Add utility playbook to download required binaries for all roles

Jonathan Rosser · Jonathan Rosser · commit d7c3cce604c9 · 2024-10-15T15:37:27.000+01:00
Usage: ansible-playbook vexxhost.kubernetes.download_binaries -e target=localhost

This playbook uses the existing download_artifact role and downloads
all versions of all binaries required for all roles. Pass extra
variables with -e as required to configure download_artifact.
diff --git a/molecule/download_binaries/converge.yml b/molecule/download_binaries/converge.yml
@@ -0,0 +1,4 @@
+- name: include playbook
+  ansible.builtin.import_playbook: vexxhost.kubernetes.download_binaries
+  vars:
+    target: instance
diff --git a/molecule/download_binaries/molecule.yml b/molecule/download_binaries/molecule.yml
@@ -0,0 +1,39 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: instance
+    image: geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2204}-ansible:latest
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    privileged: true
+    cgroupns_mode: host
+    pre_build_image: true
+    environment:
+      container: docker
+    security_opts:
+      - apparmor=unconfined
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+      - /lib/modules:/lib/modules:ro
+provisioner:
+  name: ansible
+  config_options:
+    connection:
+      pipelining: true
+verifier:
+  name: ansible
diff --git a/molecule/download_binaries/prepare.yml b/molecule/download_binaries/prepare.yml
@@ -0,0 +1,33 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Prepare
+  hosts: all
+  become: true
+  pre_tasks:
+    - name: Wait for systemd to complete initialization
+      ansible.builtin.command: systemctl is-system-running
+      register: systemctl_status
+      until: >
+        'running' in systemctl_status.stdout or
+        'degraded' in systemctl_status.stdout
+      retries: 30
+      delay: 5
+      changed_when: false
+      failed_when: systemctl_status.rc > 1
+  tasks:
+    - name: Run APT update
+      ansible.builtin.apt:
+        update_cache: yes
+      when: ansible_facts['pkg_mgr'] == "apt"
diff --git a/molecule/download_binaries/verify.yml b/molecule/download_binaries/verify.yml
@@ -0,0 +1,40 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Verify
+  hosts: all
+  become: true
+  vars:
+    dir: /var/lib/downloads
+  tasks:
+    - name: Stat target dir
+      ansible.builtin.stat:
+        path: "{{ dir }}"
+      register: _dir_stat
+
+    - name: Assert that target dir is created
+      ansible.builtin.assert:
+        that:
+          - _dir_stat.stat.exists
+          - _dir_stat.stat.isdir
+
+    - name: Find target files
+      ansible.builtin.find:
+        paths: "{{ dir }}"
+      register: _dir_find
+
+    - name: Assert that some files were downloaded
+      ansible.builtin.assert:
+        that:
+          - _dir_find.matched > 0
diff --git a/playbooks/download_binaries.yml b/playbooks/download_binaries.yml
@@ -0,0 +1,60 @@
+- name: Download all binaries required at runtime for ansible-collection-kubernetes
+  hosts: "{{ target | default('all') }}"
+  gather_facts: false
+  vars:
+   # some role defaults use vars only defined in the download_artifact role
+    _download_artifact_goarch_groups:
+      x86_64: amd64
+      aarch64: arm64
+      armv7l: arm
+
+    download_artifact_goarch: >-
+      {%- if ansible_facts['architecture'] in _download_artifact_goarch_groups -%}
+      {{ _download_artifact_goarch_groups[ansible_facts['architecture']] }}
+      {%- else -%}
+      {{ ansible_facts['architecture'] }}
+      {%- endif -%}
+
+    download_artifact_work_directory: /var/lib/downloads
+
+    role_location: "{{ playbook_dir }}/../roles"
+  tasks:
+    - name: Gather minimal facts
+      ansible.builtin.setup:
+        gather_subset: min
+      delegate_to: localhost
+
+    - name: Find all subdirectories in the role location
+      ansible.builtin.find:
+        file_type: directory
+        paths: "{{ role_location }}"
+        recurse: true
+      register: role_paths
+      delegate_to: localhost
+
+    - name: Select only defaults/ directories and load vars
+    # also load vars from download_artifact to get architecture mappings
+      ansible.builtin.include_vars:
+        dir: "{{ item }}"
+      with_items:
+        - "{{ role_paths.files | selectattr('path', 'search', 'defaults') | map(attribute='path') }}"
+      delegate_to: localhost
+
+    - name: Generate list of all binaries for all roles
+      vexxhost.containers.binary_downloads:
+        prefixes: "{{ query('varnames', '_download_url$') | map('replace', '_download_url', '') }}"
+      register: binaries
+      delegate_to: localhost
+
+    - name: Include download_artifact role
+      ansible.builtin.include_role:
+        name: vexxhost.containers.download_artifact
+      vars:
+        download_artifact_url: "{{ item.url }}"
+        download_artifact_dest: "{{ item.dest }}"
+        download_artifact_checksum: "sha256:{{ item.checksum }}"
+        download_artifact_owner: "{{ ansible_user }}"
+        download_artifact_mode: "0755"
+        download_artifact_unarchive: false
+        download_artifact_no_log: false
+      with_items: "{{ binaries.downloads }}"
