VOICE1/ansible-msp-automations
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Resolve some date issues. Refactored

Browse Source
This commit is contained in:
Ben D.
2026-04-29 11:18:56 -07:00
parent 0d10c9b4a6
commit 89fec7ddcd
1 changed files with 27 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
roles/pfsense_upgrade/tasks/upgrade.yml
View File

@@ -2,13 +2,6 @@
# roles/pfsense_upgrade/tasks/upgrade.yml # roles/pfsense_upgrade/tasks/upgrade.yml
# Execute the actual upgrade process with dynamic repository switching # Execute the actual upgrade process with dynamic repository switching
- name: Fail if upgrade target not detected
ansible.builtin.fail:
msg: "No upgrade target repository detected. Cannot proceed."
when:
- perform_upgrade | bool
- not upgrade_available | bool
- name: Display upgrade details - name: Display upgrade details
ansible.builtin.debug: ansible.builtin.debug:
msg: msg:
@@ -20,20 +13,26 @@
- " Target repo : {{ upgrade_target_repo }}" - " Target repo : {{ upgrade_target_repo }}"
- " Target description : {{ upgrade_target_description }}" - " Target description : {{ upgrade_target_description }}"
- "============================================================" - "============================================================"
when: perform_upgrade | bool
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
# 1. Backup current configuration before any changes # 1. Backup current configuration before any changes
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
- name: Create timestamp for backup
ansible.builtin.set_fact:
backup_timestamp: "{{ ansible_date_time.epoch | default(lookup('pipe', 'date +%s')) }}"
when: perform_upgrade | bool
- name: Create backup of current config.xml - name: Create backup of current config.xml
ansible.builtin.raw: ansible.builtin.raw: |
cmd: cp /conf/config.xml /conf/config.xml.pre_upgrade_$(date +%s) cp /conf/config.xml /conf/config.xml.pre_upgrade_{{ backup_timestamp | default(lookup('pipe', 'date +%s')) }}
become: yes become: yes
register: _config_backup register: _config_backup
when: perform_upgrade | bool when: perform_upgrade | bool
- name: Verify config backup was created - name: Verify config backup was created
ansible.builtin.raw: ansible.builtin.raw: |
cmd: test -f /conf/config.xml.pre_upgrade_* test -f /conf/config.xml.pre_upgrade_*
become: yes become: yes
register: _backup_verified register: _backup_verified
failed_when: false failed_when: false
@@ -43,23 +42,23 @@
# 2. Switch repository in configuration # 2. Switch repository in configuration
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
- name: Switch repository in config.xml - name: Switch repository in config.xml
ansible.builtin.raw: ansible.builtin.raw: |
cmd: php -r 'require_once("/etc/inc/config.inc"); require_once("/etc/inc/pkg-utils.inc"); config_set_path("system/pkg_repo_conf_path", "{{ upgrade_target_repo }}"); write_config("Switched to {{ upgrade_target_repo }} for upgrade");' php -r 'require_once("/etc/inc/config.inc"); require_once("/etc/inc/pkg-utils.inc"); config_set_path("system/pkg_repo_conf_path", "{{ upgrade_target_repo }}"); write_config("Switched to {{ upgrade_target_repo }} for upgrade");'
become: yes become: yes
register: _repo_switch register: _repo_switch
changed_when: true changed_when: true
when: perform_upgrade | bool when: perform_upgrade | bool
- name: Apply repository configuration via pfSense-repo-setup - name: Apply repository configuration via pfSense-repo-setup
ansible.builtin.raw: ansible.builtin.raw: |
cmd: /usr/local/sbin/pfSense-repo-setup -U /usr/local/sbin/pfSense-repo-setup -U
become: yes become: yes
register: _repo_apply register: _repo_apply
when: perform_upgrade | bool when: perform_upgrade | bool
- name: Verify repository switch took effect - name: Verify repository switch took effect
ansible.builtin.raw: ansible.builtin.raw: |
cmd: php -r 'require_once("/etc/inc/pkg-utils.inc"); foreach(pkg_list_repos() as $r) { if (isset($r["default"])) { echo $r["name"]; } }' php -r 'require_once("/etc/inc/pkg-utils.inc"); foreach(pkg_list_repos() as $r) { if (isset($r["default"])) { echo $r["name"]; } }'
become: yes become: yes
register: _verify_repo_switch register: _verify_repo_switch
when: perform_upgrade | bool when: perform_upgrade | bool
@@ -75,8 +74,8 @@
# 3. Execute the upgrade (with retry for lock error RC=99) # 3. Execute the upgrade (with retry for lock error RC=99)
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
- name: Execute pfSense upgrade command - name: Execute pfSense upgrade command
ansible.builtin.raw: ansible.builtin.raw: |
cmd: /usr/local/sbin/pfSense-upgrade -y -l /conf/upgrade_log.txt -p /tmp/pfSense-upgrade.sock /usr/local/sbin/pfSense-upgrade -y -l /conf/upgrade_log.txt -p /tmp/pfSense-upgrade.sock
become: yes become: yes
register: _upgrade_exec register: _upgrade_exec
until: _upgrade_exec.rc != 99 until: _upgrade_exec.rc != 99
@@ -92,8 +91,8 @@
when: perform_upgrade | bool when: perform_upgrade | bool
- name: Check upgrade success from log file - name: Check upgrade success from log file
ansible.builtin.raw: ansible.builtin.raw: |
cmd: grep -q "__RC=0" /conf/upgrade_log.txt && echo "SUCCESS" || echo "FAILED" grep -q "__RC=0" /conf/upgrade_log.txt && echo "SUCCESS" || echo "FAILED"
become: yes become: yes
register: _upgrade_verify register: _upgrade_verify
when: perform_upgrade | bool when: perform_upgrade | bool
@@ -115,8 +114,8 @@
# 4. Extract upgrade log summary for debugging # 4. Extract upgrade log summary for debugging
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
- name: Get last 20 lines of upgrade log - name: Get last 20 lines of upgrade log
ansible.builtin.raw: ansible.builtin.raw: |
cmd: tail -20 /conf/upgrade_log.txt tail -20 /conf/upgrade_log.txt
become: yes become: yes
register: _upgrade_log_tail register: _upgrade_log_tail
when: perform_upgrade | bool when: perform_upgrade | bool
@@ -132,8 +131,8 @@
# 5. Handle reboot if needed # 5. Handle reboot if needed
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
- name: Check if reboot is required from upgrade log - name: Check if reboot is required from upgrade log
ansible.builtin.raw: ansible.builtin.raw: |
cmd: grep -q "__REBOOT_AFTER" /conf/upgrade_log.txt && echo "REBOOT_NEEDED" || echo "NO_REBOOT" grep -q "__REBOOT_AFTER" /conf/upgrade_log.txt && echo "REBOOT_NEEDED" || echo "NO_REBOOT"
become: yes become: yes
register: _reboot_check register: _reboot_check
when: when:
@@ -148,8 +147,8 @@
- upgrade_successful - upgrade_successful
- name: Initiate system reboot - name: Initiate system reboot
ansible.builtin.raw: ansible.builtin.raw: |
cmd: /sbin/reboot /sbin/reboot
become: yes become: yes
when: when:
- perform_upgrade | bool - perform_upgrade | bool
@@ -165,14 +164,6 @@
- upgrade_successful - upgrade_successful
- _reboot_check.stdout | trim == "REBOOT_NEEDED" - _reboot_check.stdout | trim == "REBOOT_NEEDED"
- name: Additional delay for services to stabilize
ansible.builtin.pause:
seconds: 30
when:
- perform_upgrade | bool
- upgrade_successful
- _reboot_check.stdout | trim == "REBOOT_NEEDED"
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
# 6. Final status and failure handling # 6. Final status and failure handling
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
@@ -181,7 +172,6 @@
msg: msg:
- "============================================================" - "============================================================"
- "✅ Upgrade completed successfully on {{ inventory_hostname }}" - "✅ Upgrade completed successfully on {{ inventory_hostname }}"
- " New version should be available after reboot"
- "============================================================" - "============================================================"
when: when:
- perform_upgrade | bool - perform_upgrade | bool
@@ -201,7 +191,7 @@
- name: Fail playbook if upgrade unsuccessful - name: Fail playbook if upgrade unsuccessful
ansible.builtin.fail: ansible.builtin.fail:
msg: "Upgrade failed on {{ inventory_hostname }}. Manual intervention required. SSH to the system and check /conf/upgrade_log.txt" msg: "Upgrade failed on {{ inventory_hostname }}. Manual intervention required."
when: when:
- perform_upgrade | bool - perform_upgrade | bool
- not upgrade_successful - not upgrade_successful