62 lines
2.3 KiB
YAML
62 lines
2.3 KiB
YAML
---
|
|
# roles/pfsense_upgrade/tasks/verify.yml
|
|
# Verifies the system is healthy after upgrade and reports the new version.
|
|
|
|
- name: Wait an additional grace period before verifying
|
|
ansible.builtin.pause:
|
|
seconds: 15
|
|
|
|
- name: Read post-upgrade version
|
|
ansible.builtin.raw: cat {{ pfsense_version_file }}
|
|
register: _new_version_raw
|
|
changed_when: false
|
|
retries: 3
|
|
delay: 10
|
|
|
|
- name: Set post-upgrade version fact
|
|
ansible.builtin.set_fact:
|
|
pfsense_new_version: "{{ _new_version_raw.stdout | trim }}"
|
|
|
|
- name: Verify pfSense web GUI is responding (port 443)
|
|
ansible.builtin.raw: >
|
|
fetch -q -o /dev/null --no-verify-peer https://127.0.0.1/ 2>&1 || true
|
|
register: _webgui_check
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Check that key pfSense services are running
|
|
ansible.builtin.raw: >
|
|
sockstat -l | grep -E ':(53|443|80)\b' | wc -l | tr -d ' '
|
|
register: _services_check
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Run pfSense-upgrade --check post-upgrade (confirm up-to-date)
|
|
ansible.builtin.raw: >
|
|
sudo {{ pfsense_upgrade_bin }} -d -c 2>&1
|
|
register: _post_upgrade_check
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Upgrade result summary
|
|
ansible.builtin.debug:
|
|
msg:
|
|
- "============================================================"
|
|
- " Upgrade Result: {{ inventory_hostname }}"
|
|
- "============================================================"
|
|
- " Previous version : {{ pfsense_current_version }}"
|
|
- " New version : {{ pfsense_new_version }}"
|
|
- " Version changed : {{ pfsense_current_version != pfsense_new_version }}"
|
|
- " Listening ports : {{ _services_check.stdout | trim }} found (DNS/HTTP/HTTPS)"
|
|
- " Post-upg check : {{ 'Up to date' if _post_upgrade_check.rc == 0 else 'May still have pending updates' }}"
|
|
- "============================================================"
|
|
|
|
- name: Fail if version did not change after upgrade attempt
|
|
ansible.builtin.fail:
|
|
msg: >
|
|
pfSense version on {{ inventory_hostname }} is still {{ pfsense_new_version }}
|
|
after upgrade attempt (was {{ pfsense_current_version }}).
|
|
The upgrade may not have applied correctly — check the host manually.
|
|
when:
|
|
- pfsense_current_version == pfsense_new_version
|
|
- upgrade_available | bool |