diff --git a/play.yml b/play.yml index 2c15647..621d089 100644 --- a/play.yml +++ b/play.yml @@ -6,6 +6,7 @@ roles: - {role: bootstrap} - {role: update-packages} + - {role: fedora-upgrade} - {role: install-packages} - {role: create-user} - {role: hardening} diff --git a/roles/fedora-upgrade/defaults/main.yml b/roles/fedora-upgrade/defaults/main.yml new file mode 100644 index 000000000..dbe3321 --- /dev/null +++ b/roles/fedora-upgrade/defaults/main.yml @@ -0,0 +1,4 @@ +--- +fedora_latest: 30 +fedora_minimum: 29 +fedora_target: "{{ fedora_latest|int }}" diff --git a/roles/fedora-upgrade/tasks/main.yml b/roles/fedora-upgrade/tasks/main.yml new file mode 100644 index 000000000..a272674 --- /dev/null +++ b/roles/fedora-upgrade/tasks/main.yml @@ -0,0 +1,4 @@ +--- + +- include_tasks: tasks.yml + when: (ansible_distribution in ["Fedora"] and not is_atomic) and (ansible_distribution_version != fedora_target and ansible_distribution_version >= fedora_minimum) diff --git a/roles/fedora-upgrade/tasks/tasks.yml b/roles/fedora-upgrade/tasks/tasks.yml new file mode 100644 index 000000000..d07a727 --- /dev/null +++ b/roles/fedora-upgrade/tasks/tasks.yml @@ -0,0 +1,23 @@ +--- + +- name: install dnf-plugin-system-upgrade + dnf: + name: dnf-plugin-system-upgrade + state: present + +- name: stage upgraded packages for fedora {{ fedora_target }} + shell: dnf -y system-upgrade download --releasever="{{ fedora_target }}" + warn: false + register: dnf_result + changed_when: "'Download complete' in dnf_result.stdout" + +- name: trigger upgrade + shell: nohup bash -c 'sleep 2 && dnf system-upgrade reboot' & + register: upgraded_reset + when: (dnf_result is changed) + +- name: wait for hosts to upgrade, reboot, and return + wait_for_connection: + timeout: 900 + delay: 20 + when: upgraded_reset is changed diff --git a/roles/update-packages/tasks/main.yml b/roles/update-packages/tasks/main.yml index d3d2fef..4139778 100644 --- a/roles/update-packages/tasks/main.yml +++ b/roles/update-packages/tasks/main.yml @@ -1,23 +1,31 @@ --- - block: - - name: update packages (atomic) + - name: update packages (Fedora Atomic) atomic_host: revision: latest when: ansible_distribution == 'Fedora' and is_atomic register: atomic_host_upgraded - - name: update packages (non-atomic) + - name: refresh and update packages (Fedora) + dnf: + name: "*" + state: latest + update_cache: yes + when: ansible_distribution == 'Fedora' and not is_atomic + register: fedora_upgraded + + - name: update packages (generic - non-atomic/dnf) package: name: '*' state: latest - when: ansible_distribution in ["CentOS", "Red Hat Enterprise Linux", "Fedora", "Debian", "Ubuntu"] and not is_atomic + when: ansible_distribution in ["CentOS", "Red Hat Enterprise Linux", "Debian", "Ubuntu"] and not is_atomic register: host_upgraded - name: reboot updated hosts shell: nohup bash -c "sleep 2 && shutdown -r now" & register: host_reset - when: (atomic_host_upgraded is changed) or (host_upgraded is changed) + when: (atomic_host_upgraded is changed) or (host_upgraded is changed) or (fedora_upgraded is changed) - name: wait for rebooted host to return wait_for_connection: