VOICE1/ansible-msp-automations
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
166e0d8f36ec7171845bdca95df485ad0810203e
ansible-msp-automations/roles/pfsense_upgrade/tasks/carp_post.yml
Ben D. 4d63613d41 Check if ha_peer
2026-04-29 13:11:30 -07:00

59 lines
2.4 KiB
YAML
Raw Blame History

# roles/pfsense_upgrade/tasks/carp_post.yml
# Handles CARP/HA post-upgrade logic: restore and verification.
# Only runs on primary after successful upgrade.
# Exit early if HA not needed
- name: "[CARP] Exit - No HA configured"
ansible.builtin.meta: end_play
when: ha_peer is not defined or ha_peer | length == 0
# Exit early if no upgrade available
- name: "[CARP] Exit - No upgrade available for this host"
ansible.builtin.meta: end_play
when: not (upgrade_available | default(false) | bool)
# ---------------------------------------------------------------------------
# Post-upgrade: restore CARP on primary and verify state
# ---------------------------------------------------------------------------
- name: "[CARP/primary] Re-enable CARP (exit maintenance mode)"
ansible.builtin.raw: |
php -r 'require_once("/etc/inc/interfaces.inc"); interfaces_carp_set_maintenancemode(false);'
register: _carp_restore
changed_when: true
when:
- ha_role == 'primary'
- ha_peer is defined
- name: "[CARP/primary] Wait for CARP state to stabilize after restore"
ansible.builtin.pause:
seconds: 20
when:
- ha_role == 'primary'
- ha_peer is defined
- name: "[CARP/primary] Verify primary has reclaimed MASTER for all VIPs"
ansible.builtin.raw: |
php -r 'require_once("/etc/inc/config.inc"); require_once("/etc/inc/interfaces.inc"); $all_master = true; foreach(config_get_path("virtualip/vip", []) as $vip) { if ($vip["mode"] != "carp") continue; if (get_carp_interface_status("_vip" . $vip["uniqid"]) != "MASTER") { $all_master = false; break; } } echo $all_master ? "ALL_MASTER" : "NOT_ALL_MASTER";'
register: _primary_carp_final
changed_when: false
when:
- ha_role == 'primary'
- ha_peer is defined
- name: "[CARP/primary] Warn if primary did not reclaim MASTER"
ansible.builtin.debug:
msg: >
WARNING: Primary CARP state is '{{ _primary_carp_final.stdout }}' — expected ALL_MASTER.
This may resolve on its own. Check CARP status on both nodes manually.
when:
- ha_role == 'primary'
- ha_peer is defined
- _primary_carp_final.stdout != "ALL_MASTER"
- name: "[CARP/primary] CARP state confirmed restored"
ansible.builtin.debug:
msg: "{{ inventory_hostname }} has reclaimed MASTER for all VIPs. HA pair is fully operational."
when:
- ha_role == 'primary'
- ha_peer is defined
- _primary_carp_final.stdout == "ALL_MASTER"
Reference in New Issue View Git Blame Copy Permalink