Solved how do you tell pkg upgrade to do "all installed packages" with ansible?

I would like to use ansible also to upgrade all installed packages on a host. Checking ansible's documentation for pkgng, it looks easy enough, so I created this little playbook:
Code:
tingo@kg-core2$ cat fbsd-pkg-upgrade.yml
# upgrade all installed packages
- hosts: all
  roles:
    - fbsd-upgrade
and a tasks file for the role:
Code:
tingo@kg-core2$ cat roles/fbsd-upgrade/tasks/main.yml
- name: pkg upgrade pkg
  tags: pkg-upgrade
  become: yes
  pkgng:
    name: pkg
    state: latest

- name: pkg upgrade all packages
  tags: nginx
  become: yes
  pkgng:
    name: "*"
    state: latest
the first task works fine, it updates pkg. However, the second part does not. Looking into it, ansible does this: # /usr/sbin/pkg upgrade -g -U -y *
which looks fine, but if you try it on a host it doesn't work:
Code:
root@proxy:~ # pkg upgrade -g -U *
pkg: No match.
or variations thereof, depending on if there are normal files in root's home directory or not. It would be easy if you could just specify an empty name to ansible, but that doesn't work either.
Code:
name:  (ansible throws an error)
name: "\*" (ansible says syntax error)
name: "" (no complaints, but doesn't work)
So how do other people using ansible on FreeBSD hosts handle this?
 
I am using this:

cat main.yml
YAML:
- name: upgrade packages
  shell:  /usr/local/sbin/pkg  upgrade -y
  become: true
  register: result_pkg
  changed_when: "'Your packages are up to date' not in result_pkg.stdout"

- name: patch if any available
  when:  "'amd64'  in ansible_architecture"
  block:
    - name: fetch os patches
      shell:  freebsd-update --not-running-from-cron fetch
      become: true
      register: result_update
      changed_when: "'No updates needed' not in result_update.stdout"

    - name: install os patches
      when: result_update.changed
      shell:  /usr/sbin/freebsd-update install
      become: true
      register: result_update_install


- name: reboot server
  become: true
  when: (result_update.changed or result_pkg.changed)
  reboot:


Further , to determine the package status, this is run daily:
YAML:
     #
     # Freebsd
     #
  - name: FreeBSD pkg info
    when: ansible_distribution == 'FreeBSD'
    become: true
    ignore_errors: yes
    shell:  /usr/local/sbin/pkg  upgrade -n   | tee  {{packagestatus}}
    register: bsd_update_done
    changed_when: "'Your packages are up to date' not in bsd_update_done.stdout"

The output is written in file {{packagestatus}} and later collected for reporting.
 
Thanks. When I look at documentation for community.general.pkgng, it seems I missed this: "Warning: In Ansible 2.9 and earlier this module had a misfeature where name=* with state: latest or state: present would install every package from every package repository, filling up the machines disk. Avoid using them unless you are certain that your role will only be used with newer versions."
So, I plugged on, and this is what I came up with
Code:
tingo@kg-core2$ cat roles/fbsd-upgrade/tasks/main.yml 
- name: pkg upgrade pkg
  tags: pkg-upgrade
  become: yes
  pkgng:
    name: pkg
    state: latest

- name: register installed packages
  shell: pkg info -q
  register: installed_packages

#- name: show installed packages
#  vars:
#    package_names: "{{ installed_packages.stdout_lines | map('regex_replace', '^(.*)-[^-]+$', '\\1') | list }}"
#  debug:
#    #msg: "packages {{ installed_packages.stdout_lines }}"
#    msg: 'package names {{ package_names }}'
  
- name: pkg upgrade all packages
  tags: pkg-upgrade
  become: yes
  pkgng:
    name: "{{ installed_packages.stdout_lines | map('regex_replace', '^(.*)-[^-]+$', '\\1') | list }}"
    state: latest
with help from google and stackoverflow. The part I have commented out is just to see what's going on when debugging this.
 
Back
Top