feat(firmware): opt-in RouterOS + RouterBOOT upgrade to pinned target

Implements Task 9. Version-guarded (no-op when already >= switch_firmware_target,
as crs310-maker is at 7.19.6). Upgrade steps grouped in a block; reboot uses
ignore_unreachable + wait_for_connection instead of ignore_errors so it stays
lint-clean under the production profile. Syntax + lint only; not run (opt-in).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
sjat 2026-06-08 19:40:24 +02:00
parent 33dc378c3c
commit 5a5a194437

View file

@ -1,4 +1,48 @@
---
- name: Placeholder
ansible.builtin.debug:
msg: "not yet implemented"
# Opt-in RouterOS + RouterBOOT upgrade to switch_firmware_target.
# Disabled by default (switch_firmware_enabled: false). Upgrades REBOOT the switch,
# so run deliberately with a recovery channel open. Naturally a no-op when the device
# is already at or above the target version (the version guard skips every step).
- name: Assert a firmware target is set
ansible.builtin.assert:
that:
- switch_firmware_target | length > 0
fail_msg: >-
switch_firmware_target must be set in host_vars to run firmware upgrades.
- name: Gather RouterOS facts (current version)
community.routeros.facts:
- name: Upgrade RouterOS to the target and reboot
when: ansible_net_version is version(switch_firmware_target, '<')
block:
- name: Install the target RouterOS package from the stable channel
community.routeros.command:
commands:
- /system/package/update/set channel=stable
- /system/package/update/install
changed_when: true
- name: Wait for the switch to reboot and come back
ansible.builtin.wait_for_connection:
delay: 30
timeout: 300
- name: Upgrade RouterBOOT to match the installed RouterOS
community.routeros.command:
commands:
- /system/routerboard/upgrade
changed_when: true
- name: Reboot to apply the RouterBOOT upgrade
community.routeros.command:
commands:
- /system/reboot
changed_when: true
ignore_unreachable: true # connection drops on reboot; expected
- name: Wait for the switch to come back after the RouterBOOT reboot
ansible.builtin.wait_for_connection:
delay: 30
timeout: 300