From nobody Tue May 10 15:57:03 2022 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 7E5061ABA4F8 for ; Tue, 10 May 2022 15:57:15 +0000 (UTC) (envelope-from cristian.cardoso11@gmail.com) Received: from mail-qk1-x72b.google.com (mail-qk1-x72b.google.com [IPv6:2607:f8b0:4864:20::72b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KyN2y5Nmbz4SbR; Tue, 10 May 2022 15:57:14 +0000 (UTC) (envelope-from cristian.cardoso11@gmail.com) Received: by mail-qk1-x72b.google.com with SMTP id b20so13512973qkc.6; Tue, 10 May 2022 08:57:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6Y2JJi/38v4njFZkx/TEPjKwC+x3EIKz/Knk4Q6jNkI=; b=IRF81kdVvC5Yrj8WqMJUbVVga3VYCzKWlP303RFxj1A2v2T2bX+kR+hPvoNzKEV4IU c+kvrdTcFiSEF7COCvdv2Lix4vXkqmy+sD126IqQgM+AKh4Vs4vweTYpsK6wkGPveehR bYLNejeiJjuc28eMF6STaU1pJDeOTNrCHz7nlSNCzALo2iADuoIi6R6MiJSqWzY82RiN V3reD3mSZDLcKW1RRNFalE5p5Ov3twwbu94AP3RczLc8acWuICyMowP7/Fxy0AEroGW/ q9w7V+31PftB3QggOsO424kaWBU9MG9M9cP5iFnHT+KY9olpZdtfHCjTRo8kaS/d8t5B wqQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6Y2JJi/38v4njFZkx/TEPjKwC+x3EIKz/Knk4Q6jNkI=; b=yKLFaFy1pKqOvcMtt3nWY+eLgSwc1UpRJ8bp8qfa7wlpNdTNKcewe1bs20pIHctO1m LLdvXe6lRBct1voZZDsJMuCI82sOZE3nty9RSQ1vvsN48l/bX+HcuSUUDDKD6Qma7y4x 8eWbTphOvvXKO/cxH/bgEHM3x016uyV/NdYDwGnqopZ4LcxT1MWIKr8nQZXwK4V8efM1 AM/Gsu3YXm18Iff5NvOA1AbpUOm4vc2cqL4zoy8JfSe/CRm8oNKp/gbiF/seP/15Mu31 qC3luj7R9rajiw67DsT/CNsqiQY4ekdVMiyo5X44hHm7Kjs188iXRNwElmnfuV2hCuNl DvOw== X-Gm-Message-State: AOAM533Pu+LuVul8bOSAop8GBV47SaQCq4u/Yj03V/Hj6Rgq4es4pOIK oquGo32LZdNlCOYPar5gF4DJ8uNu0V5O8V19rC2siNe2/A== X-Google-Smtp-Source: ABdhPJzpFxpVEQy8/32Cxx4gWdxoRQeJMiOyFDfN0JAxMpp+tgury9tPRugYI+nY4DHkQ0yxBEMeLx0wQ0MTCHq+Cg0= X-Received: by 2002:a05:620a:56e:b0:6a0:1857:4ee7 with SMTP id p14-20020a05620a056e00b006a018574ee7mr15042719qkp.172.1652198234046; Tue, 10 May 2022 08:57:14 -0700 (PDT) List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org MIME-Version: 1.0 References: In-Reply-To: From: Cristian Cardoso Date: Tue, 10 May 2022 12:57:03 -0300 Message-ID: Subject: Re: Upgrade automation To: Alan Somers Cc: FreeBSD CURRENT Content-Type: multipart/alternative; boundary="000000000000d6d2f705deaa60ae" X-Rspamd-Queue-Id: 4KyN2y5Nmbz4SbR X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b=IRF81kdV; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of cristiancardoso11@gmail.com designates 2607:f8b0:4864:20::72b as permitted sender) smtp.mailfrom=cristiancardoso11@gmail.com X-Spamd-Result: default: False [-2.04 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_SPAM_SHORT(0.96)[0.956]; MID_RHS_MATCH_FROMTLD(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::72b:from]; MLMMJ_DEST(0.00)[freebsd-current]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-ThisMailContainsUnwantedMimeParts: N --000000000000d6d2f705deaa60ae Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I currently update patches this way: - name: Checking for updates on FreeBSD command: freebsd-update fetch when: - ansible_distribution =3D=3D "FreeBSD" register: result_update changed_when: "'No updates needed' not in result_update.stdout" become: yes tags: - check-update - name: Applying update on FreeBSD command: freebsd-update install when: - ansible_distribution =3D=3D "FreeBSD" and result_update.changed register: result_update_install become: yes tags: - apply-update Maybe to get around the situation after the version upgrade task, you can do something like this: - name: Reboot system to apply new kernel shell: "sleep 5 && reboot" async: 1 poll: 0 become: True - name: Wait for reconnection to system to continue update wait_for_connection: connect_timeout: 20 sleep: 20 delay: 60 timeout: 600 - name: Applying update on FreeBSD command: freebsd-update install when: - ansible_distribution =3D=3D "FreeBSD" and result_update.changed register: result_update_install become: yes Em ter., 10 de mai. de 2022 =C3=A0s 12:47, Alan Somers escreveu: > On Tue, May 10, 2022 at 9:08 AM Cristian Cardoso > wrote: > > > > Hi > > > > I have some FreeBSD servers in my machine park and I would like to > perform the version upgrade in an automated way with ansible. > > > > In my example, I want to perform the upgrade from version 12.3 to 13, i= t > is possible to run the upgrade with the command below: > > > > freebsd-update --not-running-from-cron upgrade -r 12.2-RELEASE > > > > I ask this, because I don't know if it's the most correct way to execut= e > this. > > > > Grateful for any assistance. > > Yes, that's perfect. But there's another step too. You'll have to do: > freebsd-update install > And _this_ step isn't easy to perfectly automate, because etcupdate > may ask for your input when it merges config files. If you know > exactly which etc files you've modified, you can add them to > IgnorePaths. That way etcupdate won't run interactively, it will > simply throw away changes from upstream. > > Whenever I need to upgrade multiple machines at once, I start tmux, > split it into multiple panes, ssh to each server from one pane, then > do ":synchronize-panes on" so my input will be directed to multiple > panes simultaneously. Usually, that works for 90% of the upgrade. > But invariably there are a few files that aren't synchronized between > the servers, and I have to desynchronize my panes to deal with that. > > -Alan > --000000000000d6d2f705deaa60ae Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I currently update patches this way:


- name: C= hecking for updates on FreeBSD
=C2=A0 =C2=A0command: freebsd-update fetc= h
=C2=A0 =C2=A0when:
=C2=A0 =C2=A0 =C2=A0- ansible_distribution =3D= =3D "FreeBSD"
=C2=A0 =C2=A0register: result_update
=C2=A0 = =C2=A0changed_when: "'No updates needed' not in result_update.= stdout"
=C2=A0 =C2=A0become: yes
=C2=A0 =C2=A0tags:
=C2=A0 = =C2=A0- check-update

- name: Applying update on FreeBSD
=C2=A0 = =C2=A0command: freebsd-update install
=C2=A0 =C2=A0when:
=C2=A0 =C2= =A0 =C2=A0- ansible_distribution =3D=3D "FreeBSD" and result_upda= te.changed
=C2=A0 =C2=A0register: result_update_install
=C2=A0 =C2=A0= become: yes
=C2=A0 =C2=A0tags:
=C2=A0 =C2=A0- apply-update


Maybe to get around the situatio= n after the version upgrade task, you can do something like this:

- name: Reboot system to apply new kernel
=C2=A0 =C2=A0shell: "sl= eep 5 && reboot"
=C2=A0 =C2=A0async: 1
=C2=A0 =C2=A0poll= : 0
=C2=A0 =C2=A0become: True

- name: Wait for reconnection to sy= stem to continue update
=C2=A0 =C2=A0wait_for_connection:
=C2=A0 =C2= =A0 =C2=A0connect_timeout: 20
=C2=A0 =C2=A0 =C2=A0sleep: 20
=C2=A0 = =C2=A0 =C2=A0delay: 60
=C2=A0 =C2=A0 =C2=A0timeout: 600

- name: A= pplying update on FreeBSD
=C2=A0 =C2=A0command: freebsd-update install=C2=A0 =C2=A0when:
=C2=A0 =C2=A0 =C2=A0- ansible_distribution =3D=3D &= quot;FreeBSD" and result_update.changed
=C2=A0 =C2=A0register: resu= lt_update_install
=C2=A0 =C2=A0become: yes

=

Em ter., 10 de mai. de 2022 =C3=A0s 12:47, Alan Somers <= asomers@freebsd.org> escreveu= :
On Tue, May 10= , 2022 at 9:08 AM Cristian Cardoso
<crist= ian.cardoso11@gmail.com> wrote:
>
> Hi
>
> I have some FreeBSD servers in my machine park and I would like to per= form the version upgrade in an automated way with ansible.
>
> In my example, I want to perform the upgrade from version 12.3 to 13, = it is possible to run the upgrade with the command below:
>
> freebsd-update --not-running-from-cron upgrade -r 12.2-RELEASE
>
> I ask this, because I don't know if it's the most correct way = to execute this.
>
> Grateful for any assistance.

Yes, that's perfect.=C2=A0 But there's another step too.=C2=A0 You&= #39;ll have to do:
freebsd-update install
And _this_ step isn't easy to perfectly automate, because etcupdate
may ask for your input when it merges config files.=C2=A0 If you know
exactly which etc files you've modified, you can add them to
IgnorePaths.=C2=A0 That way etcupdate won't run interactively, it will<= br> simply throw away changes from upstream.

Whenever I need to upgrade multiple machines at once, I start tmux,
split it into multiple panes, ssh to each server from one pane, then
do ":synchronize-panes on" so my input will be directed to multip= le
panes simultaneously.=C2=A0 Usually, that works for 90% of the upgrade.
But invariably there are a few files that aren't synchronized between the servers, and I have to desynchronize my panes to deal with that.

-Alan
--000000000000d6d2f705deaa60ae--