# vim:ts=2:sw=2:et:filetype=ansible --- - name: FreeBSD patches hosts: all become: true serial: 4 order: shuffle vars_files: - ~/.ansible/my_vault.yml tasks: - name: Fetch updates ansible.builtin.command: cmd: /usr/sbin/freebsd-update fetch --not-running-from-cron environment: PAGER: cat changed_when: '"No updates needed to update" not in fetchupdates.stdout' register: fetchupdates # Need to have this working in check mode check_mode: false - name: Show results of fetch updates ansible.builtin.debug: verbosity: 1 msg: '{{ fetchupdates.stdout }}' - name: Check if updates are ready to install ansible.builtin.command: cmd: /usr/sbin/freebsd-update updatesready register: updatesready # Need to have this working in check mode check_mode: false # non zero exit code does not mean "failure" but "action needed" ignore_errors: true changed_when: updatesready.rc == 0 failed_when: updatesready.rc == 1 - name: Show results of updatesready ansible.builtin.debug: verbosity: 1 msg: '{{ updatesready.stdout }}' - name: Update when updates can be installed when: updatesready.rc == 0 block: - name: Perform system updates ansible.builtin.import_tasks: tasks/update_install_freebsd.yml - name: Perform ezjail updates ansible.builtin.import_tasks: tasks/update_ezjail_freebsd.yml - name: Perform iocage updates ansible.builtin.import_tasks: tasks/update_iocage_freebsd.yml - name: Record installed kernel version ansible.builtin.command: cmd: /bin/freebsd-version -k changed_when: false check_mode: false register: installedkernel - name: Reboot system if newer kernel is found ansible.builtin.import_tasks: tasks/reboot_system.yml when: ansible_kernel != installedkernel.stdout - name: Perform system updates post reboot ansible.builtin.import_tasks: tasks/update_install_freebsd.yml