How do I update a release via Ansible?

[Magi]

Hi!
Is there a way to update FreeBSD in non-interactive mode?
freebsd-update with all combinations of options does not allow this ;(

 

[unitrunker]

This might work when run from a non-tty ...

freebsd-update fetch --not-running-from-cron

(I should test this on a salt minion to see if works there.)

 

[Remy]

I use the following playbook. Please note the second task. It tells freebsd-update to use a proxy server. You can delete that task if you don't need a proxy server.

---

- name: SciStor update
  hosts: all
  tasks:
    - name: SciStor update - compose URL
      set_fact:
        scst_freebsdupdate_cmd: "freebsd-update --not-running-from-cron fetch"
      tags: freebsd-update


    - name: SciStor update - add proxy part to URL
      set_fact:
        scst_freebsdupdate_cmd: "HTTP_PROXY='http://{{ scst_proxy_host }}:{{ scst_proxy_port }}' {{ scst_freebsdupdate_cmd }}"
      when: scst_freebsdupdate_proxy_enable == True
      tags: freebsd-update


    - name: SciStor update - fetch updates from server
      shell: "{{ scst_freebsdupdate_cmd }}"
      register: result_freebsd_update_fetch
      become: True
      changed_when: "'No updates needed to update system to ' not in result_freebsd_update_fetch.stdout"
      tags: freebsd-update


    - name: SciStor update - print 'freebsd-update fetch' output
      debug:
        msg: "{{ result_freebsd_update_fetch.stdout }}"
      when: "'No updates needed to update system to ' not in result_freebsd_update_fetch.stdout"
      tags: freebsd-update
      

    - name: SciStor update - install updates
      command: freebsd-update --not-running-from-cron install
      register: result_freebsd_update_install
      become: True
      changed_when: "'No updates are available to install.' not in result_freebsd_update_install.stdout"
      when: "'No updates needed to update system to ' not in result_freebsd_update_fetch.stdout"
      tags: freebsd-update


    # Compare output of uname -r and freebsd-version -k.
    # If they differ, a reboot is needed.
    - name: SciStor update - get running kernel version
      command: uname -r
      register: result_uname_r
      changed_when: False
      ignore_errors: True
      tags: freebsd-update


    - name: SciStor update - get installed kernel version
      command: freebsd-version -k
      register: result_freebsd_version_k
      changed_when: False
      ignore_errors: True
      tags: freebsd-update


    - name: SciStor update - reboot host to enable new kernel
      shell: "sleep 5 && reboot"
      async: 1
      poll: 0
      become: True
      when: result_uname_r.stdout != result_freebsd_version_k.stdout
      tags: freebsd-update


    - name: SciStor update - wait for host after reboot (max. 600s)
      wait_for_connection:
        connect_timeout: 20
        sleep: 20
        delay: 60
        timeout: 600
      when: result_uname_r.stdout != result_freebsd_version_k.stdout
      tags: freebsd-update


    - name: SciStor update - update available remote repos
      command: pkg update
      register: result_pkg_update
      become: True
      changed_when: "'FreeBSD repository is up to date.' not in result_pkg_update.stdout"
      tags: pkg-update


    - name: SciStor update - update packages to latest version
      command: pkg upgrade -y
      register: result_pkg_upgrade
      become: True
      changed_when: "'Your packages are up to date.' not in result_pkg_upgrade.stdout"
      tags: pkg-update


    - name: SciStor update - print 'pkg upgrade' output
      debug:
        msg: "{{ result_pkg_upgrade.stdout }}"
      when: "'Your packages are up to date.' not in result_pkg_upgrade.stdout"
      tags: pkg-update


    - name: SciStor update - clean local package cache
      command: pkg clean -y
      register: result_pkg_clean
      become: True
      changed_when: "'Nothing to do.' not in result_pkg_clean.stdout"
      tags: pkg-update


    - name: SciStor update - autoremove packages
      command: pkg autoremove -y
      register: result_pkg_autoremove
      become: True
      changed_when: "'Nothing to do.' not in result_pkg_clean.stdout"
      tags: pkg-update


    - name: SciStor update - print 'pkg autoremove' output
      debug:
        msg: "{{ result_pkg_autoremove.stdout }}"
      changed_when: "'Nothing to do.' not in result_pkg_autoremove.stdout"
      tags: pkg-update

...

 

[Magi]

Thanks! What about the release update? for example 11.3->11.4

 

[Magi]

Has anyone found a solution?

 

[Remy]

I am happy to share some ideas. What are your own thoughts about this? Any ideas? I rewrote the Ansible playbook above to make use of boot environments. I think it could easily be changed to take care of release updates as well.

 

[Magi]

The main problem is with freebsd-update. Despite the keys or variable references, it cannot run non-interactively. No amount of advice from the Internet helped me get her not to ask questions at work or answer "yes" to everything.

 

[SirDice]

How is is supposed to handle various merges automatically? It can't do them automatically, that's why it's asking what to do. If the merges could be done automatically it wouldn't have to ask.

 

[Magi]

Most of the time I just hit yes everywhere. And in linux distributions this process is somehow implemented.

 

[SirDice]

Most of the time I just hit yes everywhere.

That's going to bite you some day and you end up losing all accounts that have been added since the installation because the merge would simply remove those.

 

[Magi]

That's going to bite you some day and you end up losing all accounts that have been added since the installation because the merge would simply remove those.

 

[Magi]

I have about 20 servers running 11.3 (ufs), what is the best way to upgrade them to 12.2?

 

[SirDice]

By hand, using freebsd-update(8). Run freebsd-update -r 12.2-RELEASE upgrade on all of them. Be careful with those merges! Don't blindly accept them. Then, when you've planned some downtime, do the freebsd-update install steps. Make sure to run it three times in a row. Also reinstall all your packages. And lastly reboot the machine.

That first upgrade step can be done while the machine is online, it doesn't actually do anything yet.

Pro-tip, if you have lots of machines to update, set up a caching proxy for update.freebsd.org. That way only the first system will download the patches from the internet, the next server will get them from your local cache, which is much faster.