[P3] fresh_install.yml runs full dist-upgrade — risky if run against existing machines #8

New Issue

2026-03-22T18:04:11Z

jeet commented

2026-03-22 18:04:11 +00:00

Problem

The playbook runs a full distribution upgrade as part of fresh install. If accidentally run against a production host (e.g., a Prod server mistakenly in the target group), it can upgrade the OS while services are running.

Fix

Add a safety guard that aborts if Docker containers are already running:

- name: Abort if containers are already running
  ansible.builtin.shell: docker compose ps -q
  args:
    chdir: ~/docker
  register: running
  failed_when: running.stdout != ""
  ignore_errors: false

Or split the dist-upgrade step into its own dedicated playbook.

File: playbooks/fresh_install.yml

## Problem The playbook runs a full distribution upgrade as part of fresh install. If accidentally run against a production host (e.g., a Prod server mistakenly in the target group), it can upgrade the OS while services are running. ## Fix Add a safety guard that aborts if Docker containers are already running: ```yaml - name: Abort if containers are already running ansible.builtin.shell: docker compose ps -q args: chdir: ~/docker register: running failed_when: running.stdout != "" ignore_errors: false ``` Or split the dist-upgrade step into its own dedicated playbook. **File:** `playbooks/fresh_install.yml`

jeet referenced this issue from a commit

2026-03-22 18:14:21 +00:00

Fix issues 3,5,6,7,8,9,11,15,16: security hardening and reliability improvements

jeet closed this issue

2026-03-22 18:14:21 +00:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: jeet/OCI_Build#8