From 95d4f735d2131ed56122a2c3556a3e719289131d Mon Sep 17 00:00:00 2001
From: "l.covela" <l.covela@charente-maritime.cci.fr>
Date: Wed, 7 Jan 2026 09:23:02 +0100
Subject: [PATCH] Ajouter synology_dsm_upgrade_api.yml

---
 synology_dsm_upgrade_api.yml | 146 +++++++++++++++++++++++++++++++++++
 1 file changed, 146 insertions(+)
 create mode 100644 synology_dsm_upgrade_api.yml

diff --git a/synology_dsm_upgrade_api.yml b/synology_dsm_upgrade_api.yml
new file mode 100644
index 0000000..85a391a
--- /dev/null
+++ b/synology_dsm_upgrade_api.yml
@@ -0,0 +1,146 @@
+---
+- name: Synology DSM - déclencher une mise à jour via l'API DSM
+  hosts: synology
+  gather_facts: false
+
+  vars:
+    # --- Connexion DSM ---
+    syno_scheme: "https"
+    syno_port: 5001
+    syno_verify_ssl: false   # mets true si tu as un certificat OK
+    syno_user: "{{ vault_syno_user | default(omit) }}"
+    syno_pass: "{{ vault_syno_pass | default(omit) }}"
+    syno_session: "DSM"      # session DSM (souvent OK)
+
+    # --- Upgrade API ---
+    # Les méthodes peuvent varier: ajuste si besoin (après tests)
+    upgrade_check_method: "check"   # parfois: "status" / "get"
+    upgrade_start_method: "start"
+
+    # --- Sécurité ---
+    refuse_if_no_upgrade_api: true  # si true: on échoue si SYNO.Core.Upgrade absent
+
+  tasks:
+    - name: Construire base_url
+      ansible.builtin.set_fact:
+        base_url: "{{ syno_scheme }}://{{ inventory_hostname }}:{{ syno_port }}"
+
+    # 1) Découverte des APIs (paths & versions) via SYNO.API.Info
+    - name: Discover SYNO.API.Auth & SYNO.Core.Upgrade via SYNO.API.Info
+      ansible.builtin.uri:
+        url: >-
+          {{ base_url }}/webapi/entry.cgi
+          ?api=SYNO.API.Info&version=1&method=query
+          &query=SYNO.API.Auth,SYNO.Core.Upgrade
+        method: GET
+        return_content: true
+        validate_certs: "{{ syno_verify_ssl }}"
+      register: api_info
+      failed_when: api_info.json.success is not defined or api_info.json.success != true
+
+    - name: Extraire info Auth/Upgrade
+      ansible.builtin.set_fact:
+        auth_info: "{{ api_info.json.data['SYNO.API.Auth'] | default({}) }}"
+        upgrade_info: "{{ api_info.json.data['SYNO.Core.Upgrade'] | default({}) }}"
+
+    - name: Fail si SYNO.Core.Upgrade absent (optionnel)
+      ansible.builtin.fail:
+        msg: >-
+          L'API SYNO.Core.Upgrade n'est pas exposée sur ce NAS via /webapi.
+          Solution de repli: déclenchement via SSH (synoupgrade) ou mise à jour manuelle DSM.
+      when:
+        - refuse_if_no_upgrade_api | bool
+        - (upgrade_info | length) == 0
+
+    - name: Définir chemins et versions max
+      ansible.builtin.set_fact:
+        auth_path: "{{ auth_info.path | default('auth.cgi') }}"
+        auth_ver: "{{ auth_info.maxVersion | default(7) }}"
+        upgrade_path: "{{ upgrade_info.path | default('entry.cgi') }}"
+        upgrade_ver: "{{ upgrade_info.maxVersion | default(1) }}"
+
+    # 2) Login -> SID
+    - name: Login DSM API (SYNO.API.Auth)
+      ansible.builtin.uri:
+        url: "{{ base_url }}/webapi/{{ auth_path }}"
+        method: GET
+        validate_certs: "{{ syno_verify_ssl }}"
+        return_content: true
+        status_code: 200
+        url_parameters:
+          api: "SYNO.API.Auth"
+          version: "{{ auth_ver }}"
+          method: "login"
+          account: "{{ syno_user }}"
+          passwd: "{{ syno_pass }}"
+          session: "{{ syno_session }}"
+          format: "sid"
+      register: login
+      failed_when: login.json.success != true
+
+    - name: Enregistrer SID
+      ansible.builtin.set_fact:
+        sid: "{{ login.json.data.sid }}"
+
+    # 3) (Optionnel) Check update (si la méthode existe)
+    - name: Check DSM update readiness (best effort)
+      ansible.builtin.uri:
+        url: "{{ base_url }}/webapi/{{ upgrade_path }}"
+        method: GET
+        validate_certs: "{{ syno_verify_ssl }}"
+        return_content: true
+        status_code: 200
+        url_parameters:
+          api: "SYNO.Core.Upgrade"
+          version: "{{ upgrade_ver }}"
+          method: "{{ upgrade_check_method }}"
+          _sid: "{{ sid }}"
+      register: upgrade_check
+      failed_when: false
+
+    - name: Debug check result (utile pour ajuster upgrade_check_method)
+      ansible.builtin.debug:
+        var: upgrade_check.json
+
+    # 4) Start upgrade (l'update est supposée déjà téléchargée / prête)
+    - name: Start DSM upgrade (SYNO.Core.Upgrade)
+      ansible.builtin.uri:
+        url: "{{ base_url }}/webapi/{{ upgrade_path }}"
+        method: GET
+        validate_certs: "{{ syno_verify_ssl }}"
+        return_content: true
+        status_code: 200
+        url_parameters:
+          api: "SYNO.Core.Upgrade"
+          version: "{{ upgrade_ver }}"
+          method: "{{ upgrade_start_method }}"
+          _sid: "{{ sid }}"
+      register: upgrade_start
+
+    - name: Fail si start a échoué
+      ansible.builtin.fail:
+        msg: >-
+          Echec du démarrage upgrade DSM via API.
+          Réponse: {{ upgrade_start.json | to_nice_json }}
+      when: upgrade_start.json.success != true
+
+    - name: Afficher résultat start
+      ansible.builtin.debug:
+        var: upgrade_start.json
+
+    # 5) Logout
+    - name: Logout DSM API
+      ansible.builtin.uri:
+        url: "{{ base_url }}/webapi/{{ auth_path }}"
+        method: GET
+        validate_certs: "{{ syno_verify_ssl }}"
+        return_content: true
+        status_code: 200
+        url_parameters:
+          api: "SYNO.API.Auth"
+          version: "{{ auth_ver }}"
+          method: "logout"
+          session: "{{ syno_session }}"
+          _sid: "{{ sid }}"
+      register: logout
+      failed_when: false