VOICE1/ansible-msp-automations
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
960f8fa2ba23613562534e10b9f311fdfa693b16
ansible-msp-automations/roles/pfsense_upgrade/tasks/verify.yml
Ben D. 03e889051e Added pfsense upgrade roles
2026-04-27 13:15:56 -07:00

63 lines
2.3 KiB
YAML
Raw Blame History

---
# roles/pfsense_upgrade/tasks/verify.yml
# Verifies the system is healthy after upgrade and reports the new version.
- name: Wait an additional grace period before verifying
ansible.builtin.pause:
seconds: 15
- name: Read post-upgrade version
ansible.builtin.raw: cat {{ pfsense_version_file }}
register: _new_version_raw
changed_when: false
retries: 3
delay: 10
- name: Set post-upgrade version fact
ansible.builtin.set_fact:
pfsense_new_version: "{{ _new_version_raw.stdout | trim }}"
- name: Verify pfSense web GUI is responding (port 443)
ansible.builtin.raw: >
fetch -q -o /dev/null --no-verify-peer https://127.0.0.1/ 2>&1 || true
register: _webgui_check
changed_when: false
failed_when: false
- name: Check that key pfSense services are running
ansible.builtin.raw: >
sockstat -l | grep -E ':(53|443|80)\b' | wc -l | tr -d ' '
register: _services_check
changed_when: false
failed_when: false
- name: Run pfSense-upgrade --check post-upgrade (confirm up-to-date)
ansible.builtin.raw: >
{{ pfsense_upgrade_bin }} -d -c 2>&1
register: _post_upgrade_check
changed_when: false
failed_when: false
- name: Upgrade result summary
ansible.builtin.debug:
msg:
- "============================================================"
- " Upgrade Result: {{ inventory_hostname }}"
- "============================================================"
- " Previous version : {{ pfsense_current_version }}"
- " New version : {{ pfsense_new_version }}"
- " Version changed : {{ pfsense_current_version != pfsense_new_version }}"
- " Listening ports : {{ _services_check.stdout | trim }} found (DNS/HTTP/HTTPS)"
- " Post-upg check : {{ 'Up to date' if _post_upgrade_check.rc == 0 else 'May still have pending updates' }}"
- "============================================================"
- name: Fail if version did not change after upgrade attempt
ansible.builtin.fail:
msg: >
pfSense version on {{ inventory_hostname }} is still {{ pfsense_new_version }}
after upgrade attempt (was {{ pfsense_current_version }}).
The upgrade may not have applied correctly — check the host manually.
when:
- pfsense_current_version == pfsense_new_version
- upgrade_available | bool
Reference in New Issue View Git Blame Copy Permalink