Commit | Line | Data |
---|---|---|
6b6cc731 KS |
1 | --- |
2 | - name: Set next release | |
3 | hosts: all | |
4 | tasks: | |
5 | - debug: | |
6 | msg: "{{lookup('vars', ansible_distribution+'_releases', default=[])}}" | |
7 | - debug: | |
8 | msg: "{{ansible_distribution_release}}" | |
9 | - set_fact: | |
10 | release_index: "{{lookup('ansible.utils.index_of', data=lookup('vars', ansible_distribution+'_releases', default=[]), test='eq', value=ansible_distribution_release)}}" | |
11 | # If there is not a next release available (as defined below in Debian_releasess | |
12 | # or Ubuntu_releases), the execution of the playbook will fail at this step. | |
13 | - set_fact: | |
14 | next_release: "{{lookup('vars', ansible_distribution+'_releases')[release_index|int + 1]}}" | |
15 | - debug: | |
16 | msg: "{{next_release}}" | |
17 | vars: | |
18 | # 'stable' releases ordered from oldest to newest | |
19 | Debian_releases: | |
20 | - buster | |
21 | - bullseye | |
22 | - bookworm | |
23 | Ubuntu_releases: | |
24 | - xenial | |
25 | - bionic | |
26 | - focal | |
27 | - jammy | |
28 | - name: Run any outstanding upgrades | |
29 | hosts: all | |
30 | tasks: | |
31 | - apt: | |
32 | update_cache: true | |
33 | - apt: | |
34 | upgrade: dist | |
35 | - apt: | |
36 | autoremove: true | |
37 | purge: true | |
38 | - name: Pre-upgrade backups | |
39 | hosts: all | |
40 | tasks: | |
41 | - name: Check if /etc is a git repo | |
42 | register: etckeeper | |
43 | command: | |
44 | cmd: test -d /etc/.git | |
45 | ignore_errors: true | |
46 | - name: Tag etc configuration | |
47 | when: etckeeper.rc == 0 | |
48 | block: | |
49 | - command: | |
50 | chdir: /etc | |
51 | argv: | |
52 | - git | |
53 | - tag | |
54 | - "pre-{{next_release}}" | |
55 | - command: | |
56 | chdir: /etc | |
57 | cmd: 'git gc --prune' | |
58 | - name: Backup package state | |
59 | block: | |
60 | - shell: | |
61 | cmd: "tar czf /var/backups/pre-{{next_release}}-backup.tgz /etc /var/lib/dpkg /var/lib/apt/extended_states" | |
62 | # Mitogen doesn't seem to work with the 'archive' module, since tarfile is | |
63 | # "present in the Mitogent importer blacklist", so a shell command is used | |
64 | # here instead | |
65 | warn: false | |
66 | - shell: | |
67 | cmd: "dpkg --get-selections '*' > /var/backups/dpkg-selections-pre-{{next_release}}.txt" | |
68 | - file: | |
69 | path: "{{item}}" | |
70 | mode: '0600' | |
71 | with_items: | |
72 | - "/var/backups/pre-{{next_release}}-backup.tgz" | |
73 | - "/var/backups/dpkg-selections-pre-{{next_release}}.txt" | |
74 | - name: Debian major version upgrade | |
75 | hosts: all | |
76 | when: ansible_distribution == 'Debian' | |
77 | vars: | |
78 | apt_noninteractive_environment: | |
79 | DEBIAN_FRONTEND: noninteractive | |
80 | APT_LISTCHANGES_FRONTEND: mail | |
81 | tasks: | |
82 | # @TODO: Remove pins | |
83 | # @TODO: Should 3rd party sources be removed? | |
84 | # @TODO: Ensure kernel package is installed | |
85 | # @TODO: Should a 2nd sshd be started on a non-standard port in case of failure? | |
86 | - name: dpkg audit | |
87 | command: | |
88 | cmd: 'dpkg --audit' | |
89 | - name: show holds | |
90 | command: | |
91 | cmd: 'apt-mark showhold' | |
92 | - name: remove all holds | |
93 | command: | |
94 | cmd: "apt-mark unhold '*'" | |
95 | - name: Replace release in apt sources.list | |
96 | replace: | |
97 | regexp: "{{ansible_distribution_release}}" | |
98 | replace: "{{next_release}}" | |
99 | path: /etc/apt/sources.list | |
100 | - name: Replace release in apt sources.list.d | |
101 | shell: | |
102 | cmd: "sed -i 's/{{ansible_distribution_release}}/{{next_release}}/' /etc/apt/sources.list.d/*" | |
103 | warn: false | |
104 | ignore_errors: true | |
105 | - apt: | |
106 | update_cache: true | |
107 | # @TODO: Check required disk space and available disk space | |
108 | - name: Download packages | |
109 | command: | |
110 | cmd: 'apt-get -y -d upgrade' | |
111 | warn: false | |
112 | environment: "{{apt_noninteractive_environment}}" | |
113 | - name: Minimal upgrade run | |
114 | command: | |
115 | cmd: 'apt upgrade -y --without-new-pkgs' | |
116 | warn: false | |
117 | environment: "{{apt_noninteractive_environment}}" | |
118 | - name: Full upgrade run | |
119 | command: | |
120 | cmd: 'apt full-upgrade -y' | |
121 | warn: false | |
122 | environment: "{{apt_noninteractive_environment}}" | |
123 | # @TODO: reconfigure grub if installed | |
124 | # `dpkg-reconfigure grub-pc` on many systems, but not all | |
125 | # @TODO: Our instances often have an OS version identifier, | |
126 | # it would be handy to do a replace in /etc/hostname | |
127 | # before rebooting | |
128 | - name: Reboot | |
129 | command: /usr/sbin/reboot | |
130 | async: 0 | |
131 | poll: 0 | |
132 | ignore_errors: true | |
133 | register: last_result | |
134 | - name: wait for the server to reboot | |
135 | local_action: wait_for host={{ inventory_hostname }} | |
136 | port=22 | |
137 | delay=1 | |
138 | timeout=300 | |
139 | state=started | |
140 | when: last_result.changed | |
141 | become: false | |
142 | - name: Purge configuration of removed packages | |
143 | command: | |
144 | cmd: "apt -y purge '~c'" | |
145 | warn: false | |
146 | environment: "{{apt_noninteractive_environment}}" | |
147 | - name: Purge obsolete packages | |
148 | command: | |
149 | cmd: "apt -y purge '~o'" | |
150 | warn: false | |
151 | environment: "{{apt_noninteractive_environment}}" | |
152 | - name: Ubuntu major version upgrade | |
153 | hosts: all | |
154 | when: ansible_distribution == 'Ubuntu' | |
155 | tasks: | |
156 | - name: Do release upgrade | |
157 | command: | |
158 | cmd: 'do-release-upgrade -m server --frontend=DistUpgradeViewNonInteractive' | |
159 | - name: Post-upgrade tasks | |
160 | hosts: all | |
161 | tasks: | |
162 | - name: Mark rsyslog as auto | |
163 | when: next_release == 'bookworm' | |
164 | command: | |
165 | cmd: 'apt-mark auto rsyslog' | |
166 | - name: Autoremove any packages | |
167 | apt: | |
168 | autoremove: true | |
169 | purge: true | |
170 | - name: Clean apt cache | |
171 | apt: | |
172 | autoclean: true |