ansible-role-tomcat icon indicating copy to clipboard operation
ansible-role-tomcat copied to clipboard

Published 20 hours ago verified publisher icon robertdebock

Compare tar ball checksum to allow tomcat upgrades

Open cdm-arm opened this issue 3 years ago • 3 comments

name: Pull request about: This is related to #22 and allows the tomcat role to verify if a newer version was downloaded and upgrade the instance.

Describe the change Calculate the sha1 of the tomcat tarball and verify it with the sha1 of the freshly downloaded tarball. If there is a difference the instance bin folder gets removed to trigger the extracting of the new tarball

Testing Manually tested playbook with:

  • Fresh install - Tomcat installed ✅
  • Re-run against same tomcat version - No change performed ✅
  • Re-Run with newer tomcat version - Upgrade installed ✅
  • Re-Run with older tomcat version - Downgraded version installed ✅

cdm-arm avatar Dec 14 '21 09:12 cdm-arm

Looks like a good addition, but; it's not idempotent. I guess this tasks is the issue.

robertdebock avatar Dec 14 '21 15:12 robertdebock

Good intention, bad implementation. I changed the way, now utilising the sha512 hashes that Apache anyhow provides.

cdm-arm avatar Dec 16 '21 11:12 cdm-arm

Very nice feature @aek-arm and exactly what I was looking for, thanks for posting :)

I think this may pass the CI-actions if the sections with {{ tomcat_directory }}/ is changed to {{ tomcat_directory }}/{{ instance.name }}

I ran a local version with

 - name: stop instance for upgrade
      service:
        name: "{{ instance.name }}"
        state: stopped
      when: slurped_sha512hash.content is defined

at the beginning of the block to avoid any issues with removing stuff during running and checksum for the url seem to fail for older ansible versions, so I use

   checksum: "sha512:{{ tomcat_download_sha512 | regex_replace('\\s[*].+$','') }}}}"

instead.

OyvindLGjesdal avatar Nov 28 '22 21:11 OyvindLGjesdal