feat(bootstrap): add rescue block with VM cleanup on failure

2026-03-12 07:43:51 +01:00
parent 54ffe5ff91
commit 1f778a7aaa
2 changed files with 148 additions and 20 deletions
--- a/main.yml
+++ b/main.yml
@@ -110,32 +110,81 @@
      ansible.builtin.import_role:
        name: system_check

-  roles:
-    - role: virtualization
-      when: system_cfg.type == "virtual"
-      become: false
-      vars:
-        ansible_connection: local
+  tasks:
+    - name: Bootstrap pipeline
+      block:
+        - name: Record that no pre-existing VM was found
+          ansible.builtin.set_fact:
+            _vm_absent_before_bootstrap: true

-    - role: environment
-      vars:
-        ansible_connection: "{{ 'vmware_tools' if hypervisor_type == 'vmware' else 'ssh' }}"
+        - name: Create virtual machine
+          when: system_cfg.type == "virtual"
+          ansible.builtin.include_role:
+            name: virtualization
+            public: true
+          vars:
+            ansible_connection: local
+            ansible_become: false

-    - role: partitioning
-      vars:
-        partitioning_boot_partition_suffix: 1
-        partitioning_main_partition_suffix: 2
+        - name: Configure environment
+          ansible.builtin.include_role:
+            name: environment
+            public: true

-    - role: bootstrap
+        - name: Partition disks
+          ansible.builtin.include_role:
+            name: partitioning
+            public: true
+          vars:
+            partitioning_boot_partition_suffix: 1
+            partitioning_main_partition_suffix: 2

-    - role: configuration
+        - name: Install base system
+          ansible.builtin.include_role:
+            name: bootstrap
+            public: true

-    - role: cis
-      when: system_cfg.features.cis.enabled | bool
+        - name: Apply system configuration
+          ansible.builtin.include_role:
+            name: configuration
+            public: true

-    - role: cleanup
-      when: system_cfg.type in ["virtual", "physical"]
-      become: false
+        - name: Apply CIS hardening
+          when: system_cfg.features.cis.enabled | bool
+          ansible.builtin.include_role:
+            name: cis
+            public: true
+
+        - name: Clean up and finalize
+          when: system_cfg.type in ["virtual", "physical"]
+          ansible.builtin.include_role:
+            name: cleanup
+            public: true
+          vars:
+            ansible_become: false
+
+      rescue:
+        - name: Delete VM on bootstrap failure
+          when:
+            - _vm_absent_before_bootstrap | default(false) | bool
+            - virtualization_vm_created_in_run | default(false) | bool
+            - system_cfg.type == "virtual"
+          ansible.builtin.include_role:
+            name: virtualization
+            tasks_from: delete
+          vars:
+            ansible_connection: local
+            ansible_become: false
+          tags:
+            - rescue_cleanup
+
+        - name: Fail host after bootstrap rescue
+          ansible.builtin.fail:
+            msg: >-
+              Bootstrap failed for {{ hostname }}.
+              {{ 'VM was deleted to allow clean retry.'
+                 if (virtualization_vm_created_in_run | default(false))
+                 else 'VM was not created in this run (kept).' }}

  post_tasks:
    - name: Set post-reboot connection flags