From 5291002162541d00b6d927e5fbaeafa564dedc6a Mon Sep 17 00:00:00 2001
From: Varac <varac@varac.net>
Date: Tue, 22 Oct 2019 09:50:37 +0200
Subject: [PATCH] Download helm with official installer

We got an `Error: unsupported format` with an auto-updated Helm `2.15.0`
installed from snap.
Now we pin it to a specific working version and use the official install script.
---
 ansible/group_vars/all/oas.yml            |  8 +++-
 ansible/roles/apps/tasks/cert-manager.yml |  2 +-
 ansible/roles/apps/tasks/helmfiles.yml    |  2 +-
 ansible/roles/configure/tasks/main.yml    | 54 ++++++++++++++++++-----
 ansible/roles/setup/tasks/tiller.yml      |  4 +-
 5 files changed, 54 insertions(+), 16 deletions(-)

diff --git a/ansible/group_vars/all/oas.yml b/ansible/group_vars/all/oas.yml
index 2a0dd8412..024725fcf 100644
--- a/ansible/group_vars/all/oas.yml
+++ b/ansible/group_vars/all/oas.yml
@@ -32,7 +32,13 @@ git_local_storage_version: 'HEAD'
 git_nextcloud_version: '569aedb4e8831fb81c84f4087c142b739b9e6521'
 
 # Application versions
-# https://github.com/kubernetes-sigs/krew/releases
+helm:
+  # helm snap 2.15 broke for us
+  # (https://open.greenhost.net/openappstack/openappstack/issues/338), so we
+  # use a pinned version for now.
+  # We use the official helm install script for now which has no checksum.
+  version: '2.14.3'
+
 helmfile:
   # At the moment, helmfile doesn't provide sha256 sums,
   # see https://github.com/roboll/helmfile/issues/654
diff --git a/ansible/roles/apps/tasks/cert-manager.yml b/ansible/roles/apps/tasks/cert-manager.yml
index 7260efd02..f8e0adff4 100644
--- a/ansible/roles/apps/tasks/cert-manager.yml
+++ b/ansible/roles/apps/tasks/cert-manager.yml
@@ -47,7 +47,7 @@
   shell: |
     set -e -x -o pipefail
     /usr/local/bin/helmfile \
-    -b /snap/bin/helm \
+    -b /usr/local/bin/helm \
     -e oas \
     -f {{ data_directory }}/source/helmfiles/helmfile.d/05-cert-manager.yaml \
     apply \
diff --git a/ansible/roles/apps/tasks/helmfiles.yml b/ansible/roles/apps/tasks/helmfiles.yml
index 57e149400..37d6c33f5 100644
--- a/ansible/roles/apps/tasks/helmfiles.yml
+++ b/ansible/roles/apps/tasks/helmfiles.yml
@@ -39,7 +39,7 @@
     - GRAFANA_ADMIN_PASSWORD: "{{ grafana_admin_password }}"
   shell: |
     set -e -x -o pipefail
-    /usr/local/bin/helmfile -b /snap/bin/helm -e oas \
+    /usr/local/bin/helmfile -b /usr/local/bin/helm -e oas \
     -f {{ data_directory }}/source/helmfiles/helmfile.d/{{ item }}.yaml \
     apply --suppress-secrets \
     | sed 's/\x1B\[[0-9;]*[JKmsu]//g' \
diff --git a/ansible/roles/configure/tasks/main.yml b/ansible/roles/configure/tasks/main.yml
index 314200959..6ef0ad579 100644
--- a/ansible/roles/configure/tasks/main.yml
+++ b/ansible/roles/configure/tasks/main.yml
@@ -49,31 +49,63 @@
   set_fact:
     configuration_directory: "{{ configuration_directory }}"
 
-- name: Install helm snap
-  # helm needs to get installed as "classic" snap
-  command: snap install --classic helm
+- name: Remove old helm snap installation
+  tags:
+    - helm
+  command: snap remove helm
   args:
-    creates: /snap/bin/helm
+    removes: /snap/bin/helm
 
-- name: Create kubectl symlink to /usr/local/bin
-  file:
-    state: link
-    src: /snap/bin/helm
-    dest: /usr/local/bin/helm
+- name: Get current helm version
+  tags:
+    - helm
+  shell: helm version | grep 'Client' | cut -d'"' -f 2 | tr -d 'v'
+  failed_when: false
+  register: helm_version
+  changed_when: false
+
+- name: Show current helm version
+  tags:
+    - helm
+    - debug
+  debug:
+    msg: 'Current helm version is: {{ helm_version.stdout }}'
+
+- name: Download helm install script
+  tags:
+    - helm
+  get_url:
+    url: https://raw.githubusercontent.com/helm/helm/master/scripts/get
+    dest: /usr/local/bin/get-helm
+    force: yes
+    mode: '0755'
+  become: true
+
+- name: Install helm
+  tags:
+    - helm
+  command: /usr/local/bin/get-helm --version v{{ helm.version }}
+  when: helm_version.stdout != helm.version
 
 - name: Create helm plugins config directory
+  tags:
+    - helm
   file:
     state: directory
     path: /root/.helm/plugins
 
 - name: Install helm diff plugin
-  command: /snap/bin/helm plugin install https://github.com/databus23/helm-diff
+  tags:
+    - helm
+  command: /usr/local/bin/helm plugin install https://github.com/databus23/helm-diff
   args:
     creates: /root/.helm/plugins/helm-diff
 
 - name: Install helm git plugin
+  tags:
+    - helm
   # Use GH version until https://github.com/aslafy-z/helm-git/pull/11 is merged
-  command: /snap/bin/helm plugin install https://github.com/greenhost/helm-git --version bash-support
+  command: /usr/local/bin/helm plugin install https://github.com/greenhost/helm-git --version bash-support
   args:
     creates: /root/.helm/plugins/helm-git
 
diff --git a/ansible/roles/setup/tasks/tiller.yml b/ansible/roles/setup/tasks/tiller.yml
index 37fa1cf5a..e0570fdef 100644
--- a/ansible/roles/setup/tasks/tiller.yml
+++ b/ansible/roles/setup/tasks/tiller.yml
@@ -32,7 +32,7 @@
   tags:
     - helm
     - tiller
-  command: /snap/bin/helm ls
+  command: /usr/local/bin/helm ls
   failed_when: false
   register: helm_ls
   changed_when: false
@@ -41,7 +41,7 @@
   tags:
     - tiller
     - helm
-  command: /snap/bin/helm init --upgrade --service-account=tiller
+  command: /usr/local/bin/helm init --upgrade --service-account=tiller
   when: helm_ls.stderr.find('Error') != -1
 
 - name: Wait for tiller to become available
-- 
GitLab