Post-Tyranny-Tech-Infrastru.../ansible/playbooks/260123-upgrade-nextcloud-stage-v2.yml

---
# Nextcloud Upgrade Stage Task File (Fixed Version)
# This file is included by 260123-upgrade-nextcloud-v2.yml for each upgrade stage
# Do not run directly
#
# Improvements:
# - Better version detection (actual running version)
# - Proper error handling
# - Clearer status messages
# - Maintenance mode handling

- name: "Stage {{ stage.stage }}: Starting v{{ stage.from }} → v{{ stage.to }}"
  debug:
    msg: |
      ============================================================
      Stage {{ stage.stage }}: Upgrading v{{ stage.from }} → v{{ stage.to }}
      ============================================================

- name: "Stage {{ stage.stage }}: Get current running version"
  shell: docker exec -u www-data nextcloud php occ status --output=json
  register: stage_version_check
  changed_when: false

- name: "Stage {{ stage.stage }}: Parse current version"
  set_fact:
    stage_current: "{{ (stage_version_check.stdout | from_json).versionstring }}"

- name: "Stage {{ stage.stage }}: Display current version"
  debug:
    msg: "Currently running: v{{ stage_current }}"

- name: "Stage {{ stage.stage }}: Check if already on target version"
  debug:
    msg: "✓ Already on v{{ stage_current }} - skipping this stage"
  when: stage_current is version(stage.to, '>=')

- name: "Stage {{ stage.stage }}: Skip if already upgraded"
  meta: end_play
  when: stage_current is version(stage.to, '>=')

- name: "Stage {{ stage.stage }}: Verify version is compatible"
  fail:
    msg: "Cannot upgrade from v{{ stage_current }} (expected v{{ stage.from }}.x)"
  when: stage_current is version(stage.from, '<') or (stage_current is version(stage.to, '>='))

- name: "Stage {{ stage.stage }}: Update docker-compose.yml to v{{ stage.to }}"
  replace:
    path: "{{ nextcloud_base_dir }}/docker-compose.yml"
    regexp: 'image:\s*nextcloud:{{ stage.from }}'
    replace: 'image: nextcloud:{{ stage.to }}'

- name: "Stage {{ stage.stage }}: Verify docker-compose.yml was updated"
  shell: grep "image{{ ':' }} nextcloud{{ ':' }}{{ stage.to }}" {{ nextcloud_base_dir }}/docker-compose.yml
  register: compose_verify
  changed_when: false
  failed_when: compose_verify.rc != 0

- name: "Stage {{ stage.stage }}: Pull Nextcloud v{{ stage.to }} image"
  shell: docker pull nextcloud:{{ stage.to }}
  register: image_pull
  changed_when: "'Downloaded' in image_pull.stdout or 'Pulling' in image_pull.stdout or 'Downloaded newer' in image_pull.stderr"

- name: "Stage {{ stage.stage }}: Stop containers before upgrade"
  community.docker.docker_compose_v2:
    project_src: "{{ nextcloud_base_dir }}"
    state: stopped

- name: "Stage {{ stage.stage }}: Start containers with new version"
  community.docker.docker_compose_v2:
    project_src: "{{ nextcloud_base_dir }}"
    state: present

- name: "Stage {{ stage.stage }}: Wait for Nextcloud container to be ready"
  shell: |
    count=0
    max_attempts=60
    while [ $count -lt $max_attempts ]; do
      if docker exec nextcloud curl -f http://localhost:80/status.php 2>/dev/null; then
        echo "Container ready after $count attempts"
        exit 0
      fi
      sleep 5
      count=$((count + 1))
    done
    echo "Timeout waiting for container after $max_attempts attempts"
    exit 1
  register: container_ready
  changed_when: false

- name: "Stage {{ stage.stage }}: Run occ upgrade"
  shell: docker exec -u www-data nextcloud php occ upgrade --no-interaction
  register: occ_upgrade
  changed_when: "'Update successful' in occ_upgrade.stdout or 'upgraded' in occ_upgrade.stdout"
  failed_when:
    - occ_upgrade.rc != 0
    - "'already latest version' not in occ_upgrade.stdout"
    - "'No upgrade required' not in occ_upgrade.stdout"

- name: "Stage {{ stage.stage }}: Display upgrade output"
  debug:
    msg: "{{ occ_upgrade.stdout_lines }}"

- name: "Stage {{ stage.stage }}: Verify upgrade succeeded"
  shell: docker exec -u www-data nextcloud php occ status --output=json
  register: stage_verify
  changed_when: false

- name: "Stage {{ stage.stage }}: Parse upgraded version"
  set_fact:
    stage_upgraded: "{{ (stage_verify.stdout | from_json).versionstring }}"

- name: "Stage {{ stage.stage }}: Check upgrade was successful"
  fail:
    msg: "Upgrade to v{{ stage.to }} failed - still on v{{ stage_upgraded }}"
  when: stage_upgraded is version(stage.to, '<')

- name: "Stage {{ stage.stage }}: Success"
  debug:
    msg: |
      ============================================================
      ✓ Stage {{ stage.stage }} completed successfully
      Upgraded from v{{ stage_current }} to v{{ stage_upgraded }}
      ============================================================
feat: Add improved Nextcloud upgrade playbook (v2) Complete rewrite of the upgrade playbook based on lessons learned from the kikker upgrade. The v2 playbook is fully idempotent and handles all edge cases properly. Key improvements over v1: 1. Idempotency - Can be safely re-run after failures 2. Smart version detection - Reads actual running version, not just docker-compose.yml 3. Stage skipping - Automatically skips completed upgrade stages 4. Better maintenance mode handling - Properly enables/disables at right times 5. Backup reuse - Skips backup if already exists from previous run 6. Dynamic upgrade path - Only runs needed stages based on current version 7. Clear status messages - Shows what's happening at each step 8. Proper error handling - Fails gracefully with helpful messages Files: - playbooks/260123-upgrade-nextcloud-v2.yml (main playbook) - playbooks/260123-upgrade-nextcloud-stage-v2.yml (stage tasks) Testing: - v1 playbook partially tested on kikker (manual intervention required) - v2 playbook ready for full end-to-end testing Usage: cd ansible/ HCLOUD_TOKEN="..." ansible-playbook -i hcloud.yml \ playbooks/260123-upgrade-nextcloud-v2.yml --limit <server> \ --private-key "../keys/ssh/<server>" The playbook will: - Detect current version (v30/v31/v32) - Skip stages already completed - Create backup only if needed - Upgrade through required stages - Re-enable critical apps - Update to 'latest' tag 🤖 Generated with Claude Code (https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2026-01-23 21:25:44 +01:00			`---`
			`# Nextcloud Upgrade Stage Task File (Fixed Version)`
			`# This file is included by 260123-upgrade-nextcloud-v2.yml for each upgrade stage`
			`# Do not run directly`
			`#`
			`# Improvements:`
			`# - Better version detection (actual running version)`
			`# - Proper error handling`
			`# - Clearer status messages`
			`# - Maintenance mode handling`

			`- name: "Stage {{ stage.stage }}: Starting v{{ stage.from }} → v{{ stage.to }}"`
			`debug:`
			`msg: \|`
			`============================================================`
			`Stage {{ stage.stage }}: Upgrading v{{ stage.from }} → v{{ stage.to }}`
			`============================================================`

			`- name: "Stage {{ stage.stage }}: Get current running version"`
			`shell: docker exec -u www-data nextcloud php occ status --output=json`
			`register: stage_version_check`
			`changed_when: false`

			`- name: "Stage {{ stage.stage }}: Parse current version"`
			`set_fact:`
			`stage_current: "{{ (stage_version_check.stdout \| from_json).versionstring }}"`

			`- name: "Stage {{ stage.stage }}: Display current version"`
			`debug:`
			`msg: "Currently running: v{{ stage_current }}"`

			`- name: "Stage {{ stage.stage }}: Check if already on target version"`
			`debug:`
			`msg: "✓ Already on v{{ stage_current }} - skipping this stage"`
			`when: stage_current is version(stage.to, '>=')`

			`- name: "Stage {{ stage.stage }}: Skip if already upgraded"`
			`meta: end_play`
			`when: stage_current is version(stage.to, '>=')`

			`- name: "Stage {{ stage.stage }}: Verify version is compatible"`
			`fail:`
			`msg: "Cannot upgrade from v{{ stage_current }} (expected v{{ stage.from }}.x)"`
			`when: stage_current is version(stage.from, '<') or (stage_current is version(stage.to, '>='))`

			`- name: "Stage {{ stage.stage }}: Update docker-compose.yml to v{{ stage.to }}"`
			`replace:`
			`path: "{{ nextcloud_base_dir }}/docker-compose.yml"`
			`regexp: 'image:\s*nextcloud:{{ stage.from }}'`
			`replace: 'image: nextcloud:{{ stage.to }}'`

			`- name: "Stage {{ stage.stage }}: Verify docker-compose.yml was updated"`
fix: YAML syntax error in stage verification task 2026-01-23 21:36:30 +01:00			`shell: grep "image{{ ':' }} nextcloud{{ ':' }}{{ stage.to }}" {{ nextcloud_base_dir }}/docker-compose.yml`
feat: Add improved Nextcloud upgrade playbook (v2) Complete rewrite of the upgrade playbook based on lessons learned from the kikker upgrade. The v2 playbook is fully idempotent and handles all edge cases properly. Key improvements over v1: 1. Idempotency - Can be safely re-run after failures 2. Smart version detection - Reads actual running version, not just docker-compose.yml 3. Stage skipping - Automatically skips completed upgrade stages 4. Better maintenance mode handling - Properly enables/disables at right times 5. Backup reuse - Skips backup if already exists from previous run 6. Dynamic upgrade path - Only runs needed stages based on current version 7. Clear status messages - Shows what's happening at each step 8. Proper error handling - Fails gracefully with helpful messages Files: - playbooks/260123-upgrade-nextcloud-v2.yml (main playbook) - playbooks/260123-upgrade-nextcloud-stage-v2.yml (stage tasks) Testing: - v1 playbook partially tested on kikker (manual intervention required) - v2 playbook ready for full end-to-end testing Usage: cd ansible/ HCLOUD_TOKEN="..." ansible-playbook -i hcloud.yml \ playbooks/260123-upgrade-nextcloud-v2.yml --limit <server> \ --private-key "../keys/ssh/<server>" The playbook will: - Detect current version (v30/v31/v32) - Skip stages already completed - Create backup only if needed - Upgrade through required stages - Re-enable critical apps - Update to 'latest' tag 🤖 Generated with Claude Code (https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2026-01-23 21:25:44 +01:00			`register: compose_verify`
			`changed_when: false`
			`failed_when: compose_verify.rc != 0`

			`- name: "Stage {{ stage.stage }}: Pull Nextcloud v{{ stage.to }} image"`
			`shell: docker pull nextcloud:{{ stage.to }}`
			`register: image_pull`
			`changed_when: "'Downloaded' in image_pull.stdout or 'Pulling' in image_pull.stdout or 'Downloaded newer' in image_pull.stderr"`

			`- name: "Stage {{ stage.stage }}: Stop containers before upgrade"`
			`community.docker.docker_compose_v2:`
			`project_src: "{{ nextcloud_base_dir }}"`
			`state: stopped`

			`- name: "Stage {{ stage.stage }}: Start containers with new version"`
			`community.docker.docker_compose_v2:`
			`project_src: "{{ nextcloud_base_dir }}"`
			`state: present`

			`- name: "Stage {{ stage.stage }}: Wait for Nextcloud container to be ready"`
			`shell: \|`
fix: Improve container wait loop to actually wait 5 minutes 2026-01-23 21:41:14 +01:00			`count=0`
			`max_attempts=60`
			`while [ $count -lt $max_attempts ]; do`
feat: Add improved Nextcloud upgrade playbook (v2) Complete rewrite of the upgrade playbook based on lessons learned from the kikker upgrade. The v2 playbook is fully idempotent and handles all edge cases properly. Key improvements over v1: 1. Idempotency - Can be safely re-run after failures 2. Smart version detection - Reads actual running version, not just docker-compose.yml 3. Stage skipping - Automatically skips completed upgrade stages 4. Better maintenance mode handling - Properly enables/disables at right times 5. Backup reuse - Skips backup if already exists from previous run 6. Dynamic upgrade path - Only runs needed stages based on current version 7. Clear status messages - Shows what's happening at each step 8. Proper error handling - Fails gracefully with helpful messages Files: - playbooks/260123-upgrade-nextcloud-v2.yml (main playbook) - playbooks/260123-upgrade-nextcloud-stage-v2.yml (stage tasks) Testing: - v1 playbook partially tested on kikker (manual intervention required) - v2 playbook ready for full end-to-end testing Usage: cd ansible/ HCLOUD_TOKEN="..." ansible-playbook -i hcloud.yml \ playbooks/260123-upgrade-nextcloud-v2.yml --limit <server> \ --private-key "../keys/ssh/<server>" The playbook will: - Detect current version (v30/v31/v32) - Skip stages already completed - Create backup only if needed - Upgrade through required stages - Re-enable critical apps - Update to 'latest' tag 🤖 Generated with Claude Code (https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2026-01-23 21:25:44 +01:00			`if docker exec nextcloud curl -f http://localhost:80/status.php 2>/dev/null; then`
fix: Improve container wait loop to actually wait 5 minutes 2026-01-23 21:41:14 +01:00			`echo "Container ready after $count attempts"`
feat: Add improved Nextcloud upgrade playbook (v2) Complete rewrite of the upgrade playbook based on lessons learned from the kikker upgrade. The v2 playbook is fully idempotent and handles all edge cases properly. Key improvements over v1: 1. Idempotency - Can be safely re-run after failures 2. Smart version detection - Reads actual running version, not just docker-compose.yml 3. Stage skipping - Automatically skips completed upgrade stages 4. Better maintenance mode handling - Properly enables/disables at right times 5. Backup reuse - Skips backup if already exists from previous run 6. Dynamic upgrade path - Only runs needed stages based on current version 7. Clear status messages - Shows what's happening at each step 8. Proper error handling - Fails gracefully with helpful messages Files: - playbooks/260123-upgrade-nextcloud-v2.yml (main playbook) - playbooks/260123-upgrade-nextcloud-stage-v2.yml (stage tasks) Testing: - v1 playbook partially tested on kikker (manual intervention required) - v2 playbook ready for full end-to-end testing Usage: cd ansible/ HCLOUD_TOKEN="..." ansible-playbook -i hcloud.yml \ playbooks/260123-upgrade-nextcloud-v2.yml --limit <server> \ --private-key "../keys/ssh/<server>" The playbook will: - Detect current version (v30/v31/v32) - Skip stages already completed - Create backup only if needed - Upgrade through required stages - Re-enable critical apps - Update to 'latest' tag 🤖 Generated with Claude Code (https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2026-01-23 21:25:44 +01:00			`exit 0`
			`fi`
			`sleep 5`
fix: Improve container wait loop to actually wait 5 minutes 2026-01-23 21:41:14 +01:00			`count=$((count + 1))`
feat: Add improved Nextcloud upgrade playbook (v2) Complete rewrite of the upgrade playbook based on lessons learned from the kikker upgrade. The v2 playbook is fully idempotent and handles all edge cases properly. Key improvements over v1: 1. Idempotency - Can be safely re-run after failures 2. Smart version detection - Reads actual running version, not just docker-compose.yml 3. Stage skipping - Automatically skips completed upgrade stages 4. Better maintenance mode handling - Properly enables/disables at right times 5. Backup reuse - Skips backup if already exists from previous run 6. Dynamic upgrade path - Only runs needed stages based on current version 7. Clear status messages - Shows what's happening at each step 8. Proper error handling - Fails gracefully with helpful messages Files: - playbooks/260123-upgrade-nextcloud-v2.yml (main playbook) - playbooks/260123-upgrade-nextcloud-stage-v2.yml (stage tasks) Testing: - v1 playbook partially tested on kikker (manual intervention required) - v2 playbook ready for full end-to-end testing Usage: cd ansible/ HCLOUD_TOKEN="..." ansible-playbook -i hcloud.yml \ playbooks/260123-upgrade-nextcloud-v2.yml --limit <server> \ --private-key "../keys/ssh/<server>" The playbook will: - Detect current version (v30/v31/v32) - Skip stages already completed - Create backup only if needed - Upgrade through required stages - Re-enable critical apps - Update to 'latest' tag 🤖 Generated with Claude Code (https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2026-01-23 21:25:44 +01:00			`done`
fix: Improve container wait loop to actually wait 5 minutes 2026-01-23 21:41:14 +01:00			`echo "Timeout waiting for container after $max_attempts attempts"`
feat: Add improved Nextcloud upgrade playbook (v2) Complete rewrite of the upgrade playbook based on lessons learned from the kikker upgrade. The v2 playbook is fully idempotent and handles all edge cases properly. Key improvements over v1: 1. Idempotency - Can be safely re-run after failures 2. Smart version detection - Reads actual running version, not just docker-compose.yml 3. Stage skipping - Automatically skips completed upgrade stages 4. Better maintenance mode handling - Properly enables/disables at right times 5. Backup reuse - Skips backup if already exists from previous run 6. Dynamic upgrade path - Only runs needed stages based on current version 7. Clear status messages - Shows what's happening at each step 8. Proper error handling - Fails gracefully with helpful messages Files: - playbooks/260123-upgrade-nextcloud-v2.yml (main playbook) - playbooks/260123-upgrade-nextcloud-stage-v2.yml (stage tasks) Testing: - v1 playbook partially tested on kikker (manual intervention required) - v2 playbook ready for full end-to-end testing Usage: cd ansible/ HCLOUD_TOKEN="..." ansible-playbook -i hcloud.yml \ playbooks/260123-upgrade-nextcloud-v2.yml --limit <server> \ --private-key "../keys/ssh/<server>" The playbook will: - Detect current version (v30/v31/v32) - Skip stages already completed - Create backup only if needed - Upgrade through required stages - Re-enable critical apps - Update to 'latest' tag 🤖 Generated with Claude Code (https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2026-01-23 21:25:44 +01:00			`exit 1`
			`register: container_ready`
			`changed_when: false`

			`- name: "Stage {{ stage.stage }}: Run occ upgrade"`
			`shell: docker exec -u www-data nextcloud php occ upgrade --no-interaction`
			`register: occ_upgrade`
			`changed_when: "'Update successful' in occ_upgrade.stdout or 'upgraded' in occ_upgrade.stdout"`
			`failed_when:`
			`- occ_upgrade.rc != 0`
			`- "'already latest version' not in occ_upgrade.stdout"`
			`- "'No upgrade required' not in occ_upgrade.stdout"`

			`- name: "Stage {{ stage.stage }}: Display upgrade output"`
			`debug:`
			`msg: "{{ occ_upgrade.stdout_lines }}"`

			`- name: "Stage {{ stage.stage }}: Verify upgrade succeeded"`
			`shell: docker exec -u www-data nextcloud php occ status --output=json`
			`register: stage_verify`
			`changed_when: false`

			`- name: "Stage {{ stage.stage }}: Parse upgraded version"`
			`set_fact:`
			`stage_upgraded: "{{ (stage_verify.stdout \| from_json).versionstring }}"`

			`- name: "Stage {{ stage.stage }}: Check upgrade was successful"`
			`fail:`
			`msg: "Upgrade to v{{ stage.to }} failed - still on v{{ stage_upgraded }}"`
			`when: stage_upgraded is version(stage.to, '<')`

			`- name: "Stage {{ stage.stage }}: Success"`
			`debug:`
			`msg: \|`
			`============================================================`
			`✓ Stage {{ stage.stage }} completed successfully`
			`Upgraded from v{{ stage_current }} to v{{ stage_upgraded }}`
			`============================================================`