OPSEXP-3006 Move upgrade checks as playbook and add skip variable (#1041

)

.secrets.baseline

@@ -144,7 +144,7 @@
         "filename": "playbooks/acs.yml",
         "hashed_secret": "3a0b8a438a9efa61267357269709a946d797b9bd",
         "is_verified": false,
-        "line_number": 432,
+        "line_number": 436,
         "is_secret": false
       }
     ],
@@ -259,5 +259,5 @@
       }
     ]
   },
-  "generated_at": "2025-01-15T11:23:05Z"
+  "generated_at": "2025-01-28T09:32:21Z"
 }

group_vars/all.yml

@@ -241,3 +241,5 @@ ats_mtls_capable: >
     trouter.version is version('2.1', 'ge') and
     sfs.version is version('2.1', 'ge')
   }}
+skip_upgrade_checks: false
+ansible_installation_status_file: "/opt/alfresco/.ansible_alfresco_components.status"

playbooks/acs.yml

@@ -19,6 +19,10 @@
 - name: Run preliminary checks
   ansible.builtin.import_playbook: prerun-checks.yml
 
+- name: Run preliminary upgrade checks
+  ansible.builtin.import_playbook: prerun-upgrade-checks.yml
+  when: skip_upgrade_checks is undefined or not skip_upgrade_checks
+
 - name: Handle secrets
   ansible.builtin.import_playbook: secrets.yml
 

playbooks/prerun-upgrade-checks.yml

@@ -0,0 +1,78 @@
+---
+# This playbook is used to run preliminary upgrade checks for the hosts in the ACS deployment.
+- name: Run preliminary upgrade checks for all hosts
+  hosts: all:!external
+  gather_facts: false
+  tasks:
+    - name: Fetch status file with installed versions
+      ansible.builtin.fetch:
+        src: "{{ ansible_installation_status_file }}"
+        fail_on_missing: false
+        dest: /tmp/
+      register: ansible_components_status
+      changed_when: false
+
+    - name: Read installed versions from status file when available
+      ansible.builtin.include_vars:
+        file: /tmp/{{ inventory_hostname }}/{{ ansible_installation_status_file }}
+        name: installed_components
+      when: ansible_components_status.msg is undefined
+
+    - name: Check for unsupported components upgrades
+      any_errors_fatal: true
+      module_defaults:
+        ansible.builtin.fail:
+          msg: >
+            You're trying to upgrade in an unsupported manner!
+            Please read our documentation for more informations on what's supported and what isn't.
+            https://github.com/Alfresco/alfresco-ansible-deployment/blob/master/docs/components-upgrade.md
+      block:
+        - name: Fail on unsupported ACS upgrade
+          ansible.builtin.fail:
+          when:
+            - installed_components.acs is defined
+            - installed_components.api_explorer is defined
+            - |
+              acs.edition != installed_components.acs.edition or
+              acs.version.split('.')[:3] | join('.') != installed_components.acs.version.split('.')[:3] | join('.') or
+              acs.version is version(installed_components.acs.version, 'lt') or
+              api_explorer.version != installed_components.api_explorer.version
+
+        - name: Fail on unsupported AMPS upgrades
+          ansible.builtin.fail:
+          when: |
+              installed_components is defined and
+              installed_components.amps is defined and
+              item in amps and
+              amps[item].version != installed_components.amps[item].version
+          loop: "{{ installed_components.amps | list }}"
+
+        - name: Fail on unsupported Transformers upgrades
+          ansible.builtin.fail:
+          when:
+            - installed_components.transform is defined
+            - transform.version != installed_components.transform.version
+
+        - name: Fail on unsupported Trouter upgrades
+          ansible.builtin.fail:
+          when:
+            - installed_components.trouter is defined
+            - trouter.version != installed_components.trouter.version
+
+        - name: Fail on unsupported SFS upgrades
+          ansible.builtin.fail:
+          when:
+            - installed_components.sfs is defined
+            - sfs.version != installed_components.sfs.version
+
+        - name: Fail on unsupported Search upgrades
+          ansible.builtin.fail:
+          when:
+            - installed_components.search is defined
+            - search.version != installed_components.search.version
+
+        - name: Fail on unsupported Sync upgrades
+          ansible.builtin.fail:
+          when:
+            - installed_components.sync is defined
+            - sync.version != installed_components.sync.version

roles/common/defaults/main.yml

@@ -150,8 +150,6 @@ os_family_yml: "{{ ansible_os_family }}.yml"
 os_distribution_yml: "{{ ansible_distribution }}.yml"
 os_version_yml: "{{ ansible_distribution }}{{ ansible_distribution_major_version }}.yml"
 
-ansible_installation_status_file: "{{ binaries_folder }}/.ansible_alfresco_components.status"
-
 nexus_user: "{{ lookup('env', 'NEXUS_USERNAME') | default(null) }}"
 nexus_password: "{{ lookup('env', 'NEXUS_PASSWORD') | default(null) }}"
 

roles/common/tasks/main.yml

@@ -1,8 +1,5 @@
 ---
 # tasks file for common
-- name: Check for upgrades
-  ansible.builtin.import_tasks: check_upgrades.yml
-
 - name: Include OS specific variables
   ansible.builtin.include_vars: "{{ item }}"
   loop: >-