create openwrt_upgrade.yml playbook to do openwrt firmware updates

Because of the way gekmihesg.openwrt works with its monkeypatching,
and we want the upgrade process and its reboots to be serialised so we
never lose all hosts at once, it's not simply a matter of calling the
upgrade process then the maintenance playbook or its roles, so there's
duplicated code between openwrt_upgrade.yml and
openwrt_maintenace.yml.  It's not elegant, but it seems to work.

Also removed gather_facts from openwrt_maintenance.yml since
discovered gather_facts was set and doesn't seem to be needed

Author: spacelama

README.md

@@ -212,6 +212,28 @@ quickly install packages, update files, etc) unless told otherwise:
 
 `$ ansible-playbook openwrt_maintenance.yml --diff --extra-vars "run_uci_config=yes"`
 
+We can also issue firmware patches, and then run the configuration
+update step again (which assumes run_uci_config=yes):
+
+`$ ansible-playbook openwrt_upgrade.yml --diff`
+
+Firmware files are assumed to be kept under
+roles/openwrt/files/firmware/, which in my case contains symlinks back
+to where I keep the firmware images.  Update `firmware_image` in
+hosts.yml and run this playbook whenever you want to issue an upgrade.
+It will run across all devices in your inventory unless you --limit
+them, so long as they have firmware_image set.  If unset for a
+particular device, that device never gets patched by this playbook.
+
+Keep in mind this playbook is much more likely to fail than the
+openwrt_maintenance one, because who knows what assumptions we make or
+your configuration makes that will break in each update (be careful of
+migrations to DSA switches, as always), so keep firm backups (or be
+prepared to run the playbook multiple times until you get it right).
+But in this play, devices are serialised so you never have more than
+one device out at a time, and failure halts the play so shouldn't
+extend beyond more than one device if not --limited.
+
 There's also a playbook just to run single shell commands from the commandline:
 
 `$ ansible-playbook openwrt_shell.yml -e "cmd='id'"`

hosts.yml

@@ -594,6 +594,8 @@ all:
           openwrt_heavy_installation: true
           inet_addr_suffix: 244
 
+          firmware_image: vm/openwrt-24.10.1-x86-64-generic-squashfs-combined-efi.img.gz
+
           packages_to_install: 'qemu-ga,pciutils,iwlwifi-firmware-ax200,kmod-iwlwifi'
 
           # mode_5ghz: AC

openwrt_maintenance.yml

@@ -3,11 +3,11 @@
 - hosts: "{{ target | default('openwrt') }}"
 #  strategy: free
   strategy: linear
-#  gather_facts: no
+  gather_facts: no
   remote_user: "{{ remote_user | default('rootsh') }}" # so keeps working even fresh after upgrade, but not on a brand-new installation - supply '-e remote_user=root' for a new installation
   vars:
-      ansible_ssh_transfer_method: scp
-      ansible_scp_extra_args: -O #https://github.com/gekmihesg/ansible-openwrt/pull/59 https://github.com/gekmihesg/ansible-openwrt/issues/64 https://github.com/ansible/ansible/issues/82239 https://github.com/gekmihesg/ansible-openwrt/pull/67
+    ansible_ssh_transfer_method: scp
+    ansible_scp_extra_args: -O #https://github.com/gekmihesg/ansible-openwrt/pull/59 https://github.com/gekmihesg/ansible-openwrt/issues/64 https://github.com/ansible/ansible/issues/82239 https://github.com/gekmihesg/ansible-openwrt/pull/67
   vars_files:
     - vars/openwrt.yml
   roles:

openwrt_upgrade.yml

@@ -0,0 +1,47 @@
+---
+# https://stackoverflow.com/questions/18195142/safely-limiting-ansible-playbooks-to-a-single-machine
+- hosts: "{{ target | default('openwrt') }}"
+#  strategy: free
+  strategy: linear
+  serial: 1
+  gather_facts: no
+  remote_user: "{{ remote_user | default('rootsh') }}" # so keeps working even fresh after upgrade, but not on a brand-new installation - supply '-e remote_user=root' for a new installation
+  vars:
+    ansible_ssh_transfer_method: scp
+    ansible_scp_extra_args: -O #https://github.com/gekmihesg/ansible-openwrt/pull/59 https://github.com/gekmihesg/ansible-openwrt/issues/64 https://github.com/ansible/ansible/issues/82239 https://github.com/gekmihesg/ansible-openwrt/pull/67
+    run_uci_config: yes
+  roles:
+    - role: gekmihesg.openwrt
+  tasks:
+    - name: update firmware on {{ openwrt_user_host }}
+      block:
+        - name: copy openwrt image
+          command: "{{ openwrt_scp }} roles/openwrt/files/firmware/{{ firmware_image }} {{ openwrt_user_host|quote }}:/tmp/sysupgrade.bin"
+          delegate_to: localhost
+        - name: start sysupgrade
+          nohup:
+            command: sysupgrade -q /tmp/sysupgrade.bin
+        - name: wait for reboot
+          wait_for_connection:
+            timeout: 300
+            delay: 60
+
+        - name: "import normal maintenance vars and run maintenance cycle (with 'run_uci_config=yes')"
+          include_vars: vars/openwrt.yml
+        - include_role:
+            name: gekmihesg.openwrt
+            tasks_from: packages
+        - include_role:
+            name: install_files
+        - include_role:
+            name: openwrt
+
+        - name: final after configuration reboot
+          command: reboot
+
+        - name: wait for final reboot
+          wait_for_connection:
+            timeout: 300
+            delay: 60
+      when: firmware_image is defined
+      any_errors_fatal: true

roles/openwrt/files/firmware/vm

@@ -0,0 +1 @@
+/home/tconnors/install/gateway-vm