ansible/debian-distupgrade.yml

# vim:ts=2:sw=2:et:filetype=ansible
---

- name: Debian dist-upgrade
  hosts: all
  become: true
  serial: 4
  order: shuffle
  vars:
    disk_free_percentage: 20
    required_pkgs:
      - needrestart
    debian_supported:
      - bookworm
      - bullseye
      - buster
    debian_upgrade_matrix:
      buster: bullseye
      bullseye: bookworm
  vars_files:
    - ~/.ansible/my_vault.yml

  pre_tasks:
    - name: Abort automated dist-upgrade non Debian systems
      ansible.builtin.fail:
        msg: 'Not dist-upgrading non-Debian system {{ inventory_hostname }}/{{ ansible_hostname }} ({{ansible_distribution_release}}/{{ ansible_distribution_version }}), aborting. Please upgrade to supported version'
      when: "ansible_facts['os_family']|lower != 'debian'"
    - name: Abort automated dist-upgrade for EOL systems
      ansible.builtin.fail:
        msg: 'Not dist-upgrading EOL system {{ inventory_hostname }}/{{ ansible_hostname }} ({{ansible_distribution_release}}/{{ ansible_distribution_version }}), aborting. Please upgrade to supported version'
      when: "ansible_distribution == 'Debian' and ansible_distribution_release not in debian_supported"
    - name: Check available space 
      import_tasks: tasks/check-disk-free.yml

  tasks:
    - name: "Install mandatory packages"
      apt:
        pkg: '{{ required_pkgs }}'

    - name: Tell we are not going to do dist-upgrade, if not in the upgrade matrix
      ansible.builtin.fail:

        msg: 'Upgrading {{ ansible_distribution_release }} is not possible, upgrade path not seen in upgrade matrix'
      when: "ansible_distribution_release not in debian_upgrade_matrix"
    - name: Tell we are going to do dist-upgrade
      ansible.builtin.debug:
        msg: 'Upgrade {{ ansible_distribution_release }} to {{ debian_upgrade_matrix[ansible_distribution_release] }}'
      when: "ansible_distribution_release in debian_upgrade_matrix"
    - name: Find apt sources mentioning Debian distribution name
      ansible.builtin.find:
        paths:
          - /etc/apt/sources.list.d
        patterns: '*.list'
        contains: '.*\b{{ ansible_distribution_release }}\b'
      register: apt_sources

    - name: set apt_sources_files
      ansible.builtin.set_fact:
        apt_sources_files: '{{ ["/etc/apt/sources.list"] + (apt_sources.files | map(attribute="path") )}}'

    - name: Record current selections
      ansible.builtin.command:
        cmd: '/usr/bin/dpkg --get-selections "*"'
      register: dpkg_selections_all_pre
      check_mode: false # Need to have this working in check mode

    - name: Log current selections
      ansible.builtin.copy:
        content: |
          Results of dpkg --get-selections "*"
          {{ dpkg_selections_all_pre.msg }}

          {% if dpkg_selections_all_pre.stdout is defined %}
          stdout of apt

          {{ dpkg_selections_all_pre.stdout }}
          {% endif %}

          {% if dpkg_selections_all_pre.stderr is defined %}
          stderr of apt

          {{ dpkg_selections_all_pre.stderr }}
          {% endif %}
        dest: "/var/log/apt/distupgrade-pre-{{ ansible_distribution_release }}-{{ debian_upgrade_matrix[ansible_distribution_release] }}-{{'%FT%T' | strftime}}.log"

    - name: Dist upgrade on the current release to sync up and catch errors
      import_tasks: tasks/dist_upgrade_debian.yml

    - name: Show found apt source file
      ansible.builtin.debug:
        msg: 'Adjusting {{ item }}'
      loop: '{{ apt_sources_files }}'

    - name: Replace debian-security bullseye/updates with bullseye-security
      ansible.builtin.replace:
        regexp: 'debian-security buster/updates'
        replace: 'buster-security'
        path: '{{ item }}'
        backup: true
      loop: '{{ apt_sources_files }}'
      when: "ansible_distribution == 'Debian' and ansible_distribution_release  == 'buster'"

    - name: Replace dist name in apt sources
      ansible.builtin.replace:
        regexp: '\b{{ ansible_distribution_release }}\b'
        replace: '{{ debian_upgrade_matrix[ansible_distribution_release] }}'
        path: '{{ item }}'
        backup: true
      loop: '{{ apt_sources_files }}'
      loop_control:
        label: 'Replacing {{ ansible_distribution_release }} with {{ debian_upgrade_matrix[ansible_distribution_release] }} in {{ item }}'
      register: apt_sources_files_replacements

    - name: Show replacements
      ansible.builtin.debug:
        var: apt_sources_files_replacements

    - name: Dist upgrade on to get to the new release
      import_tasks: tasks/dist_upgrade_debian.yml

    - name: Record current selections after upgrade
      ansible.builtin.command:
        cmd: '/usr/bin/dpkg --get-selections "*"'
      register: dpkg_selections_all_post
      check_mode: false # Need to have this working in check mode

    - name: Log current selections
      ansible.builtin.copy:
        content: |
          Results of dpkg --get-selections "*"
          {{ dpkg_selections_all_post.msg }}

          {% if dpkg_selections_all_post.stdout is defined %}
          stdout of apt

          {{ dpkg_selections_all_post.stdout }}
          {% endif %}

          {% if dpkg_selections_all_post.stderr is defined %}
          stderr of apt

          {{ dpkg_selections_all_post.stderr }}
          {% endif %}
        dest: "/var/log/apt/distupgrade-post-{{ ansible_distribution_release }}-{{ debian_upgrade_matrix[ansible_distribution_release] }}-{{'%FT%T' | strftime}}.log"