146 lines
5.8 KiB
YAML
146 lines
5.8 KiB
YAML
---
|
|
- name: Synology DSM - déclencher une mise à jour via l'API DSM (Semaphore/legacy compatible)
|
|
hosts: synology
|
|
gather_facts: false
|
|
|
|
vars:
|
|
# --- Connexion DSM ---
|
|
syno_scheme: "https"
|
|
syno_port: 5001
|
|
syno_verify_ssl: false # mets true si tu as un certificat OK
|
|
syno_user: "{{ vault_syno_user | default(omit) }}"
|
|
syno_pass: "{{ vault_syno_pass | default(omit) }}"
|
|
syno_session: "DSM" # session DSM (souvent OK)
|
|
|
|
# --- Upgrade API ---
|
|
# Les méthodes peuvent varier: ajuste si besoin (après tests)
|
|
upgrade_check_method: "check" # parfois: "status" / "get"
|
|
upgrade_start_method: "start"
|
|
|
|
# --- Sécurité ---
|
|
refuse_if_no_upgrade_api: true # si true: on échoue si SYNO.Core.Upgrade absent
|
|
|
|
tasks:
|
|
- name: Construire base_url
|
|
ansible.builtin.set_fact:
|
|
base_url: "{{ syno_scheme }}://{{ inventory_hostname }}:{{ syno_port }}"
|
|
|
|
# 1) Découverte des APIs (paths & versions) via SYNO.API.Info
|
|
# IMPORTANT: Semaphore utilise souvent ansible.legacy.uri => pas de url_parameters, donc URL en 1 ligne
|
|
- name: Discover SYNO.API.Auth & SYNO.Core.Upgrade via SYNO.API.Info
|
|
ansible.builtin.uri:
|
|
url: "{{ base_url }}/webapi/entry.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth,SYNO.Core.Upgrade"
|
|
method: GET
|
|
return_content: true
|
|
validate_certs: "{{ syno_verify_ssl }}"
|
|
status_code: 200
|
|
register: api_info
|
|
failed_when: api_info.json.success is not defined or api_info.json.success != true
|
|
|
|
- name: Extraire info Auth/Upgrade
|
|
ansible.builtin.set_fact:
|
|
auth_info: "{{ api_info.json.data['SYNO.API.Auth'] | default({}) }}"
|
|
upgrade_info: "{{ api_info.json.data['SYNO.Core.Upgrade'] | default({}) }}"
|
|
|
|
- name: Fail si SYNO.Core.Upgrade absent (optionnel)
|
|
ansible.builtin.fail:
|
|
msg: >-
|
|
L'API SYNO.Core.Upgrade n'est pas exposée sur ce NAS via /webapi.
|
|
Solution de repli: déclenchement via SSH (synoupgrade) ou mise à jour manuelle DSM.
|
|
when:
|
|
- refuse_if_no_upgrade_api | bool
|
|
- (upgrade_info | length) == 0
|
|
|
|
- name: Définir chemins et versions max
|
|
ansible.builtin.set_fact:
|
|
auth_path: "{{ auth_info.path | default('auth.cgi') }}"
|
|
auth_ver: "{{ auth_info.maxVersion | default(7) }}"
|
|
upgrade_path: "{{ upgrade_info.path | default('entry.cgi') }}"
|
|
upgrade_ver: "{{ upgrade_info.maxVersion | default(1) }}"
|
|
|
|
# 2) Login -> SID
|
|
- name: Login DSM API (SYNO.API.Auth)
|
|
ansible.builtin.uri:
|
|
url: "{{ base_url }}/webapi/{{ auth_path }}"
|
|
method: GET
|
|
validate_certs: "{{ syno_verify_ssl }}"
|
|
return_content: true
|
|
status_code: 200
|
|
# NOTE: pas de url_parameters (legacy). On passe les paramètres en query_string.
|
|
# Ansible uri accepte "body" pour POST, mais ici DSM Auth marche en GET.
|
|
# On encode en query directement:
|
|
register: login
|
|
failed_when: login.json.success != true
|
|
vars:
|
|
_login_url: >-
|
|
{{ base_url }}/webapi/{{ auth_path }}
|
|
?api=SYNO.API.Auth
|
|
&version={{ auth_ver }}
|
|
&method=login
|
|
&account={{ syno_user | urlencode }}
|
|
&passwd={{ syno_pass | urlencode }}
|
|
&session={{ syno_session | urlencode }}
|
|
&format=sid
|
|
# surcharge url avec la version 1-ligne sans espaces
|
|
# (on ne peut pas mettre des espaces: donc on met une seule ligne ci-dessous)
|
|
- name: Login DSM API (SYNO.API.Auth) - URL finale
|
|
ansible.builtin.uri:
|
|
url: "{{ base_url }}/webapi/{{ auth_path }}?api=SYNO.API.Auth&version={{ auth_ver }}&method=login&account={{ syno_user | urlencode }}&passwd={{ syno_pass | urlencode }}&session={{ syno_session | urlencode }}&format=sid"
|
|
method: GET
|
|
validate_certs: "{{ syno_verify_ssl }}"
|
|
return_content: true
|
|
status_code: 200
|
|
register: login
|
|
failed_when: login.json.success != true
|
|
|
|
- name: Enregistrer SID
|
|
ansible.builtin.set_fact:
|
|
sid: "{{ login.json.data.sid }}"
|
|
|
|
# 3) (Optionnel) Check update (si la méthode existe)
|
|
- name: Check DSM update readiness (best effort)
|
|
ansible.builtin.uri:
|
|
url: "{{ base_url }}/webapi/{{ upgrade_path }}?api=SYNO.Core.Upgrade&version={{ upgrade_ver }}&method={{ upgrade_check_method }}&_sid={{ sid }}"
|
|
method: GET
|
|
validate_certs: "{{ syno_verify_ssl }}"
|
|
return_content: true
|
|
status_code: 200
|
|
register: upgrade_check
|
|
failed_when: false
|
|
|
|
- name: Debug check result (utile pour ajuster upgrade_check_method)
|
|
ansible.builtin.debug:
|
|
var: upgrade_check.json
|
|
|
|
# 4) Start upgrade (l'update est supposée déjà téléchargée / prête)
|
|
- name: Start DSM upgrade (SYNO.Core.Upgrade)
|
|
ansible.builtin.uri:
|
|
url: "{{ base_url }}/webapi/{{ upgrade_path }}?api=SYNO.Core.Upgrade&version={{ upgrade_ver }}&method={{ upgrade_start_method }}&_sid={{ sid }}"
|
|
method: GET
|
|
validate_certs: "{{ syno_verify_ssl }}"
|
|
return_content: true
|
|
status_code: 200
|
|
register: upgrade_start
|
|
|
|
- name: Fail si start a échoué
|
|
ansible.builtin.fail:
|
|
msg: >-
|
|
Echec du démarrage upgrade DSM via API.
|
|
Réponse: {{ upgrade_start.json | to_nice_json }}
|
|
when: upgrade_start.json.success != true
|
|
|
|
- name: Afficher résultat start
|
|
ansible.builtin.debug:
|
|
var: upgrade_start.json
|
|
|
|
# 5) Logout
|
|
- name: Logout DSM API
|
|
ansible.builtin.uri:
|
|
url: "{{ base_url }}/webapi/{{ auth_path }}?api=SYNO.API.Auth&version={{ auth_ver }}&method=logout&session={{ syno_session | urlencode }}&_sid={{ sid }}"
|
|
method: GET
|
|
validate_certs: "{{ syno_verify_ssl }}"
|
|
return_content: true
|
|
status_code: 200
|
|
register: logout
|
|
failed_when: false
|