I have an Ansible task that aims to upgrade our Gitlab application. I want the user to ONLY be able to upgrade 1 major release. For example, I want to enable a 8.x to 9.x upgrade, but not an 8.x to 10.x upgrade. I’m aware of the version_compare module, which I use, but need more than what it does.

I did write a filter that extracts the major, minor, patch versions of a Semver-format version so I can get the major part. But how do I then compare them to see if their difference is > 1?

I do…

`

NOTE: server_major is a filter I wrote to extract the major version of an M.m.p Semver-format version.

• name: Get major version of installed version
  set_fact: M_installed=installed_version|sermver_major
• name: Get the major version of the desired upgrade version
  set_fact: M_upgrade=upgrade_version|semver_major
• name: Ensure M_upgrade - M_installed = 1
  “How do I do this?”
  `

Maybe there is a more straight-forward way to do this?

Probably something like:

• name: Ensure M_upgrade - M_installed = 1

assert:
that:

• M_upgrade|int - M_installed|int == 1

If you are using apt I would suggest another way of solving this and that is pinning in apt

Just create a file /etc/apt/preferences.d/gitlab with the following content

Package: gitlab-ce
Pin: version /9.[0-9]+\.[0-9]+-/
Pin-Priority: 1000

You can read more about pinning here
https://wiki.debian.org/AptPreferences

I’m using yum (RHEL). However with this approach, don’t you have to update the file when the major version changes?

Thanks, I’l try this

With that regex yes, it's a nice way to control upgrade to major versions.
And it also preventing upgrade of a package if someone should run apt dist-upgrade (equivalent to yum upgrade)

My file for Gitlab looks like this

$ more /etc/apt/preferences.d/gitlab
Package: gitlab-ce
Pin: version /[0-9]+\.[0-9]+\.([5-9]-|[0-9]{2,}-)/
Pin-Priority: 1000

It only upgrade if the package is x.y.5 or higher, the reason for this is Gitlab tends to be very buggy until around x.y.5 version is released.