diff --git a/roles/pfsense_upgrade/tasks/upgrade.yml b/roles/pfsense_upgrade/tasks/upgrade.yml index 67dcbb0..25674bb 100644 --- a/roles/pfsense_upgrade/tasks/upgrade.yml +++ b/roles/pfsense_upgrade/tasks/upgrade.yml @@ -16,35 +16,11 @@ when: perform_upgrade | bool # --------------------------------------------------------------------------- -# 1. Backup current configuration before any changes -# --------------------------------------------------------------------------- -- name: Create timestamp for backup - ansible.builtin.set_fact: - backup_timestamp: "{{ ansible_date_time.epoch | default(lookup('pipe', 'date +%s')) }}" - when: perform_upgrade | bool - -- name: Create backup of current config.xml - ansible.builtin.raw: | - cp /conf/config.xml /conf/config.xml.pre_upgrade_{{ backup_timestamp | default(lookup('pipe', 'date +%s')) }} - become: yes - register: _config_backup - when: perform_upgrade | bool - -- name: Verify config backup was created - ansible.builtin.raw: | - test -f /conf/config.xml.pre_upgrade_* - become: yes - register: _backup_verified - failed_when: false - when: perform_upgrade | bool - -# --------------------------------------------------------------------------- -# 2. Switch repository in configuration +# 1. Switch repository in configuration # --------------------------------------------------------------------------- - name: Switch repository in config.xml ansible.builtin.raw: | php -r 'require_once("/etc/inc/config.inc"); require_once("/etc/inc/pkg-utils.inc"); config_set_path("system/pkg_repo_conf_path", "{{ upgrade_target_repo }}"); write_config("Switched to {{ upgrade_target_repo }} for upgrade");' - become: yes register: _repo_switch changed_when: true when: perform_upgrade | bool @@ -52,14 +28,12 @@ - name: Apply repository configuration via pfSense-repo-setup ansible.builtin.raw: | /usr/local/sbin/pfSense-repo-setup -U - become: yes register: _repo_apply when: perform_upgrade | bool - name: Verify repository switch took effect ansible.builtin.raw: | php -r 'require_once("/etc/inc/pkg-utils.inc"); foreach(pkg_list_repos() as $r) { if (isset($r["default"])) { echo $r["name"]; } }' - become: yes register: _verify_repo_switch when: perform_upgrade | bool @@ -71,12 +45,11 @@ - _verify_repo_switch.stdout | trim == upgrade_target_repo # --------------------------------------------------------------------------- -# 3. Execute the upgrade (with retry for lock error RC=99) +# 2. Execute the upgrade (with retry for lock error RC=99) # --------------------------------------------------------------------------- - name: Execute pfSense upgrade command ansible.builtin.raw: | /usr/local/sbin/pfSense-upgrade -y -l /conf/upgrade_log.txt -p /tmp/pfSense-upgrade.sock - become: yes register: _upgrade_exec until: _upgrade_exec.rc != 99 retries: 3 @@ -93,7 +66,6 @@ - name: Check upgrade success from log file ansible.builtin.raw: | grep -q "__RC=0" /conf/upgrade_log.txt && echo "SUCCESS" || echo "FAILED" - become: yes register: _upgrade_verify when: perform_upgrade | bool @@ -111,14 +83,15 @@ when: perform_upgrade | bool # --------------------------------------------------------------------------- -# 4. Extract upgrade log summary for debugging +# 3. Extract upgrade log summary for debugging (on failure) # --------------------------------------------------------------------------- - name: Get last 20 lines of upgrade log ansible.builtin.raw: | tail -20 /conf/upgrade_log.txt - become: yes register: _upgrade_log_tail - when: perform_upgrade | bool + when: + - perform_upgrade | bool + - not upgrade_successful - name: Display upgrade log tail (for debugging) ansible.builtin.debug: @@ -128,12 +101,11 @@ - not upgrade_successful # --------------------------------------------------------------------------- -# 5. Handle reboot if needed +# 4. Handle reboot if needed # --------------------------------------------------------------------------- - name: Check if reboot is required from upgrade log ansible.builtin.raw: | grep -q "__REBOOT_AFTER" /conf/upgrade_log.txt && echo "REBOOT_NEEDED" || echo "NO_REBOOT" - become: yes register: _reboot_check when: - perform_upgrade | bool @@ -149,7 +121,6 @@ - name: Initiate system reboot ansible.builtin.raw: | /sbin/reboot - become: yes when: - perform_upgrade | bool - upgrade_successful @@ -165,7 +136,7 @@ - _reboot_check.stdout | trim == "REBOOT_NEEDED" # --------------------------------------------------------------------------- -# 6. Final status and failure handling +# 5. Final status and failure handling # --------------------------------------------------------------------------- - name: Display upgrade completion message ansible.builtin.debug: