#!/usr/bin/env bash set -o errexit set -o nounset set -o pipefail section() { printf '\n== %s ==\n' "$1" } run_optional() { local description="$1" shift if "$@"; then return 0 fi printf 'WARNING: %s failed\n' "$description" return 0 } section "Operating system" if [[ -r /etc/os-release ]]; then run_optional "OS release report" cat /etc/os-release else printf 'WARNING: /etc/os-release is unavailable\n' fi run_optional "kernel report" uname -a section "Host" run_optional "hostname report" hostname run_optional "uptime report" uptime section "CPU and virtualization" if command -v lscpu >/dev/null 2>&1; then run_optional "CPU report" lscpu printf '\nVirtualization flags:\n' lscpu | grep -E 'Virtualization|Hypervisor vendor' || \ printf 'INFO: no virtualization summary reported by lscpu\n' else printf 'WARNING: lscpu is unavailable\n' fi if grep -Eqm1 '(^|[[:space:]])(vmx|svm)([[:space:]]|$)' /proc/cpuinfo; then printf 'OK: CPU virtualization flags detected\n' else printf 'WARNING: CPU virtualization flags were not detected\n' fi section "Memory" if command -v free >/dev/null 2>&1; then run_optional "memory report" free -h else run_optional "memory report" cat /proc/meminfo fi section "Disks" if command -v lsblk >/dev/null 2>&1; then run_optional "block device report" lsblk -o NAME,TYPE,SIZE,FSTYPE,MOUNTPOINTS,MODEL else printf 'WARNING: lsblk is unavailable\n' fi run_optional "filesystem report" df -hT section "Network" if command -v ip >/dev/null 2>&1; then run_optional "network interface report" ip -brief address run_optional "route report" ip route else printf 'WARNING: ip is unavailable\n' fi section "Firmware and Secure Boot" if [[ -d /sys/firmware/efi ]]; then printf 'OK: boot mode is UEFI\n' else printf 'INFO: boot mode appears to be legacy BIOS\n' fi if command -v mokutil >/dev/null 2>&1; then run_optional "Secure Boot report" mokutil --sb-state else printf 'INFO: mokutil is unavailable; Secure Boot state not queried\n' fi section "IOMMU" if [[ -r /proc/cmdline ]]; then printf 'Kernel command line:\n' cat /proc/cmdline if grep -Eq '(^|[[:space:]])(intel_iommu=on|amd_iommu=on|iommu=)' /proc/cmdline; then printf 'OK: IOMMU-related kernel arguments detected\n' else printf 'INFO: no explicit IOMMU kernel argument detected\n' fi fi if command -v dmesg >/dev/null 2>&1; then dmesg 2>/dev/null | grep -Ei 'DMAR|IOMMU|AMD-Vi' | tail -n 30 || \ printf 'INFO: no readable IOMMU hints found in dmesg\n' fi section "NVIDIA hardware" if command -v lspci >/dev/null 2>&1; then lspci -nn | grep -i nvidia || printf 'INFO: no NVIDIA PCI devices detected\n' else printf 'INFO: lspci is unavailable\n' fi section "Existing platform components" for command_name in docker virsh cockpit-bridge; do if command -v "$command_name" >/dev/null 2>&1; then printf 'OK: %s is installed at %s\n' "$command_name" "$(command -v "$command_name")" else printf 'INFO: %s is not installed\n' "$command_name" fi done if command -v systemctl >/dev/null 2>&1; then for unit in docker.service libvirtd.service cockpit.socket; do if systemctl cat "$unit" >/dev/null 2>&1; then state="$(systemctl is-active "$unit" 2>/dev/null || true)" printf 'INFO: %-20s state=%s\n' "$unit" "${state:-unknown}" else printf 'INFO: %s is not installed\n' "$unit" fi done fi printf '\nOK: preflight completed without modifying the host\n'