feat: add arm64 support to step_ca and step_cli (#49)

This commit adds support for alternative architectures (arm64 for now) to both installer roles. As the debian packages only come with an amd64 executable, I am dropping support for installing step via deb packages. This should be transparent to any user running this role as the tarball installation uses the exact same paths
maxhoesel-ansible · Mar 30, 2021 · 9133d7b · 9133d7b
1 parent dc466a6
commit 9133d7b
Show file tree

Hide file tree

Showing 15 changed files with 54 additions and 51 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -6,7 +6,6 @@ repos:
   hooks:
   - id: trailing-whitespace
   - id: end-of-file-fixer
-  - id: check-yaml
   - id: check-added-large-files
 - repo: https://github.com/jorisroovers/gitlint
   rev: v0.15.0

diff --git a/roles/step_acme_cert/molecule/default/prepare.yml b/roles/step_acme_cert/molecule/default/prepare.yml
@@ -1,3 +1,9 @@
+- hosts: ubuntu:debian
+  tasks:
+    - name: Update apt
+      apt:
+        update_cache: yes
+
 - hosts: ca
   tasks:
     - name: Copy existing ca cert/key to nodes
@@ -30,12 +36,6 @@
         name: step-ca
         state: reloaded
 
-- hosts: ubuntu:debian
-  tasks:
-    - name: Update apt
-      apt:
-        update_cache: yes
-
 - hosts: clients
   tasks:
     - name: Install nginx

diff --git a/roles/step_bootstrap_host/molecule/default/prepare.yml b/roles/step_bootstrap_host/molecule/default/prepare.yml
@@ -1,3 +1,9 @@
+- hosts: ubuntu:debian
+  tasks:
+    - name: Update apt
+      apt:
+        update_cache: yes
+
 - hosts: ca
   tasks:
     - name: Copy existing ca cert/key to nodes

diff --git a/roles/step_ca/README.md b/roles/step_ca/README.md
@@ -16,6 +16,7 @@ This role performs the following actions:
   - Ubuntu 18.04 LTS or newer
   - Debian 10 or newer
   - CentOS 8 or newer
+- Supported architectures: amd64, arm64
 - This role requires root access. Make sure to run this role with `become: yes` or equivalent
 - This role requires `expect` to answer some interactive prompts. It will automatically install
   `expect` if it is not present

diff --git a/roles/step_ca/molecule/default/prepare.yml b/roles/step_ca/molecule/default/prepare.yml
@@ -1,3 +1,9 @@
+- hosts: "ubuntu:debian"
+  tasks:
+    - name: Update apt cache
+      apt:
+        update_cache: yes
+
 - hosts: all
   tasks:
     - name: Install step_cli

diff --git a/roles/step_ca/tasks/install_redhat.yml → roles/step_ca/tasks/install.yml b/roles/step_ca/tasks/install_redhat.yml → roles/step_ca/tasks/install.yml
@@ -1,13 +1,13 @@
 ---
-- name: Requirements are installed [RedHat]
+- name: Requirements are installed
   package:
     name: expect
 
-- name: Look for existing step-ca binary [RedHat]
+- name: Look for existing step-ca binary
   stat:
     path: "{{ step_ca_executable }}"
   register: step_ca_present
-- name: Get currently installed step-ca version [RedHat]
+- name: Get currently installed step-ca version
   shell: >
     set -o pipefail &&
     {{ step_ca_executable }} version | cut -d' ' -f 2 | cut -d'/' -f 2 | awk 'FNR == 1'
@@ -19,19 +19,21 @@
   when: step_ca_present.stat.exists
 
 - block:
-    - name: Download and extract step-ca archive [RedHat]
+    - name: Download and extract step-ca archive
       unarchive:
-        src: "https://github.com/smallstep/certificates/releases/download/v{{ step_ca_version }}/step-ca_linux_{{ step_ca_version }}_amd64.tar.gz"
+        src: "https://github.com/smallstep/certificates/releases/download/v{{ step_ca_version }}/step-ca_linux_{{ step_ca_version }}_{{ step_ca_arch[ansible_architecture] }}.tar.gz"
         dest: /tmp/
         remote_src: yes
       retries: 3
       delay: 3
-    - name: Install step-ca binary [RedHat]
+    - name: Install step-ca binary
       shell: >
         set -o pipefail &&
-        cp /tmp/step-ca_{{ step_ca_version }}/bin/step-ca {{ step_ca_executable }}
+        cp /tmp/step-ca_{{ step_ca_version }}/bin/* {{ step_ca_executable | dirname }}
+      args:
+        executable: /bin/bash
   always:
-    - name: Remove step release archive [RedHat]
+    - name: Remove step release archive
       file:
         path: "/tmp/step-ca_{{ step_ca_version }}"
         state: absent

diff --git a/roles/step_ca/tasks/install_debian.yml b/roles/step_ca/tasks/install_debian.yml
diff --git a/roles/step_ca/tasks/main.yml b/roles/step_ca/tasks/main.yml
@@ -17,7 +17,7 @@
         step_ca_version: "{{ (step_ca_latest_release.json.tag_name)[1:] }}"
   when: step_ca_version == 'latest'
 
-- include: "install_{{ ansible_os_family | lower }}.yml"
+- include: "install.yml"
 
 - name: step_ca_user is present
   user:

diff --git a/roles/step_ca/vars/main.yml b/roles/step_ca/vars/main.yml
@@ -5,3 +5,8 @@ step_ca_root_password_file: "{{ step_ca_path }}/.password_root.txt"
 step_ca_intermediate_password_file: "{{ step_ca_path }}/.password.txt"
 
 step_ca_tmp_provisioner: "tmp_provisioner"
+
+
+step_ca_arch:
+  x86_64: "amd64"
+  aarch64: "arm64"
diff --git a/roles/step_cli/README.md b/roles/step_cli/README.md
@@ -8,6 +8,7 @@ Install the `step` CLI tool on a host
   - Ubuntu 18.04 LTS or newer
   - Debian 10 or newer
   - CentOS 8 or newer
+- Supported architectures: amd64, arm64
 - This role requires root access. Make sure to run this role with `become: yes` or equivalent
 
 ## Role Variables

diff --git a/roles/step_cli/molecule/default/prepare.yml b/roles/step_cli/molecule/default/prepare.yml
@@ -0,0 +1,5 @@
+- hosts: "ubuntu:debian"
+  tasks:
+    - name: Update apt cache
+      apt:
+        update_cache: yes
diff --git a/roles/step_cli/tasks/install_redhat.yml → roles/step_cli/tasks/install.yml b/roles/step_cli/tasks/install_redhat.yml → roles/step_cli/tasks/install.yml
@@ -1,8 +1,8 @@
-- name: Look for existing step-cli binary [RedHat]
+- name: Look for existing step-cli binary
   stat:
     path: "{{ step_cli_executable }}"
   register: step_cli_present
-- name: Get currently installed step-cli version [RedHat]
+- name: Get currently installed step-cli version
   shell: >
     set -o pipefail &&
     {{ step_cli_executable }} version | cut -d' ' -f 2 | cut -d'/' -f 2 | awk 'FNR == 1'
@@ -14,19 +14,21 @@
   when: step_cli_present.stat.exists
 
 - block:
-    - name: Download and extract step-cli archive [RedHat]
+    - name: Download and extract step-cli archive
       unarchive:
-        src: "https://github.com/smallstep/cli/releases/download/v{{ step_cli_version }}/step_linux_{{ step_cli_version }}_amd64.tar.gz"
+        src: "https://github.com/smallstep/cli/releases/download/v{{ step_cli_version }}/step_linux_{{ step_cli_version }}_{{ step_cli_arch[ansible_architecture] }}.tar.gz"
         dest: /tmp/
         remote_src: yes
       retries: 3
       delay: 3
-    - name: Install step-cli binary [RedHat]
+    - name: Install step-cli binary
       shell: >
         set -o pipefail &&
         cp /tmp/step_{{ step_cli_version }}/bin/step {{ step_cli_executable }}
+      args:
+        executable: /bin/bash
   always:
-    - name: Remove step release archive [RedHat]
+    - name: Remove step release archive
       file:
         path: "/tmp/step_{{ step_cli_version }}"
         state: absent

diff --git a/roles/step_cli/tasks/install_debian.yml b/roles/step_cli/tasks/install_debian.yml
diff --git a/roles/step_cli/tasks/main.yml b/roles/step_cli/tasks/main.yml
@@ -15,4 +15,4 @@
         step_cli_version: "{{ (step_cli_latest_release.json.tag_name)[1:] }}"
   when: step_cli_version == 'latest'
 
-- include: "install_{{ ansible_os_family | lower }}.yml"
+- include: "install.yml"
diff --git a/roles/step_cli/vars/main.yml b/roles/step_cli/vars/main.yml
@@ -2,3 +2,7 @@
 # Upstream uses /usr/bin instead of /usr/local/bin. Not a fan,
 # but we follow along for consistencies sake
 step_cli_executable: /usr/bin/step-cli
+
+step_cli_arch:
+  x86_64: "amd64"
+  aarch64: "arm64"