Skip to content

Instantly share code, notes, and snippets.

@Saturn745

Saturn745/README.md

Created September 20, 2024 01:51
Show Gist options
  • Save Saturn745/334c5d321552a748cc61ac5a095a1c16 to your computer and use it in GitHub Desktop.
Save Saturn745/334c5d321552a748cc61ac5a095a1c16 to your computer and use it in GitHub Desktop.
Download ZIP
Ansible role to automatically update [Netbird](https://netbird.io)
Raw
README.md

Ansible Role: Netbird Update

Basic Ansible role to automatically update Netbird.

  • Detects whether it was installed via a package manager or binary and uses the correct update method.
  • If installed via binary, downloads Netbird's install/update script from a pinned commit and checks the SHA256 hash before running the script.
  • Update the pinned commit and SHA256 hash with the update_vars.sh script.
Raw
role.yaml
---
- name: Check if Netbird is installed
become: true
stat:
path: /etc/netbird/install.conf
register: install_conf_stat
- name: Read Netbird installation method
become: true
when: install_conf_stat.stat.exists
command: grep 'package_manager' /etc/netbird/install.conf
register: install_conf
- name: Set installation method fact
when: install_conf_stat.stat.exists
set_fact:
netbird_install_method: "{{ install_conf.stdout.split('=')[1].strip() }}"
- name: Debug installation method
debug:
msg: "Netbird installation method is {{ netbird_install_method }}"
when: install_conf_stat.stat.exists
- name: Update Netbird using binary if installed via binary
become: true
when: netbird_install_method == 'bin'
block:
- name: Download Netbird install script
get_url:
url: "https://raw.githubusercontent.com/netbirdio/netbird/{{ netbird_commit_hash }}/release_files/install.sh"
dest: "/tmp/install.sh"
mode: "u+x"
- name: Calculate SHA256 hash of the downloaded script
command: sha256sum /tmp/install.sh
register: sha256_result
- name: Verify SHA256 hash
assert:
that:
- sha256_result.stdout.split()[0] == expected_sha256
fail_msg: "SHA256 hash verification failed!"
- name: Execute the install script
command: bash /tmp/install.sh --update
- name: Clean up
file:
path: "/tmp/install.sh"
state: absent
- name: Update Netbird package if installed via package manager
become: true
when: netbird_install_method != 'bin' and install_conf_stat.stat.exists
block:
- name: Update apt cache
when: ansible_facts['pkg_mgr'] == 'apt'
apt:
update_cache: yes
- name: Update Netbird package
package:
name: netbird
state: latest
Raw
update_vars.sh
#!/run/current-system/sw/bin/bash
# Variables
REPO_URL="https://github.com/netbirdio/netbird"
SCRIPT_PATH="release_files/install.sh"
VARS_FILE="roles/update_netbird/vars/main.yaml"
# Fetch the latest commit hash
latest_commit=$(git ls-remote "$REPO_URL" HEAD | awk '{print $1}')
# Download the install script temporarily
temp_script=$(mktemp)
curl -fsSL "https://raw.githubusercontent.com/netbirdio/netbird/${latest_commit}/${SCRIPT_PATH}" -o "$temp_script"
# Calculate the SHA256 hash of the downloaded script
sha256_hash=$(sha256sum "$temp_script" | awk '{print $1}')
# Update the vars file with the latest commit hash and SHA256 hash
cat <<EOL >"$VARS_FILE"
# Auto-generated file with latest commit and SHA256 hash
netbird_commit_hash: "$latest_commit"
expected_sha256: "$sha256_hash"
EOL
# Clean up
rm "$temp_script"
echo "Updated $VARS_FILE with commit hash: $latest_commit and SHA256 hash: $sha256_hash"
Raw
vars.yaml
# Auto-generated file with latest commit and SHA256 hash
netbird_commit_hash: "fc4b37f7bcdc2de36f279c458ce79da312d8d29e"
expected_sha256: "26d611a9c4392da9f7879957c3f8cea9a9c4a65159b64315bdf1b1a7c5d63690"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment