ansible/freebsd-update.yml

# vim:ts=2:sw=2:et:filetype=ansible
---

- name: FreeBSD patches
  hosts: all
  become: true
  serial: 4
  order: shuffle
  vars_files:
    - ~/.ansible/my_vault.yml

  tasks:
    - name: Fetch updates
      command:
        cmd: /usr/sbin/freebsd-update fetch --not-running-from-cron
      environment:
        PAGER: cat
      register: fetchupdates
      # Need to have this working in check mode
      check_mode: false

    - name: show results of fetch updates
      debug:
        verbosity: 1
        msg: '{{ fetchupdates.stdout }}'
    - name: Check if updates are ready to install
      command:
        cmd: /usr/sbin/freebsd-update updatesready
      register: updatesready
      # Need to have this working in check mode
      check_mode: false
      # non zero exit code does not mean "failure" but "action needed"
      ignore_errors: true
      changed_when: updatesready.rc == 0
      failed_when: updatesready.rc == 1

    - name: show results of updatesready
      debug:
        verbosity: 1
        msg: '{{ updatesready.stdout }}'

    - name: Update when updates can be installed
      block:
        - name: Perform system updates
          import_tasks: tasks/update_install_freebsd.yml

        - name: Perform ezjail updates
          import_tasks: tasks/update_ezjail_freebsd.yml

        - name: Perform iocage updates
          import_tasks: tasks/update_iocage_freebsd.yml

        - name: Record installed kernel version
          command:
            cmd: /bin/freebsd-version -k
          check_mode: false
          register: installedkernel

        - name: Reboot system if newer kernel is found
          import_tasks: tasks/reboot_system.yml
          when: ansible_kernel != installedkernel.stdout

        - name: Perform system updates post reboot
          import_tasks: tasks/update_install_freebsd.yml
      when: updatesready.rc == 0
First iteration of update playbooks that work for FreeBSD/Debian 2024-06-12 11:22:54 +02:00			`# vim:ts=2:sw=2:et:filetype=ansible`
			`---`

			`- name: FreeBSD patches`
			`hosts: all`
			`become: true`
			`serial: 4`
			`order: shuffle`
			`vars_files:`
			`- ~/.ansible/my_vault.yml`

			`tasks:`
			`- name: Fetch updates`
			`command:`
			`cmd: /usr/sbin/freebsd-update fetch --not-running-from-cron`
			`environment:`
			`PAGER: cat`
			`register: fetchupdates`
			`# Need to have this working in check mode`
			`check_mode: false`

			`- name: show results of fetch updates`
			`debug:`
			`verbosity: 1`
			`msg: '{{ fetchupdates.stdout }}'`
			`- name: Check if updates are ready to install`
			`command:`
			`cmd: /usr/sbin/freebsd-update updatesready`
			`register: updatesready`
			`# Need to have this working in check mode`
			`check_mode: false`
			`# non zero exit code does not mean "failure" but "action needed"`
			`ignore_errors: true`
			`changed_when: updatesready.rc == 0`
			`failed_when: updatesready.rc == 1`

			`- name: show results of updatesready`
			`debug:`
			`verbosity: 1`
			`msg: '{{ updatesready.stdout }}'`

			`- name: Update when updates can be installed`
			`block:`
			`- name: Perform system updates`
			`import_tasks: tasks/update_install_freebsd.yml`

			`- name: Perform ezjail updates`
			`import_tasks: tasks/update_ezjail_freebsd.yml`

			`- name: Perform iocage updates`
			`import_tasks: tasks/update_iocage_freebsd.yml`

			`- name: Record installed kernel version`
			`command:`
			`cmd: /bin/freebsd-version -k`
			`check_mode: false`
			`register: installedkernel`

			`- name: Reboot system if newer kernel is found`
			`import_tasks: tasks/reboot_system.yml`
			`when: ansible_kernel != installedkernel.stdout`

			`- name: Perform system updates post reboot`
			`import_tasks: tasks/update_install_freebsd.yml`
			`when: updatesready.rc == 0`