146 lines
5.5 KiB
YAML
146 lines
5.5 KiB
YAML
---
|
|
# roles/pfsense_upgrade/tasks/update_check.yml
|
|
# Dynamic upgrade detection using pfSense repository system
|
|
# Works with tcsh default shell on pfSense
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# 1. Detect available repositories and identify upgrade target
|
|
# ---------------------------------------------------------------------------
|
|
- name: Create temporary PHP script for repo detection
|
|
ansible.builtin.raw: |
|
|
cat > /tmp/check_repo.php << 'PHPEOF'
|
|
<?php
|
|
require_once('/etc/inc/pkg-utils.inc');
|
|
$repos = pkg_list_repos();
|
|
$upgrade = '';
|
|
foreach($repos as $r) {
|
|
if (!isset($r['default'])) {
|
|
echo $r['name'] . '|' . $r['descr'];
|
|
exit;
|
|
}
|
|
}
|
|
echo 'UP_TO_DATE';
|
|
PHPEOF
|
|
register: _create_script
|
|
changed_when: false
|
|
|
|
- name: Execute the repository check
|
|
ansible.builtin.raw: /bin/sh -c "php /tmp/check_repo.php"
|
|
register: _repo_check
|
|
changed_when: false
|
|
|
|
- name: Remove temporary script
|
|
ansible.builtin.raw: rm -f /tmp/check_repo.php
|
|
changed_when: false
|
|
|
|
- name: Parse repository check result
|
|
ansible.builtin.set_fact:
|
|
_repo_result: "{{ _repo_check.stdout | trim }}"
|
|
_upgrade_available: "{{ _repo_check.stdout | trim != 'UP_TO_DATE' }}"
|
|
|
|
- name: Set upgrade target repository
|
|
ansible.builtin.set_fact:
|
|
upgrade_target_repo: "{{ _repo_result.split('|')[0] }}"
|
|
upgrade_target_description: "{{ _repo_result.split('|')[1] | default('Unknown') }}"
|
|
when: _upgrade_available
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# 2. Get current version information
|
|
# ---------------------------------------------------------------------------
|
|
- name: Create temp script for version detection
|
|
ansible.builtin.raw: |
|
|
cat > /tmp/get_version.php << 'PHPEOF'
|
|
<?php
|
|
require_once('/etc/inc/pkg-utils.inc');
|
|
$v = get_system_pkg_version(false);
|
|
echo $v['installed_version'] ?? 'Unknown';
|
|
PHPEOF
|
|
|
|
- name: Execute version check
|
|
ansible.builtin.raw: /bin/sh -c "php /tmp/get_version.php"
|
|
register: _current_version
|
|
changed_when: false
|
|
|
|
- name: Clean up version script
|
|
ansible.builtin.raw: rm -f /tmp/get_version.php
|
|
changed_when: false
|
|
|
|
- name: Set current version fact
|
|
ansible.builtin.set_fact:
|
|
pfsense_current_version: "{{ _current_version.stdout | trim }}"
|
|
upgrade_available: "{{ _upgrade_available | default(false) }}"
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# 3. Get current repository name
|
|
# ---------------------------------------------------------------------------
|
|
- name: Create temp script for current repo detection
|
|
ansible.builtin.raw: |
|
|
cat > /tmp/get_repo.php << 'PHPEOF'
|
|
<?php
|
|
require_once('/etc/inc/pkg-utils.inc');
|
|
foreach(pkg_list_repos() as $r) {
|
|
if (isset($r['default'])) {
|
|
echo $r['name'];
|
|
exit;
|
|
}
|
|
}
|
|
PHPEOF
|
|
|
|
- name: Execute current repo check
|
|
ansible.builtin.raw: /bin/sh -c "php /tmp/get_repo.php"
|
|
register: _current_repo
|
|
changed_when: false
|
|
|
|
- name: Clean up repo script
|
|
ansible.builtin.raw: rm -f /tmp/get_repo.php
|
|
changed_when: false
|
|
|
|
- name: Set current repo fact
|
|
ansible.builtin.set_fact:
|
|
current_repo: "{{ _current_repo.stdout | trim | default('Unknown') }}"
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# 4. Extract current branch from version (e.g., "26.03" from "26.03-RELEASE")
|
|
# ---------------------------------------------------------------------------
|
|
- name: Extract major.minor branch from version
|
|
ansible.builtin.set_fact:
|
|
pfsense_major_minor: "{{ pfsense_current_version.split('-')[0] }}"
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# 5. Display upgrade status report
|
|
# ---------------------------------------------------------------------------
|
|
- name: Display upgrade status report
|
|
ansible.builtin.debug:
|
|
msg:
|
|
- "============================================================"
|
|
- " Update Status: {{ inventory_hostname }}"
|
|
- "============================================================"
|
|
- " Current version : {{ pfsense_current_version }}"
|
|
- " Current branch : {{ pfsense_major_minor }}"
|
|
- " Current repo : {{ current_repo }}"
|
|
- "------------------------------------------------------------"
|
|
- " Upgrade available: {{ 'YES — ' ~ upgrade_target_repo ~ ' (' ~ upgrade_target_description ~ ')' if upgrade_available else 'NO — System is up to date' }}"
|
|
- "------------------------------------------------------------"
|
|
- " perform_upgrade : {{ perform_upgrade | bool }}"
|
|
- "============================================================"
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# 6. Warnings based on upgrade availability
|
|
# ---------------------------------------------------------------------------
|
|
- name: Warn if perform_upgrade is false but upgrade is available
|
|
ansible.builtn.debug:
|
|
msg: |
|
|
DRY RUN — Upgrade to {{ upgrade_target_repo }} is available but perform_upgrade=false.
|
|
Re-run with -e "perform_upgrade=true" to apply.
|
|
when:
|
|
- upgrade_available | bool
|
|
- not (perform_upgrade | bool)
|
|
|
|
- name: Display up-to-date message
|
|
ansible.builtin.debug:
|
|
msg: "System is up to date — no upgrade available"
|
|
when: not upgrade_available
|
|
|
|
- name: Set facts for downstream tasks (compatibility with existing verify.yml)
|
|
ansible.builtin.set_fact:
|
|
upgrade_available_version: "{{ upgrade_target_repo | default('') }}" |