VOICE1/ansible-msp-automations
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Split out carp roles

Browse Source
This commit is contained in:
Ben D.
2026-04-29 10:04:38 -07:00
parent 5779ee4f94
commit 0d10c9b4a6
1 changed files with 49 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
roles/pfsense_upgrade/tasks/carp_post.yml Normal file
View File

@@ -0,0 +1,49 @@
# roles/pfsense_upgrade/tasks/carp_post.yml
# Handles CARP/HA post-upgrade logic: restore and verification.
# Only runs on primary after successful upgrade.
# ---------------------------------------------------------------------------
# Post-upgrade: restore CARP on primary and verify state
# ---------------------------------------------------------------------------
- name: "[CARP/primary] Re-enable CARP (exit maintenance mode)"
ansible.builtin.raw: |
php -r 'require_once("/etc/inc/interfaces.inc"); interfaces_carp_set_maintenancemode(false);'
register: _carp_restore
changed_when: true
when:
- ha_role == 'primary'
- ha_peer is defined
- name: "[CARP/primary] Wait for CARP state to stabilize after restore"
ansible.builtin.pause:
seconds: 20
when:
- ha_role == 'primary'
- ha_peer is defined
- name: "[CARP/primary] Verify primary has reclaimed MASTER for all VIPs"
ansible.builtin.raw: |
php -r 'require_once("/etc/inc/config.inc"); require_once("/etc/inc/interfaces.inc"); $all_master = true; foreach(config_get_path("virtualip/vip", []) as $vip) { if ($vip["mode"] != "carp") continue; if (get_carp_interface_status("_vip" . $vip["uniqid"]) != "MASTER") { $all_master = false; break; } } echo $all_master ? "ALL_MASTER" : "NOT_ALL_MASTER";'
register: _primary_carp_final
changed_when: false
when:
- ha_role == 'primary'
- ha_peer is defined
- name: "[CARP/primary] Warn if primary did not reclaim MASTER"
ansible.builtin.debug:
msg: >
WARNING: Primary CARP state is '{{ _primary_carp_final.stdout }}' — expected ALL_MASTER.
This may resolve on its own. Check CARP status on both nodes manually.
when:
- ha_role == 'primary'
- ha_peer is defined
- _primary_carp_final.stdout != "ALL_MASTER"
- name: "[CARP/primary] CARP state confirmed restored"
ansible.builtin.debug:
msg: "{{ inventory_hostname }} has reclaimed MASTER for all VIPs. HA pair is fully operational."
when:
- ha_role == 'primary'
- ha_peer is defined
- _primary_carp_final.stdout == "ALL_MASTER"