Quick & Dirty OpenBSD 5.9 upgrade using ansible 2

openbsd ansible

I needed a quick way to upgrade my OpenBSD 5.8 servers with the recent release of OpenBSD 5.9 and because

I like ansible, i’ve written an incomplete and dangerous playbook to do it.

This playbook is incomplete because it’s ONLY for server using comp.tgz and man.tgz. Add your sets as required. Don’t mess up the order of the sets.

Please don’t use it, understand the manual in place upgrade procedure before even thinking of using this playbook.

Take note this playbook requires ansible 2.0+

https://gist.github.com/zehome/060be435cbc4d19e72f0e28fb050691a

---
- hosts: all
  gather_facts: yes
  vars:
    mirror: http://ftp.eu.openbsd.org/pub/OpenBSD
    release: 5.9
    arch: amd64
  tasks:
    - name: installboot on sd0
      command: installboot -v sd0

    - name: Ensure /usr/rel exists
      file: dest=/usr/rel state=directory

    - name: Clean /usr/rel
      shell: rm /usr/rel/*
      ignore_errors: true

    - name: Download packages
      command: ftp -o /usr/rel/{{item}} {{mirror}}/{{release}}/{{arch}}/{{item}}
      with_items:
        - SHA256
        - SHA256.sig
        - bsd.rd
        - bsd.mp
        - bsd
        - man59.tgz
        - base59.tgz
        - comp59.tgz
        - game59.tgz
        - xbase59.tgz
        - xshare59.tgz
    - name: Check SHA256
      command: chdir=/usr/rel sha256 -C SHA256 bsd.rd bsd.mp bsd man59.tgz comp59.tgz base59.tgz game59.tgz xbase59.tgz xshare59.tgz
    - name: Check with signify
      command: chdir=/usr/rel signify -C -p /etc/signify/openbsd-59-base.pub -x SHA256.sig bsd.rd bsd.mp bsd man59.tgz comp59.tgz base59.tgz game59.tgz xbase59.tgz xshare59.tgz
    - shell: cp /sbin/reboot /sbin/oreboot && cp /usr/rel/bsd /bsd.sp && cp /usr/rel/bsd.mp /bsd && cp /usr/rel/bsd.rd /bsd.rd

    - name: Extract packages
      command: tar -C / -xzphf {{item}}
        chdir=/usr/rel
      with_items:
        - comp59.tgz
        - man59.tgz
        - game59.tgz
        - xbase59.tgz
        - xshare59.tgz

    - name: Extract base and reboot
      shell: tar -C / -xzphf /usr/rel/base59.tgz && /sbin/oreboot
      async: 1
      poll: 0
      ignore_errors: true

    - name: waiting for server to come back
      local_action: wait_for host={{ inventory_hostname }} state=started delay=30 timeout=300

    - name: MAKEDEV
      command: chdir=/dev ./MAKEDEV all

    - name: upgrade bootloader
      command: installboot -v sd0

    - name: sysmerge non interractive
      command: sysmerge -b
      ignore_errors: true

    - name: firmware update
      command: fw_update -v

    - name: update pkg.conf
      lineinfile:
        regexp="^installpath ="
        line="installpath = {{mirror}}/{{release}}/packages/{{arch}}"
        dest=/etc/pkg.conf

    - name: upgrade packages
      command: pkg_add -u

    - name: reboot again
      command: /sbin/reboot
      async: 1
      poll: 0
      ignore_errors: true

    - name: waiting for server to come back
      local_action: wait_for host={{ inventory_hostname }} state=started delay=30 timeout=300

    - name: check uname
      command: uname -a

Update 08/04/2016

The new playbook now checks base tarballs with signify(1)

Now fixes automatically the pkg.conf(5).