Added pfsense upgrade roles

2026-04-27 13:15:56 -07:00
parent 1e26dd304b
commit 03e889051e
35 changed files with 956 additions and 8 deletions
--- a/playbooks/pfsense_manage.yml
+++ b/playbooks/pfsense_manage.yml
@@ -0,0 +1,24 @@
+---
+# pfSense Upgrade Playbook
+# Upgrades pfSense systems within their current version branch.
+# Detects available stable releases and reports or applies upgrades.
+#
+# Usage:
+#   ansible-playbook upgrade.yml -i inventory/hosts.yml
+#   ansible-playbook upgrade.yml -i inventory/hosts.yml --tags check   # dry-run only
+#   ansible-playbook upgrade.yml -i inventory/hosts.yml -e "perform_upgrade=true"
+#   ansible-playbook upgrade.yml -i inventory/hosts.yml -e "perform_upgrade=true allow_major_upgrade=true"
+
+- name: pfSense Upgrade
+  hosts: pfsense
+  gather_facts: false
+  serial: 1                          # Upgrade one host at a time to preserve redundancy
+
+  vars:
+    perform_upgrade: false           # Safety gate — must be explicitly set to true
+    allow_major_upgrade: false       # Set true to allow crossing major version branches
+    reboot_timeout: 300              # Seconds to wait for host after reboot
+    upgrade_check_timeout: 120       # Seconds before pfSense-upgrade check times out
+
+  roles:
+    - pfsense_upgrade