Quick & Dirty OpenBSD 6.0 upgrade using ansible 2

September 2016

openbsd ansible

Following my article on upgrading to OpenBSD 5.9 using ansible, here is the playbook to upgrade to OpenBSD 6.0.

Take note this playbook requires ansible 2.0+.

Note that this playbook will automatically reboot your server twice.

https://gist.github.com/zehome/1570a5a748e2633ed3a76522c942cf69

---
- hosts: all
  gather_facts: yes
  vars:
    mirror: http://ftp.fr.openbsd.org/pub/OpenBSD
    release: 6.0
    arch: amd64
    files:
      - SHA256
      - SHA256.sig
      - bsd.rd
      - bsd.mp
      - bsd
      - man60.tgz
      - base60.tgz
      - comp60.tgz
      - game60.tgz
  tasks:
    - name: installboot on sd0
      command: installboot -v sd0

    - name: Ensure /usr/rel exists
      file: dest=/usr/rel state=directory

    - name: Clean /usr/rel
      shell: rm /usr/rel/*
      ignore_errors: true

    - name: Download packages
      command: ftp -o /usr/rel/{{item}} {{mirror}}/{{release}}/{{arch}}/{{item}}
      args:
        creates: /usr/rel/{{item}}
      with_items: '{{files}}'

    - name: Check SHA256
      raw: cd /usr/rel && sha256 -C *[!.sig]

    - name: Check with signify
      raw: cd /usr/rel && signify -C -p /etc/signify/openbsd-60-base.pub -x *[!SHA256]

    - shell: cp /sbin/reboot /sbin/oreboot && cp /usr/rel/bsd /bsd.sp && cp /usr/rel/bsd.mp /bsd && cp /usr/rel/bsd.rd /bsd.rd

    - name: Install packages and reboot
      shell: cd /usr/rel && for _f in [!b]*60.tgz base60.tgz; do tar -C / -xzphf "$_f" || break; done && /sbin/oreboot
      args:
        executable: /bin/sh
      async: 0
      poll: 0
      ignore_errors: true

    - name: waiting for server to come back
      local_action: wait_for host={{ inventory_hostname }} state=started delay=30 timeout=300

    - name: MAKEDEV
      command: chdir=/dev ./MAKEDEV all

    - name: upgrade bootloader
      command: installboot -v sd0

    - name: sysmerge non interractive
      command: sysmerge -b
      ignore_errors: true

    - name: firmware update
      command: fw_update -v

    - name: update pkg.conf
      lineinfile:
        regexp="^installpath ="
        line="installpath = {{mirror}}/%c/packages/%a"
        dest=/etc/pkg.conf

    - name: upgrade packages
      command: pkg_add -u

    - name: reboot again
      command: /sbin/reboot
      async: 1
      poll: 0
      ignore_errors: true

    - name: waiting for server to come back
      local_action: wait_for host={{ inventory_hostname }} state=started delay=30 timeout=300

    - name: check uname
      command: uname -a