From 5a5a19443738800422e76ae6b4066c833c802242 Mon Sep 17 00:00:00 2001 From: sjat Date: Mon, 8 Jun 2026 19:40:24 +0200 Subject: [PATCH] feat(firmware): opt-in RouterOS + RouterBOOT upgrade to pinned target Implements Task 9. Version-guarded (no-op when already >= switch_firmware_target, as crs310-maker is at 7.19.6). Upgrade steps grouped in a block; reboot uses ignore_unreachable + wait_for_connection instead of ignore_errors so it stays lint-clean under the production profile. Syntax + lint only; not run (opt-in). Co-Authored-By: Claude Opus 4.8 (1M context) --- .../tasks/firmware.yml | 50 +++++++++++++++++-- 1 file changed, 47 insertions(+), 3 deletions(-) diff --git a/roles/makerfloss.mikrotik_switch/tasks/firmware.yml b/roles/makerfloss.mikrotik_switch/tasks/firmware.yml index fe0a9a3..67096b8 100644 --- a/roles/makerfloss.mikrotik_switch/tasks/firmware.yml +++ b/roles/makerfloss.mikrotik_switch/tasks/firmware.yml @@ -1,4 +1,48 @@ --- -- name: Placeholder - ansible.builtin.debug: - msg: "not yet implemented" +# Opt-in RouterOS + RouterBOOT upgrade to switch_firmware_target. +# Disabled by default (switch_firmware_enabled: false). Upgrades REBOOT the switch, +# so run deliberately with a recovery channel open. Naturally a no-op when the device +# is already at or above the target version (the version guard skips every step). + +- name: Assert a firmware target is set + ansible.builtin.assert: + that: + - switch_firmware_target | length > 0 + fail_msg: >- + switch_firmware_target must be set in host_vars to run firmware upgrades. + +- name: Gather RouterOS facts (current version) + community.routeros.facts: + +- name: Upgrade RouterOS to the target and reboot + when: ansible_net_version is version(switch_firmware_target, '<') + block: + - name: Install the target RouterOS package from the stable channel + community.routeros.command: + commands: + - /system/package/update/set channel=stable + - /system/package/update/install + changed_when: true + + - name: Wait for the switch to reboot and come back + ansible.builtin.wait_for_connection: + delay: 30 + timeout: 300 + + - name: Upgrade RouterBOOT to match the installed RouterOS + community.routeros.command: + commands: + - /system/routerboard/upgrade + changed_when: true + + - name: Reboot to apply the RouterBOOT upgrade + community.routeros.command: + commands: + - /system/reboot + changed_when: true + ignore_unreachable: true # connection drops on reboot; expected + + - name: Wait for the switch to come back after the RouterBOOT reboot + ansible.builtin.wait_for_connection: + delay: 30 + timeout: 300