97 lines
4.6 KiB
YAML
97 lines
4.6 KiB
YAML
---
|
|
# roles/pfsense_upgrade/tasks/update_check.yml
|
|
# Dynamic upgrade detection using pfSense repository system
|
|
# Works with tcsh default shell on pfSense
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# 1. Detect available repositories and identify upgrade target
|
|
# ---------------------------------------------------------------------------
|
|
- name: List available pfSense repositories
|
|
ansible.builtin.raw: |
|
|
/bin/sh -c 'php -r "require_once(\"/etc/inc/pkg-utils.inc\"); \$repos = pkg_list_repos(); \$upgrade = \"\"; foreach(\$repos as \$r) { if (!isset(\$r[\"default\"])) { echo \$r[\"name\"] . \"|\" . \$r[\"descr\"]; break; } } echo \$upgrade ?: \"UP_TO_DATE\";"'
|
|
register: _repo_check
|
|
changed_when: false
|
|
|
|
- name: Parse repository check result
|
|
ansible.builtin.set_fact:
|
|
_repo_result: "{{ _repo_check.stdout | trim }}"
|
|
_upgrade_available: "{{ _repo_check.stdout | trim != 'UP_TO_DATE' }}"
|
|
|
|
- name: Set upgrade target repository
|
|
ansible.builtin.set_fact:
|
|
upgrade_target_repo: "{{ _repo_result.split('|')[0] }}"
|
|
upgrade_target_description: "{{ _repo_result.split('|')[1] | default('Unknown') }}"
|
|
when: _upgrade_available
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# 2. Get current version information
|
|
# ---------------------------------------------------------------------------
|
|
- name: Get current pfSense version
|
|
ansible.builtin.raw: |
|
|
/bin/sh -c 'php -r "require_once(\"/etc/inc/pkg-utils.inc\"); \$v = get_system_pkg_version(false); echo \$v[\"installed_version\"] ?? \"Unknown\";"'
|
|
register: _current_version
|
|
changed_when: false
|
|
|
|
- name: Set current version fact
|
|
ansible.builtin.set_fact:
|
|
pfsense_current_version: "{{ _current_version.stdout | trim }}"
|
|
upgrade_available: "{{ _upgrade_available | default(false) }}"
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# 3. Get current repository name
|
|
# ---------------------------------------------------------------------------
|
|
- name: Get current default repository
|
|
ansible.builtin.raw: |
|
|
/bin/sh -c 'php -r "require_once(\"/etc/inc/pkg-utils.inc\"); foreach(pkg_list_repos() as \$r) { if (isset(\$r[\"default\"])) { echo \$r[\"name\"]; } }"'
|
|
register: _current_repo
|
|
changed_when: false
|
|
|
|
- name: Set current repo fact
|
|
ansible.builtin.set_fact:
|
|
current_repo: "{{ _current_repo.stdout | trim | default('Unknown') }}"
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# 4. Extract current branch from version (e.g., "26.03" from "26.03-RELEASE")
|
|
# ---------------------------------------------------------------------------
|
|
- name: Extract major.minor branch from version
|
|
ansible.builtin.set_fact:
|
|
pfsense_major_minor: "{{ pfsense_current_version.split('-')[0] }}"
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# 5. Display upgrade status report
|
|
# ---------------------------------------------------------------------------
|
|
- name: Display upgrade status report
|
|
ansible.builtin.debug:
|
|
msg:
|
|
- "============================================================"
|
|
- " Update Status: {{ inventory_hostname }}"
|
|
- "============================================================"
|
|
- " Current version : {{ pfsense_current_version }}"
|
|
- " Current branch : {{ pfsense_major_minor }}"
|
|
- " Current repo : {{ current_repo }}"
|
|
- "------------------------------------------------------------"
|
|
- " Upgrade available: {{ 'YES — ' ~ upgrade_target_repo ~ ' (' ~ upgrade_target_description ~ ')' if upgrade_available else 'NO — System is up to date' }}"
|
|
- "------------------------------------------------------------"
|
|
- " perform_upgrade : {{ perform_upgrade | bool }}"
|
|
- "============================================================"
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# 6. Warnings based on upgrade availability
|
|
# ---------------------------------------------------------------------------
|
|
- name: Warn if perform_upgrade is false but upgrade is available
|
|
ansible.builtin.debug:
|
|
msg: |
|
|
DRY RUN — Upgrade to {{ upgrade_target_repo }} is available but perform_upgrade=false.
|
|
Re-run with -e "perform_upgrade=true" to apply.
|
|
when:
|
|
- upgrade_available | bool
|
|
- not (perform_upgrade | bool)
|
|
|
|
- name: Display up-to-date message
|
|
ansible.builtin.debug:
|
|
msg: "System is up to date — no upgrade available"
|
|
when: not upgrade_available
|
|
|
|
- name: Set facts for downstream tasks (compatibility with existing verify.yml)
|
|
ansible.builtin.set_fact:
|
|
upgrade_available_version: "{{ upgrade_target_repo | default('') }}" |