|
7 | 7 | when: |
8 | 8 | - not mor_force |
9 | 9 |
|
| 10 | +- name: Create temporary working directory |
| 11 | + ansible.builtin.tempfile: |
| 12 | + state: directory |
| 13 | + prefix: mor- |
| 14 | + register: _mor_tmp |
| 15 | + notify: "Remove temporary directory" |
| 16 | + when: mor_force or not _mor_target.stat.exists |
| 17 | + |
10 | 18 | - name: "Extract the OCP installer and metadata" |
11 | 19 | when: |
12 | 20 | - mor_force or not _mor_target.stat.exists |
13 | 21 | block: |
14 | | - - name: "Extract installer and metadata from release image" |
15 | | - ansible.builtin.shell: > |
16 | | - flock -x {{ mor_cache_dir }}/{{ mor_version }}/release_extract.lock -c ' |
17 | | - set -e; |
| 22 | + - name: "Extract installer from release image" |
| 23 | + ansible.builtin.command: > |
18 | 24 | {{ mor_oc }} adm release extract |
19 | 25 | --registry-config {{ mor_auths_file }} |
20 | 26 | --command={{ mor_installer }} |
21 | 27 | --from {{ mor_pull_url }} |
22 | | - --to "{{ mor_cache_dir }}/{{ mor_version }}"; |
| 28 | + --to "{{ _mor_tmp.path }}" |
| 29 | + register: _mor_extract_res |
| 30 | + retries: 9 |
| 31 | + delay: 10 |
| 32 | + until: _mor_extract_res is not failed |
| 33 | + changed_when: _mor_extract_res.rc == 0 |
| 34 | + |
| 35 | + - name: "Extract metadata from release image" |
| 36 | + ansible.builtin.command: > |
23 | 37 | {{ mor_oc }} adm release extract |
24 | 38 | --registry-config {{ mor_auths_file }} |
25 | 39 | --tools |
26 | 40 | --from {{ mor_pull_url }} |
27 | | - --to "{{ mor_cache_dir }}/{{ mor_version }}"' |
| 41 | + --to "{{ _mor_tmp.path }}" |
28 | 42 | register: _mor_extract_res |
29 | 43 | retries: 9 |
30 | 44 | delay: 10 |
31 | 45 | until: _mor_extract_res is not failed |
32 | | - changed_when: false |
| 46 | + changed_when: _mor_extract_res.rc == 0 |
33 | 47 |
|
34 | 48 | - name: "Extract rhcos.json if version >= 4.8" |
35 | 49 | when: |
36 | 50 | - mor_version is version("4.8", ">=") |
37 | 51 | ansible.builtin.shell: > |
38 | | - flock -x "{{ mor_cache_dir }}/{{ mor_version }}/release_extract.lock" -c '{ |
39 | | - "{{ mor_cache_dir }}/{{ mor_version }}/{{ mor_installer }}" coreos print-stream-json > |
40 | | - "{{ mor_cache_dir }}/{{ mor_version }}/rhcos.json"; |
41 | | - }' |
| 52 | + "{{ _mor_tmp.path }}/{{ mor_installer }}" coreos print-stream-json > |
| 53 | + "{{ _mor_tmp.path }}/rhcos.json" |
| 54 | + args: |
| 55 | + creates: "{{ _mor_tmp.path }}/rhcos.json" |
42 | 56 |
|
43 | 57 | - name: "Download rhcos.json (< 4.8)" |
44 | 58 | when: |
|
47 | 61 | - name: "Get Git SHA from installer" |
48 | 62 | ansible.builtin.shell: > |
49 | 63 | set -e -o pipefail; |
50 | | - {{ mor_cache_dir }}/{{ mor_version }}/openshift-baremetal-install version | |
| 64 | + {{ _mor_tmp.path }}/openshift-baremetal-install version | |
51 | 65 | grep "^built from" | |
52 | 66 | awk '{ print $NF }' |
53 | 67 | register: _mor_commit_id |
|
57 | 71 | ansible.builtin.include_tasks: fetch.yml |
58 | 72 | vars: |
59 | 73 | mor_uri: "https://raw.githubusercontent.com/openshift/installer/{{ _mor_commit_id.stdout }}/data/data/rhcos.json" |
60 | | - mor_dir: "{{ mor_cache_dir }}/{{ mor_version }}" |
| 74 | + mor_dir: "{{ _mor_tmp.path }}" |
61 | 75 |
|
62 | 76 | - name: "Figure out status of SELinux" |
63 | 77 | ansible.builtin.command: /usr/sbin/selinuxenabled |
64 | 78 | ignore_errors: true |
65 | 79 | register: _mor_selinux_status |
66 | 80 | changed_when: false |
67 | 81 |
|
68 | | - - name: Apply SELinux container file context to extracted files |
69 | | - ansible.builtin.sefcontext: |
70 | | - target: "{{ mor_cache_dir }}/{{ mor_version }}" |
71 | | - setype: container_file_t |
72 | | - become: true |
73 | | - register: _mor_cache_secontext |
74 | | - retries: 3 |
75 | | - delay: 5 |
76 | | - until: _mor_cache_secontext is not failed |
77 | | - when: |
78 | | - - _mor_selinux_status.rc == 0 |
79 | | - |
80 | | - - name: "Make installer command readable from HTTP" |
81 | | - ansible.builtin.file: |
82 | | - path: "{{ mor_cache_dir }}/{{ mor_version }}/{{ mor_installer }}" |
83 | | - state: file |
84 | | - owner: "{{ mor_owner }}" |
85 | | - group: "{{ mor_group }}" |
86 | | - mode: "0755" |
87 | | - setype: "httpd_sys_content_t" |
88 | | - register: _mor_install_mode |
89 | | - retries: 3 |
| 82 | + - name: Copy artifacts with access policies to release directory |
| 83 | + ansible.builtin.shell: | |
| 84 | + flock -x {{ mor_cache_dir }}/{{ mor_version }}/f.lock -c ' |
| 85 | + set -e; |
| 86 | + rsync -avz {{ _mor_tmp.path }}/ {{ mor_cache_dir }}/{{ mor_version }}/;{% if _mor_selinux_status.rc == 0 %} |
| 87 | + chcon -R -t container_file_t {{ mor_cache_dir }}/{{ mor_version }}; |
| 88 | + chcon -t httpd_sys_content_t {{ mor_cache_dir }}/{{ mor_version }}/{{ mor_installer }};{% endif %} |
| 89 | + chmod 755 {{ mor_cache_dir }}/{{ mor_version }}/{{ mor_installer }}; |
| 90 | + ' |
| 91 | + register: _mor_cache_copy |
| 92 | + retires: 3 |
90 | 93 | delay: 5 |
91 | | - until: _mor_install_mode is not failed |
92 | | - |
| 94 | + until: _mor_cache_copy is not failed |
93 | 95 | always: |
94 | | - - name: "Ensure lock file is removed" |
| 96 | + - name: Remove temporary directory |
95 | 97 | ansible.builtin.file: |
96 | | - path: "{{ mor_cache_dir }}/{{ mor_version }}/release_extract.lock" |
| 98 | + path: "{{ _mor_tmp.path }}" |
97 | 99 | state: absent |
98 | 100 | ... |
0 commit comments