# vim:ts=2:sw=2:et:filetype=ansible
---

- name: FreeBSD patches
  hosts: all
  become: true
  serial: 4
  order: shuffle
  vars_files:
    - ~/.ansible/my_vault.yml

  tasks:
    - name: Fetch updates
      command:
        cmd: /usr/sbin/freebsd-update fetch --not-running-from-cron
      environment:
        PAGER: cat
      register: fetchupdates
      # Need to have this working in check mode
      check_mode: false

    - name: show results of fetch updates
      debug:
        verbosity: 1
        msg: '{{ fetchupdates.stdout }}'
    - name: Check if updates are ready to install
      command:
        cmd: /usr/sbin/freebsd-update updatesready
      register: updatesready
      # Need to have this working in check mode
      check_mode: false
      # non zero exit code does not mean "failure" but "action needed"
      ignore_errors: true
      changed_when: updatesready.rc == 0
      failed_when: updatesready.rc == 1

    - name: show results of updatesready
      debug:
        verbosity: 1
        msg: '{{ updatesready.stdout }}'

    - name: Update when updates can be installed
      block:
        - name: Perform system updates
          import_tasks: tasks/update_install_freebsd.yml

        - name: Perform ezjail updates
          import_tasks: tasks/update_ezjail_freebsd.yml

        - name: Perform iocage updates
          import_tasks: tasks/update_iocage_freebsd.yml

        - name: Record installed kernel version
          command:
            cmd: /bin/freebsd-version -k
          check_mode: false
          register: installedkernel

        - name: Reboot system if newer kernel is found
          import_tasks: tasks/reboot_system.yml
          when: ansible_kernel != installedkernel.stdout

        - name: Perform system updates post reboot
          import_tasks: tasks/update_install_freebsd.yml
      when: updatesready.rc == 0