808c279aa01863886df0f32d27a93fef76c2 + + - name: 'calico/cni:v3.20.3' + sha256: 289009d818d6d676ea509f0baf717dacddec81d2b64cb0c55450f6e881f90432 + + - name: 'calico/kube-controllers:v3.20.3' + sha256: 2c4146dd95d62924b727d84a62e9ec306647a702da7715d6889021c2c9e07a2d + + - name: 'calico/node:v3.20.3' + sha256: 267511105a133492f845dd94a520b319003ca26d404cabe251a3256d11dfd84c + + - name: 'calico/pod2daemon-flexvol:v3.20.3' + sha256: 5b9e837c43575b4bde353f1e9c1e2ce45c399a192b8e72a622dace55567feee7 diff --git a/ansible/playbooks/roles/repository/files/download-requirements/requirements/x86_64/centos.py b/ansible/playbooks/roles/repository/files/download-requirements/requirements/x86_64/centos.py new file mode 100644 index 0000000000..e69de29bb2 diff --git a/ansible/playbooks/roles/repository/files/download-requirements/requirements/x86_64/redhat.yml b/ansible/playbooks/roles/repository/files/download-requirements/requirements/x86_64/redhat.yml new file mode 100644 index 0000000000..1a283e7761 --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/requirements/x86_64/redhat.yml @@ -0,0 +1,275 @@ +--- +packages: + # packages-repo-prereqs + - name: 'apr' # for httpd + sha256: abc + - name: 'apr-util' # for httpd + sha256: abc + - name: 'createrepo' + sha256: abc + - name: 'deltarpm' # for createrepo + sha256: abc + - name: 'httpd' + sha256: abc + - name: 'httpd-tools' # for httpd + sha256: abc + - name: 'mailcap' # for httpd + sha256: abc + - name: 'mod_ssl' # for httpd + sha256: abc + - name: 'python-chardet' # for createrepo + sha256: abc + - name: 'python-deltarpm' # for createrepo + sha256: abc + - name: 'python-kitchen' # for createrepo + sha256: abc + - name: 'redhat-logos' # for httpd + sha256: abc + - name: 'yum-utils' + sha256: abc + + - name: 'audit' # for docker-ce + sha256: abc + - name: 'bash-completion' + sha256: abc + - name: 'ca-certificates' + sha256: abc + - name: 'cifs-utils' + sha256: abc + - name: 'conntrack-tools' # for kubelet + sha256: abc + - name: 'containerd.io' + sha256: abc + - name: 'container-selinux' + sha256: abc + - name: 'cri-tools-1.13.0' + sha256: abc + - name: 'curl' + sha256: abc + - name: 'dejavu-sans-fonts' # for grafana + sha256: abc + - name: 'docker-ce-20.10.8' + sha256: abc + - name: 'docker-ce-cli-20.10.8' + sha256: abc + - name: 'docker-ce-rootless-extras-20.10.8' + sha256: abc + - name: 'ebtables' + sha256: abc + - name: 'elasticsearch-curator-5.8.3' + sha256: abc + - name: 'elasticsearch-oss-7.10.2' # for opendistroforelasticsearch & logging roles + sha256: abc + - name: 'ethtool' + sha256: abc + - name: 'filebeat-7.9.2' + sha256: abc + - name: 'firewalld' + sha256: abc + - name: 'fontconfig' # for grafana + sha256: abc + - name: 'fping' + sha256: abc + - name: 'fuse-overlayfs' # for docker-ce-rootless-extras + sha256: abc + - name: 'gnutls' # for cifs-utils + sha256: abc + - name: 'gssproxy' # for nfs-utils + sha256: abc + - name: 'htop' + sha256: abc + - name: 'iftop' + sha256: abc + - name: 'ipset' # for firewalld + sha256: abc + - name: 'java-1.8.0-openjdk-headless' + sha256: abc + - name: 'javapackages-tools' # for java-1.8.0-openjdk-headless + sha256: abc + - name: 'jq' + sha256: abc + - name: 'libini_config' # for nfs-utils + sha256: abc + - name: 'libselinux-python' + sha256: abc + - name: 'libsemanage-python' + sha256: abc + - name: 'libX11' # for grafana + sha256: abc + - name: 'libxcb' # for grafana + sha256: abc + - name: 'libXcursor' # for grafana + sha256: abc + - name: 'libXt' # for grafana + sha256: abc + - name: 'logrotate' + sha256: abc + - name: 'net-tools' + sha256: abc + - name: 'nfs-utils' + sha256: abc + - name: 'nmap-ncat' + sha256: abc + + # Open Distro for Elasticsearch plugins are installed individually to not download them twice in different versions (as dependencies of opendistroforelasticsearch package) + - name: 'opendistro-alerting-1.13.1.*' + sha256: abc + - name: 'opendistro-index-management-1.13.1.*' + sha256: abc + - name: 'opendistro-job-scheduler-1.13.0.*' + sha256: abc + - name: 'opendistro-performance-analyzer-1.13.0.*' + sha256: abc + - name: 'opendistro-security-1.13.1.*' + sha256: abc + - name: 'opendistro-sql-1.13.0.*' + sha256: abc + - name: 'opendistroforelasticsearch-kibana-1.13.1' # kibana has shorter version + sha256: abc + - name: 'openssl' + sha256: abc + - name: 'perl' # for vim + sha256: abc + - name: 'perl-Getopt-Long' # for vim + sha256: abc + - name: 'perl-libs' # for vim + sha256: abc + - name: 'perl-Pod-Perldoc' # for vim + sha256: abc + - name: 'perl-Pod-Simple' # for vim + sha256: abc + - name: 'perl-Pod-Usage' # for vim + sha256: abc + - name: 'pgaudit15_13-1.5.0' + sha256: abc + - name: 'policycoreutils-python' # for container-selinux + sha256: abc + - name: 'pyldb' # for cifs-utils + sha256: abc + - name: 'python-cffi' # for python2-cryptography + sha256: abc + - name: 'python-firewall' # for firewalld + sha256: abc + - name: 'python-kitchen' # for yum-utils + sha256: abc + - name: 'python-lxml' # for java-1.8.0-openjdk-headless + sha256: abc + - name: 'python-psycopg2' + sha256: abc + - name: 'python-pycparser' # for python2-cryptography + sha256: abc + - name: 'python-setuptools' + sha256: abc + - name: 'python-slip-dbus' # for firewalld + sha256: abc + - name: 'python2-cryptography' # for Ansible (certificate modules) + sha256: abc + - name: 'python3-3.6.8' + sha256: abc + - name: 'quota' # for nfs-utils + sha256: abc + - name: 'rabbitmq-server-3.8.9' + sha256: abc + - name: 'rh-haproxy18' + sha256: abc + - name: 'rh-haproxy18-haproxy-syspaths' + sha256: abc + - name: 'postgresql13-server' + sha256: abc + - name: 'repmgr10-5.2.1' # used to upgrade repmgr first + sha256: abc + - name: 'repmgr13-5.2.1' + sha256: abc + - name: 'samba-client' + sha256: abc + - name: 'samba-client-libs' # for samba-client + sha256: abc + - name: 'samba-common' + sha256: abc + - name: 'samba-libs' # for cifs-utils + sha256: abc + - name: 'sysstat' + sha256: abc + - name: 'tar' + sha256: abc + - name: 'telnet' + sha256: abc + - name: 'tmux' + sha256: abc + - name: 'urw-base35-fonts' # for grafana + sha256: abc + - name: 'unzip' + sha256: abc + - name: 'vim-common' # for vim + sha256: abc + - name: 'vim-enhanced' + sha256: abc + - name: 'wget' + sha256: abc + - name: 'xorg-x11-font-utils' # for grafana + sha256: abc + - name: 'xorg-x11-server-utils' # for grafana + sha256: abc + - name: 'yum-plugin-versionlock' + sha256: abc + - name: 'yum-utils' + sha256: abc + + # to make remote-to-remote "synchronize" work in ansible + - name: 'rsync' + sha256: abc + + # K8s v1.18.6 (Epiphany >= v0.7.1) + - name: 'kubeadm-1.18.6' + sha256: abc + - name: 'kubectl-1.18.6' + sha256: abc + - name: 'kubelet-1.18.6' + sha256: abc + + # K8s v1.19.15 (Epiphany >= v1.3 transitional version) + - name: 'kubeadm-1.19.15' + sha256: abc + - name: 'kubectl-1.19.15' + sha256: abc + - name: 'kubelet-1.19.15' + sha256: abc + + # K8s v1.20.12 + - name: 'kubeadm-1.20.12' + sha256: abc + - name: 'kubectl-1.20.12' + sha256: abc + - name: 'kubelet-1.20.12' + sha256: abc + + # K8s v1.21.7 (Epiphany >= v1.3, transitional version) + - name: 'kubeadm-1.21.7' + sha256: abc + - name: 'kubectl-1.21.7' + sha256: abc + - name: 'kubelet-1.21.7' + sha256: abc + + # K8s v1.22.4 + - name: 'kubeadm-1.22.4' + sha256: abc + - name: 'kubectl-1.22.4' + sha256: abc + - name: 'kubelet-1.22.4' + sha256: abc + + # Kubernetes Generic + - name: 'kubernetes-cni-0.8.6-0' # since K8s v1.18.6 + sha256: abc + - name: 'kubernetes-cni-0.8.7-0' # since K8s v1.19.15 + sha256: abc + +files: + # Github repository for erlang rpm is used since packagecloud repository is limited to a certain number of versions and erlang package from erlang-solutions repository is much more complex and bigger + - url: 'https://github.com/rabbitmq/erlang-rpm/releases/download/v23.1.5/erlang-23.1.5-1.el7.x86_64.rpm' + sha256: abc + + # Grafana package is not downloaded from repository since it was not reliable (issue #2449) + - url: 'https://dl.grafana.com/oss/release/grafana-7.3.5-1.x86_64.rpm' + sha256: abc diff --git a/ansible/playbooks/roles/repository/files/download-requirements/requirements/x86_64/ubuntu.yml b/ansible/playbooks/roles/repository/files/download-requirements/requirements/x86_64/ubuntu.yml new file mode 100644 index 0000000000..a9979a8eab --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/requirements/x86_64/ubuntu.yml @@ -0,0 +1,420 @@ +--- +packages: + - name: 'adduser' + sha256: 5f7ea9d1d52a2a9c349468f89d160230e21c8542faed1b1a97c23bce873e17b4 + + - name: 'apt-transport-https' + sha256: 1c9d16d9ba2aeb4dbbc5c709d01ac215acf78418a6a52ebccb46cb51173db975 + + - name: 'auditd' + sha256: 3ddfcbb88001810307903781d7310e002fe0521eee43f088b90b4230e955da54 + + - name: 'bash-completion' + sha256: 65b7b824b86e6c270b134959de41c6328caf0c4378e34a65eaaf33fe72c3bbb6 + + - name: 'ca-certificates' + sha256: 8179442c9c582fd71fd3817a579bf5fe9503412c1e879d3ba4f0ed9a761e54f4 + + - name: 'cifs-utils' + sha256: 0498cb78158f0c64cb70063f2fc9a5322d7abc422a043718a4f63aa18c3d259b + + - name: 'containerd.io' + sha256: 5730728b1e82003eb32edc5462d46dfa9f443a4425410cf37094607ecfeb6662 + + - name: 'cri-tools=1.13.0*' + sha256: 4ff4588f5589826775f4a3bebd95aec5b9fb591ba8fb89a62845ffa8efe8cf22 + + - name: 'curl' + sha256: 648169e7ef8aef23a8b5c6880cb6a96f51a00ecc81d8e92a3988a8a0e54870a5 + + - name: 'docker-ce=5:20.10.8*' + sha256: d76024725ece03ee4b675e074b58998a63b3f0b773fd18fcf682e3fe4c08b07c + + - name: 'docker-ce-cli=5:20.10.8*' + sha256: d76024725ece03ee4b675e074b58998a63b3f0b773fd18fcf682e3fe4c08b07c + + - name: 'docker-ce-rootless-extras=5:20.10.8*' + sha256: 0cf15642ffe305a3abc8876973ca7290b9758cee895cad8316980e9633c5c597 + + - name: 'ebtables' + sha256: 7f880e5b09ca162900160dbd7d15739780b4c65427e9cabb30f41e48a2cef3ae + + # for opendistroforelasticsearch & logging roles + - name: 'elasticsearch-oss=7.10.2*' + sha256: ab68bdad718d7c3d5c206328f3301493016dc85dcbb39aca9de83dfadffcc25e + + # Erlang packages must be compatible with RabbitMQ version. + # Metapackages such as erlang and erlang-nox must only be used + # with apt version pinning. They do not pin their dependency versions. + # List based on: https://www.rabbitmq.com/install-debian.html#installing-erlang-package + - name: 'erlang-asn1=1:23.1.5*' + sha256: bce3b3db06d4f3ae3487ea539fea39d77f11cefe510ac6642a718acee725989a + + - name: 'erlang-base=1:23.1.5*' + sha256: 943d8f7f299dd27a2b91993a26cc18988039d83c504934d18fe6dbde16f7bd6e + + - name: 'erlang-crypto=1:23.1.5*' + sha256: d00e867f3d4508d78fbffab226c8247af937a9ffde46c2e77257ce1f258144f9 + + - name: 'erlang-eldap=1:23.1.5*' + sha256: 2b982eb5da6adbd450f2f1791349f983fd2fc47bcb3b1c8a1f80412001e3261f + + - name: 'erlang-ftp=1:23.1.5*' + sha256: 59653ae7cdc921ba66fd0cdbdda9730bccdab84f92b78bf2b6bafdfc580abada + + - name: 'erlang-inets=1:23.1.5*' + sha256: 7b54b1e86e7c20c0fde33a10d3fb448baba05bf5afc27c56ed8b9d7f31f934c7 + + - name: 'erlang-mnesia=1:23.1.5*' + sha256: 4060bac983ca1975a6f8701e3bfcb9044a642dcd64a52f0e2873e5e758306924 + + - name: 'erlang-os-mon=1:23.1.5*' + sha256: 9deee80e525470ddc1aeddd84e16726440dc9d66d174ce72535fcd56c39e10ab + + - name: 'erlang-parsetools=1:23.1.5*' + sha256: 4ccd3a68fa3e3511b23f86e139b27ba0d3c3fa6c99a6ae2f0bf4334d28a9f432 + + - name: 'erlang-public-key=1:23.1.5*' + sha256: d2117428607738461cafc450c8711deb1d0afeb9c7144746007a032e66e98983 + + - name: 'erlang-runtime-tools=1:23.1.5*' + sha256: cf86b47be619c29180349473956f248ba2827b5433316e6fca97d512cee40c27 + + - name: 'erlang-snmp=1:23.1.5*' + sha256: f5f3165e2d2ac31b005fe3f422d59c09fb34a226679b5217f9c2e302d380106b + + - name: 'erlang-ssl=1:23.1.5*' + sha256: a15ffb59182926d0e84465a0bd18f133d45293abcc0f848fd52014d749c3defe + + - name: 'erlang-syntax-tools=1:23.1.5*' + sha256: eea9b02271461289ca339087f551dd326fa68dc67929998ac8370e7b44d4046f + + - name: 'erlang-tftp=1:23.1.5*' + sha256: 1c97ead185ffaf838bbcfd9a25f2a7c334496a63b4e597dbd682efad7537e457 + + - name: 'erlang-tools=1:23.1.5*' + sha256: 96ba6054e5e7a64fe88c621f560270c8cc1967e8b10ff8a040e6460d37c215ae + + - name: 'erlang-xmerl=1:23.1.5*' + sha256: 393aab19e8e43b047230dcf8d83310e1da2bd45d9bb2646eb0b2eeb9b2b703cd + + - name: 'ethtool' + sha256: 886ac450953213f5e557c26c35449c2781020615c545af050c13aa71a870ed55 + + - name: 'filebeat=7.9.2*' + sha256: aed2a5be60bcbfdba3cc816e936793adf8e4a04c08498817c4ee57cdedfbe114 + + - name: 'firewalld' + sha256: fce416886c3b303412d2fddb75002bf174a4167a5fc2deb79d918d6d14389132 + + - name: 'fping' + sha256: 1af2189ef67e6d83da5446758f51429ecb1ed0d61bfda947b0b2a7808bbecd47 + + - name: 'gnupg2' + sha256: 5306077067dc9acb3070dffb24c56ea53c12cf75434068709d3a42a07ed20cfa + + - name: 'htop' + sha256: c803ab48c0f2e097283a2e0673914a758f10779a26a947a77d36a1e4353e85d6 + + - name: 'iftop' + sha256: 710571e93c98c1624f705358da70863953f438fd7983f662ba8e121f91270681 + + - name: 'jq' + sha256: 8e4c8223f6ec158dc6c2a0d065b76c337bb7664e35cbbecd2ad02142d3b83470 + + # for dpkg-scanpackages + - name: 'libdpkg-perl' + sha256: b7f34bb3574e2fae9054649d87a69e8d28a0f2c6a616d07a4f294d5462bb161c + + - name: 'libfontconfig1' + sha256: 7ca5523936a9b8e42f60c0f01c232145809387e5680b05c7bce0bea31844a522 + + - name: 'logrotate' + sha256: ba2b0ec4c730524deede0ff929fa66283f4bf6d76ea1de9d8fc48fa17a2309f4 + + - name: 'netcat' + sha256: f43ecd8753da0ddd048ea49c45c81a7bd7dbbe80b144ea9764cdae34a8472362 + + - name: 'net-tools' + sha256: 591808d272508bcafb28ab0b151e0d03a0c922a7f7f7e6469b41ec64c46b4a90 + + - name: 'nfs-common' + sha256: a3bc69c0b628784ad21278c2be271299351d992b165d87990b57aee7d38a5e84 + + # for nfs-common + - name: 'libtirpc3' + sha256: f82219f75dd5b498b65a3251557d77eed386248c6c2832b7d253b6797993e432 + + - name: 'opendistro-alerting=1.13.1*' + sha256: 291ae3f318dc1bc7a03467ac5e5c1d89cf8f8154a4263e8c6a5948961353a431 + + - name: 'opendistro-index-management=1.13.1*' + sha256: 409d8608a21c35fcc150356bb6777eac9630f4d97621cf903adbbb08db915e1a + + - name: 'opendistro-job-scheduler=1.13.0*' + sha256: 807b441968b70fef36b0e7cf24214803222bf61b3ec61ae62d77793a13c68a9a + + - name: 'opendistro-performance-analyzer=1.13.0*' + sha256: f25b6f78bda5e1a4db36daa9f2e37ed405fe50b4b2fdf491fc5cca0ba227bc6b + + - name: 'opendistro-security=1.13.1*' + sha256: bb378292cdce7c4c6efe15edf3dbf6afc045f17ce6412b124a32b5fb3c92847a + + - name: 'opendistro-sql=1.13.0*' + sha256: 99c340d6e292fbf69e4660ca7f0751afeef29468dd4c271b8a19d15a28c71aa6 + + - name: 'opendistroforelasticsearch-kibana=1.13.1*' + sha256: 1f5becee8cd5456b4f02b8a02c90f3edc1143d8f22423306170f39996390312a + + - name: 'openjdk-8-jre-headless' + sha256: c64dc41216d3f6ab34053e2134558c9071a16bbe417ccd91818edef7783aa065 + + - name: 'openssl' + sha256: 89e000938ab7145862ee476223c8344163083187457dc10f647a73c7b9463e33 + + - name: 'postgresql-13' + sha256: 115898f868fef4d90e76e203e6824ba72e4f7f2c8c599cffc6c2857592ace0bf + + - name: 'python3-psycopg2' + sha256: b2b4e219d8c30ca172d9275582cb57587948d0a9397274b6eea36add6f9e4ee1 + + - name: 'python3-selinux' + sha256: 1fae8d1c046067356d67fa556d7129edf8dc1748ad91db0dbfd4bf64373d654d + + - name: 'rabbitmq-server=3.8.9*' + sha256: 7cec0bf07a56480c51cf8cc920fc9a9747d304f0d533b28b1bbc5ea2a30f52da + + - name: 'smbclient' + sha256: 99cca29bb05d23ca8f03ffe8d83adbce8557d998e2dbe49fff01ce97db3590d1 + + - name: 'samba-common' + sha256: 9a2245a5b9476a06378b59a681846158544dd9e357c46f27497a34dae45a1fd8 + + - name: 'smbclient' + sha256: 99cca29bb05d23ca8f03ffe8d83adbce8557d998e2dbe49fff01ce97db3590d1 + + - name: 'software-properties-common' + sha256: acd6bfc18262a8e99fa6da4fbcf4f6d35225c93dfa04f7cf20c1f41774f3c1d0 + + - name: 'sshpass' + sha256: b31772d638e8debf2c7422bb6e2531da14964e378e31d9c46cba372bc4bd2e0a + + - name: 'sysstat' + sha256: b6a002446c2d339c1d52be3359666b91e13f7cc78fa716e031b942b8e328b8ee + + # for sysstat + - name: 'libsensors5' + sha256: 80a057d35c1b60717368325aacca6f61b009c8314ec8d96de415eba099c2d52f + + - name: 'tar' + sha256: 95de9ec03ea555bb836a6f4a98680773ca5175dd4d8175fba9e6cd60f10e51b0 + + - name: 'telnet' + sha256: 65e6bf503f79c257f2e8d9111b12ec16725f7810424334f83dcb0cdc1f7d9d09 + + - name: 'tmux' + sha256: a290fc9e6979cd1d755559e3a85cf2675bb5f697a4fae453c46f52bf4993eeb0 + + - name: 'unzip' + sha256: b1e596aec8566f86b4fc36e626a06938d95ff524caecd97dcf9d1951eec87aea + + - name: 'vim' + sha256: c0a2d158eb8dcadef082755ed41203568c86189b8510714d7cb2144fdb09159d + + # to make remote-to-remote "synchronize" work in ansible + - name: 'rsync' + sha256: f3f3edc2c9460a56c45ceaa3e8ee825d4f97a8e7d6e8cf7a68f74e9c87f0566e + + # for curl, issue #869 + - name: 'libcurl4' + sha256: 7c293bf1948c545ba659eae20ae6bc68c5bbf3f3ca9fbf2612dd6027064b54b3 + + # for openjdk-8-jre-headless + - name: 'libnss3' + sha256: ca624bc066d67f4f0aa71ed32abe507f62d02eb001dd3cc840d96270a3572e48 + + - name: 'libcups2' + sha256: 7b8d329aab2d1a10af0e2dc3877dbb5588b16afdb409354a78673bc207bfd223 + + - name: 'libavahi-client3' + sha256: d2fda1d966f1970b05773e497c870b1ebee3044c34db4decfa9052ba73395ed5 + + - name: 'libavahi-common3' + sha256: c830b27d2c9a2b74731909108108c715199cf5cbdc70eb33a000121e9f688008 + + - name: 'libjpeg8' + sha256: baaecbc8e7ef55fc1887365721a7771f7d533fabca38fca878668b9c8f7ee13f + + - name: 'libfontconfig1' + sha256: 7ca5523936a9b8e42f60c0f01c232145809387e5680b05c7bce0bea31844a522 + + - name: 'libxtst6' + sha256: 0e74134a90e54827e14324ae8e44abd057f0b0dd3d3bc15ac616a9b0215f3be9 + + - name: 'fontconfig-config' + sha256: 80b090925c52aff3f4681b361c9823b041c42c57cca58b5baf2541bafc25fed9 + + # for rabbit/erlang + - name: 'libodbc1' + sha256: 59ac60f7462e019ec19e615133fd8393853747bda3c1620e922a1d1ba49a4bf8 + + # for air-gap repo installation + - name: 'apache2' + sha256: c6509e10f14ce311c77a43c8a731d0ab4114b63f35cf7cf40fb9349986a1a388 + + - name: 'apache2-bin' + sha256: 233d6fbe9b17e4b762f3e2ce15ae3a707f27504453da72f211027e62e1f0067b + + - name: 'apache2-utils' + sha256: c6509e10f14ce311c77a43c8a731d0ab4114b63f35cf7cf40fb9349986a1a388 + + # for jq + - name: 'libjq1' + sha256: 5aafb335442d3a694b28204e390c831de9efc3f3a18245328840d406edc8a163 + + # for gnupg2 + - name: 'gnupg' + sha256: 868e3e9430202263f95fc8b6c92e62bd6cb44158aa5b095d9766f1bfa3794d29 + + - name: 'gpg' + sha256: 3df951e429460cf5837c3f387f014e6440efc9002839327f1b6e43e6d0d9f195 + + - name: 'gpg-agent' + sha256: 8f76c2622351bc2d1bd2c3f2628a328d262c2c04bac7bad8d7044c44d262c562 + + # for azure + - name: 'smbclient' + sha256: 99cca29bb05d23ca8f03ffe8d83adbce8557d998e2dbe49fff01ce97db3590d1 + + - name: 'samba-libs' + sha256: e170dfbf741570e4aae97f4b040106d51ae3ae89a52006663328acf56129404a + + - name: 'libsmbclient' + sha256: 4677d358e332e61015ed7c3d49c774bea963963d3fb6f4a176464f9c90d52d54 + + # postgres related packages + # if version is not specified, it's not related to postgres version and the latest is used + - name: 'pgdg-keyring' + sha256: 48c435aeff4a9a9949bcfac639505a5ba050fd1439e2ee5de3af1a942dd97c74 + + - name: 'postgresql-13-pgaudit=1.5.0*' + sha256: 862c53510538812e3a77201c7b6588539a82f969fbedf7b3f6eb4772adcb0e16 + + - name: 'postgresql-10-repmgr=5.2.1*' + sha256: 84d4fa03bd5035492fdda1ec4af942b1a6fab5232614c28b6de8630c44b0fe1d + + - name: 'postgresql-13-repmgr=5.2.1*' + sha256: 8764b52c72a2eb389266a4e6482dba47dfbc609537ca6991a452f838596b6b7e + + - name: 'postgresql-client-13' + sha256: dd58155a6f371e4ff2d2813f80f109dd675b653d12c4c939f10d6794d07a0cad + + - name: 'postgresql-client-common' + sha256: 2088256e1d84f3efe39c45d71a92e743dad2b24f76b062eb96683b34ba6cae29 + + - name: 'postgresql-common' + sha256: 0793d00857f1b28f29fdfa50bc2119b15327d4d701d2bac9481fa143c410e0da + + - name: 'repmgr-common=5.2.1*' + sha256: c0ab02a35d4f6c2fd7b4f5a632fe12fc69214f443a511427e383d51826e861d9 + + # for firewalld + - name: 'ipset' + sha256: 74369990cfd5b2f6fcfa13b7b9d084c930bd9a60644f7be845d978cda648b57d + + - name: 'python3-decorator' + sha256: bde6c1bc1bf6d26999b7b2e569888a29babd5d6a31c4ad6cb81633ed9f97204b + + - name: 'python3-selinux' + sha256: 1fae8d1c046067356d67fa556d7129edf8dc1748ad91db0dbfd4bf64373d654d + + - name: 'python3-slip' + sha256: 3b6a5bcead4ea193a0a7921a7268274a012d8ba455e7cb99393059bffa13da14 + + - name: 'python3-slip-dbus' + sha256: c183f91d0d79e8c605cc5695fe6bb1197017ab37549cc5652dbb1c547c75881d + + # for ansible module postgresql_query in role postgres-exporter + - name: 'libpq5' + sha256: 6e171f03d74fbe062abdcac330d10b9e3cb6d5e70849e8d8d92af11dc7ca9822 + + - name: 'python3-psycopg2' + sha256: b2b4e219d8c30ca172d9275582cb57587948d0a9397274b6eea36add6f9e4ee1 + + - name: 'python3-jmespath' + sha256: ef40ebbbc21db690f9a68177d9ab734e402f39236f2bc46ea3d75baa48d75e3a + + # for Ansible (certificate modules) + - name: 'python3-cryptography' + sha256: df7fc94dc9cd20da991147f56c7e2e2d54e1c27f10018aad8096b0c74a6b4550 + + # for python3-cryptography + - name: 'python3-cffi-backend' + sha256: b32482717cd8712359c58a796f76b4984598bb588d9635a1097b7a6ff391c334 + + # K8s v1.18.6 (Epiphany >= v0.7.1) + - name: 'kubeadm=1.18.6*' + sha256: a93baa2c0b6220df4fd3e1c54d0e93ff34a5281b9205720d1f10e3a96498bf9e + + - name: 'kubectl=1.18.6*' + sha256: 637b120b480b3ede53b93a140bc9d40df648e0ae1415da4a4d2584e1989fee92 + + - name: 'kubelet=1.18.6*' + sha256: 104709951795724cd57228d458da3adc3746c77447132f2e1317666b321eebbb + + # K8s v1.19.15 (Epiphany >= v1.3, transitional version) + - name: 'kubeadm=1.19.15*' + sha256: a93baa2c0b6220df4fd3e1c54d0e93ff34a5281b9205720d1f10e3a96498bf9e + + - name: 'kubectl=1.19.15*' + sha256: 637b120b480b3ede53b93a140bc9d40df648e0ae1415da4a4d2584e1989fee92 + + - name: 'kubelet=1.19.15*' + sha256: 104709951795724cd57228d458da3adc3746c77447132f2e1317666b321eebbb + + # K8s v1.20.12 (Epiphany >= v1.3, transitional version) + - name: 'kubeadm=1.20.12*' + sha256: a93baa2c0b6220df4fd3e1c54d0e93ff34a5281b9205720d1f10e3a96498bf9e + + - name: 'kubectl=1.20.12*' + sha256: 637b120b480b3ede53b93a140bc9d40df648e0ae1415da4a4d2584e1989fee92 + + - name: 'kubelet=1.20.12*' + sha256: 104709951795724cd57228d458da3adc3746c77447132f2e1317666b321eebbb + + # K8s v1.21.7 (Epiphany >= v1.3, transitional version) + - name: 'kubeadm=1.21.7*' + sha256: a93baa2c0b6220df4fd3e1c54d0e93ff34a5281b9205720d1f10e3a96498bf9e + + - name: 'kubectl=1.21.7*' + sha256: 637b120b480b3ede53b93a140bc9d40df648e0ae1415da4a4d2584e1989fee92 + + - name: 'kubelet=1.21.7*' + sha256: 104709951795724cd57228d458da3adc3746c77447132f2e1317666b321eebbb + + # K8s v1.22.4 + - name: 'kubeadm=1.22.4*' + sha256: a93baa2c0b6220df4fd3e1c54d0e93ff34a5281b9205720d1f10e3a96498bf9e + + - name: 'kubectl=1.22.4*' + sha256: 637b120b480b3ede53b93a140bc9d40df648e0ae1415da4a4d2584e1989fee92 + + - name: 'kubelet=1.22.4*' + sha256: 104709951795724cd57228d458da3adc3746c77447132f2e1317666b321eebbb + + # Kubernetes Generic + # kubernetes-cni-0.8.6 since K8s v1.18.6 + - name: 'kubernetes-cni=0.8.6-00*' + sha256: ca2303ea0eecadf379c65bad855f9ad7c95c16502c0e7b3d50edcb53403c500f + + # kubernetes-cni-0.8.7 since K8s v1.19.15 + - name: 'kubernetes-cni=0.8.7-00*' + sha256: ca2303ea0eecadf379c65bad855f9ad7c95c16502c0e7b3d50edcb53403c500f + +files: + # Switched from APT repo because there was only one (the latest) version available (issue #2262) + - url: 'https://packages.elastic.co/curator/5/debian9/pool/main/e/elasticsearch-curator/elasticsearch-curator_5.8.3_amd64.deb' + sha256: 575a41184899678d9769a8ea120134ec329c41967c94586c1aa6439aa68d4829 + # Grafana package is not downloaded from repository since it was not reliable (issue #2449) + - url: 'https://dl.grafana.com/oss/release/grafana_8.3.2_amd64.deb' + sha256: 3f5ecf5726223314aa3147a24c732cc9ccede86b7d703d4835a6fc69d0fffff8 diff --git a/ansible/playbooks/roles/repository/files/download-requirements/src/command/apt.py b/ansible/playbooks/roles/repository/files/download-requirements/src/command/apt.py new file mode 100644 index 0000000000..73cc4ef219 --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/src/command/apt.py @@ -0,0 +1,35 @@ +from src.command.command import Command + + +class Apt(Command): + """ + Interface for `apt` tool. + """ + + def __init__(self, retries: int): + super().__init__('apt', retries) + + def update(self): + """ + Interface for `apt-get update` + """ + self.run(['update']) + + + def download(self, package: str): + """ + Interface for `apt download package` + + :param package: package to be downloaded + """ + self.run(['download', package]) + + def install(self, package: str, assume_yes: bool = True): + """ + Interface for `apt install package` + + :param package: package to be installed + :param assume_yes: if set to True `-y` flag will be added + """ + no_ask: str = '-y' if assume_yes else '' + self.run(['install', no_ask, package]) diff --git a/ansible/playbooks/roles/repository/files/download-requirements/src/command/apt_key.py b/ansible/playbooks/roles/repository/files/download-requirements/src/command/apt_key.py new file mode 100644 index 0000000000..bfc079da68 --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/src/command/apt_key.py @@ -0,0 +1,20 @@ +from pathlib import Path + +from src.command.command import Command + + +class AptKey(Command): + """ + Interface for `apt-key` tool. + """ + + def __init__(self, retries: int): + super().__init__('apt-key', retries) + + def add(self, key: Path): + """ + Interface for `apt-key add` + + :key: key as file to be added + """ + self.run(['add', str(key)]) diff --git a/ansible/playbooks/roles/repository/files/download-requirements/src/command/command.py b/ansible/playbooks/roles/repository/files/download-requirements/src/command/command.py new file mode 100644 index 0000000000..ea595a1441 --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/src/command/command.py @@ -0,0 +1,44 @@ +import logging +import subprocess +from typing import List + +from src.error import CriticalError + + +class Command: + """ + Interface for running subprocesses + """ + + def __init__(self, process_name: str, retries: int): + self.__proc_name: str = process_name + self.__retries: int = retries + + def run(self, args: List[str], capture_output: bool = True) -> subprocess.CompletedProcess: + """ + Run subprocess with provided arguments + + :param args: additional args which will be used with __proc_name + :capture_output: save stdout/stderr to completed process object + :raises: :class:`CriticalError`: when number of retries exceeded + :returns: completed process object + """ + process_args = [self.__proc_name] + process_args.extend(args) + + additional_args = {'encoding': 'utf-8'} + if capture_output: + additional_args['stdout'] = subprocess.PIPE + additional_args['stderr'] = subprocess.PIPE + + for count in range(self.__retries): + logging.debug(f'[{count + 1}/{self.__retries}] Running: {self.__proc_name} {" ".join(args)} ') + + process = subprocess.run(process_args, **additional_args) + + if process.returncode == 0: + return process + + logging.warn(process.stderr) + + raise CriticalError('Retries count reached maximum!') diff --git a/ansible/playbooks/roles/repository/files/download-requirements/src/command/crane.py b/ansible/playbooks/roles/repository/files/download-requirements/src/command/crane.py new file mode 100644 index 0000000000..80b824e10b --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/src/command/crane.py @@ -0,0 +1,52 @@ +from os import chmod +from pathlib import Path +from shutil import move +from tempfile import mkstemp +from typing import List + +from src.command.command import Command + + +class Crane(Command): + """ + Interface for Crane + """ + + def __init__(self, retries: int): + super().__init__('crane', retries) + + def pull(self, image_name: str, + destination: Path, + platform: str, + legacy_format: bool = True, + insecure: bool = True): + """ + Download target image file + + :param image_name: address to the image + :param destination: where to store the downloaded image + :param platform: for which platform file will be downloaded + :param legacy_format: use legacy format + :param insecure: allow image references to be fetched without TLS + """ + crane_params: List[str] = ['pull'] + + if insecure: + crane_params.append('--insecure') + + crane_params.append(f'--platform={platform}') + + if legacy_format: + crane_params.append('--format=legacy') + + crane_params.append(image_name) + + tmpfile = mkstemp() + + crane_params.append(tmpfile[1]) + + self.run(crane_params) + + chmod(tmpfile[1], 0o0644) + + move(tmpfile[1], str(destination)) diff --git a/ansible/playbooks/roles/repository/files/download-requirements/src/command/dpkg.py b/ansible/playbooks/roles/repository/files/download-requirements/src/command/dpkg.py new file mode 100644 index 0000000000..19f1d5f87a --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/src/command/dpkg.py @@ -0,0 +1,23 @@ +from typing import List + +from src.command.command import Command + + +class Dpkg(Command): + """ + Interface for `dpkg` + """ + + def __init__(self, retries: int): + super().__init__('dpkg', retries) + + + def list_installed_packages(self) -> List[str]: + """ + List all installed packages on the current OS. + + :returns: packages installed on the machine + """ + + proc = self.run(['-l']) + return proc.stdout.split('\n') diff --git a/ansible/playbooks/roles/repository/files/download-requirements/src/command/tar.py b/ansible/playbooks/roles/repository/files/download-requirements/src/command/tar.py new file mode 100644 index 0000000000..4ce7f92464 --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/src/command/tar.py @@ -0,0 +1,99 @@ +from pathlib import Path +from typing import List + +from src.command.command import Command + + +class Tar(Command): + """ + Interface for `tar` + """ + + def __init__(self): + super().__init__('tar', 1) + + def pack(self, filename: Path, + target: str, + directory: Path = None, + verbose: bool = False, + compress: bool = False, + verify: bool = False): + """ + Create a tar archive + + :param filename: name for the archive to be created + :param target: files to be archived + :param directory: change directory before doing any actions + :param verbose: use verbose mode + :param uncompress: use zlib compression + :param verify: check file integrity + """ + short_flags: List[str] = ['-c'] # -czvf flags + tar_params: List[str] = [str(filename)] # all the other params + + if compress: + short_flags.append('z') + + if verbose: + short_flags.append('v') + + short_flags.append('f') + + if verify: + tar_params.append('--verify') + + if directory is not None: + tar_params.extend(['--directory', str(directory)]) + + if target: + tar_params.append(target) + + self.run([''.join(short_flags)] + tar_params) + + def unpack(self, filename: Path, + target: str = '', + absolute_name: bool = False, + directory: Path = None, + overwrite: bool = True, + strip_components: int = 0, + uncompress: bool = True, + verbose: bool = False): + """ + Unpack a tar archive + + :param filename: file to be extracted + :param target: name for the output file + :param absolute_name: use abs path names + :param directory: change directory before doing any actions + :param overwrite: overwrite existing files when extracting + :param strip_components: strip leading components from file names on extraction + :param uncompress: use zlib compression + :param verbose: use verbose mode + """ + short_flags: List[str] = ['-x'] # -xzvf flags + tar_params: List[str] = [str(filename)] # all the other params + + if uncompress: + short_flags.append('z') + + if verbose: + short_flags.append('v') + + short_flags.append('f') + + if absolute_name == True: + tar_params.append('--absolute_name') + + if directory is not None: + tar_params.extend(['--directory', str(directory)]) + + if strip_components: + tar_params.append(f'--strip-components={str(strip_components)}') + + if target: + tar_params.append(target) + + if overwrite: + tar_params.append('--overwrite') + + self.run([''.join(short_flags)] + tar_params) diff --git a/ansible/playbooks/roles/repository/files/download-requirements/src/command/toolchain.py b/ansible/playbooks/roles/repository/files/download-requirements/src/command/toolchain.py new file mode 100644 index 0000000000..b02e71b6fa --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/src/command/toolchain.py @@ -0,0 +1,42 @@ +from src.command.apt import Apt +from src.command.apt_key import AptKey +from src.command.crane import Crane +from src.command.dpkg import Dpkg +from src.command.tar import Tar +from src.command.wget import Wget +from src.command.yum import Yum + + +class Toolchain: + """ + Common tools used across all distributions + """ + + def __init__(self, retries: int): + self.crane = Crane(retries) + self.tar = Tar() + self.wget = Wget(retries) + + +class RedHatFamilyToolchain(Toolchain): + """ + Specific tools used by RedHat based distributions + """ + + def __init__(self, retries: int): + super().__init__(retries) + + self.yum = Yum(retries) + + +class DebianFamilyToolchain(Toolchain): + """ + Specific tools used by Debian based distributions + """ + + def __init__(self, retries: int): + super().__init__(retries) + + self.apt = Apt(retries) + self.apt_key = AptKey(retries) + self.dpkg = Dpkg(retries) diff --git a/ansible/playbooks/roles/repository/files/download-requirements/src/command/wget.py b/ansible/playbooks/roles/repository/files/download-requirements/src/command/wget.py new file mode 100644 index 0000000000..7d0ba2e720 --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/src/command/wget.py @@ -0,0 +1,48 @@ +from enum import Enum +from pathlib import Path +from typing import List + +from src.command.command import Command + + +class IPFamily(Enum): + IPV4 = 'IPv4' + IPV6 = 'IPv6' + + +class Wget(Command): + """ + Interface for `wget` + """ + + def __init__(self, retries: int): + super().__init__('wget', retries) + self.__download_params: List[str] = [ + '--no-use-server-timestamps', + '--continue', + '--show-progress' + ] + + def download(self, url: str, + output_document: Path = None, + directory_prefix: Path = None, + ip_family: IPFamily = IPFamily.IPV4): + """ + Download target file + + :param url: file to be downloaded + :param output_document: downloaded file will be stored under this path + :param directory_prefix: downloaded file will be stored under this path, keep original filename + :param ip_family: which IP version to be used + """ + output_params: List[str] = [] + if output_document is not None: + output_params.append('-O') + output_params.append(str(output_document)) + + if directory_prefix is not None: + output_params.append(f'--directory-prefix={str(directory_prefix)}') + + output_params.append(f'--prefer-family={ip_family.value}') + + self.run(self.__download_params + output_params + [url]) diff --git a/ansible/playbooks/roles/repository/files/download-requirements/src/command/yum.py b/ansible/playbooks/roles/repository/files/download-requirements/src/command/yum.py new file mode 100644 index 0000000000..50eb30eab4 --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/src/command/yum.py @@ -0,0 +1,47 @@ +from typing import List + +from src.command.command import Command + + +class Yum(Command): + """ + Interface for `yum` + """ + + def __init__(self, retries: int): + super().__init__('yum', retries) + + def update(self, enablerepo: str, + package: str = None, + disablerepo: str = '*', + assume_yes: bool = True): + """ + Interface for `yum update` + + :param enablerepo: + :param package: + :param disablerepo: + :param assume_yes: if set to True, -y flag will be used + """ + update_parameters: List[str] = ['update'] + + update_parameters.append('-y' if assume_yes else '') + + if package is not None: + update_parameters.append(package) + + update_parameters.append(f'--disablerepo={disablerepo}') + update_parameters.append(f'--enablerepo={enablerepo}') + + self.run(update_parameters) + + def install(self, package: str, + assume_yes: bool = True): + """ + Interface for `yum install -y` + + :param package: packaged to be installed + :param assume_yes: if set to True, -y flag will be used + """ + no_ask: str = '-y' if assume_yes else '' + self.run(['install', no_ask, package]) diff --git a/ansible/playbooks/roles/repository/files/download-requirements/src/config.py b/ansible/playbooks/roles/repository/files/download-requirements/src/config.py new file mode 100644 index 0000000000..6359d53360 --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/src/config.py @@ -0,0 +1,191 @@ +import logging +import os +import sys +from argparse import ArgumentParser, RawTextHelpFormatter +from enum import Enum +from pathlib import Path +from typing import List + +from src.error import CriticalError + + +class OSType(Enum): + """ Supported distribution types """ + Ubuntu='ubuntu' + RedHat='redhat' + CentOS='centos' + + +class OSArch(Enum): + """ Supported architecture types """ + X86_64='x86_64' + ARM64='arm64' + + +class Config: + def __init__(self, argv: List[str]): + self.dest_dashboards: Path + self.dest_dir: Path + self.dest_files: Path + self.dest_images: Path + self.dest_packages: Path + self.distro_subdir: Path + self.enable_backup: bool + self.log_file: Path + self.os_arch: OSArch + self.os_type: OSType + self.repo_path: Path + self.repos_backup_file: Path + self.reqs_path: Path + self.retries: int + self.script_path: Path + + self.__add_args(argv) + self.__log_info_summary() + + def __log_info_summary(self): + """ + Helper function for printing all parsed arguments + """ + + lines: List[str] = ['Info summary:'] + LINE_SIZE: int = 50 + lines.append('-' * LINE_SIZE) + + lines.append(f'OS Arch: {self.os_arch.value}') + lines.append(f'OS Type: {self.os_type.value}') + lines.append(f'Script location: {str(self.script_path.absolute())}') + lines.append(f'Directories used:') + lines.append(f'- dashboards: {str(self.dest_dashboards)}') + lines.append(f'- files: {str(self.dest_files)}') + lines.append(f'- images: {str(self.dest_images)}') + lines.append(f'- packages: {str(self.dest_packages)}') + + lines.append(f'Enable repos backup: {"Yes" if self.enable_backup else "No"}') + if self.enable_backup: + lines.append(f'Repos backup file: {str(self.repos_backup_file)}') + + lines.append(f'Log file location: {str(self.log_file.absolute())}') + lines.append(f'Retries count: {self.retries}') + + lines.append('-' * LINE_SIZE) + + logging.info('\n'.join(lines)) + + def __create_parser(self) -> ArgumentParser: + parser = ArgumentParser(description='Download Requirements', formatter_class=RawTextHelpFormatter) + + # required arguments: + parser.add_argument('destination_dir', metavar='DEST_DIR', type=Path, action='store', nargs='+', + help='requirements will be downloaded to this directory') + parser.add_argument('os_type', metavar='OS_TYPE', type=str, action='store', nargs='+', + help='which of the supported OS will be used: (`centos`, `debian`, `redhat`, `detect`)\n' + 'when using `detect`, script will try to find out which OS is being used') + + # optional arguments: + parser.add_argument('--enable-repos-backup', '-b', action='store_true', dest='enable_backup', default=False, + help=('when used, backup archive for packages will be created and used')), + parser.add_argument('--repos-backup-file', metavar='BACKUP_FILE', action='store', + dest='repos_backup_file', default='/var/tmp/enabled-system-repos.tar', + help='path to a backup file') + parser.add_argument('--retries-count', '-r', metavar='COUNT', type=int, action='store', dest='retries', + default=3, help='how many retries before stopping operation') + + + parser.add_argument('--log-file', '-l', metavar='LOG_FILE', type=Path, action='store', dest='log_file', + default=Path('./download-requirements.log'), + help='logs will be saved to this file') + parser.add_argument('--log-level', metavar='LOG_LEVEL', type=str, action='store', dest='log_level', + default='info', help='set up log level, available levels: (`error`, `warn`, `info`, `debug`)') + parser.add_argument('--no-logfile', action='store_true', dest='no_logfile', + help='no logfile will be created') + + return parser + + def __get_matching_os_type(self, os_type: str) -> OSType: + """ + Check if the parsed OS type fits supported distributons. + + :param os_type: distro type to be checked + :raise: on failure - CriticalError + """ + + for os in OSType: + if os.value.upper() in os_type.upper(): + logging.info(f'Found Matching OS: `{os.value}`') + return os + + raise CriticalError('Could not detect OS type') + + def __detect_os_type(self) -> OSType: + """ + On most modern GNU/Linux OSs info about current distribution + can be found at /etc/os-release. + Check this file to find out on which distro this script is ran. + """ + + os_release = Path('/etc/os-relase') + + if os_release.exists(): + with open(os_release) as os_release_handler: + for line in os_release_handler.readline(): + if 'NAME' in line: + return self.__get_matching_os_type(line.split('=')[1]) + + raise CriticalError('Could not detect OS type') + + def __setup_logger(self, log_level: str, log_file: Path, no_logfile: bool): + # setup the logger: + log_levels = { + # map input log level to Python's logging library + 'error': logging.ERROR, + 'warn': logging.WARN, + 'info': logging.INFO, + 'debug': logging.DEBUG + } + + log_format = '%(asctime)s [%(levelname)s]: %(message)s' + + # add stdout logger: + logging.basicConfig(stream=sys.stdout, level=log_levels[log_level.lower()], + format=log_format) + + # add log file: + if not no_logfile: + root_logger = logging.getLogger() + file_handler = logging.FileHandler(log_file) + file_handler.setLevel(log_levels[log_level.lower()]) + file_handler.setFormatter(logging.Formatter(fmt=log_format)) + root_logger.addHandler(file_handler) + + def __add_args(self, argv: List[str]): + """ + Run the parser and add all of the arguments to the Config object. + + :param argv: input arguments to be parsed + """ + + self.script_path = Path(argv[0]).absolute().parents[0] + self.repo_path = self.script_path / 'repositories' + self.reqs_path = self.script_path / 'requirements' + + args = self.__create_parser().parse_args(argv[1:]).__dict__ + + self.log_file = args['log_file'] + self.__setup_logger(args['log_level'], self.log_file, args['no_logfile']) + + # add required arguments: + self.os_type = self.__detect_os_type() if args['os_type'][0] == 'detect' else self.__get_matching_os_type(args['os_type'][0]) + self.dest_dir = args['destination_dir'][0] + self.dest_dashboards = self.dest_dir / 'dashboards' + self.dest_files = self.dest_dir / 'files' + self.dest_images = self.dest_dir / 'images' + self.dest_packages = self.dest_dir / 'packages' + + # add optional arguments + self.enable_backup = args['enable_backup'] + self.os_arch = OSArch(os.uname().machine) + self.repos_backup_file = Path(args['repos_backup_file']) + self.retries = args['retries'] + + self.distro_subdir = Path(f'{self.os_arch.value}/{self.os_type.value}') diff --git a/ansible/playbooks/roles/repository/files/download-requirements/src/error.py b/ansible/playbooks/roles/repository/files/download-requirements/src/error.py new file mode 100644 index 0000000000..0555839ee0 --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/src/error.py @@ -0,0 +1,12 @@ +import logging + + +class CriticalError(Exception): + """ + Raised when there was an error that could not be fixed by + download-requirements script. + """ + + def __init__(self, msg: str): + super().__init__() + logging.error(msg) diff --git a/ansible/playbooks/roles/repository/files/download-requirements/src/mode/base_mode.py b/ansible/playbooks/roles/repository/files/download-requirements/src/mode/base_mode.py new file mode 100644 index 0000000000..7b85a41043 --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/src/mode/base_mode.py @@ -0,0 +1,222 @@ +import logging +from collections import defaultdict +from os import chmod +from pathlib import Path +from typing import Dict, List +from hashlib import sha256 + +import yaml + +from src.command.toolchain import Toolchain +from src.config import Config +from src.error import CriticalError + + +def get_sha256(req_path: Path) -> str: + """ + + :param req_path: + :returns: + """ + try: + with open(req_path, mode='rb') as req_file: + shagen = sha256() + shagen.update(req_file.read()) + return shagen.hexdigest() + except FileNotFoundError: + return "-1" + + +class BaseMode: + """ + An abstract class for running specific operations on target OS. + Main running method is :func:`~base_mode.BaseMode.run` + """ + + def __init__(self, config: Config): + self._cfg = config + + self._repositories: Dict[str, Dict] = self.__parse_repositories() + self._requirements: Dict[str, List[Dict]] = self.__parse_requirements() + + self._tools: Toolchain = self._construct_toolchain() + + def __parse_repositories(self) -> Dict[str, Dict[str, str]]: + """ + Load repositories for target architecture/distro from a yaml file. + + :returns: parsed repositories data + """ + stream = open(self._cfg.repo_path / f'{self._cfg.distro_subdir}.yml') + return yaml.safe_load(stream)['repositories'] + + def __parse_requirements(self) -> Dict[str, List[Dict]]: + """ + Load requirements for target architecture/distro from a yaml file. + + :returns: parsed requirements data + """ + reqs = defaultdict(list) + + # target distro requirements + stream = open(self._cfg.reqs_path / f'{self._cfg.distro_subdir}.yml') + content = yaml.safe_load(stream) + for key in content.keys(): + reqs[key].extend(content[key]) + + for common_reqs in ['crane', 'files', 'images', 'dashboards']: + stream = open(self._cfg.reqs_path / f'{common_reqs}.yml') + content = yaml.safe_load(stream) + reqs[common_reqs].extend(content[common_reqs]) + + return reqs + + def _construct_toolchain(self) -> Toolchain: + """ + Setup suitable toolchain for target OS. + + :returns: newly constructed toolchain object + """ + raise NotImplementedError + + def _use_backup_repositories(self): + """ + Check if there were any critical issues and if so, try to restore the state using backup + """ + raise NotImplementedError + + def _add_third_party_repositories(self): + """ + Add third party repositories for target OS's package manager + """ + raise NotImplementedError + + def _install_packages(self): + """ + Install packages under `self._requirements['packages']` using target OS's package manager + """ + raise NotImplementedError + + def _download_files(self): + """ + Download files under `self._requirements['files']` + """ + for file in self._requirements['files']: + try: + filepath = self._cfg.dest_files / file['url'].split('/')[-1] + if file['sha256'] == get_sha256(filepath): + logging.debug(f'- {file["url"]} - checksum ok, skipped') + continue + + logging.info(f'- {file["url"]}') + self._tools.wget.download(file['url'], directory_prefix=self._cfg.dest_files) + except CriticalError: + logging.warn(f'Could not download file: {file["url"]}') + + def _download_dashboards(self): + """ + Download dashboards under `self._requirements['dashboards']` + """ + for dashboard in self._requirements['dashboards']: + try: + output_file = self._cfg.dest_dashboards / f'{dashboard["name"]}.json' + + if dashboard['sha256'] == get_sha256(output_file): + logging.debug(f'- {dashboard["name"]} - checksum ok, skipped') + continue + + logging.info(f'- {dashboard["name"]}') + self._tools.wget.download(dashboard['url'], output_document=output_file) + except CriticalError: + logging.warn(f'Could not download file: {dashboard["name"]}') + + def _download_crane(self): + """ + Download Crane package if needed and setup it's environment + """ + crane_path = self._cfg.dest_dir / 'crane' + crane_package_path = Path(f'{crane_path}.tar.gz') + + if self._requirements['crane'][0]['sha256'] == get_sha256(crane_package_path): + logging.debug(f'crane - checksum ok, skipped') + return + + self._tools.wget.download(self._requirements['crane'][0]['url'], crane_package_path) + self._tools.tar.unpack(crane_package_path, 'crane', directory=self._cfg.dest_dir) + chmod(crane_path, 0o0755) + + # create symlink to the crane file so that it'll be visible in shell + crane_symlink = Path('/usr/bin/crane') + if not crane_symlink.exists(): + crane_symlink.symlink_to(crane_path) + + def _download_images(self): + """ + Download images under `self._requirements['images']` using Crane + """ + platform: str = 'linux/amd64' if self._cfg.os_arch.X86_64 else 'linux/arm64' + for image in self._requirements['images']: + try: + url, version = image['name'].split(':') + filename = Path(f'{url.split("/")[-1]}_{version}.tar') # format: image_version.tar + + if image['sha256'] == get_sha256(self._cfg.dest_images / filename): + logging.debug(f'- {image["name"]} - checksum ok, skipped') + continue + + logging.info(f'- {image["name"]}') + self._tools.crane.pull(image['name'], self._cfg.dest_images / filename, platform) + except CriticalError: + logging.warn(f'Could not download image: `{image["name"]}`') + + def _cleanup(self): + """ + Optional step for cleanup routines + """ + pass + + def run(self): + """ + Run target mode. + + :raises: + :class:`CriticalError`: can be raised on exceeding retries + Exception: on I/O OS failures + """ + # add required directories + self._cfg.dest_dashboards.mkdir(exist_ok=True, parents=True) + self._cfg.dest_files.mkdir(exist_ok=True, parents=True) + self._cfg.dest_images.mkdir(exist_ok=True, parents=True) + self._cfg.dest_packages.mkdir(exist_ok=True, parents=True) + + logging.info('Checking backup repositories...') + self._use_backup_repositories() + logging.info('Done checking backup repositories.') + + logging.info('Adding third party repositories...') + self._add_third_party_repositories() + logging.info('Done adding third party repositories.') + + logging.info('Installing packages...') + self._install_packages() + logging.info('Done installing packages.') + + logging.info('Downloading files...') + self._download_files() + logging.info('Done downloading files.') + + logging.info('Downloading dashboards...') + self._download_dashboards() + logging.info('Done downloading dashboards.') + + logging.info('Downloading Crane...') + self._download_crane() + logging.info('Done downloading Crane.') + + logging.info('Downloading images...') + self._download_images() + logging.info('Done downloading images.') + + logging.info('Running cleanup...') + self._cleanup() + logging.info('Done running cleanup.') diff --git a/ansible/playbooks/roles/repository/files/download-requirements/src/mode/debian_family_mode.py b/ansible/playbooks/roles/repository/files/download-requirements/src/mode/debian_family_mode.py new file mode 100644 index 0000000000..f1a50bd356 --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/src/mode/debian_family_mode.py @@ -0,0 +1,111 @@ +import logging +import os +from pathlib import Path +from shutil import move + +from src.command.toolchain import DebianFamilyToolchain, Toolchain +from src.config import Config +from src.mode.base_mode import BaseMode, get_sha256 + + +class DebianFamilyMode(BaseMode): + """ + Used by distros based of Debian GNU/Linux + """ + + def __init__(self, config: Config): + super().__init__(config) + self.__create_repo_paths() + + def _construct_toolchain(self) -> Toolchain: + return DebianFamilyToolchain(self._cfg.retries) + + def __create_repo_paths(self): + for repo in self._repositories.keys(): + self._repositories[repo]['path'] = Path(self._repositories[repo]['path']) + + def _use_backup_repositories(self): + if not Path('/etc/apt/sources.list').exists(): + if self._cfg.repos_backup_file.exists() and self._cfg.enable_backup: + logging.warn('OS repositories seems missing, restoring...') + self._tools.tar.unpack(filename=self._cfg.repos_backup_file, + target='.', + directory=Path('/'), + absolute_name=True, + verbose=True) + else: + logging.warn('/etc/apt/sources.list seems missing, you either know what you are doing or ' + 'you need to fix your repositories') + + def _add_third_party_repositories(self): + # backup custom repositories to avoid possible conflicts + for repo_file in Path('/etc/apt/sources.list.d').iterdir(): + if repo_file.name.endswith('.list'): + repo_file.rename(f'{repo_file}.bak') + + # add third party keys + for repo in self._repositories: + data = self._repositories[repo] + key_file = Path(f'/tmp/{repo}') + self._tools.wget.download(data['key'], key_file) + self._tools.apt_key.add(key_file) + + # create repo files + for repo in self._repositories: + data = self._repositories[repo] + with data['path'].open(mode='a') as repo_handler: + repo_handler.write(data['content']) + + self._tools.apt.update() + + def _install_packages(self): + # install prerequisites which might be missing + installed_packages = self._tools.dpkg.list_installed_packages() + + logging.info('Installing base packages:') + for package in ['wget', 'gpg', 'curl', 'tar']: + if package not in installed_packages: + self._tools.apt.install(package, assume_yes=True) + logging.info(f'- {package}') + + logging.info('Done.') + + # path needs to be changed since `apt download` does not allow to set target dir + os.chdir(self._cfg.dest_packages) + + logging.info('Downloading required packages:') + + for package in self._requirements['packages']: + pkg_base_name = package['name'].split('=')[0] + try: + # Files downloaded by `apt download` cannot have custom names + # and they always starts with a package name + versioning and other info. + # Find if there is a file corresponding with it's package name + pkg_file = [pkg_file for pkg_file in self._cfg.dest_packages.iterdir() if + pkg_file.name.startswith(pkg_base_name)][0] + + if package['sha256'] == get_sha256(pkg_file): + logging.debug(f'- {package["name"]} - checksum ok, skipped') + continue + + except IndexError: + pass # file not found, needs to be downloaded + + self._tools.apt.download(package['name']) + + logging.info(f'- {package["name"]}') + + logging.info('Done.') + + os.chdir(self._cfg.script_path) + + def _cleanup(self): + # cleaning up 3rd party repositories + for data in self._repositories.values(): + if data['path'].exists(): + data['path'].unlink() + + # restore masked custom repositories to their original names + for repo_file in Path('/etc/apt/sources.list.d').iterdir(): + if repo_file.name.endswith('.bak'): + move(str(repo_file.absolute()), str(repo_file.with_suffix('').absolute())) diff --git a/ansible/playbooks/roles/repository/files/download-requirements/src/mode/red_hat_family_mode.py b/ansible/playbooks/roles/repository/files/download-requirements/src/mode/red_hat_family_mode.py new file mode 100644 index 0000000000..d7a89782b4 --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/src/mode/red_hat_family_mode.py @@ -0,0 +1,87 @@ +from src.config import Config +from src.mode.base_mode import BaseMode +from src.command.toolchain import RedHatFamilyToolchain, Toolchain + + +class RedHatFamilyMode(BaseMode): + """ + Used by distros based of RedHat GNU/Linux + """ + + def __init__(self, config: Config): + super().__init__(config) + + def _construct_toolchain(self) -> Toolchain: + return RedHatFamilyToolchain(self._cfg.retries) +""" + + def _use_backup_repositories(self): + +if [ -f "$YUM_CONFIG_BACKUP_FILE_PATH" ]; then + echol "Backup aleady exists: $YUM_CONFIG_BACKUP_FILE_PATH" +else + echol "Backuping /etc/yum.repos.d/ to $YUM_CONFIG_BACKUP_FILE_PATH" + if backup_files "$YUM_CONFIG_BACKUP_FILE_PATH" '/etc/yum.repos.d/'; then + echol "Backup done" + else + if [ -f "$YUM_CONFIG_BACKUP_FILE_PATH" ]; then + remove_file "$YUM_CONFIG_BACKUP_FILE_PATH" + fi + exit_with_error "Backup of yum repositories failed" + fi +fi + + def _add_third_party_repositories(self): +# --- Enable RHEL repos --- + +# -> rhel-7-server-extras-rpms # for container-selinux package, this repo has different id names on clouds +# About rhel-7-server-extras-rpms: https://access.redhat.com/solutions/3418891 + +ON_PREM_REPO_ID='rhel-7-server-extras-rpms' +REPO_ID_PATTERN="$ON_PREM_REPO_ID|rhui-rhel-7-server-rhui-extras-rpms|rhui-REGION-rhel-server-extras|rhel-7-server-rhui-extras-rpms" # on-prem|Azure|AWS7.8|AWS7.9 +find_rhel_repo_id 'REPO_ID' "$ON_PREM_REPO_ID" "$REPO_ID_PATTERN" +enable_repo "$REPO_ID" + +# -> rhel-server-rhscl-7-rpms # for Red Hat Software Collections (RHSCL), this repo has different id names on clouds +# About rhel-server-rhscl-7-rpms: https://access.redhat.com/solutions/472793 + +ON_PREM_REPO_ID='rhel-server-rhscl-7-rpms' +REPO_ID_PATTERN="$ON_PREM_REPO_ID|rhui-rhel-server-rhui-rhscl-7-rpms|rhui-REGION-rhel-server-rhscl|rhel-server-rhui-rhscl-7-rpms" # on-prem|Azure|AWS7.8|AWS7.9 +find_rhel_repo_id 'REPO_ID' "$ON_PREM_REPO_ID" "$REPO_ID_PATTERN" +enable_repo "$REPO_ID" + +# --- Add repos --- + +# noarch repositories +. ${ADD_MULTIARCH_REPOSITORIES_SCRIPT} + +# arch specific repositories +. ${ADD_ARCH_REPOSITORIES_SCRIPT} + + def _install_packages(self): +# repos can be enabled or disabled using the yum-config-manager command, which is provided by yum-utils package +for package in 'yum-utils' 'wget' 'curl' 'tar'; do + if ! is_package_installed "$package"; then + install_package "$package" + fi +done +# some packages are from EPEL repo +if ! is_package_installed 'epel-release'; then + install_package 'https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm' 'epel-release' +fi +# download requirements (fixed versions) +if [[ ${#PREREQ_PACKAGES[@]} -gt 0 ]]; then + echol "Downloading repository prerequisite packages (${#PREREQ_PACKAGES[@]})..." + download_packages "$REPO_PREREQ_PACKAGES_DIR" "${PREREQ_PACKAGES[@]}" +fi + +# clean metadata for upgrades (when the same package can be downloaded from changed repo) +run_cmd remove_yum_cache_for_untracked_repos + +run_cmd_with_retries yum -y makecache fast 3 + + def _cleanup(self): +remove_installed_packages "$INSTALLED_PACKAGES_FILE_PATH" + +remove_file "$YUM_CONFIG_BACKUP_FILE_PATH" +""" diff --git a/ansible/playbooks/roles/repository/files/download-requirements/tests/command/test_apt.py b/ansible/playbooks/roles/repository/files/download-requirements/tests/command/test_apt.py new file mode 100644 index 0000000000..bc6b2dab35 --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/tests/command/test_apt.py @@ -0,0 +1,21 @@ +from tests.mocks.command_run_mock import CommandRunMock + +from src.command.apt import Apt + + +def test_interface_update(mocker): + ''' Check argument construction for `apt update` ''' + with CommandRunMock(mocker, Apt(1).update) as call_args: + assert call_args == ['apt', 'update'] + + +def test_interface_download(mocker): + ''' Check argument construction for `apt download package` ''' + with CommandRunMock(mocker, Apt(1).download, {'package': 'vim'}) as call_args: + assert call_args == ['apt', 'download', 'vim'] + + +def test_interface_install(mocker): + ''' Check argument construction for `apt install -y package` ''' + with CommandRunMock(mocker, Apt(1).install, {'package': 'vim', 'assume_yes': True}) as call_args: + assert call_args == ['apt', 'install', '-y', 'vim'] diff --git a/ansible/playbooks/roles/repository/files/download-requirements/tests/command/test_crane.py b/ansible/playbooks/roles/repository/files/download-requirements/tests/command/test_crane.py new file mode 100644 index 0000000000..4722563aa8 --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/tests/command/test_crane.py @@ -0,0 +1,19 @@ +from pathlib import Path +from tests.mocks.command_run_mock import CommandRunMock + +from src.command.crane import Crane + + +def test_interface_pull(mocker): + ''' Check argument construction for crane pull ''' + mocker.patch('src.command.crane.chmod', return_value=None) + mocker.patch('src.command.crane.mkstemp', return_value=[None, '/tmp/tmpfile']) + mocker.patch('src.command.crane.move', return_value=None) + + with CommandRunMock(mocker, Crane(1).pull, {'image_name': 'image', + 'destination': Path('/some/place'), + 'platform': 'platform', + 'legacy_format': True, + 'insecure': True}) as call_args: + assert call_args == ['crane', 'pull', '--insecure', '--platform=platform', '--format=legacy', + 'image', '/tmp/tmpfile'] diff --git a/ansible/playbooks/roles/repository/files/download-requirements/tests/command/test_tar.py b/ansible/playbooks/roles/repository/files/download-requirements/tests/command/test_tar.py new file mode 100644 index 0000000000..1c8bca198f --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/tests/command/test_tar.py @@ -0,0 +1,34 @@ +from tests.mocks.command_run_mock import CommandRunMock + +from src.command.tar import Tar + + +def test_interface_list_items(mocker): + ''' Check argument construction for `tar -tf` ''' + with CommandRunMock(mocker, Tar().list_items, {'filename': '/var/log/file.tar.gz'}) as call_args: + assert call_args == ['tar', '-tf', '/var/log/file.tar.gz'] + + +def test_interface_pack(mocker): + ''' Check argument construction for `tar -cf` ''' + with CommandRunMock(mocker, Tar().pack, {'filename': '/tmp/package.tar.gz', + 'target': '*', + 'directory': '/some/directory', + 'verbose': True, + 'compress': True, + 'verify': True}) as call_args: + assert call_args == ['tar', '-czvf', '/tmp/package.tar.gz', '--verify', '--directory', '/some/directory', '*'] + + +def test_interface_unpack(mocker): + ''' Check argument construction for `tar -xf` ''' + with CommandRunMock(mocker, Tar().unpack, {'filename': '/tmp/package.tar.gz', + 'target': 'some_target', + 'directory': '/some/directory', + 'overwrite': True, + 'verbose': True, + 'uncompress': True, + 'strip_components': 2}) as call_args: + assert call_args == ['tar', '-xzvf', '/tmp/package.tar.gz', '--directory', '/some/directory', + '--strip-components=2', 'some_target', '--overwrite'] + diff --git a/ansible/playbooks/roles/repository/files/download-requirements/tests/command/test_wget.py b/ansible/playbooks/roles/repository/files/download-requirements/tests/command/test_wget.py new file mode 100644 index 0000000000..9849435f63 --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/tests/command/test_wget.py @@ -0,0 +1,15 @@ +from pathlib import Path + +from src.command.wget import IPFamily, Wget +from tests.mocks.command_run_mock import CommandRunMock + + +def test_builder_download(mocker): + ''' Check argument construction for `wget` ''' + with CommandRunMock(mocker, Wget(1).download, {'url': 'http://some.url.com', + 'output_document': Path('/var/log/output_name'), + 'directory_prefix': Path('/custom/prefix'), + 'ip_family': IPFamily.IPV4}) as call_args: + assert call_args == ['wget', '--no-use-server-timestamps', '--continue', '--show-progress', + '-O', '/var/log/output_name', '--directory-prefix=/custom/prefix', + '--prefer-family=IPv4', 'http://some.url.com'] diff --git a/ansible/playbooks/roles/repository/files/download-requirements/tests/command/test_yum.py b/ansible/playbooks/roles/repository/files/download-requirements/tests/command/test_yum.py new file mode 100644 index 0000000000..200438b79a --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/tests/command/test_yum.py @@ -0,0 +1,16 @@ +from tests.mocks.command_run_mock import CommandRunMock + +from src.command.yum import Yum + + +# def test_builder_update(mocker): + # ''' Check argument construction for `yum update -y` ''' + # with CommandRunMock(mocker, Yum(1).update, {'package': 'vim'}) as call_args: + # assert call_args == ['yum', 'download', 'vim'] + + +def test_builder_install(mocker): + ''' Check argument construction for `yum install -y` ''' + with CommandRunMock(mocker, Yum(1).install, {'package': 'vim', 'assume_yes': True}) as call_args: + assert call_args == ['yum', 'install', '-y', 'vim'] + diff --git a/ansible/playbooks/roles/repository/files/download-requirements/tests/mocks/command_run_mock.py b/ansible/playbooks/roles/repository/files/download-requirements/tests/mocks/command_run_mock.py new file mode 100644 index 0000000000..ac181dd3ec --- /dev/null +++ b/ansible/playbooks/roles/repository/files/download-requirements/tests/mocks/command_run_mock.py @@ -0,0 +1,45 @@ +import subprocess +from typing import Any, Callable, Dict, List +from unittest.mock import Mock + +from pytest_mock.plugin import MockerFixture + + +class CommandRunMock: + """ + Mock class for Command.run() calls. + Usage: + + with CommandRunMock(mocker, function_to_test, function_args) as call_args: + assert call_args == [expected_arg1, ...] + """ + def __init__(self, mocker: MockerFixture, func: Callable, args: Dict[str, Any] = None): + """ + :param mocker: mocker object provided by pytest + :param func: function which will be tested + :param args: parameters that will be passed to `__func` + """ + self.__mocker = mocker + self.__func = func + self.__args = args + + def __enter__(self) -> List[str]: + """ + :return: list of arguments passed to the subprocess.run() function + """ + mock = Mock() + mock.returncode = 0 + + self.__mocker.patch('src.command.command.subprocess.run', side_effect=lambda args, encoding, stdout, stderr: mock) + + spy = self.__mocker.spy(subprocess, 'run') + + if self.__args: + self.__func(**self.__args) + else: + self.__func() + + return spy.call_args[0][0] + + def __exit__(self, *args): + pass diff --git a/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-20.04/add-repositories.sh b/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-20.04/add-repositories.sh deleted file mode 100644 index 48b788a6cb..0000000000 --- a/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-20.04/add-repositories.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -eu - -wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add - -echo "deb https://artifacts.elastic.co/packages/oss-6.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-6.x.list - -wget -qO - https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - -echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list - -wget -qO - https://packages.erlang-solutions.com/ubuntu/erlang_solutions.asc | apt-key add - -echo "deb https://packages.erlang-solutions.com/ubuntu focal contrib" | tee /etc/apt/sources.list.d/erlang-23.x.list - -# bionic is used since focal contains versions 3.8.11+ but we use 3.8.9 -wget -qO - https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey | apt-key add - -echo "deb https://packagecloud.io/rabbitmq/rabbitmq-server/ubuntu bionic main" | tee /etc/apt/sources.list.d/rabbitmq.list - -wget -qO - https://download.docker.com/linux/ubuntu/gpg | apt-key add - -echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable" | tee /etc/apt/sources.list.d/docker-ce.list - -wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add - -echo "deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-7.x.list - -wget -qO - https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch | apt-key add - -echo "deb https://d3g5vo6xdbdb9a.cloudfront.net/apt stable main" | tee -a /etc/apt/sources.list.d/opendistroforelasticsearch.list - -wget -qO - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - -echo "deb http://apt.postgresql.org/pub/repos/apt focal-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list - -# Historical packages from apt.postgresql.org -wget -qO - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - -echo "deb http://apt-archive.postgresql.org/pub/repos/apt focal-pgdg-archive main" | tee /etc/apt/sources.list.d/pgdg-archive.list - -# Provides repmgr -wget -qO - https://dl.2ndquadrant.com/gpg-key.asc | apt-key add - -echo "deb https://dl.2ndquadrant.com/default/release/apt focal-2ndquadrant main" | tee -a /etc/apt/sources.list.d/2ndquadrant-dl-default-release.list diff --git a/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-20.04/common.sh b/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-20.04/common.sh deleted file mode 100644 index c21d72a7fc..0000000000 --- a/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-20.04/common.sh +++ /dev/null @@ -1,137 +0,0 @@ -#!/bin/bash -# this file is just a bunch of functions meant to be called from other scripts - - -usage() { - echo "usage: ./$(basename "$0") " - echo "example: ./$(basename "$0") /tmp/downloads" - exit 1 -} - -# params: -remove_file() { - local file_path="$1" - - echol "Removing file: $file_path" - rm -f "$file_path" || exit_with_error "Command failed: rm -f \"$file_path\"" -} - -# params: -create_directory() { - local dir_path="$1" - - if [[ ! -d "$dir_path" ]]; then - mkdir -p $dir_path - fi -} - -# params: -download_image() { - local image_name="$1" - local dest_dir="$2" - - local splited_image=(${image_name//:/ }) - local repository=${splited_image[0]} - local tag=${splited_image[1]} - local repo_basename=$(basename -- "$repository") - local dst_image="${dest_dir}/${repo_basename}-${tag}.tar" - local retries=3 - - if [[ -f ${dst_image} ]]; then - echo "Image: "${dst_image}" already exists. Skipping..." - else - local tmp_file=$(mktemp) - echo "Downloading image: $1" - echo "Crane command is: ${CRANE_BIN} pull --insecure --format=legacy ${image_name} ${dst_image}" - # use temporary file for downloading to be safe from sudden interruptions (network, ctrl+c) - run_cmd_with_retries $retries ${CRANE_BIN} pull --insecure --platform=${docker_platform} --format=legacy ${image_name} ${tmp_file} && chmod 644 ${tmp_file} && mv ${tmp_file} ${dst_image} - fi -} - -# params: [new_filename] -download_file() { - local file_url="$1" - local dest_dir="$2" - if [[ ${3-} ]]; then - local new_filename="$3" - fi - - local file_name - file_name=$(basename "$file_url") - local dest_path="${dest_dir}/${file_name}" - local retries=3 - - # wget with --timestamping sometimes failes on AWS with ERROR 403: Forbidden - # so we remove existing file to overwrite it - - # remove old files to force redownload after a while - # just a precaution so --continue won't append and corrupt files localy if file is updated on server without name change - if [[ -f $dest_path && $(find "$dest_path" -mmin +60 -print) ]]; then - echol "File $dest_path older than 1h, redownloading..." - remove_file "$dest_path" - fi - - # --no-use-server-timestamps - we don't use --timestamping and we need to expire files somehow - # --continue - don't download the same file multiple times, gracefully skip if file is fully downloaded - if [[ ${new_filename-} ]]; then - echol "Downloading file: $file_url as $new_filename" - run_cmd_with_retries $retries wget --no-use-server-timestamps --continue --show-progress --prefer-family=IPv4 "${file_url}" -O "${dest_dir}/${new_filename}" - else - echol "Downloading file: $file_url" - run_cmd_with_retries $retries wget --no-use-server-timestamps --continue --show-progress --prefer-family=IPv4 --directory-prefix="${dest_dir}" "${file_url}" - fi -} - -# to download everything, add "--recurse" flag but then you will get much more packages (e.g. 596 vs 319) -deplist_cmd() { - apt-cache depends --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances --no-pre-depends $1 -} - -get_shell_escaped_array() { - if (( $# > 0 )); then - printf '%q\n' "$@" - fi -} - -print_array_as_shell_escaped_string() { - local output - output=$(get_shell_escaped_array "$@") - local -a escaped=() - if [ -n "$output" ]; then - readarray -t escaped <<< "$output" - fi - if (( ${#escaped[@]} > 0 )); then - printf '%s\n' "${escaped[*]}" - fi -} - -run_cmd() { - local -a cmd_arr=("$@") - local output - output=$(print_array_as_shell_escaped_string "${cmd_arr[@]}") - echo "Running command:" "$output" - "${cmd_arr[@]}" -} - -run_cmd_with_retries() { - local retries=${1} - shift - local -a cmd_arr=("$@") - ( # sub-shell is used to limit scope for 'set +e' - set +e - trap - ERR # disable global trap locally - for ((i=0; i <= retries; i++)); do - run_cmd "${cmd_arr[@]}" - return_code=$? - if (( return_code == 0 )); then - break - elif (( i < retries )); then - sleep 1 - echo "retrying ($(( i+1 ))/${retries})" - else - echo "ERROR: all attempts failed" - fi - done - return $return_code - ) -} diff --git a/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-20.04/download-requirements.sh b/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-20.04/download-requirements.sh deleted file mode 100644 index 22e6b597f7..0000000000 --- a/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-20.04/download-requirements.sh +++ /dev/null @@ -1,248 +0,0 @@ -#!/bin/bash - -set -euo pipefail -export DEBIAN_FRONTEND=noninteractive - -script_path="$( cd "$(dirname "$0")" ; pwd -P )" - -# source common functions -. "${script_path}/common.sh" - -internet_access_checks_enabled="yes" -CREATE_LOGFILE="yes" -LOG_FILE_PATH="${script_path}/log" - -. "${script_path}/common/common_functions.sh" - -if [[ $# -lt 1 ]]; then - usage -fi - -readonly START_TIME=$(date +%s) - -script_file_name=$(basename "$0") -dst_dir=$(readlink -m "$1") # beautify input path - remove double slashes if occurs -dst_dir_packages="${dst_dir}/packages" -dst_dir_files="${dst_dir}/files" -dst_dir_images="${dst_dir}/images" -deplist="${script_path}/.dependencies" -retries="3" -download_cmd="run_cmd_with_retries $retries apt-get download" -add_repos="${script_path}/add-repositories.sh" -CRANE_BIN="${script_path}/crane" - -# arch -arch=$(uname -m) -echol "Detected arch: $arch" -input_file="${script_path}/requirements.${arch}.txt" -case $arch in -x86_64) - docker_platform="linux/amd64" - ;; - -*) - exit_with_error "Arch $arch unsupported" - ;; -esac -echol "Docker platform: $docker_platform" - -# checks - -[[ $EUID -eq 0 ]] || { echo "You have to run as root"; exit 1; } - -[[ -f $input_file ]] || exit_with_error "File not found: $input_file" - -# restore system repositories in case they're missing if ansible role gets interrupted - -enable_system_repos_script="/var/tmp/epi-repository-setup-scripts/enable-system-repos.sh" -disable_epirepo_client_script="/var/tmp/epi-repository-setup-scripts/disable-epirepo-client.sh" -apt_sources_list="/etc/apt/sources.list" - -if [[ ! -f $apt_sources_list || ! -s $apt_sources_list ]]; then - if [[ -f /var/tmp/enabled-system-repos.tar && -f $enable_system_repos_script ]]; then - echol "OS repositories seems missing, restoring..." - $enable_system_repos_script || exit_with_error "Could not restore system repositories" - $disable_epirepo_client_script || exit_with_error "Could not disable epirepo" - else - echol "$apt_sources_list seems missing or is empty, you either know what you're doing or you need to fix your repositories" - fi -fi - -check_connection apt $apt_sources_list - -# install prerequisites which might be missing -prerequisites=(wget gpg curl tar) -for i in ${prerequisites[@]}; do - dpkg -l | grep "^ii $i\s" &>/dev/null || apt install -y $i -done - -# some quick sanity check -echol "Dependency list: $deplist" -echol "Command used to download packages: $download_cmd" -echol "Destination directory for packages: $dst_dir_packages" - -# make sure destination dir exists -mkdir -p "$dst_dir_packages" -mkdir -p "$dst_dir_files" -mkdir -p "$dst_dir_images" - -# mask custom repositories to avoid possible conflicts -shopt -s nullglob -for i in /etc/apt/sources.list.d/*.list; do - mv "$i" "${i}.bak" -done -shopt -u nullglob - -# add 3rd party repositories -# TODO: See if we need to split this up to support different architectures -. "${add_repos}" - -check_connection apt $(ls /etc/apt/sources.list.d) -apt update - -# parse the input file, separete by tags: [crane], [packages], [files], [images] -crane=$(awk '/^$/ || /^#/ {next}; /\[crane\]/ {f=1; next}; /^\[/ {f=0}; f {print $0}' "${input_file}") -packages=$(awk '/^$/ || /^#/ {next}; /\[packages\]/ {f=1; next}; /^\[/ {f=0}; f {print $0}' "${input_file}") -files=$(awk '/^$/ || /^#/ {next}; /\[files\]/ {f=1; f=2; next}; /^\[/ {f=0}; f {print $0}' "${input_file}") -images=$(awk '/^$/ || /^#/ {next}; /\[images\]/ {f=1; next}; /^\[/ {f=0}; f {print $0}' "${input_file}") - -printf "\n" - -if [[ -e $deplist ]]; then - # clear list of cached dependencies if .dependencies is older than 15 minutes - find "$script_path" -type f -wholename "$deplist" -mmin +15 -exec rm "$deplist" \; - # clear list of cached dependencies if requirements.txt was recently edited - find "$script_path" -type f -wholename "$input_file" -mmin -1 -exec rm "$deplist" \; -fi - -# CRANE -if [[ -z "${crane}" || $(wc -l <<< "${crane}") -ne 1 ]] ; then - exit_with_error "Crane binary download path undefined or more than one download path defined" -else - if [[ -x $CRANE_BIN ]]; then - echol "Crane binary already exists" - else - file_url=$(head -n 1 <<< "${crane}") - - check_connection wget $file_url - - echol "Downloading crane from: $file_url" - download_file "$file_url" "$script_path" - tar_path="${script_path}/${file_url##*/}" - echol "Unpacking crane from $tar_path to $CRANE_BIN" - tar -xzf "$tar_path" --directory "$script_path" "crane" --overwrite - chmod +x "$CRANE_BIN" - remove_file "$tar_path" - [[ -f $CRANE_BIN ]] || exit_with_error "File not found: $CRANE_BIN" - [[ -x $CRANE_BIN ]] || exit_with_error "$CRANE_BIN has to be executable" - fi -fi - -printf "\n" - -check_connection crane $(for image in $images; do splitted=(${image//:/ }); echo "${splitted[0]}"; done) - -# PACKAGES -# if dependency list doesn't exist or is zero size then resolve dependency and store them in a deplist file -if [[ ! -f $deplist || ! -s $deplist ]]; then - # clean dependency list if process gets interrupted - trap "rm -f $deplist; echol 'Dependency resolution interrupted, cleaning cache file'" SIGINT SIGTERM - echo Resolving dependencies to download. This might take a while and will be cached in $deplist - while IFS= read -r package; do - echol "Package read from requirements file: $package" - # if package has a specified version e.g. "name 1.0" store it as "name=1.0*" for compatibility with "apt-get download" - package=$(echo "$package" | awk '{if($2 != "") {print $1 "=" $2 "*"} else {print $1}}') - echol "Package to download: $package" - # store package itself in the list of dependencies... - echol "$package" >> "$deplist" - # .. and create depency list for the package - # (names only for dependencies, no version check here, not necessary as most dependencies are backward-compatible) - dependencies=$(deplist_cmd "$package" | awk '/Depends/ && !/= v0.7.1) -kubeadm 1.18.6 -kubectl 1.18.6 -kubelet 1.18.6 - -# K8s v1.19.15 (Epiphany >= v1.3, transitional version) -kubeadm 1.19.15 -kubectl 1.19.15 -kubelet 1.19.15 - -# K8s v1.20.12 (Epiphany >= v1.3, transitional version) -kubeadm 1.20.12 -kubectl 1.20.12 -kubelet 1.20.12 - -# K8s v1.21.7 (Epiphany >= v1.3, transitional version) -kubeadm 1.21.7 -kubectl 1.21.7 -kubelet 1.21.7 - -# K8s v1.22.4 -kubeadm 1.22.4 -kubectl 1.22.4 -kubelet 1.22.4 - -# Kubernetes Generic -# kubernetes-cni-0.8.6 since K8s v1.18.6 -kubernetes-cni 0.8.6-00 -# kubernetes-cni-0.8.7 since K8s v1.19.15 -kubernetes-cni 0.8.7-00 - -[files] -# --- Packages --- -# Switched from APT repo because there was only one (the latest) version available (issue #2262) -https://packages.elastic.co/curator/5/debian9/pool/main/e/elasticsearch-curator/elasticsearch-curator_5.8.3_amd64.deb -# Grafana package is not downloaded from repository since it was not reliable (issue #2449) -https://dl.grafana.com/oss/release/grafana_8.3.2_amd64.deb -# --- Exporters --- -https://github.com/danielqsj/kafka_exporter/releases/download/v1.4.0/kafka_exporter-1.4.0.linux-amd64.tar.gz -https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.16.1/jmx_prometheus_javaagent-0.16.1.jar -https://github.com/prometheus/node_exporter/releases/download/v1.3.1/node_exporter-1.3.1.linux-amd64.tar.gz -https://github.com/prometheus-community/postgres_exporter/releases/download/v0.10.0/postgres_exporter-0.10.0.linux-amd64.tar.gz -# --- Misc --- -https://archive.apache.org/dist/kafka/2.6.0/kafka_2.12-2.6.0.tgz -https://archive.apache.org/dist/zookeeper/zookeeper-3.5.8/apache-zookeeper-3.5.8-bin.tar.gz -https://github.com/prometheus/alertmanager/releases/download/v0.23.0/alertmanager-0.23.0.linux-amd64.tar.gz -https://github.com/prometheus/prometheus/releases/download/v2.31.1/prometheus-2.31.1.linux-amd64.tar.gz -https://get.helm.sh/helm-v3.2.0-linux-amd64.tar.gz -https://archive.apache.org/dist/logging/log4j/2.17.1/apache-log4j-2.17.1-bin.tar.gz -# --- Helm charts --- -https://charts.bitnami.com/bitnami/node-exporter-2.3.17.tgz -https://helm.elastic.co/helm/filebeat/filebeat-7.9.2.tgz -# --- Grafana Dashboards --- -# Kubernetes Cluster -https://grafana.com/api/dashboards/7249/revisions/1/download grafana_dashboard_7249.json -# Kubernetes cluster monitoring (via Prometheus) -https://grafana.com/api/dashboards/315/revisions/3/download grafana_dashboard_315.json -# Node Exporter for Prometheus -https://grafana.com/api/dashboards/11074/revisions/9/download grafana_dashboard_11074.json -# Node Exporter Server Metrics -https://grafana.com/api/dashboards/405/revisions/8/download grafana_dashboard_405.json -# Postgres Overview -https://grafana.com/api/dashboards/455/revisions/2/download grafana_dashboard_455.json -# PostgreSQL Database -https://grafana.com/api/dashboards/9628/revisions/7/download grafana_dashboard_9628.json -# RabbitMQ Monitoring -https://grafana.com/api/dashboards/4279/revisions/4/download grafana_dashboard_4279.json -# Node Exporter Full -https://grafana.com/api/dashboards/1860/revisions/23/download grafana_dashboard_1860.json -# Kafka Exporter Overview -https://grafana.com/api/dashboards/7589/revisions/5/download grafana_dashboard_7589.json -# HaProxy backend (or frontend/servers) -https://grafana.com/api/dashboards/789/revisions/1/download grafana_dashboard_789.json -# Docker and Host Monitoring w/ Prometheus -https://grafana.com/api/dashboards/179/revisions/7/download grafana_dashboard_179.json -# Kubernetes pod and cluster monitoring (via Prometheus) -https://grafana.com/api/dashboards/6663/revisions/1/download grafana_dashboard_6663.json -# RabbitMQ cluster monitoring (via Prometheus) -https://grafana.com/api/dashboards/10991/revisions/11/download grafana_dashboard_10991.json - -[images] -haproxy:2.2.2-alpine -kubernetesui/dashboard:v2.3.1 -kubernetesui/metrics-scraper:v1.0.7 -registry:2 -# applications -bitnami/pgpool:4.2.4 -bitnami/pgbouncer:1.16.0 - -epiphanyplatform/keycloak:14.0.0 -rabbitmq:3.8.9 -# K8s -## v1.18.6 -k8s.gcr.io/kube-apiserver:v1.18.6 -k8s.gcr.io/kube-controller-manager:v1.18.6 -k8s.gcr.io/kube-scheduler:v1.18.6 -k8s.gcr.io/kube-proxy:v1.18.6 -k8s.gcr.io/coredns:1.6.7 -k8s.gcr.io/etcd:3.4.3-0 -quay.io/coreos/flannel:v0.12.0-amd64 -quay.io/coreos/flannel:v0.12.0 -calico/cni:v3.15.0 -calico/kube-controllers:v3.15.0 -calico/node:v3.15.0 -calico/pod2daemon-flexvol:v3.15.0 -## v1.19.15 -k8s.gcr.io/kube-apiserver:v1.19.15 -k8s.gcr.io/kube-controller-manager:v1.19.15 -k8s.gcr.io/kube-scheduler:v1.19.15 -k8s.gcr.io/kube-proxy:v1.19.15 -## v1.20.12 -k8s.gcr.io/kube-apiserver:v1.20.12 -k8s.gcr.io/kube-controller-manager:v1.20.12 -k8s.gcr.io/kube-scheduler:v1.20.12 -k8s.gcr.io/kube-proxy:v1.20.12 -k8s.gcr.io/coredns:1.7.0 -k8s.gcr.io/pause:3.2 -## v1.21.7 -k8s.gcr.io/kube-apiserver:v1.21.7 -k8s.gcr.io/kube-controller-manager:v1.21.7 -k8s.gcr.io/kube-scheduler:v1.21.7 -k8s.gcr.io/kube-proxy:v1.21.7 -k8s.gcr.io/coredns/coredns:v1.8.0 -k8s.gcr.io/etcd:3.4.13-0 -k8s.gcr.io/pause:3.4.1 -## v1.22.4 -k8s.gcr.io/kube-apiserver:v1.22.4 -k8s.gcr.io/kube-controller-manager:v1.22.4 -k8s.gcr.io/kube-scheduler:v1.22.4 -k8s.gcr.io/kube-proxy:v1.22.4 -k8s.gcr.io/coredns/coredns:v1.8.4 -k8s.gcr.io/etcd:3.5.0-0 -k8s.gcr.io/pause:3.5 -quay.io/coreos/flannel:v0.14.0-amd64 -quay.io/coreos/flannel:v0.14.0 -calico/cni:v3.20.3 -calico/kube-controllers:v3.20.3 -calico/node:v3.20.3 -calico/pod2daemon-flexvol:v3.20.3 diff --git a/ansible/playbooks/roles/repository/tasks/Debian/install-packages.yml b/ansible/playbooks/roles/repository/tasks/Debian/install-packages.yml new file mode 100644 index 0000000000..7849a475d0 --- /dev/null +++ b/ansible/playbooks/roles/repository/tasks/Debian/install-packages.yml @@ -0,0 +1,10 @@ +--- +- name: Install Debian family packages essential for repository to work + apt: + name: + - python3-yaml + state: present + register: result + retries: 3 + delay: 1 + until: result is succeeded diff --git a/ansible/playbooks/roles/repository/tasks/RedHat/install-packages.yml b/ansible/playbooks/roles/repository/tasks/RedHat/install-packages.yml new file mode 100644 index 0000000000..885093806a --- /dev/null +++ b/ansible/playbooks/roles/repository/tasks/RedHat/install-packages.yml @@ -0,0 +1,10 @@ +--- +- name: Install RedHat family packages for repository to work + yum: + name: + - python3-yaml + state: present + register: result + retries: 3 + delay: 1 + until: result is succeeded diff --git a/ansible/playbooks/roles/repository/tasks/check-whether-to-run-download.yml b/ansible/playbooks/roles/repository/tasks/check-whether-to-run-download.yml index 7e5f504a64..f0d1fc4452 100644 --- a/ansible/playbooks/roles/repository/tasks/check-whether-to-run-download.yml +++ b/ansible/playbooks/roles/repository/tasks/check-whether-to-run-download.yml @@ -4,12 +4,12 @@ - name: Check if flag file exists stat: - path: /var/tmp/epi-download-requirements/download-requirements-done.flag + path: "{{ download_requirements_flag }}" register: stat_flag_file - name: Remove download-requirements-done.flag file if expired file: - path: /var/tmp/epi-download-requirements/download-requirements-done.flag + path: "{{ download_requirements_flag }}" state: absent when: - stat_flag_file.stat.exists @@ -17,5 +17,5 @@ - name: Check whether to run download script stat: - path: /var/tmp/epi-download-requirements/download-requirements-done.flag + path: "{{ download_requirements_flag }}" register: stat_flag_file diff --git a/ansible/playbooks/roles/repository/tasks/download-requirements.yml b/ansible/playbooks/roles/repository/tasks/download-requirements.yml index 61392a5195..ecc669a286 100644 --- a/ansible/playbooks/roles/repository/tasks/download-requirements.yml +++ b/ansible/playbooks/roles/repository/tasks/download-requirements.yml @@ -4,14 +4,19 @@ - name: |- Run download-requirements script, this can take a long time - You can check progress on repository host with: journalctl -f -t download-requirements.sh + You can check progress on repository host with: journalctl -f -t download-requirements.py shell: >- - set -o pipefail && /var/tmp/epi-download-requirements/download-requirements.sh /var/www/html/epirepo --no-logfile |& - tee >(systemd-cat --identifier=download-requirements.sh) + set -o pipefail && "{{ download_requirements_script }}" /var/www/html/epirepo "{{ ansible_distribution }}" --no-logfile |& + tee >(systemd-cat --identifier=download-requirements.py) args: executable: /bin/bash - name: Create flag file to not re-download requirements next time file: - path: /var/tmp/epi-download-requirements/download-requirements-done.flag + path: "{{ download_requirements_flag }}" state: touch + +- name: STOP HERE + fail: + msg: GESZTOPT DANKE! + when: true diff --git a/ansible/playbooks/roles/repository/tasks/setup.yml b/ansible/playbooks/roles/repository/tasks/setup.yml index 273e443ae3..eec65a151f 100644 --- a/ansible/playbooks/roles/repository/tasks/setup.yml +++ b/ansible/playbooks/roles/repository/tasks/setup.yml @@ -16,28 +16,38 @@ 'redhat-7' if (ansible_distribution == 'RedHat' and ansible_distribution_major_version == '7') else 'ubuntu-20.04' if (ansible_distribution == 'Ubuntu' and ansible_distribution_version == '20.04') else None }} -- name: Download Epiphany requirements on repository host # online mode +- name: Set paths for download-requirements script + set_fact: + download_requirements_dir: "{{ _download_requirements_dir }}" + download_requirements_script: "{{ _download_requirements_dir }}/download-requirements.py" + download_requirements_flag: "{{ _download_requirements_dir }}/download-requirements-done.flag" + vars: + _download_requirements_dir: "/var/tmp/epi-download-requirements" + +- name: Setup venv and download Epiphany requirements on repository host # online mode block: - - name: Check if OS distribution is supported - assert: - that: download_script_subdir | length > 0 - fail_msg: "Your OS distribution is not supported" + - name: Install required packages for repository + include_tasks: "{{ ansible_os_family }}/install-packages.yml" + + - name: Create download-requirements directory + file: + path: "{{ download_requirements_dir }}" + state: directory - name: Copy files for downloading requirements to repository host - copy: - src: download-requirements/{{ download_script_subdir }}/ - dest: /var/tmp/epi-download-requirements + synchronize: + src: download-requirements/ + dest: "{{ download_requirements_dir }}" + recursive: true + rsync_opts: + - "--exclude=tests" # tests not needed + - "--exclude=__pycache__" - name: Make download script executable file: - dest: /var/tmp/epi-download-requirements/download-requirements.sh + dest: "{{ download_requirements_script }}" mode: a+x - - name: Copy common files for downloading requirements to repository host - copy: - src: download-requirements/common - dest: /var/tmp/epi-download-requirements - when: - not offline_mode - not custom_repository_url