refactor(safety): remove redundant live environment detection from system_check
This commit is contained in:
@@ -1,83 +1,4 @@
|
|||||||
---
|
---
|
||||||
- name: Gather minimal facts for safety checks
|
|
||||||
ansible.builtin.setup:
|
|
||||||
gather_subset:
|
|
||||||
- "!all"
|
|
||||||
- "min"
|
|
||||||
- "mounts"
|
|
||||||
changed_when: false
|
|
||||||
|
|
||||||
- name: Production system protection check
|
|
||||||
block:
|
|
||||||
- name: Check for OS release information
|
|
||||||
ansible.builtin.stat:
|
|
||||||
path: /etc/os-release
|
|
||||||
register: system_check_os_release_exists
|
|
||||||
|
|
||||||
- name: Check for live environment markers
|
|
||||||
ansible.builtin.stat:
|
|
||||||
path: "{{ item }}"
|
|
||||||
loop:
|
|
||||||
- /run/archiso
|
|
||||||
- /run/live
|
|
||||||
- /run/initramfs
|
|
||||||
- /run/initramfs/live
|
|
||||||
register: system_check_live_markers
|
|
||||||
changed_when: false
|
|
||||||
|
|
||||||
- name: Determine root filesystem type
|
|
||||||
ansible.builtin.set_fact:
|
|
||||||
system_check_root_fstype: >-
|
|
||||||
{{
|
|
||||||
ansible_mounts
|
|
||||||
| selectattr('mount', 'equalto', '/')
|
|
||||||
| map(attribute='fstype')
|
|
||||||
| list
|
|
||||||
| first
|
|
||||||
| default('')
|
|
||||||
| lower
|
|
||||||
}}
|
|
||||||
changed_when: false
|
|
||||||
|
|
||||||
- name: Identify live environment indicators
|
|
||||||
ansible.builtin.set_fact:
|
|
||||||
system_check_is_live_environment: >-
|
|
||||||
{{
|
|
||||||
(not system_check_os_release_exists.stat.exists)
|
|
||||||
or (
|
|
||||||
system_check_live_markers.results
|
|
||||||
| selectattr('stat.exists')
|
|
||||||
| list
|
|
||||||
| length
|
|
||||||
> 0
|
|
||||||
)
|
|
||||||
or system_check_root_fstype in ['overlay', 'overlayfs', 'squashfs', 'aufs']
|
|
||||||
or (ansible_hostname | default('') | lower is search('live'))
|
|
||||||
}}
|
|
||||||
changed_when: false
|
|
||||||
|
|
||||||
- name: Assert target is not a production system
|
|
||||||
ansible.builtin.assert:
|
|
||||||
that:
|
|
||||||
- system_check_is_live_environment | bool
|
|
||||||
fail_msg: |
|
|
||||||
PRODUCTION SYSTEM DETECTED - ABORTING
|
|
||||||
|
|
||||||
The target system appears to be a production environment with an already
|
|
||||||
installed operating system. This playbook is designed to run ONLY on
|
|
||||||
live installer environments (e.g., ArchLinux ISO, Debian netinst).
|
|
||||||
|
|
||||||
DO NOT proceed on production systems. This could result in data loss.
|
|
||||||
|
|
||||||
To use this playbook:
|
|
||||||
1. Boot from a live installer ISO (ArchLinux, Debian, Ubuntu, etc.)
|
|
||||||
2. Run playbook against live environment
|
|
||||||
3. Target an empty disk for installation
|
|
||||||
|
|
||||||
If you are certain you want to proceed, you must verify you are running
|
|
||||||
from a live environment, not an installed system.
|
|
||||||
quiet: true
|
|
||||||
|
|
||||||
- name: VM existence protection check
|
- name: VM existence protection check
|
||||||
when: system_cfg.type == "virtual"
|
when: system_cfg.type == "virtual"
|
||||||
block:
|
block:
|
||||||
|
|||||||
Reference in New Issue
Block a user