[lttng-ci.git] / automation / ansible / playbooks / debian-upgrade.yml

---
- name: Set next release
  hosts: all
  tasks:
    - debug:
        msg: "{{lookup('vars', ansible_distribution+'_releases', default=[])}}"
    - debug:
        msg: "{{ansible_distribution_release}}"
    - set_fact:
        release_index: "{{lookup('ansible.utils.index_of', data=lookup('vars', ansible_distribution+'_releases', default=[]), test='eq', value=ansible_distribution_release)}}"
    # If there is not a next release available (as defined below in Debian_releasess
    # or Ubuntu_releases), the execution of the playbook will fail at this step.
    - set_fact:
        next_release: "{{lookup('vars', ansible_distribution+'_releases')[release_index|int + 1]}}"
    - debug:
        msg: "{{next_release}}"
  vars:
    # 'stable' releases ordered from oldest to newest
    Debian_releases:
      - buster
      - bullseye
      - bookworm
    Ubuntu_releases:
      - xenial
      - bionic
      - focal
      - jammy
- name: Run any outstanding upgrades
  hosts: all
  tasks:
    - apt:
        update_cache: true
    - apt:
        upgrade: dist
    - apt:
        autoremove: true
        purge: true
- name: Pre-upgrade backups
  hosts: all
  tasks:
    - name: Check if /etc is a git repo
      register: etckeeper
      command:
        cmd: test -d /etc/.git
      ignore_errors: true
    - name: Tag etc configuration
      when: etckeeper.rc == 0
      block:
        - command:
            chdir: /etc
            argv:
              - git
              - tag
              - "pre-{{next_release}}"
        - command:
            chdir: /etc
            cmd: 'git gc --prune'
    - name: Backup package state
      block:
        - shell:
            cmd: "tar czf /var/backups/pre-{{next_release}}-backup.tgz /etc /var/lib/dpkg /var/lib/apt/extended_states"
            # Mitogen doesn't seem to work with the 'archive' module, since tarfile is
            # "present in the Mitogent importer blacklist", so a shell command is used
            # here instead
            warn: false
        - shell:
            cmd: "dpkg --get-selections '*' > /var/backups/dpkg-selections-pre-{{next_release}}.txt"
        - file:
            path: "{{item}}"
            mode: '0600'
          with_items:
            - "/var/backups/pre-{{next_release}}-backup.tgz"
            - "/var/backups/dpkg-selections-pre-{{next_release}}.txt"
- name: Debian major version upgrade
  hosts: all
  when: ansible_distribution == 'Debian'
  vars:
    apt_noninteractive_environment:
      DEBIAN_FRONTEND: noninteractive
      APT_LISTCHANGES_FRONTEND: mail
  tasks:
    # @TODO: Remove pins
    # @TODO: Should 3rd party sources be removed?
    # @TODO: Ensure kernel package is installed
    # @TODO: Should a 2nd sshd be started on a non-standard port in case of failure?
    - name: dpkg audit
      command:
        cmd: 'dpkg --audit'
    - name: show holds
      command:
        cmd: 'apt-mark showhold'
    - name: remove all holds
      command:
        cmd: "apt-mark unhold '*'"
    - name: Replace release in apt sources.list
      replace:
        regexp: "{{ansible_distribution_release}}"
        replace: "{{next_release}}"
        path: /etc/apt/sources.list
    - name: Replace release in apt sources.list.d
      shell:
        cmd: "sed -i 's/{{ansible_distribution_release}}/{{next_release}}/' /etc/apt/sources.list.d/*"
        warn: false
      ignore_errors: true
    - apt:
        update_cache: true
    # @TODO: Check required disk space and available disk space
    - name: Download packages
      command:
        cmd: 'apt-get -y -d upgrade'
        warn: false
      environment: "{{apt_noninteractive_environment}}"
    - name: Minimal upgrade run
      command:
        cmd: 'apt upgrade -y --without-new-pkgs'
        warn: false
      environment: "{{apt_noninteractive_environment}}"
    - name: Full upgrade run
      command:
        cmd: 'apt full-upgrade -y'
        warn: false
      environment: "{{apt_noninteractive_environment}}"
    # @TODO: reconfigure grub if installed
    # `dpkg-reconfigure grub-pc` on many systems, but not all
    # @TODO: Our instances often have an OS version identifier,
    # it would be handy to do a replace in /etc/hostname
    # before rebooting
    - name: Reboot
      command: /usr/sbin/reboot
      async: 0
      poll: 0
      ignore_errors: true
      register: last_result
    - name: wait for the server to reboot
      local_action: wait_for host={{ inventory_hostname }}
                   port=22
                   delay=1
                   timeout=300
                   state=started
      when: last_result.changed
      become: false
    - name: Purge configuration of removed packages
      command:
        cmd: "apt -y purge '~c'"
        warn: false
      environment: "{{apt_noninteractive_environment}}"
    - name: Purge obsolete packages
      command:
        cmd: "apt -y purge '~o'"
        warn: false
      environment: "{{apt_noninteractive_environment}}"
- name: Ubuntu major version upgrade
  hosts: all
  when: ansible_distribution == 'Ubuntu'
  tasks:
    - name: Do release upgrade
      command:
        cmd: 'do-release-upgrade -m server --frontend=DistUpgradeViewNonInteractive'
- name: Post-upgrade tasks
  hosts: all
  tasks:
    - name: Mark rsyslog as auto
      when: next_release == 'bookworm'
      command:
        cmd: 'apt-mark auto rsyslog'
    - name: Autoremove any packages
      apt:
        autoremove: true
        purge: true
    - name: Clean apt cache
      apt:
        autoclean: true
Commit	Line	Data
6b6cc731 KS	1	---
	2	- name: Set next release
	3	hosts: all
	4	tasks:
	5	- debug:
	6	msg: "{{lookup('vars', ansible_distribution+'_releases', default=[])}}"
	7	- debug:
	8	msg: "{{ansible_distribution_release}}"
	9	- set_fact:
	10	release_index: "{{lookup('ansible.utils.index_of', data=lookup('vars', ansible_distribution+'_releases', default=[]), test='eq', value=ansible_distribution_release)}}"
	11	# If there is not a next release available (as defined below in Debian_releasess
	12	# or Ubuntu_releases), the execution of the playbook will fail at this step.
	13	- set_fact:
	14	next_release: "{{lookup('vars', ansible_distribution+'_releases')[release_index\|int + 1]}}"
	15	- debug:
	16	msg: "{{next_release}}"
	17	vars:
	18	# 'stable' releases ordered from oldest to newest
	19	Debian_releases:
	20	- buster
	21	- bullseye
	22	- bookworm
	23	Ubuntu_releases:
	24	- xenial
	25	- bionic
	26	- focal
	27	- jammy
	28	- name: Run any outstanding upgrades
	29	hosts: all
	30	tasks:
	31	- apt:
	32	update_cache: true
	33	- apt:
	34	upgrade: dist
	35	- apt:
	36	autoremove: true
	37	purge: true
	38	- name: Pre-upgrade backups
	39	hosts: all
	40	tasks:
	41	- name: Check if /etc is a git repo
	42	register: etckeeper
	43	command:
	44	cmd: test -d /etc/.git
	45	ignore_errors: true
	46	- name: Tag etc configuration
	47	when: etckeeper.rc == 0
	48	block:
	49	- command:
	50	chdir: /etc
	51	argv:
	52	- git
	53	- tag
	54	- "pre-{{next_release}}"
	55	- command:
	56	chdir: /etc
	57	cmd: 'git gc --prune'
	58	- name: Backup package state
	59	block:
	60	- shell:
	61	cmd: "tar czf /var/backups/pre-{{next_release}}-backup.tgz /etc /var/lib/dpkg /var/lib/apt/extended_states"
	62	# Mitogen doesn't seem to work with the 'archive' module, since tarfile is
	63	# "present in the Mitogent importer blacklist", so a shell command is used
	64	# here instead
65	warn: false
66	- shell:
67	cmd: "dpkg --get-selections '*' > /var/backups/dpkg-selections-pre-{{next_release}}.txt"
68	- file:
69	path: "{{item}}"
70	mode: '0600'
71	with_items:
72	- "/var/backups/pre-{{next_release}}-backup.tgz"
73	- "/var/backups/dpkg-selections-pre-{{next_release}}.txt"
74	- name: Debian major version upgrade
75	hosts: all
76	when: ansible_distribution == 'Debian'
77	vars:
78	apt_noninteractive_environment:
79	DEBIAN_FRONTEND: noninteractive
80	APT_LISTCHANGES_FRONTEND: mail
81	tasks:
82	# @TODO: Remove pins
83	# @TODO: Should 3rd party sources be removed?
84	# @TODO: Ensure kernel package is installed
85	# @TODO: Should a 2nd sshd be started on a non-standard port in case of failure?
86	- name: dpkg audit
87	command:
88	cmd: 'dpkg --audit'
89	- name: show holds
90	command:
91	cmd: 'apt-mark showhold'
92	- name: remove all holds
93	command:
94	cmd: "apt-mark unhold '*'"
95	- name: Replace release in apt sources.list
96	replace:
97	regexp: "{{ansible_distribution_release}}"
98	replace: "{{next_release}}"
99	path: /etc/apt/sources.list
100	- name: Replace release in apt sources.list.d
101	shell:
102	cmd: "sed -i 's/{{ansible_distribution_release}}/{{next_release}}/' /etc/apt/sources.list.d/*"
103	warn: false
104	ignore_errors: true
105	- apt:
106	update_cache: true
107	# @TODO: Check required disk space and available disk space
108	- name: Download packages
109	command:
110	cmd: 'apt-get -y -d upgrade'
111	warn: false
112	environment: "{{apt_noninteractive_environment}}"
113	- name: Minimal upgrade run
114	command:
115	cmd: 'apt upgrade -y --without-new-pkgs'
116	warn: false
117	environment: "{{apt_noninteractive_environment}}"
118	- name: Full upgrade run
119	command:
120	cmd: 'apt full-upgrade -y'
121	warn: false
122	environment: "{{apt_noninteractive_environment}}"
123	# @TODO: reconfigure grub if installed
124	# `dpkg-reconfigure grub-pc` on many systems, but not all
125	# @TODO: Our instances often have an OS version identifier,
126	# it would be handy to do a replace in /etc/hostname
127	# before rebooting
128	- name: Reboot
129	command: /usr/sbin/reboot
130	async: 0
131	poll: 0
132	ignore_errors: true
133	register: last_result
134	- name: wait for the server to reboot
135	local_action: wait_for host={{ inventory_hostname }}
136	port=22
137	delay=1
138	timeout=300
139	state=started
140	when: last_result.changed
141	become: false
142	- name: Purge configuration of removed packages
143	command:
144	cmd: "apt -y purge '~c'"
145	warn: false
146	environment: "{{apt_noninteractive_environment}}"
147	- name: Purge obsolete packages
148	command:
149	cmd: "apt -y purge '~o'"
150	warn: false
151	environment: "{{apt_noninteractive_environment}}"
152	- name: Ubuntu major version upgrade
153	hosts: all
154	when: ansible_distribution == 'Ubuntu'
155	tasks:
156	- name: Do release upgrade
157	command:
158	cmd: 'do-release-upgrade -m server --frontend=DistUpgradeViewNonInteractive'
159	- name: Post-upgrade tasks
160	hosts: all
161	tasks:
162	- name: Mark rsyslog as auto
163	when: next_release == 'bookworm'
164	command:
165	cmd: 'apt-mark auto rsyslog'
166	- name: Autoremove any packages
167	apt:
168	autoremove: true
169	purge: true
170	- name: Clean apt cache
171	apt:
172	autoclean: true