fix/Add sha256 checksums to installation

README.md

@@ -1,16 +1,16 @@
-# Ansible role minikube
+# Ansible role **minikube**
 
 Configure minikube cluster
 
 ## Requirements
 
 * Ansible >= 2.9 (Earlier versions may work, but I haven't tested)
 * Python 3 installed
-* This is tested only in Ubuntu, but should work in linux based systems
+* This is tested only in Ubuntu, but should work in other Linux based systems
 
 ## Role Variables
 
-All variables in [default/main.yml](defaults/main.yml) can be overrided
+All variables in [default/main.yml](defaults/main.yml) can be overridden
 
 | Name           | Default Value | Description                        |
 | -------------- | ------------- | -----------------------------------|
@@ -20,8 +20,6 @@ All variables in [default/main.yml](defaults/main.yml) can be overrided
 
 ## Dependencies
 
-Nil
-
 ## Example Playbook
 
 This role is not released in galaxy yet to utilze this role, you can add this repo as a git submodule
@@ -33,7 +31,7 @@ git submodule add -b main https://github.com/slashpai/ansible-minikube.git roles
 ```yaml
 - hosts: all
   roles:
-    -minikube
+    - minikube
 ```
 
 Example [playbook](https://github.com/slashpai/ansible_playbooks/tree/main/minikube)
@@ -46,8 +44,6 @@ git submodule update --remote
 
 ## Contributing
 
-**TODO:** To be updated
-
 ## License
 
 [MIT](LICENSE)

defaults/main.yml

@@ -1,8 +1,4 @@
 ---
-# defaults file for minikube
-
 minikube_driver: docker
-
 kubectl_version: latest
-
-kubectl_install: false
+kubectl_install: true

tasks/install.yml

@@ -1,13 +1,13 @@
 ---
 - name: Create the minikube group
-  group:
+  ansible.builtin.group:
     name: "{{ _minikube_system_group }}"
     state: present
     system: true
   when: _minikube_system_group != "root"
 
 - name: Create the minikube user
-  user:
+  ansible.builtin.user:
     name: "{{ _minikube_system_user }}"
     groups: "{{ _minikube_system_group }}"
     append: true
@@ -18,18 +18,33 @@
   when: _minikube_system_user != "root"
 
 - name: Add minikube user to docker user group
-  user:
+  ansible.builtin.user:
     name: "{{ _minikube_system_user }}"
     groups: "docker"
     append: yes
   when: minikube_driver == "docker"
 
 - block:
+    - name: Download minikube sha256
+      become: false
+      ansible.builtin.get_url:
+        url: "https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64.sha256"
+        dest: "/tmp/minikube.sha256"
+        force: true
+        validate_certs: true
+        mode: '0664'
+
+    - name: Read the contents of minikube hash file
+      ansible.builtin.slurp:
+        src: /tmp/minikube.sha256
+      register: minikube_sha256
+
     - name: Download minikube binary to local folder
       become: false
-      get_url:
+      ansible.builtin.get_url:
         url: "https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64"
         dest: "/tmp/minikube"
+        checksum: 'sha256:{{ minikube_sha256.content | b64decode | trim }}'
         mode: '0644'
       register: _download_binary
       until: _download_binary is succeeded
@@ -39,20 +54,46 @@
       check_mode: false
 
     - name: Propagate minikube binaries
-      copy:
+      ansible.builtin.copy:
         src: "/tmp/minikube"
         dest: "{{ _minikube_install_dir }}/minikube"
         mode: 0755
-        owner: root
-        group: root
+        owner: "{{ _minikube_system_user }}"
+        group: "{{ _minikube_system_user }}"
       when: not ansible_check_mode
 
 - block:
+    - name: Download kubectl latest sha256
+      become: false
+      ansible.builtin.get_url:
+        url: "https://storage.googleapis.com/kubernetes-release/release/{{_latest}}/bin/linux/amd64/kubectl.sha256"
+        dest: "/tmp/kubectl.sha256"
+        force: true
+        validate_certs: true
+        mode: '0664'
+      when: kubectl_install and kubectl_version == "latest"
+
+    - name: Download kubectl version sha256
+      become: false
+      ansible.builtin.get_url:
+        url: "https://storage.googleapis.com/kubernetes-release/release/v{{kubectl_version}}/bin/linux/amd64/kubectl.sha256"
+        dest: "/tmp/kubectl.sha256"
+        force: true
+        validate_certs: true
+        mode: '0664'
+      when: kubectl_install and kubectl_version != "latest"
+
+    - name: Read the contents of kubectl hash file
+      ansible.builtin.slurp:
+        src: /tmp/kubectl.sha256
+      register: kubectl_sha256
+
     - name: Download kubectl latest binary to local folder
       become: false
-      get_url:
+      ansible.builtin.get_url:
         url: "https://storage.googleapis.com/kubernetes-release/release/{{_latest}}/bin/linux/amd64/kubectl"
         dest: "/tmp/kubectl"
+        checksum: 'sha256:{{ kubectl_sha256.content | b64decode | trim }}'
         mode: '0644'
       register: _download_binary
       until: _download_binary is succeeded
@@ -64,9 +105,10 @@
 
     - name: Download kubectl specified version binary to local folder
       become: false
-      get_url:
+      ansible.builtin.get_url:
         url: "https://storage.googleapis.com/kubernetes-release/release/v{{kubectl_version}}/bin/linux/amd64/kubectl"
         dest: "/tmp/kubectl"
+        checksum: 'sha256:{{ kubectl_sha256.content | b64decode | trim }}'
         mode: '0644'
       register: _download_binary
       until: _download_binary is succeeded
@@ -77,14 +119,14 @@
       when: kubectl_install and kubectl_version != "latest"
 
     - name: Propagate kubectl binary
-      copy:
+      ansible.builtin.copy:
         src: "/tmp/kubectl"
         dest: "{{ _kubectl_install_dir }}/kubectl"
         mode: 0755
-        owner: root
-        group: root
+        owner: "{{ _minikube_system_user }}"
+        group: "{{ _minikube_system_user }}"
       when: kubectl_install
 
-    - name: Start minikube cluster
-      command: "{{ _minikube_install_dir }}/minikube start --driver={{minikube_driver}}"
-      become: 'minikube'
+    - name: Start minikube cluster # TODO: Add variable for path
+      ansible.builtin.command: "{{ _minikube_install_dir }}/minikube start --driver={{minikube_driver}}
+      become: false

tasks/main.yml

@@ -1,6 +1,4 @@
 ---
-# tasks file for minikube
-
 - import_tasks: preflight.yml
 
 - import_tasks: install.yml

tasks/preflight.yml

@@ -1,19 +1,20 @@
 ---
 - name: Check status of docker service
-  service_facts:
+  ansible.builtin.service_facts:
 
-- name: Fail docker service not running
-  fail:
+- name: Stop execution if docker service not running
+  ansible.builtin.fail:
     msg: >
-      minikube driver selected as docker but docker service  is not running
+      minikube driver selected as docker but docker service is not running
   when:
     - minikube_driver == "docker" and ansible_facts.services["docker.service"].state == "stopped"
 
 - block:
   - name: Get latest version number from github
-    set_fact:
+    ansible.builtin.set_fact:
        _latest: "{{ lookup('url', 'https://storage.googleapis.com/kubernetes-release/release/stable.txt') | string }}"
     run_once: true
-  - debug:
+  - name: Show latest version number
+    ansible.builtin.debug:
       var: _latest
-  delegate_to: localhost
+  delegate_to: localhost