mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-10-24 04:54:00 -07:00
proxmox_template: Add optional checksum validation (#9601)
* Adds support for checksums in Proxmox_template.
* Implemented checksum verification
* Removed unintended captilization changes
* further fixing of unintended changes
* removed misspelling
* Final adjustementsto proxmox_template.py
* fixed typo
* fixed a typo in sha512
* add changelog fragment
* fixed type in choices for checksum_algortihm
* fixed file naming error and add relevant links to changelog
* Fix all unintentional refactorings
* refactoring changes removed
* renamed the function verify_checksum to fetch_and_verify for clarity
* Adjusted additions based on feedback
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit b9299e633c
)
Co-authored-by: Andrew Bowen <andrewb12505@gmail.com>
374 lines
15 KiB
Python
374 lines
15 KiB
Python
#!/usr/bin/python
|
|
# -*- coding: utf-8 -*-
|
|
#
|
|
# Copyright Ansible Project
|
|
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
from __future__ import absolute_import, division, print_function
|
|
__metaclass__ = type
|
|
|
|
|
|
DOCUMENTATION = r"""
|
|
module: proxmox_template
|
|
short_description: Management of OS templates in Proxmox VE cluster
|
|
description:
|
|
- Allows you to upload/delete templates in Proxmox VE cluster.
|
|
attributes:
|
|
check_mode:
|
|
support: none
|
|
diff_mode:
|
|
support: none
|
|
action_group:
|
|
version_added: 9.0.0
|
|
options:
|
|
node:
|
|
description:
|
|
- Proxmox VE node on which to operate.
|
|
type: str
|
|
src:
|
|
description:
|
|
- Path to uploaded file.
|
|
- Exactly one of O(src) or O(url) is required for O(state=present).
|
|
type: path
|
|
url:
|
|
description:
|
|
- URL to file to download.
|
|
- Exactly one of O(src) or O(url) is required for O(state=present).
|
|
type: str
|
|
version_added: 10.1.0
|
|
template:
|
|
description:
|
|
- The template name.
|
|
- Required for O(state=absent) to delete a template.
|
|
- Required for O(state=present) to download an appliance container template (pveam).
|
|
type: str
|
|
content_type:
|
|
description:
|
|
- Content type.
|
|
- Required only for O(state=present).
|
|
type: str
|
|
default: 'vztmpl'
|
|
choices: ['vztmpl', 'iso']
|
|
storage:
|
|
description:
|
|
- Target storage.
|
|
type: str
|
|
default: 'local'
|
|
timeout:
|
|
description:
|
|
- Timeout for operations.
|
|
type: int
|
|
default: 30
|
|
force:
|
|
description:
|
|
- It can only be used with O(state=present), existing template will be overwritten.
|
|
type: bool
|
|
default: false
|
|
state:
|
|
description:
|
|
- Indicate desired state of the template.
|
|
type: str
|
|
choices: ['present', 'absent']
|
|
default: present
|
|
checksum_algorithm:
|
|
description:
|
|
- Algorithm used to verify the checksum.
|
|
- If specified, O(checksum) must also be specified.
|
|
type: str
|
|
choices: ['md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512']
|
|
version_added: 10.3.0
|
|
checksum:
|
|
description:
|
|
- The checksum to validate against.
|
|
- Checksums are often provided by software distributors to verify that a download is not corrupted.
|
|
- Checksums can usually be found on the distributors download page in the form of a file or string.
|
|
- If specified, O(checksum_algorithm) must also be specified.
|
|
type: str
|
|
version_added: 10.3.0
|
|
notes:
|
|
- Requires C(proxmoxer) and C(requests) modules on host. Those modules can be installed with M(ansible.builtin.pip).
|
|
- C(proxmoxer) >= 1.2.0 requires C(requests_toolbelt) to upload files larger than 256 MB.
|
|
author: Sergei Antipov (@UnderGreen)
|
|
extends_documentation_fragment:
|
|
- community.general.proxmox.actiongroup_proxmox
|
|
- community.general.proxmox.documentation
|
|
- community.general.attributes
|
|
"""
|
|
|
|
EXAMPLES = r"""
|
|
---
|
|
- name: Upload new openvz template with minimal options
|
|
community.general.proxmox_template:
|
|
node: uk-mc02
|
|
api_user: root@pam
|
|
api_password: 1q2w3e
|
|
api_host: node1
|
|
src: ~/ubuntu-14.04-x86_64.tar.gz
|
|
|
|
- name: Pull new openvz template with minimal options
|
|
community.general.proxmox_template:
|
|
node: uk-mc02
|
|
api_user: root@pam
|
|
api_password: 1q2w3e
|
|
api_host: node1
|
|
url: https://ubuntu-mirror/ubuntu-14.04-x86_64.tar.gz
|
|
|
|
- name: >
|
|
Upload new openvz template with minimal options use environment
|
|
PROXMOX_PASSWORD variable(you should export it before)
|
|
community.general.proxmox_template:
|
|
node: uk-mc02
|
|
api_user: root@pam
|
|
api_host: node1
|
|
src: ~/ubuntu-14.04-x86_64.tar.gz
|
|
|
|
- name: Upload new openvz template with all options and force overwrite
|
|
community.general.proxmox_template:
|
|
node: uk-mc02
|
|
api_user: root@pam
|
|
api_password: 1q2w3e
|
|
api_host: node1
|
|
storage: local
|
|
content_type: vztmpl
|
|
src: ~/ubuntu-14.04-x86_64.tar.gz
|
|
force: true
|
|
|
|
- name: Pull new openvz template with all options and force overwrite
|
|
community.general.proxmox_template:
|
|
node: uk-mc02
|
|
api_user: root@pam
|
|
api_password: 1q2w3e
|
|
api_host: node1
|
|
storage: local
|
|
content_type: vztmpl
|
|
url: https://ubuntu-mirror/ubuntu-14.04-x86_64.tar.gz
|
|
force: true
|
|
|
|
- name: Delete template with minimal options
|
|
community.general.proxmox_template:
|
|
node: uk-mc02
|
|
api_user: root@pam
|
|
api_password: 1q2w3e
|
|
api_host: node1
|
|
template: ubuntu-14.04-x86_64.tar.gz
|
|
state: absent
|
|
|
|
- name: Download proxmox appliance container template
|
|
community.general.proxmox_template:
|
|
node: uk-mc02
|
|
api_user: root@pam
|
|
api_password: 1q2w3e
|
|
api_host: node1
|
|
storage: local
|
|
content_type: vztmpl
|
|
template: ubuntu-20.04-standard_20.04-1_amd64.tar.gz
|
|
|
|
- name: Download and verify a template's checksum
|
|
community.general.proxmox_template:
|
|
node: uk-mc02
|
|
api_user: root@pam
|
|
api_password: 1q2w3e
|
|
api_host: node1
|
|
url: ubuntu-20.04-standard_20.04-1_amd64.tar.gz
|
|
checksum_algorithm: sha256
|
|
checksum: 65d860160bdc9b98abf72407e14ca40b609417de7939897d3b58d55787aaef69
|
|
"""
|
|
|
|
import os
|
|
import time
|
|
import traceback
|
|
|
|
from ansible.module_utils.basic import AnsibleModule, missing_required_lib
|
|
from ansible_collections.community.general.plugins.module_utils.proxmox import (proxmox_auth_argument_spec, ProxmoxAnsible)
|
|
from ansible_collections.community.general.plugins.module_utils.version import LooseVersion
|
|
from ansible.module_utils.six.moves.urllib.parse import urlparse, urlencode
|
|
|
|
REQUESTS_TOOLBELT_ERR = None
|
|
try:
|
|
# requests_toolbelt is used internally by proxmoxer module
|
|
import requests_toolbelt # noqa: F401, pylint: disable=unused-import
|
|
HAS_REQUESTS_TOOLBELT = True
|
|
except ImportError:
|
|
HAS_REQUESTS_TOOLBELT = False
|
|
REQUESTS_TOOLBELT_ERR = traceback.format_exc()
|
|
|
|
|
|
class ProxmoxTemplateAnsible(ProxmoxAnsible):
|
|
def has_template(self, node, storage, content_type, template):
|
|
volid = '%s:%s/%s' % (storage, content_type, template)
|
|
try:
|
|
return any(tmpl['volid'] == volid for tmpl in self.proxmox_api.nodes(node).storage(storage).content.get())
|
|
except Exception as e:
|
|
self.module.fail_json(msg="Failed to retrieve template '%s': %s" % (volid, e))
|
|
|
|
def task_status(self, node, taskid, timeout):
|
|
"""
|
|
Check the task status and wait until the task is completed or the timeout is reached.
|
|
"""
|
|
while timeout:
|
|
if self.api_task_ok(node, taskid):
|
|
return True
|
|
elif self.api_task_failed(node, taskid):
|
|
self.module.fail_json(msg="Task error: %s" % self.proxmox_api.nodes(node).tasks(taskid).status.get()['exitstatus'])
|
|
timeout = timeout - 1
|
|
if timeout == 0:
|
|
self.module.fail_json(msg='Reached timeout while waiting for uploading/downloading template. Last line in task before timeout: %s' %
|
|
self.proxmox_api.nodes(node).tasks(taskid).log.get()[:1])
|
|
|
|
time.sleep(1)
|
|
return False
|
|
|
|
def upload_template(self, node, storage, content_type, realpath, timeout):
|
|
stats = os.stat(realpath)
|
|
if (LooseVersion(self.proxmoxer_version) >= LooseVersion('1.2.0') and
|
|
stats.st_size > 268435456 and not HAS_REQUESTS_TOOLBELT):
|
|
self.module.fail_json(msg="'requests_toolbelt' module is required to upload files larger than 256MB",
|
|
exception=missing_required_lib('requests_toolbelt'))
|
|
|
|
try:
|
|
taskid = self.proxmox_api.nodes(node).storage(storage).upload.post(content=content_type, filename=open(realpath, 'rb'))
|
|
return self.task_status(node, taskid, timeout)
|
|
except Exception as e:
|
|
self.module.fail_json(msg="Uploading template %s failed with error: %s" % (realpath, e))
|
|
|
|
def fetch_template(self, node, storage, content_type, url, timeout):
|
|
"""Fetch a template from a web url source using the proxmox download-url endpoint
|
|
"""
|
|
try:
|
|
taskid = self.proxmox_api.nodes(node).storage(storage)("download-url").post(
|
|
url=url, content=content_type, filename=os.path.basename(url)
|
|
)
|
|
return self.task_status(node, taskid, timeout)
|
|
except Exception as e:
|
|
self.module.fail_json(msg="Fetching template from url %s failed with error: %s" % (url, e))
|
|
|
|
def download_template(self, node, storage, template, timeout):
|
|
try:
|
|
taskid = self.proxmox_api.nodes(node).aplinfo.post(storage=storage, template=template)
|
|
return self.task_status(node, taskid, timeout)
|
|
except Exception as e:
|
|
self.module.fail_json(msg="Downloading template %s failed with error: %s" % (template, e))
|
|
|
|
def delete_template(self, node, storage, content_type, template, timeout):
|
|
volid = '%s:%s/%s' % (storage, content_type, template)
|
|
self.proxmox_api.nodes(node).storage(storage).content.delete(volid)
|
|
while timeout:
|
|
if not self.has_template(node, storage, content_type, template):
|
|
return True
|
|
timeout = timeout - 1
|
|
if timeout == 0:
|
|
self.module.fail_json(msg='Reached timeout while waiting for deleting template.')
|
|
|
|
time.sleep(1)
|
|
return False
|
|
|
|
def fetch_and_verify(self, node, storage, url, content_type, timeout, checksum, checksum_algorithm):
|
|
""" Fetch a template from a web url, then verify it using a checksum.
|
|
"""
|
|
data = {
|
|
'url': url,
|
|
'content': content_type,
|
|
'filename': os.path.basename(url),
|
|
'checksum': checksum,
|
|
'checksum-algorithm': checksum_algorithm}
|
|
try:
|
|
taskid = self.proxmox_api.nodes(node).storage(storage).post("download-url?{}".format(urlencode(data)))
|
|
return self.task_status(node, taskid, timeout)
|
|
except Exception as e:
|
|
self.module.fail_json(msg="Checksum mismatch: %s" % (e))
|
|
|
|
|
|
def main():
|
|
module_args = proxmox_auth_argument_spec()
|
|
template_args = dict(
|
|
node=dict(),
|
|
src=dict(type='path'),
|
|
url=dict(),
|
|
template=dict(),
|
|
content_type=dict(default='vztmpl', choices=['vztmpl', 'iso']),
|
|
storage=dict(default='local'),
|
|
timeout=dict(type='int', default=30),
|
|
force=dict(type='bool', default=False),
|
|
state=dict(default='present', choices=['present', 'absent']),
|
|
checksum_algorithm=dict(choices=['md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512']),
|
|
checksum=dict(type='str'),
|
|
)
|
|
module_args.update(template_args)
|
|
|
|
module = AnsibleModule(
|
|
argument_spec=module_args,
|
|
required_together=[('api_token_id', 'api_token_secret'), ('checksum', 'checksum_algorithm')],
|
|
required_one_of=[('api_password', 'api_token_id')],
|
|
required_if=[('state', 'absent', ['template'])],
|
|
mutually_exclusive=[("src", "url")],
|
|
)
|
|
|
|
proxmox = ProxmoxTemplateAnsible(module)
|
|
|
|
state = module.params['state']
|
|
node = module.params['node']
|
|
storage = module.params['storage']
|
|
timeout = module.params['timeout']
|
|
checksum = module.params['checksum']
|
|
checksum_algorithm = module.params['checksum_algorithm']
|
|
|
|
if state == 'present':
|
|
content_type = module.params['content_type']
|
|
src = module.params['src']
|
|
url = module.params['url']
|
|
|
|
# download appliance template
|
|
if content_type == 'vztmpl' and not (src or url):
|
|
template = module.params['template']
|
|
|
|
if not template:
|
|
module.fail_json(msg='template param for downloading appliance template is mandatory')
|
|
|
|
if proxmox.has_template(node, storage, content_type, template) and not module.params['force']:
|
|
module.exit_json(changed=False, msg='template with volid=%s:%s/%s already exists' % (storage, content_type, template))
|
|
|
|
if proxmox.download_template(node, storage, template, timeout):
|
|
module.exit_json(changed=True, msg='template with volid=%s:%s/%s downloaded' % (storage, content_type, template))
|
|
|
|
if not src and not url:
|
|
module.fail_json(msg='src or url param for uploading template file is mandatory')
|
|
elif not url:
|
|
template = os.path.basename(src)
|
|
if proxmox.has_template(node, storage, content_type, template) and not module.params['force']:
|
|
module.exit_json(changed=False, msg='template with volid=%s:%s/%s already exists' % (storage, content_type, template))
|
|
elif not (os.path.exists(src) and os.path.isfile(src)):
|
|
module.fail_json(msg='template file on path %s not exists' % src)
|
|
|
|
if proxmox.upload_template(node, storage, content_type, src, timeout):
|
|
module.exit_json(changed=True, msg='template with volid=%s:%s/%s uploaded' % (storage, content_type, template))
|
|
elif not src:
|
|
template = os.path.basename(urlparse(url).path)
|
|
if proxmox.has_template(node, storage, content_type, template):
|
|
if not module.params['force']:
|
|
module.exit_json(changed=False, msg='template with volid=%s:%s/%s already exists' % (storage, content_type, template))
|
|
elif not proxmox.delete_template(node, storage, content_type, template, timeout):
|
|
module.fail_json(changed=False, msg='failed to delete template with volid=%s:%s/%s' % (storage, content_type, template))
|
|
|
|
if checksum:
|
|
if proxmox.fetch_and_verify(node, storage, url, content_type, timeout, checksum, checksum_algorithm):
|
|
module.exit_json(changed=True, msg="Checksum verified, template with volid=%s:%s/%s uploaded" % (storage, content_type, template))
|
|
if proxmox.fetch_template(node, storage, content_type, url, timeout):
|
|
module.exit_json(changed=True, msg='template with volid=%s:%s/%s uploaded' % (storage, content_type, template))
|
|
|
|
elif state == 'absent':
|
|
try:
|
|
content_type = module.params['content_type']
|
|
template = module.params['template']
|
|
|
|
if not proxmox.has_template(node, storage, content_type, template):
|
|
module.exit_json(changed=False, msg='template with volid=%s:%s/%s is already deleted' % (storage, content_type, template))
|
|
|
|
if proxmox.delete_template(node, storage, content_type, template, timeout):
|
|
module.exit_json(changed=True, msg='template with volid=%s:%s/%s deleted' % (storage, content_type, template))
|
|
except Exception as e:
|
|
module.fail_json(msg="deleting of template %s failed with exception: %s" % (template, e))
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main()
|