ansible: Pin PyPI version to current release

Limit the PeekabooAV version installed from PyPI to be lower than 2.2. This would install the latest point release of our current release 2.1. The goal here is to have point releases of Peekaboo and the Installer be independent of each other so we can do fixes that require a version bump in both without confusing users too much. Always installing the latest point relase (by default) seems a good tradeoff. By making the pip constraint a variable in group_vars/all.yaml makes it fully overrideable on the Ansible-level, e.g. to ==2.1.1 if desired. It can also be circumvented by locally supplying a PeekabooAV directory to the installer. An explanatory note is added to the README as well. Note: Pre-releases are excluded anyway and not installed unless explicitly requested as peekabooav==2.1rc3 or by enabling the --pre flag to pip install.
scVENUS · May 24, 2022 · 070e7c1 · 070e7c1
1 parent 4ad5b69
commit 070e7c1
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 2 deletions.
diff --git a/PeekabooAV-install.yml b/PeekabooAV-install.yml
@@ -500,9 +500,11 @@
         virtualenv: /opt/peekaboo
       when: manually_supplied_peekaboo.stat.exists
 
-    - name: Install latest Peekaboo release from PyPI
+    - name: Install Peekaboo release from PyPI
       pip:
-        name: peekabooav
+        # version is constrained to latest point release of current minor
+        # release by default
+        name: peekabooav{{ peekaboo_pip_constraint }}
         state: latest
         virtualenv: /opt/peekaboo
       when: not manually_supplied_peekaboo.stat.exists

diff --git a/README.md b/README.md
@@ -41,6 +41,13 @@ cd PeekabooAV-Installer/
 ./PeekabooAV-install.sh
 ```
 
+**NOTE**: Point releases of the Installer and PeekabooAV are independent.
+A particular version of the Installer always installs the latest
+point release of PeekabooAV of the corresponding minor release branch.
+So Installer 2.1.2 might very well install PeekabooAV 2.1.8 if it's available.
+This behaviour can be changed by adjusting `peekaboo_pip_constraint` in
+[`group_vars/all.yml`](group_vars/all.yml#15).
+
 Or for testing most recent changes of the repository
 ```
 git clone https://github.com/scVENUS/PeekabooAV-Installer

diff --git a/group_vars/all.yml b/group_vars/all.yml
@@ -10,6 +10,10 @@ cuckoo_api_token: "{{ lookup('password', 'cuckoo_api_token length=22 chars=ascii
 cortex_api_token: "{{ lookup('password', 'cortex_api_token length=22 chars=ascii_letters') }}"
 peekaboo_db_password: "{{ lookup('password', 'peekaboo_db_password length=15 chars=ascii_letters') }}"
 
+# limits Peekaboo version to latest point release of current minor release by
+# default
+peekaboo_pip_constraint: "<2.2"
+
 peekaboo_listen_address: "127.0.0.1"
 
 cuckoo_processors: 5