VOICE1/ansible-msp-automations
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove become: updated to call backup_webhook

Browse Source
This commit is contained in:
Ben D.
2026-04-29 11:48:41 -07:00
parent 6e3232562b
commit 150e49c1fe
1 changed files with 8 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
roles/pfsense_upgrade/tasks/upgrade.yml
View File

@@ -16,35 +16,11 @@
when: perform_upgrade | bool when: perform_upgrade | bool
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
# 1. Backup current configuration before any changes # 1. Switch repository in configuration
# ---------------------------------------------------------------------------
- name: Create timestamp for backup
ansible.builtin.set_fact:
backup_timestamp: "{{ ansible_date_time.epoch | default(lookup('pipe', 'date +%s')) }}"
when: perform_upgrade | bool
- name: Create backup of current config.xml
ansible.builtin.raw: |
cp /conf/config.xml /conf/config.xml.pre_upgrade_{{ backup_timestamp | default(lookup('pipe', 'date +%s')) }}
become: yes
register: _config_backup
when: perform_upgrade | bool
- name: Verify config backup was created
ansible.builtin.raw: |
test -f /conf/config.xml.pre_upgrade_*
become: yes
register: _backup_verified
failed_when: false
when: perform_upgrade | bool
# ---------------------------------------------------------------------------
# 2. Switch repository in configuration
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
- name: Switch repository in config.xml - name: Switch repository in config.xml
ansible.builtin.raw: | ansible.builtin.raw: |
php -r 'require_once("/etc/inc/config.inc"); require_once("/etc/inc/pkg-utils.inc"); config_set_path("system/pkg_repo_conf_path", "{{ upgrade_target_repo }}"); write_config("Switched to {{ upgrade_target_repo }} for upgrade");' php -r 'require_once("/etc/inc/config.inc"); require_once("/etc/inc/pkg-utils.inc"); config_set_path("system/pkg_repo_conf_path", "{{ upgrade_target_repo }}"); write_config("Switched to {{ upgrade_target_repo }} for upgrade");'
become: yes
register: _repo_switch register: _repo_switch
changed_when: true changed_when: true
when: perform_upgrade | bool when: perform_upgrade | bool
@@ -52,14 +28,12 @@
- name: Apply repository configuration via pfSense-repo-setup - name: Apply repository configuration via pfSense-repo-setup
ansible.builtin.raw: | ansible.builtin.raw: |
/usr/local/sbin/pfSense-repo-setup -U /usr/local/sbin/pfSense-repo-setup -U
become: yes
register: _repo_apply register: _repo_apply
when: perform_upgrade | bool when: perform_upgrade | bool
- name: Verify repository switch took effect - name: Verify repository switch took effect
ansible.builtin.raw: | ansible.builtin.raw: |
php -r 'require_once("/etc/inc/pkg-utils.inc"); foreach(pkg_list_repos() as $r) { if (isset($r["default"])) { echo $r["name"]; } }' php -r 'require_once("/etc/inc/pkg-utils.inc"); foreach(pkg_list_repos() as $r) { if (isset($r["default"])) { echo $r["name"]; } }'
become: yes
register: _verify_repo_switch register: _verify_repo_switch
when: perform_upgrade | bool when: perform_upgrade | bool
@@ -71,12 +45,11 @@
- _verify_repo_switch.stdout | trim == upgrade_target_repo - _verify_repo_switch.stdout | trim == upgrade_target_repo
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
# 3. Execute the upgrade (with retry for lock error RC=99) # 2. Execute the upgrade (with retry for lock error RC=99)
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
- name: Execute pfSense upgrade command - name: Execute pfSense upgrade command
ansible.builtin.raw: | ansible.builtin.raw: |
/usr/local/sbin/pfSense-upgrade -y -l /conf/upgrade_log.txt -p /tmp/pfSense-upgrade.sock /usr/local/sbin/pfSense-upgrade -y -l /conf/upgrade_log.txt -p /tmp/pfSense-upgrade.sock
become: yes
register: _upgrade_exec register: _upgrade_exec
until: _upgrade_exec.rc != 99 until: _upgrade_exec.rc != 99
retries: 3 retries: 3
@@ -93,7 +66,6 @@
- name: Check upgrade success from log file - name: Check upgrade success from log file
ansible.builtin.raw: | ansible.builtin.raw: |
grep -q "__RC=0" /conf/upgrade_log.txt && echo "SUCCESS" || echo "FAILED" grep -q "__RC=0" /conf/upgrade_log.txt && echo "SUCCESS" || echo "FAILED"
become: yes
register: _upgrade_verify register: _upgrade_verify
when: perform_upgrade | bool when: perform_upgrade | bool
@@ -111,14 +83,15 @@
when: perform_upgrade | bool when: perform_upgrade | bool
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
# 4. Extract upgrade log summary for debugging # 3. Extract upgrade log summary for debugging (on failure)
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
- name: Get last 20 lines of upgrade log - name: Get last 20 lines of upgrade log
ansible.builtin.raw: | ansible.builtin.raw: |
tail -20 /conf/upgrade_log.txt tail -20 /conf/upgrade_log.txt
become: yes
register: _upgrade_log_tail register: _upgrade_log_tail
when: perform_upgrade | bool when:
- perform_upgrade | bool
- not upgrade_successful
- name: Display upgrade log tail (for debugging) - name: Display upgrade log tail (for debugging)
ansible.builtin.debug: ansible.builtin.debug:
@@ -128,12 +101,11 @@
- not upgrade_successful - not upgrade_successful
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
# 5. Handle reboot if needed # 4. Handle reboot if needed
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
- name: Check if reboot is required from upgrade log - name: Check if reboot is required from upgrade log
ansible.builtin.raw: | ansible.builtin.raw: |
grep -q "__REBOOT_AFTER" /conf/upgrade_log.txt && echo "REBOOT_NEEDED" || echo "NO_REBOOT" grep -q "__REBOOT_AFTER" /conf/upgrade_log.txt && echo "REBOOT_NEEDED" || echo "NO_REBOOT"
become: yes
register: _reboot_check register: _reboot_check
when: when:
- perform_upgrade | bool - perform_upgrade | bool
@@ -149,7 +121,6 @@
- name: Initiate system reboot - name: Initiate system reboot
ansible.builtin.raw: | ansible.builtin.raw: |
/sbin/reboot /sbin/reboot
become: yes
when: when:
- perform_upgrade | bool - perform_upgrade | bool
- upgrade_successful - upgrade_successful
@@ -165,7 +136,7 @@
- _reboot_check.stdout | trim == "REBOOT_NEEDED" - _reboot_check.stdout | trim == "REBOOT_NEEDED"
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
# 6. Final status and failure handling # 5. Final status and failure handling
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
- name: Display upgrade completion message - name: Display upgrade completion message
ansible.builtin.debug: ansible.builtin.debug: