- hosts: accesspoints
connection: local
roles:
- - role: openwrt-image
+ - role: openwrt/image
delegate_to: localhost
with_items: [ door_client, door_daemon, update-keys ]
roles:
- - role: openwrt-image
+ - role: openwrt/image
delegate_to: localhost
+++ /dev/null
-# Build OpenWRT images with Ansible
-
-TODO: add possibility to disable root logins using /etc/shadow
- this will also take care of the annoying
- "There is no root password defined ..."
- message when you log in.
-
-## Configuration
+++ /dev/null
----
-openwrt_variant: lede
-openwrt_release: 17.01.4
-openwrt_download_dir: "{{ global_cache_dir }}/openwrt"
-openwrt_tarball_basename: "{{ openwrt_variant }}-imagebuilder-{{ openwrt_release }}-{{ openwrt_arch }}-{{ openwrt_target }}.Linux-x86_64"
-openwrt_tarball_name: "{{ openwrt_tarball_basename }}.tar.xz"
-openwrt_target: generic
-
-openwrt_output_dir: "{{ global_artifacts_dir }}/{{ inventory_hostname }}/openwrt"
-openwrt_output_image_name_base: "{{ openwrt_variant }}-{{ openwrt_release }}-{{ openwrt_arch }}{% if openwrt_target != 'generic' %}-{{ openwrt_target }}{% endif %}"
-openwrt_output_image_suffixes:
- - squashfs-sysupgrade.bin
- - squashfs-factory.bin
-
-openwrt_packages_remove: []
-openwrt_packages_add: []
-openwrt_packages_extra: []
+++ /dev/null
----
-- name: Create download directory
- file:
- dest: "{{ openwrt_download_dir }}"
- state: directory
-
-- block:
- - name: Generate OpenWrt download URLs
- set_fact:
- openwrt_url:
- https://downloads.openwrt.org/releases/{{ openwrt_release }}/targets/{{ openwrt_arch | mandatory }}/{{ openwrt_target }}
-
- - name: Download sha256sums
- get_url:
- url: "{{ openwrt_url }}/sha256sums"
- dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256"
-
- - name: Download sha256sums.asc
- get_url:
- url: "{{ openwrt_url }}/sha256sums.asc"
- dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc"
-
- - name: Check OpenPGP signature
- command: >-
- gpg2 --no-options --no-default-keyring --secret-keyring /dev/null
- --verify --keyring "{{ role_path }}/openwrt-keyring.gpg"
- --trust-model always
- "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc"
- changed_when: False
-
- - name: Extract SHA256 hash of the imagebuilder archive
- command: grep '{{ openwrt_tarball_name }}' "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256"
- register: sha256
- changed_when: False
-
- - name: Download imagebuilder
- get_url:
- url: "{{ openwrt_url }}/{{ openwrt_tarball_name }}"
- dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}"
- checksum: sha256:{{ sha256.stdout.split(' ') | first }}
-
- rescue:
- - name: Delete downloaded artifacts
- file:
- path: "{{ item }}"
- state: absent
- with_items:
- - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256"
- - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc"
- - "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}"
- - fail:
- msg: Something borked
+++ /dev/null
----
-- include: fetch.yml
- run_once: true
- when: openwrt_imgbuilder_tarball is not defined
-
-- block:
- - include: prepare.yml
-
- - name: Create the output directory for built images
- file:
- path: "{{ openwrt_output_dir }}"
- state: directory
-
- - set_fact:
- openwrt_packages: >-
- {{ openwrt_packages_remove | map('regex_replace', '^', '-') | join(' ') }}
- {{ openwrt_packages_add | join(' ') }}
- {{ openwrt_packages_extra | join(' ') }}
-
- - name: Build the OpenWrt image
- command: >-
- make -C {{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }} image
- {% if openwrt_profile is defined %}PROFILE="{{ openwrt_profile }}" {% endif %}
- FILES="{{ openwrt_imgbuilder_files }}"
- PACKAGES="{{ openwrt_packages }}"
- {% if openwrt_extra_name is defined %} EXTRA_IMAGE_NAME="{{ openwrt_extra_name }}" {% endif %}
-
- - name: Copy newly built OpenWrt image
- with_items: "{{ openwrt_output_image_suffixes }}"
- copy:
- src: "{{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }}/bin/targets/{{ openwrt_arch }}/{{ openwrt_target }}/{{ openwrt_output_image_name_base }}-{{ item }}"
- dest: "{{ openwrt_output_dir }}"
-
- always:
- - name: Delete the temporary build directory
- file:
- path: "{{ openwrt_imgbuilder_dir }}"
- state: absent
+++ /dev/null
----
-- name: Create temporary build directory
- command: mktemp --tmpdir -d openwrt-{{ inventory_hostname }}.XXXXXX
- register: tmpdir
-
-- set_fact:
- openwrt_imgbuilder_dir: "{{ tmpdir.stdout }}"
- openwrt_imgbuilder_files: "{{ tmpdir.stdout }}/files"
-
-- name: Create the directories for mixins
- file:
- path: "{{ item }}"
- state: directory
- mode: '0755'
- with_items:
- - "{{ openwrt_download_dir }}/dl/{{ openwrt_arch }}"
- - "{{ openwrt_imgbuilder_files }}/etc/config"
- - "{{ openwrt_mixin | map('dirname') | map('regex_replace', '^', openwrt_imgbuilder_files) | unique | list }}"
-
-
-- name: Copy mixins in place [1/2]
- copy:
- src: "{{ item.value.file }}"
- dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}"
- mode: "{{ item.value.mode | default('0644') }}"
- with_dict: "{{ openwrt_mixin }}"
- when: '"file" in item.value'
- loop_control:
- label: "{{ item.key }}"
-
-- name: Copy mixins in place [2/2]
- copy:
- content: "{{ item.value.content }}"
- dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}"
- mode: "{{ item.value.mode | default('0644') }}"
- with_dict: "{{ openwrt_mixin }}"
- when: '"content" in item.value'
- loop_control:
- label: "{{ item.key }}"
-
-- name: Generate /etc/fstab
- mount:
- fstab: "{{ openwrt_imgbuilder_files }}/etc/fstab"
- state: present
- src: "{{ item.src | default(omit) }}"
- path: "{{ item.path | default(omit) }}"
- fstype: "{{ item.fstype | default(omit) }}"
- opts: "{{ item.opts | default(omit) }}"
- boot: "{{ item.boot | default(omit) }}"
- dump: "{{ item.dump | default(omit) }}"
- passno: "{{ item.passno | default(omit) }}"
- when: openwrt_mounts is defined
- with_items: "{{ openwrt_mounts }}"
- loop_control:
- label: "{{ item.path }}"
-
-
-- name: Create UCI configuration files
- template:
- src: uci.j2
- dest: "{{ openwrt_imgbuilder_files }}/etc/config/{{ item.key }}"
- mode: 0644
- trim_blocks: yes
-# force: no ## TODO: fail when overwriting a file
- with_dict: "{{ openwrt_uci }}"
- loop_control:
- label: "{{ item.key }}"
-
-- name: Create /etc/passwd
- template:
- src: passwd.j2
- dest: "{{ openwrt_imgbuilder_files }}/etc/passwd"
- mode: 0644
- trim_blocks: yes
- when: openwrt_users is defined
-
-- name: Create /etc/group
- template:
- src: group.j2
- dest: "{{ openwrt_imgbuilder_files }}/etc/group"
- mode: 0644
- trim_blocks: yes
- when: openwrt_groups is defined or openwrt_users is defined
-
-- unarchive:
- copy: False
- src: "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}"
- dest: "{{ openwrt_imgbuilder_dir }}"
-
-- name: Symlink the cache repository
- file:
- state: link
- src: "{{ openwrt_download_dir }}/dl/{{ openwrt_arch }}"
- path: "{{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }}/dl"
+++ /dev/null
-{{ ansible_managed | comment }}
-root:x:0:
-daemon:x:1:
-adm:x:4:
-mail:x:8:
-audio:x:29:
-www-data:x:33:
-ftp:x:55:
-users:x:100:
-network:x:101:
-{% for name, opt in openwrt_users.items() %}
-{% if 'group_id' not in opt %}
-{{ name }}:x:{{ opt.id | default(loop.index + 110) }}:
-{% endif %}
-{% endfor %}
-{% if openwrt_groups is defined %}
-{% for name, opt in openwrt_groups.items() %}
-{{ name }}:x:{{ opt.id | default(loop.index + 200) }}:
-{% endfor %}
-{% endif %}
-nogroup:x:65534:
+++ /dev/null
-{{ ansible_managed | comment }}
-root:x:0:0:root:/root:/bin/ash
-daemon:*:1:1:daemon:/var:/bin/false
-ftp:*:55:55:ftp:/home/ftp:/bin/false
-network:*:101:101:network:/var:/bin/false
-{% for name, opt in openwrt_users.items() %}
-{{ name }}:*:{{ opt.id | default(loop.index + 110) }}:{{ opt.gid | default(loop.index + 110) }}:{{ name }}:{{ opt.home | default('/nonexistent') }}:{{ opt.shell | default('/bin/false') }}
-{% endfor %}
-nobody:*:65534:65534:nobody:/var:/bin/false
+++ /dev/null
-{{ ansible_managed | comment }}
-
-{% for section in item.value %}
-config {{ section.name }}
-{% for option, value in section.options.items() %}
-{% if value is iterable and value is not string %}
-{% for v in value %}
- list {{ option }} '{{ v }}'
-{% endfor %}
-{% else %}
- option {{ option }} '{{ value }}'
-{% endif %}
-{% endfor %}
-
-{% endfor %}
--- /dev/null
+# Build OpenWRT images with Ansible
+
+TODO: add possibility to disable root logins using /etc/shadow
+ this will also take care of the annoying
+ "There is no root password defined ..."
+ message when you log in.
+
+## Configuration
--- /dev/null
+---
+openwrt_variant: lede
+openwrt_release: 17.01.4
+openwrt_download_dir: "{{ global_cache_dir }}/openwrt"
+openwrt_tarball_basename: "{{ openwrt_variant }}-imagebuilder-{{ openwrt_release }}-{{ openwrt_arch }}-{{ openwrt_target }}.Linux-x86_64"
+openwrt_tarball_name: "{{ openwrt_tarball_basename }}.tar.xz"
+openwrt_target: generic
+
+openwrt_output_dir: "{{ global_artifacts_dir }}/{{ inventory_hostname }}/openwrt"
+openwrt_output_image_name_base: "{{ openwrt_variant }}-{{ openwrt_release }}-{{ openwrt_arch }}{% if openwrt_target != 'generic' %}-{{ openwrt_target }}{% endif %}"
+openwrt_output_image_suffixes:
+ - squashfs-sysupgrade.bin
+ - squashfs-factory.bin
+
+openwrt_packages_remove: []
+openwrt_packages_add: []
+openwrt_packages_extra: []
--- /dev/null
+---
+- name: Create download directory
+ file:
+ dest: "{{ openwrt_download_dir }}"
+ state: directory
+
+- block:
+ - name: Generate OpenWrt download URLs
+ set_fact:
+ openwrt_url:
+ https://downloads.openwrt.org/releases/{{ openwrt_release }}/targets/{{ openwrt_arch | mandatory }}/{{ openwrt_target }}
+
+ - name: Download sha256sums
+ get_url:
+ url: "{{ openwrt_url }}/sha256sums"
+ dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256"
+
+ - name: Download sha256sums.asc
+ get_url:
+ url: "{{ openwrt_url }}/sha256sums.asc"
+ dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc"
+
+ - name: Check OpenPGP signature
+ command: >-
+ gpg2 --no-options --no-default-keyring --secret-keyring /dev/null
+ --verify --keyring "{{ role_path }}/openwrt-keyring.gpg"
+ --trust-model always
+ "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc"
+ changed_when: False
+
+ - name: Extract SHA256 hash of the imagebuilder archive
+ command: grep '{{ openwrt_tarball_name }}' "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256"
+ register: sha256
+ changed_when: False
+
+ - name: Download imagebuilder
+ get_url:
+ url: "{{ openwrt_url }}/{{ openwrt_tarball_name }}"
+ dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}"
+ checksum: sha256:{{ sha256.stdout.split(' ') | first }}
+
+ rescue:
+ - name: Delete downloaded artifacts
+ file:
+ path: "{{ item }}"
+ state: absent
+ with_items:
+ - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256"
+ - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc"
+ - "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}"
+ - fail:
+ msg: Something borked
--- /dev/null
+---
+- include: fetch.yml
+ run_once: true
+ when: openwrt_imgbuilder_tarball is not defined
+
+- block:
+ - include: prepare.yml
+
+ - name: Create the output directory for built images
+ file:
+ path: "{{ openwrt_output_dir }}"
+ state: directory
+
+ - set_fact:
+ openwrt_packages: >-
+ {{ openwrt_packages_remove | map('regex_replace', '^', '-') | join(' ') }}
+ {{ openwrt_packages_add | join(' ') }}
+ {{ openwrt_packages_extra | join(' ') }}
+
+ - name: Build the OpenWrt image
+ command: >-
+ make -C {{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }} image
+ {% if openwrt_profile is defined %}PROFILE="{{ openwrt_profile }}" {% endif %}
+ FILES="{{ openwrt_imgbuilder_files }}"
+ PACKAGES="{{ openwrt_packages }}"
+ {% if openwrt_extra_name is defined %} EXTRA_IMAGE_NAME="{{ openwrt_extra_name }}" {% endif %}
+
+ - name: Copy newly built OpenWrt image
+ with_items: "{{ openwrt_output_image_suffixes }}"
+ copy:
+ src: "{{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }}/bin/targets/{{ openwrt_arch }}/{{ openwrt_target }}/{{ openwrt_output_image_name_base }}-{{ item }}"
+ dest: "{{ openwrt_output_dir }}"
+
+ always:
+ - name: Delete the temporary build directory
+ file:
+ path: "{{ openwrt_imgbuilder_dir }}"
+ state: absent
--- /dev/null
+---
+- name: Create temporary build directory
+ command: mktemp --tmpdir -d openwrt-{{ inventory_hostname }}.XXXXXX
+ register: tmpdir
+
+- set_fact:
+ openwrt_imgbuilder_dir: "{{ tmpdir.stdout }}"
+ openwrt_imgbuilder_files: "{{ tmpdir.stdout }}/files"
+
+- name: Create the directories for mixins
+ file:
+ path: "{{ item }}"
+ state: directory
+ mode: '0755'
+ with_items:
+ - "{{ openwrt_download_dir }}/dl/{{ openwrt_arch }}"
+ - "{{ openwrt_imgbuilder_files }}/etc/config"
+ - "{{ openwrt_mixin | map('dirname') | map('regex_replace', '^', openwrt_imgbuilder_files) | unique | list }}"
+
+
+- name: Copy mixins in place [1/2]
+ copy:
+ src: "{{ item.value.file }}"
+ dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}"
+ mode: "{{ item.value.mode | default('0644') }}"
+ with_dict: "{{ openwrt_mixin }}"
+ when: '"file" in item.value'
+ loop_control:
+ label: "{{ item.key }}"
+
+- name: Copy mixins in place [2/2]
+ copy:
+ content: "{{ item.value.content }}"
+ dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}"
+ mode: "{{ item.value.mode | default('0644') }}"
+ with_dict: "{{ openwrt_mixin }}"
+ when: '"content" in item.value'
+ loop_control:
+ label: "{{ item.key }}"
+
+- name: Generate /etc/fstab
+ mount:
+ fstab: "{{ openwrt_imgbuilder_files }}/etc/fstab"
+ state: present
+ src: "{{ item.src | default(omit) }}"
+ path: "{{ item.path | default(omit) }}"
+ fstype: "{{ item.fstype | default(omit) }}"
+ opts: "{{ item.opts | default(omit) }}"
+ boot: "{{ item.boot | default(omit) }}"
+ dump: "{{ item.dump | default(omit) }}"
+ passno: "{{ item.passno | default(omit) }}"
+ when: openwrt_mounts is defined
+ with_items: "{{ openwrt_mounts }}"
+ loop_control:
+ label: "{{ item.path }}"
+
+
+- name: Create UCI configuration files
+ template:
+ src: uci.j2
+ dest: "{{ openwrt_imgbuilder_files }}/etc/config/{{ item.key }}"
+ mode: 0644
+ trim_blocks: yes
+# force: no ## TODO: fail when overwriting a file
+ with_dict: "{{ openwrt_uci }}"
+ loop_control:
+ label: "{{ item.key }}"
+
+- name: Create /etc/passwd
+ template:
+ src: passwd.j2
+ dest: "{{ openwrt_imgbuilder_files }}/etc/passwd"
+ mode: 0644
+ trim_blocks: yes
+ when: openwrt_users is defined
+
+- name: Create /etc/group
+ template:
+ src: group.j2
+ dest: "{{ openwrt_imgbuilder_files }}/etc/group"
+ mode: 0644
+ trim_blocks: yes
+ when: openwrt_groups is defined or openwrt_users is defined
+
+- unarchive:
+ copy: False
+ src: "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}"
+ dest: "{{ openwrt_imgbuilder_dir }}"
+
+- name: Symlink the cache repository
+ file:
+ state: link
+ src: "{{ openwrt_download_dir }}/dl/{{ openwrt_arch }}"
+ path: "{{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }}/dl"
--- /dev/null
+{{ ansible_managed | comment }}
+root:x:0:
+daemon:x:1:
+adm:x:4:
+mail:x:8:
+audio:x:29:
+www-data:x:33:
+ftp:x:55:
+users:x:100:
+network:x:101:
+{% for name, opt in openwrt_users.items() %}
+{% if 'group_id' not in opt %}
+{{ name }}:x:{{ opt.id | default(loop.index + 110) }}:
+{% endif %}
+{% endfor %}
+{% if openwrt_groups is defined %}
+{% for name, opt in openwrt_groups.items() %}
+{{ name }}:x:{{ opt.id | default(loop.index + 200) }}:
+{% endfor %}
+{% endif %}
+nogroup:x:65534:
--- /dev/null
+{{ ansible_managed | comment }}
+root:x:0:0:root:/root:/bin/ash
+daemon:*:1:1:daemon:/var:/bin/false
+ftp:*:55:55:ftp:/home/ftp:/bin/false
+network:*:101:101:network:/var:/bin/false
+{% for name, opt in openwrt_users.items() %}
+{{ name }}:*:{{ opt.id | default(loop.index + 110) }}:{{ opt.gid | default(loop.index + 110) }}:{{ name }}:{{ opt.home | default('/nonexistent') }}:{{ opt.shell | default('/bin/false') }}
+{% endfor %}
+nobody:*:65534:65534:nobody:/var:/bin/false
--- /dev/null
+{{ ansible_managed | comment }}
+
+{% for section in item.value %}
+config {{ section.name }}
+{% for option, value in section.options.items() %}
+{% if value is iterable and value is not string %}
+{% for v in value %}
+ list {{ option }} '{{ v }}'
+{% endfor %}
+{% else %}
+ option {{ option }} '{{ value }}'
+{% endif %}
+{% endfor %}
+
+{% endfor %}