From 7a1ce7d7eb1d56bf903bdbeb89e81c4927bd81e2 Mon Sep 17 00:00:00 2001
From: Kienan Stewart <kstewart@efficios.com>
Date: Tue, 13 Jun 2023 15:22:51 -0400
Subject: [PATCH] ansible: Refactor and rename release upgrade playbook

In the end, The 'when:' at the play level wasn't a valid construct for
ansible. To more easily control which tasks are run based on the
ansible_distribution, the Debian specific tasks have been grouped
together in to a separate file which is then included only if
ansible_distribution is 'Debian'.

Change-Id: Iddeeb2da3682b16c4f22ccb179ddc9e40997de3e
---
 ...debian-upgrade.yml => release-upgrade.yml} | 75 +------------------
 .../ansible/tasks/debian_release_upgrade.yml  | 71 ++++++++++++++++++
 2 files changed, 74 insertions(+), 72 deletions(-)
 rename automation/ansible/playbooks/{debian-upgrade.yml => release-upgrade.yml} (55%)
 create mode 100644 automation/ansible/tasks/debian_release_upgrade.yml

diff --git a/automation/ansible/playbooks/debian-upgrade.yml b/automation/ansible/playbooks/release-upgrade.yml
similarity index 55%
rename from automation/ansible/playbooks/debian-upgrade.yml
rename to automation/ansible/playbooks/release-upgrade.yml
index 6e6ce6d..82753c9 100644
--- a/automation/ansible/playbooks/debian-upgrade.yml
+++ b/automation/ansible/playbooks/release-upgrade.yml
@@ -73,87 +73,18 @@
             - "/var/backups/dpkg-selections-pre-{{next_release}}.txt"
 - name: Debian major version upgrade
   hosts: all
-  when: ansible_distribution == 'Debian'
   vars:
     apt_noninteractive_environment:
       DEBIAN_FRONTEND: noninteractive
       APT_LISTCHANGES_FRONTEND: mail
   tasks:
-    # @TODO: Remove pins
-    # @TODO: Should 3rd party sources be removed?
-    # @TODO: Ensure kernel package is installed
-    # @TODO: Should a 2nd sshd be started on a non-standard port in case of failure?
-    - name: dpkg audit
-      command:
-        cmd: 'dpkg --audit'
-    - name: show holds
-      command:
-        cmd: 'apt-mark showhold'
-    - name: remove all holds
-      command:
-        cmd: "apt-mark unhold '*'"
-    - name: Replace release in apt sources.list
-      replace:
-        regexp: "{{ansible_distribution_release}}"
-        replace: "{{next_release}}"
-        path: /etc/apt/sources.list
-    - name: Replace release in apt sources.list.d
-      shell:
-        cmd: "sed -i 's/{{ansible_distribution_release}}/{{next_release}}/' /etc/apt/sources.list.d/*"
-        warn: false
-      ignore_errors: true
-    - apt:
-        update_cache: true
-    # @TODO: Check required disk space and available disk space
-    - name: Download packages
-      command:
-        cmd: 'apt-get -y -d upgrade'
-        warn: false
-      environment: "{{apt_noninteractive_environment}}"
-    - name: Minimal upgrade run
-      command:
-        cmd: 'apt upgrade -y --without-new-pkgs'
-        warn: false
-      environment: "{{apt_noninteractive_environment}}"
-    - name: Full upgrade run
-      command:
-        cmd: 'apt full-upgrade -y'
-        warn: false
-      environment: "{{apt_noninteractive_environment}}"
-    # @TODO: reconfigure grub if installed
-    # `dpkg-reconfigure grub-pc` on many systems, but not all
-    # @TODO: Our instances often have an OS version identifier,
-    # it would be handy to do a replace in /etc/hostname
-    # before rebooting
-    - name: Reboot
-      command: /usr/sbin/reboot
-      async: 0
-      poll: 0
-      ignore_errors: true
-      register: last_result
-    - name: wait for the server to reboot
-      local_action: wait_for host={{ inventory_hostname }}
-                   port=22
-                   delay=1
-                   timeout=300
-                   state=started
-      when: last_result.changed
-      become: false
-    - name: Purge configuration of removed packages
-      command:
-        cmd: "apt -y purge '~c'"
-        warn: false
-      environment: "{{apt_noninteractive_environment}}"
-    - name: Purge obsolete packages
-      command:
-        cmd: "apt -y purge '~o'"
-        warn: false
-      environment: "{{apt_noninteractive_environment}}"
+    - import_tasks: ../tasks/debian_release_upgrade.yml
+      when: ansible_distribution == 'Debian'
 - name: Ubuntu major version upgrade
   hosts: all
-  when: ansible_distribution == 'Ubuntu'
   tasks:
     - name: Do release upgrade
+      when: ansible_distribution == 'Ubuntu'
       command:
         cmd: 'do-release-upgrade -m server --frontend=DistUpgradeViewNonInteractive'
 - name: Post-upgrade tasks
diff --git a/automation/ansible/tasks/debian_release_upgrade.yml b/automation/ansible/tasks/debian_release_upgrade.yml
new file mode 100644
index 0000000..3d9f6bb
--- /dev/null
+++ b/automation/ansible/tasks/debian_release_upgrade.yml
@@ -0,0 +1,71 @@
+---
+# @TODO: Remove pins
+# @TODO: Should 3rd party sources be removed?
+# @TODO: Ensure kernel package is installed
+# @TODO: Should a 2nd sshd be started on a non-standard port in case of failure?
+- name: dpkg audit
+  command:
+    cmd: 'dpkg --audit'
+- name: show holds
+  command:
+    cmd: 'apt-mark showhold'
+- name: remove all holds
+  command:
+    cmd: "apt-mark unhold '*'"
+- name: Replace release in apt sources.list
+  replace:
+    regexp: "{{ansible_distribution_release}}"
+    replace: "{{next_release}}"
+    path: /etc/apt/sources.list
+- name: Replace release in apt sources.list.d
+  shell:
+    cmd: "sed -i 's/{{ansible_distribution_release}}/{{next_release}}/' /etc/apt/sources.list.d/*"
+    warn: false
+  ignore_errors: true
+- apt:
+    update_cache: true
+# @TODO: Check required disk space and available disk space
+- name: Download packages
+  command:
+    cmd: 'apt-get -y -d upgrade'
+    warn: false
+  environment: "{{apt_noninteractive_environment}}"
+- name: Minimal upgrade run
+  command:
+    cmd: 'apt upgrade -y --without-new-pkgs'
+    warn: false
+  environment: "{{apt_noninteractive_environment}}"
+- name: Full upgrade run
+  command:
+    cmd: 'apt full-upgrade -y'
+    warn: false
+  environment: "{{apt_noninteractive_environment}}"
+# @TODO: reconfigure grub if installed
+# `dpkg-reconfigure grub-pc` on many systems, but not all
+# @TODO: Our instances often have an OS version identifier,
+# it would be handy to do a replace in /etc/hostname
+# before rebooting
+- name: Reboot
+  command: /usr/sbin/reboot
+  async: 0
+  poll: 0
+  ignore_errors: true
+  register: last_result
+- name: wait for the server to reboot
+  local_action: wait_for host={{ inventory_hostname }}
+               port=22
+               delay=1
+               timeout=300
+               state=started
+  when: last_result.changed
+  become: false
+- name: Purge configuration of removed packages
+  command:
+    cmd: "apt -y purge '~c'"
+    warn: false
+  environment: "{{apt_noninteractive_environment}}"
+- name: Purge obsolete packages
+  command:
+    cmd: "apt -y purge '~o'"
+    warn: false
+  environment: "{{apt_noninteractive_environment}}"
-- 
2.34.1