-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathupdate.yaml
More file actions
102 lines (97 loc) · 3.84 KB
/
update.yaml
File metadata and controls
102 lines (97 loc) · 3.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
- name: Update all running hosts
hosts: all:!status_stopped:!role_homeassistant
strategy: linear
become: false
vars:
# Token secret: read from proxmox.cfg (local) or PVE_TOKEN_SECRET env var (Semaphore/CI)
pve_token_secret: "{{ lookup('ini', 'token_secret section=pve file=proxmox.cfg') or lookup('env', 'PVE_TOKEN_SECRET') }}"
pre_tasks:
- name: "Install Python dependencies for Proxmox modules"
ansible.builtin.pip:
requirements: "{{ playbook_dir }}/requirements.txt"
state: present
become: false
delegate_to: localhost
run_once: true
- name: "Create pre-update snapshot for Proxmox VMs/LXCs"
when: proxmox_vmid is defined
community.proxmox.proxmox_snap:
api_host: "{{ lookup('ini', 'host section=pve file=proxmox.cfg') }}"
api_user: "{{ lookup('ini', 'user section=pve file=proxmox.cfg') }}"
api_token_id: "{{ lookup('ini', 'token_id section=pve file=proxmox.cfg') }}"
api_token_secret: "{{ pve_token_secret }}"
validate_certs: false
vmid: "{{ proxmox_vmid }}"
state: present
snapname: "pre-update-{{ ansible_facts['date_time']['date'] }}-{{ ansible_facts['date_time']['hour'] }}{{ ansible_facts['date_time']['minute'] }}"
description: "Pre-update snapshot created by Ansible on {{ ansible_facts['date_time']['iso8601'] }}"
retention: 3
ignore_errors: true
register: snapshot_result
delegate_to: localhost
tasks:
- name: "Update system packages"
when: snapshot_result is succeeded or proxmox_vmid is not defined
block:
- name: "Update Linux packages"
when: ansible_facts['system'] == "Linux"
block:
- name: "Update packages (apt with dist-upgrade)"
ansible.builtin.apt:
update_cache: true
upgrade: dist
become: true
when:
- ansible_facts['pkg_mgr'] == 'apt'
- inventory_hostname in groups['proxmox_nodes']
- name: "Update packages (apt)"
ansible.builtin.apt:
update_cache: true
upgrade: full
become: true
when:
- ansible_facts['pkg_mgr'] == 'apt'
- inventory_hostname not in groups['proxmox_nodes']
- name: "Update packages (other)"
ansible.builtin.package:
update_cache: true
upgrade: true
become: true
when: ansible_facts['pkg_mgr'] != 'apt'
- name: "Check if reboot required"
ansible.builtin.stat:
path: /var/run/reboot-required
register: reboot_required
- name: "Update macOS packages"
when: ansible_facts['system'] == "Darwin"
block:
- name: "Update Homebrew packages"
community.general.homebrew:
update_homebrew: true
upgrade_all: true
- name: "Update Homebrew casks"
community.general.homebrew_cask:
upgrade_all: true
- name: "Update Docker containers"
when: inventory_hostname in groups['role_docker']
block:
- name: "Pull and start containers"
community.docker.docker_compose_v2:
project_src: /home/willem/docker
pull: always
post_tasks:
- name: "Cleanup Docker"
when: inventory_hostname in groups['role_docker']
block:
- name: "Remove orphans"
community.docker.docker_compose_v2:
project_src: /home/willem/docker
pull: never
remove_orphans: true
- name: "Prune system"
community.docker.docker_prune:
containers: true
images: true
networks: true
volumes: true
builder_cache: true