34 lines
1.3 KiB
YAML
34 lines
1.3 KiB
YAML
---
|
|
# pfSense Upgrade Playbook
|
|
# Upgrades pfSense systems within their current version branch.
|
|
# Detects available stable releases and reports or applies upgrades.
|
|
#
|
|
# Usage:
|
|
# ansible-playbook upgrade.yml -i inventory/hosts.yml
|
|
# ansible-playbook upgrade.yml -i inventory/hosts.yml --tags check # dry-run only
|
|
# ansible-playbook upgrade.yml -i inventory/hosts.yml -e "perform_upgrade=true"
|
|
# ansible-playbook upgrade.yml -i inventory/hosts.yml -e "perform_upgrade=true allow_major_upgrade=true"
|
|
|
|
- name: pfSense Upgrade
|
|
hosts: pfsense_nodes
|
|
gather_facts: true
|
|
become: false
|
|
serial: 1 # Upgrade one host at a time to preserve redundancy
|
|
|
|
vars:
|
|
perform_upgrade: false # Safety gate — must be explicitly set to true
|
|
allow_major_upgrade: false # Set true to allow crossing major version branches
|
|
reboot_timeout: 300 # Seconds to wait for host after reboot
|
|
upgrade_check_timeout: 120 # Seconds before pfSense-upgrade check times out
|
|
ansible_ssh_common_args: >-
|
|
-o ControlMaster=no
|
|
-o ControlPersist=no
|
|
-o ControlPath=none
|
|
-o StrictHostKeyChecking=no
|
|
-o UserKnownHostsFile=/dev/null
|
|
-o ConnectTimeout=15
|
|
-o ServerAliveInterval=10
|
|
-o ServerAliveCountMax=3
|
|
roles:
|
|
- pfsense_upgrade
|