Support installation of higher versions of Kubernetes

pixiu-io · Aug 2, 2024 · dd938d2 · dd938d2
1 parent 1a26527
commit dd938d2
Show file tree

Hide file tree

Showing 4 changed files with 105 additions and 11 deletions.
diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
@@ -76,6 +76,8 @@ kube_base_version: "{{ kube_release.split('.')[0] }}.{{ kube_release.split('.')[
 
 kube_release_ubuntu: "{{ kube_release ~ '-1.1' if release_bump else kube_release ~ '-00' }}"
 
+gpg_path: "/etc/apt/keyrings/kubernetes-apt-keyring.gpg"
+
 ##################
 # Runtime Options
 ##################

diff --git a/ansible/library/gpg_key.py b/ansible/library/gpg_key.py
@@ -0,0 +1,99 @@
+# Copyright 2024 YourName
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import subprocess
+
+import requests
+import os
+import traceback
+from ansible.module_utils.basic import AnsibleModule
+
+DOCUMENTATION = '''
+---
+module: gpg_key
+short_description: >
+  Download a GPG key and convert it to GPG format.
+description:
+  - This module downloads a GPG key from a specified URL, converts it to GPG format, and saves it to a specified file path.
+
+author: puzhihao
+'''
+
+EXAMPLES = '''
+- hosts: localhost
+  tasks:
+  - name: Download and convert GPG key
+    gpg_key:
+      url: 'https://example.com/path/to/gpg/key'
+      output_path: '/etc/apt/keyrings/example-keyring.gpg'
+'''
+
+
+class GPGKey(object):
+    def __init__(self, params):
+        self.params = params
+        self.url = self.params.get('url')
+        self.output_path = self.params.get('output_path')
+        self.temp_path = '/tmp/temp_gpg_key'
+        self.changed = False
+        self.result = {}
+
+    def download_file(self):
+        response = requests.get(self.url, stream=True)
+        if response.status_code == 200:
+            with open(self.temp_path, 'wb') as file:
+                file.write(response.content)
+            return True
+        else:
+            return False
+
+    def convert_key(self):
+        result = subprocess.run(['gpg', '--yes', '--dearmor', '-o', self.output_path, self.temp_path],
+                                capture_output=True, text=True)
+        if result.returncode == 0:
+            return True
+        else:
+            return False
+
+    def process(self):
+        if self.download_file():
+            self.changed = True
+            if self.convert_key():
+                self.result['msg'] = 'GPG key downloaded and converted successfully'
+            else:
+                self.result['msg'] = 'Failed to convert the GPG key'
+            os.remove(self.temp_path)
+        else:
+            self.result['msg'] = 'Failed to download the GPG key'
+
+
+def main():
+    specs = dict(
+        url=dict(required=True, type='str'),
+        output_path=dict(required=True, type='str'),
+    )
+    module = AnsibleModule(argument_spec=specs, bypass_checks=True)
+    params = module.params
+
+    gpg_manager = None
+    try:
+        gpg_manager = GPGKey(params)
+        gpg_manager.process()
+        module.exit_json(changed=gpg_manager.changed, result=gpg_manager.result)
+    except Exception:
+        module.fail_json(changed=True, msg=repr(traceback.format_exc()),
+                         **getattr(gpg_manager, 'result', {}))
+
+
+if __name__ == '__main__':
+    main()
diff --git a/ansible/roles/baremetal/tasks/install.yml b/ansible/roles/baremetal/tasks/install.yml
@@ -44,17 +44,10 @@
       when:
         - ansible_distribution == item.os
 
-    - name: Add Kubernetes GPG key
-      get_url:
-        url: https://mirrors.aliyun.com/kubernetes-new/core/stable/v{{ kube_base_version }}/deb/Release.key
-        dest: /tmp/kubernetes-Release.key
-      when:
-        - ansible_distribution == 'Ubuntu' or
-          ansible_distribution == 'Debian'
-        - release_bump
-
     - name: Add kubernetes gpg
-      command: gpg --yes --dearmor -o /tmp/kubernetes-apt-keyring.gpg /tmp/kubernetes-Release.key
+      gpg_key:
+        url: 'https://mirrors.aliyun.com/kubernetes-new/core/stable/v{{ kube_base_version }}/deb/Release.key'
+        output_path: "{{ gpg_path }}"
       when:
         - ansible_distribution == 'Ubuntu' or
           ansible_distribution == 'Debian'

diff --git a/ansible/roles/baremetal/templates/sources.list.j2 b/ansible/roles/baremetal/templates/sources.list.j2
@@ -19,5 +19,5 @@ deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
 # deb http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main
 
 {% if release_bump %}
-deb [signed-by=/tmp/kubernetes-apt-keyring.gpg] https://mirrors.aliyun.com/kubernetes-new/core/stable/v{{ kube_base_version }}/deb/ /
+deb [signed-by={{ gpg_path }}] https://mirrors.aliyun.com/kubernetes-new/core/stable/v{{ kube_base_version }}/deb/ /
 {% endif %}