# update_portainer_agent.yml - name: Update Portainer Agent on VM via Proxmox hosts: proxmox gather_facts: false become: true become_user: root become_method: sudo vars: # --- Connection to VM (provided by Semaphore env vars) --- vm_ip: "{{ lookup('env', 'VM_IP') }}" vm_user: "{{ lookup('env', 'VM_USER') }}" vm_pass: "{{ lookup('env', 'VM_PASS') }}" use_sudo: false # --- Debug mode (controlled via Semaphore variable) --- DEBUG: "{{ lookup('env', 'DEBUG') | default(0) | int }}" RETRIES: "{{ lookup('env', 'RETRIES') | default(25) | int }}" # --- Portainer Agent specifics --- portainer_agent_image: "portainer/agent:latest" portainer_agent_container: "portainer_agent" portainer_agent_port: 9001 # Docker command prefix (consistent behavior and quiet hints) docker_prefix: "unalias docker 2>/dev/null || true; DOCKER_CLI_HINTS=0; command docker" # Commands to run on the target VM (quiet outputs) portainer_commands: - "{{ docker_prefix }} pull -q {{ portainer_agent_image }} >/dev/null" - "{{ docker_prefix }} stop {{ portainer_agent_container }} >/dev/null 2>&1 || true" - "{{ docker_prefix }} rm {{ portainer_agent_container }} >/dev/null 2>&1 || true" - > {{ docker_prefix }} run -d --name {{ portainer_agent_container }} --restart=always -p {{ portainer_agent_port }}:9001 -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes {{ portainer_agent_image }} >/dev/null tasks: - name: Ensure sshpass is installed (for password-based SSH) # English comments ansible.builtin.apt: name: sshpass state: present update_cache: yes - name: Run Portainer Agent update commands on VM (via SSH) # run all commands via sshpass ansible.builtin.command: argv: - sshpass - -e - ssh - -o - StrictHostKeyChecking=no - -o - ConnectTimeout=15 - "{{ vm_user }}@{{ vm_ip }}" - bash - -lc - "{{ ('sudo ' if use_sudo else '') + item }}" environment: SSHPASS: "{{ vm_pass }}" loop: "{{ portainer_commands }}" loop_control: index_var: idx # capture loop index label: "cmd-{{ idx }}" # avoid printing full command in (item=...) line register: portainer_cmds changed_when: false no_log: "{{ DEBUG == 0 }}" # hide outputs and env when not debugging - name: Show outputs for each Portainer command ansible.builtin.debug: msg: | CMD: {{ item.item }} RC: {{ item.rc }} STDOUT: {{ (item.stdout | default('')).strip() }} STDERR: {{ (item.stderr | default('')).strip() }} loop: "{{ portainer_cmds.results }}" when: DEBUG == 1 - name: Fail play if any Portainer command failed ansible.builtin.assert: that: "item.rc == 0" fail_msg: "Portainer Agent update failed on VM: {{ item.item }} (rc={{ item.rc }})" success_msg: "All Portainer Agent update commands succeeded." loop: "{{ portainer_cmds.results }}" loop_control: index_var: idx label: "cmd-{{ idx }}" # ------------------------- # Readiness check (TCP port) # ------------------------- - name: Portainer Agent | Wait for TCP port to be open from controller ansible.builtin.wait_for: host: "{{ vm_ip }}" port: "{{ portainer_agent_port }}" delay: 2 # initial delay before first check timeout: "{{ RETRIES * 2 }}" # total timeout in seconds state: started register: portainer_wait delegate_to: localhost run_once: true changed_when: false - name: Portainer Agent | Print concise summary ansible.builtin.debug: msg: >- Portainer Agent TCP {{ vm_ip }}:{{ portainer_agent_port }} reachable={{ (portainer_wait is defined) and (not portainer_wait.failed | default(false)) }} elapsed={{ portainer_wait.elapsed | default('n/a') }}s when: DEBUG == 1