refactor: proxmox_upgrade use inline community.proxmox for API calls.

2026-03-14 15:23:47 -07:00
parent 464fba619f
commit 9bb8e97c82
9 changed files with 274 additions and 384 deletions
--- a/roles/proxmox_upgrade/tasks/upgrade.yml
+++ b/roles/proxmox_upgrade/tasks/upgrade.yml
@@ -1,42 +1,36 @@
 ---
 # =============================================================================
 # proxmox_upgrade — upgrade.yml
-# Run apt dist-upgrade and reboot, wait for node to rejoin cluster
+# apt dist-upgrade, reboot, wait for node to rejoin cluster
+# Runs directly on the node via SSH — no delegation
 # =============================================================================

- name: Upgrade | Set CEPH noout flag before upgrade
-  ansible.builtin.shell: ceph osd set noout
+- name: "Upgrade | {{ current_node }} | Set CEPH noout flag"
+  ansible.builtin.command: ceph osd set noout
  when: ceph_enabled | bool
  changed_when: true

- name: Upgrade | Run apt update
-  ansible.builtin.shell: apt-get update -q
+- name: "Upgrade | {{ current_node }} | apt-get update"
+  ansible.builtin.apt:
+    update_cache: true
  changed_when: false

- name: Upgrade | Run apt dist-upgrade
-  ansible.builtin.shell: "{{ apt_upgrade_cmd }}"
-  register: apt_upgrade_result
-  changed_when: "'0 upgraded' not in apt_upgrade_result.stdout"
+- name: "Upgrade | {{ current_node }} | apt dist-upgrade"
+  ansible.builtin.apt:
+    upgrade: dist
+    autoremove: "{{ apt_autoremove | bool }}"
+  register: apt_result

- name: Upgrade | Log packages upgraded
+- name: "Upgrade | {{ current_node }} | Log upgraded packages"
  ansible.builtin.debug:
-    msg: "{{ apt_upgrade_result.stdout_lines | select('match', '.*upgraded.*') | list | first | default('No output') }}"
+    msg: "{{ apt_result.stdout_lines | select('match', '.*upgraded.*') | list | first | default('apt dist-upgrade complete') }}"

- name: Upgrade | Run apt autoremove
-  ansible.builtin.shell: DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
-  when: apt_autoremove | bool
-  changed_when: false
-
- name: Upgrade | Check if reboot is required
+- name: "Upgrade | {{ current_node }} | Check if reboot required"
  ansible.builtin.stat:
    path: /var/run/reboot-required
  register: reboot_required

- name: Upgrade | Log reboot status
-  ansible.builtin.debug:
-    msg: "{{ 'Reboot required — rebooting node' if reboot_required.stat.exists else 'No reboot required — skipping reboot' }}"
-
- name: Upgrade | Reboot node
+- name: "Upgrade | {{ current_node }} | Reboot node"
  ansible.builtin.reboot:
    reboot_timeout: "{{ node_rejoin_timeout }}"
    msg: "Rebooting for Proxmox upgrade"
@@ -44,51 +38,57 @@
    post_reboot_delay: 30
  when: reboot_required.stat.exists

+- name: "Upgrade | {{ current_node }} | Skip reboot (not required)"
+  ansible.builtin.debug:
+    msg: "No reboot required — skipping"
+  when: not reboot_required.stat.exists
+
 # ── Wait for node to rejoin cluster ──────────────────────────────────────────
- name: Upgrade | Wait for node to appear online in cluster
-  ansible.builtin.uri:
-    url: "https://{{ api_host }}:{{ api_port }}/api2/json/nodes"
-    method: GET
-    headers:
-      Authorization: "PVEAPIToken={{ api_token_id }}={{ api_token_secret }}"
-    validate_certs: false
-  register: nodes_status
+- name: "Upgrade | {{ current_node }} | Wait for node to rejoin cluster"
+  community.proxmox.proxmox_node_info:
+    api_host: "{{ api_host }}"
+    api_token_id: "{{ api_token_id }}"
+    api_token_secret: "{{ api_token_secret }}"
+    api_port: "{{ api_port }}"
+  register: rejoin_check
  until: >-
-    nodes_status.json.data
+    rejoin_check.proxmox_nodes
    | selectattr('node', 'equalto', current_node)
    | selectattr('status', 'equalto', 'online')
    | list | length > 0
  retries: "{{ (node_rejoin_timeout | int / 10) | int }}"
  delay: 10
  delegate_to: localhost
+  when: reboot_required.stat.exists

- name: Upgrade | Node {{ current_node }} back online
+- name: "Upgrade | {{ current_node }} | Node back online"
  ansible.builtin.debug:
    msg: "Node {{ current_node }} has rejoined the cluster"

-# ── CEPH recovery wait ────────────────────────────────────────────────────────
- name: Upgrade | Wait for CEPH to recover
+# ── CEPH recovery ─────────────────────────────────────────────────────────────
+- name: "Upgrade | {{ current_node }} | Wait for CEPH to recover"
  when: ceph_enabled | bool
  block:
-    - name: Upgrade | CEPH | Wait for HEALTH_OK or HEALTH_WARN
+    - name: "Upgrade | CEPH | Wait for healthy status"
      ansible.builtin.shell: ceph health
      register: ceph_health_post
-      until: "'HEALTH_OK' in ceph_health_post.stdout or 'HEALTH_WARN' in ceph_health_post.stdout"
+      until: >-
+        'HEALTH_OK' in ceph_health_post.stdout or
+        'HEALTH_WARN' in ceph_health_post.stdout
      retries: "{{ (ceph_recover_timeout | int / 10) | int }}"
      delay: 10
      changed_when: false

-    - name: Upgrade | CEPH | Clear noout flag
-      ansible.builtin.shell: ceph osd unset noout
+    - name: "Upgrade | CEPH | Clear noout flag"
+      ansible.builtin.command: ceph osd unset noout
      changed_when: true

-    - name: Upgrade | CEPH | Log recovery status
+    - name: "Upgrade | CEPH | Status"
      ansible.builtin.debug:
        msg: "CEPH recovered: {{ ceph_health_post.stdout }}"

- name: Upgrade | Node {{ current_node }} upgrade complete
+- name: "Upgrade | {{ current_node }} | Upgrade complete"
  ansible.builtin.debug:
    msg: >-
-      Node {{ current_node }} upgrade complete —
-      {{ apt_upgrade_result.stdout_lines | select('match', '.*upgraded.*') | list | first | default('packages updated') }}
+      Node {{ current_node }} upgrade complete
      {{ '— rebooted' if reboot_required.stat.exists else '— no reboot needed' }}