Re: Upgrade automation

In reply to: Alan Somers : "Re: Upgrade automation"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Cristian Cardoso <cristian.cardoso11_at_gmail.com>
Date: Tue, 10 May 2022 15:57:03 UTC
I currently update patches this way:


- name: Checking for updates on FreeBSD
   command: freebsd-update fetch
   when:
     - ansible_distribution == "FreeBSD"
   register: result_update
   changed_when: "'No updates needed' not in result_update.stdout"
   become: yes
   tags:
   - check-update

- name: Applying update on FreeBSD
   command: freebsd-update install
   when:
     - ansible_distribution == "FreeBSD" and result_update.changed
   register: result_update_install
   become: yes
   tags:
   - apply-update



Maybe to get around the situation after the version upgrade task, you can
do something like this:


- name: Reboot system to apply new kernel
   shell: "sleep 5 && reboot"
   async: 1
   poll: 0
   become: True

- name: Wait for reconnection to system to continue update
   wait_for_connection:
     connect_timeout: 20
     sleep: 20
     delay: 60
     timeout: 600

- name: Applying update on FreeBSD
   command: freebsd-update install
   when:
     - ansible_distribution == "FreeBSD" and result_update.changed
   register: result_update_install
   become: yes



Em ter., 10 de mai. de 2022 às 12:47, Alan Somers <asomers@freebsd.org>
escreveu:

> On Tue, May 10, 2022 at 9:08 AM Cristian Cardoso
> <cristian.cardoso11@gmail.com> wrote:
> >
> > Hi
> >
> > I have some FreeBSD servers in my machine park and I would like to
> perform the version upgrade in an automated way with ansible.
> >
> > In my example, I want to perform the upgrade from version 12.3 to 13, it
> is possible to run the upgrade with the command below:
> >
> > freebsd-update --not-running-from-cron upgrade -r 12.2-RELEASE
> >
> > I ask this, because I don't know if it's the most correct way to execute
> this.
> >
> > Grateful for any assistance.
>
> Yes, that's perfect.  But there's another step too.  You'll have to do:
> freebsd-update install
> And _this_ step isn't easy to perfectly automate, because etcupdate
> may ask for your input when it merges config files.  If you know
> exactly which etc files you've modified, you can add them to
> IgnorePaths.  That way etcupdate won't run interactively, it will
> simply throw away changes from upstream.
>
> Whenever I need to upgrade multiple machines at once, I start tmux,
> split it into multiple panes, ssh to each server from one pane, then
> do ":synchronize-panes on" so my input will be directed to multiple
> panes simultaneously.  Usually, that works for 90% of the upgrade.
> But invariably there are a few files that aren't synchronized between
> the servers, and I have to desynchronize my panes to deal with that.
>
> -Alan
>