[RFC PATCH 0/5] Convert bringup_guestfs to a single Ansible role

[RFC PATCH 0/5] Convert bringup_guestfs to a single Ansible role

[cel]

From: Chuck Lever <chuck.lever@oracle.com>

I dusted these off and rebased them on the current kdevops HEAD to
demonstrate some of my thinking about how libvirt/guestfs bring-up
might be expressed entirely using Ansible (ie with a minimal use
of shell scripts).

These are still rough, and a role to deal with constructing base
images is missing for now.

Chuck Lever (5):
  guestfs: Replace scripts/destroy_guestfs.sh with an Ansible playbook
  Move the guestfs install-deps to the guestfs playbook
  guestfs: Move console-related steps to guestfs role
  guestfs: Move check-config, network, and storage-pool tags
  guestfs: Convert part of scripts/bringup_guestfs.sh to Ansible

 .gitignore                                    |   1 +
 playbooks/guestfs.yml                         |   7 +
 playbooks/roles/guestfs/defaults/main.yml     |   5 +
 playbooks/roles/guestfs/tasks/bringup.yml     | 157 ++++++++++++++++++
 .../roles/guestfs/tasks/config-check.yml      |  34 ++++
 .../guestfs/tasks/console-permissions.yml     |  31 ++++
 playbooks/roles/guestfs/tasks/destroy.yml     |  32 ++++
 playbooks/roles/guestfs/tasks/extra_disks.yml |  16 ++
 .../tasks/install-deps/debian/main.yml        |  10 ++
 .../roles/guestfs/tasks/install-deps/main.yml |  21 +++
 .../tasks/install-deps/redhat/main.yml        |  12 ++
 .../guestfs/tasks/install-deps/suse/main.yml  |   9 +
 playbooks/roles/guestfs/tasks/largeio.yml     |  11 ++
 playbooks/roles/guestfs/tasks/main.yml        |  44 +++++
 playbooks/roles/guestfs/tasks/network.yml     |  83 +++++++++
 .../roles/guestfs/tasks/storage-pool-path.yml |  77 +++++++++
 scripts/bringup_guestfs.sh                    |  76 +--------
 scripts/destroy_guestfs.sh                    |  36 ----
 scripts/guestfs.Makefile                      |  23 ++-
 19 files changed, 566 insertions(+), 119 deletions(-)
 create mode 100644 playbooks/guestfs.yml
 create mode 100644 playbooks/roles/guestfs/defaults/main.yml
 create mode 100644 playbooks/roles/guestfs/tasks/bringup.yml
 create mode 100644 playbooks/roles/guestfs/tasks/config-check.yml
 create mode 100644 playbooks/roles/guestfs/tasks/console-permissions.yml
 create mode 100644 playbooks/roles/guestfs/tasks/destroy.yml
 create mode 100644 playbooks/roles/guestfs/tasks/extra_disks.yml
 create mode 100644 playbooks/roles/guestfs/tasks/install-deps/debian/main.yml
 create mode 100644 playbooks/roles/guestfs/tasks/install-deps/main.yml
 create mode 100644 playbooks/roles/guestfs/tasks/install-deps/redhat/main.yml
 create mode 100644 playbooks/roles/guestfs/tasks/install-deps/suse/main.yml
 create mode 100644 playbooks/roles/guestfs/tasks/largeio.yml
 create mode 100644 playbooks/roles/guestfs/tasks/main.yml
 create mode 100644 playbooks/roles/guestfs/tasks/network.yml
 create mode 100644 playbooks/roles/guestfs/tasks/storage-pool-path.yml
 delete mode 100755 scripts/destroy_guestfs.sh

-- 
2.49.0

[RFC PATCH 1/5] guestfs: Replace scripts/destroy_guestfs.sh with an Ansible playbook

[cel]

From: Chuck Lever <chuck.lever@oracle.com>

Start to make use of the Ansible libvirt module to handle libvirt
guest configuration, and replace the open-coded loop over the
content of guestfs/kdevops_nodes.yml.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 .gitignore                                |  1 +
 playbooks/guestfs.yml                     |  7 +++++
 playbooks/roles/guestfs/tasks/destroy.yml | 32 ++++++++++++++++++++
 playbooks/roles/guestfs/tasks/main.yml    |  6 ++++
 scripts/destroy_guestfs.sh                | 36 -----------------------
 scripts/guestfs.Makefile                  |  6 ++--
 6 files changed, 50 insertions(+), 38 deletions(-)
 create mode 100644 playbooks/guestfs.yml
 create mode 100644 playbooks/roles/guestfs/tasks/destroy.yml
 create mode 100644 playbooks/roles/guestfs/tasks/main.yml
 delete mode 100755 scripts/destroy_guestfs.sh

diff --git a/.gitignore b/.gitignore
index f51213a59ad9..0e3998485a36 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,6 +6,7 @@
 .provisioned_once*
 
 guestfs/
+!playbooks/roles/guestfs/
 
 linux/
 !workflows/linux/
diff --git a/playbooks/guestfs.yml b/playbooks/guestfs.yml
new file mode 100644
index 000000000000..8bb496e0f05a
--- /dev/null
+++ b/playbooks/guestfs.yml
@@ -0,0 +1,7 @@
+---
+- name: Provision target nodes with libvirt/guestfs
+  gather_facts: false
+  connection: local
+  hosts: all
+  roles:
+    - role: guestfs
diff --git a/playbooks/roles/guestfs/tasks/destroy.yml b/playbooks/roles/guestfs/tasks/destroy.yml
new file mode 100644
index 000000000000..e26aacde4cff
--- /dev/null
+++ b/playbooks/roles/guestfs/tasks/destroy.yml
@@ -0,0 +1,32 @@
+---
+- name: Destroy each target node
+  community.libvirt.virt:
+    name: "{{ inventory_hostname }}"
+    command: "destroy"
+    uri: "{{ libvirt_uri }}"
+  failed_when: false # Do not fail if the target node is not currently running
+
+- name: Undefine each target node
+  community.libvirt.virt:
+    name: "{{ inventory_hostname }}"
+    command: "undefine"
+    uri: "{{ libvirt_uri }}"
+    force: true
+  failed_when: false # Do not fail if the target node is not currently defined
+
+- name: Remove per-node configuration files
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - "{{ guestfs_path }}/{{ inventory_hostname }}"
+    - "{{ kdevops_storage_pool_path }}/guestfs/{{ inventory_hostname }}"
+
+- name: Remove global configuration files
+  run_once: true
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - "{{ kdevops_ssh_config }}"
+    - "{{ topdir_path }}/{{ kdevops_nodes }}"
diff --git a/playbooks/roles/guestfs/tasks/main.yml b/playbooks/roles/guestfs/tasks/main.yml
new file mode 100644
index 000000000000..60d4ffd40a20
--- /dev/null
+++ b/playbooks/roles/guestfs/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+- name: Shut down and destroy each target node
+  tags:
+    - destroy
+  ansible.builtin.import_tasks:
+    file: "{{ role_path }}/tasks/destroy.yml"
diff --git a/scripts/destroy_guestfs.sh b/scripts/destroy_guestfs.sh
deleted file mode 100755
index dfbb4f15f4ca..000000000000
--- a/scripts/destroy_guestfs.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/bash
-# SPDX-License-Identifier: copyleft-next-0.3.1
-
-[ -z "${TOPDIR}" ] && TOPDIR='.'
-source ${TOPDIR}/.config
-source ${TOPDIR}/scripts/lib.sh
-
-export LIBVIRT_DEFAULT_URI=$CONFIG_LIBVIRT_URI
-
-STORAGEDIR="${CONFIG_LIBVIRT_STORAGE_POOL_PATH}/${CONFIG_KDEVOPS_STORAGE_POOL_USER}/guestfs"
-GUESTFSDIR="${TOPDIR}/guestfs"
-
-if [ -f "$GUESTFSDIR/kdevops_nodes.yaml" ]; then
-	# FIXME: is there a yaml equivalent to jq ?
-	grep -e '^  - name: ' "${GUESTFSDIR}/kdevops_nodes.yaml"  | sed 's/^  - name: //' | while read name
-	do
-		domstate=$(virsh domstate $name 2>/dev/null)
-		if [ $? -eq 0 ]; then
-			if [ "$domstate" = 'running' ]; then
-				virsh destroy $name
-			fi
-			virsh undefine --nvram $name
-		fi
-		rm -rf "$GUESTFSDIR/$name"
-		rm -rf "$STORAGEDIR/$name"
-		ssh-keygen -q -f ~/.ssh/known_hosts -R $name 1> /dev/null 2>&1
-	done
-fi
-
-if [[ "$CONFIG_TOPDIR_PATH_HAS_SHA256SUM" == "y" ]]; then
-	rm -f ~/.ssh/config_kdevops_$CONFIG_TOPDIR_PATH_SHA256SUM
-else
-	rm -f ~/.ssh/config_kdevops_$CONFIG_KDEVOPS_HOSTS_PREFIX
-fi
-rm -f $GUESTFSDIR/.provisioned_once
-rm -f $GUESTFSDIR/kdevops_nodes.yaml
diff --git a/scripts/guestfs.Makefile b/scripts/guestfs.Makefile
index 8d4aac3e3669..5d355ec70f8c 100644
--- a/scripts/guestfs.Makefile
+++ b/scripts/guestfs.Makefile
@@ -93,9 +93,11 @@ status_guestfs:
 PHONY += status_guestfs
 
 destroy_guestfs:
-	$(Q)$(TOPDIR)/scripts/destroy_guestfs.sh
+	$(Q)ansible-playbook $(ANSIBLE_VERBOSE) \
+		-i hosts playbooks/guestfs.yml \
+		--extra-vars=@./extra_vars.yaml \
+		--tags destroy
 	$(Q)rm -f $(KDEVOPS_PROVISIONED_SSH) $(KDEVOPS_PROVISIONED_DEVCONFIG)
-
 PHONY += destroy_guestfs
 
 cleancache:
-- 
2.49.0

Re: [RFC PATCH 1/5] guestfs: Replace scripts/destroy_guestfs.sh with an Ansible playbook

[Luis Chamberlain]

On Thu, May 22, 2025 at 09:31:33AM -0400, cel@kernel.org wrote:
> From: Chuck Lever <chuck.lever@oracle.com>
> 
> Start to make use of the Ansible libvirt module to handle libvirt
> guest configuration, and replace the open-coded loop over the
> content of guestfs/kdevops_nodes.yml.
> 
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> +- name: Remove per-node configuration files
> +  ansible.builtin.file:
> +    path: "{{ item }}"
> +    state: absent
> +  loop:
> +    - "{{ guestfs_path }}/{{ inventory_hostname }}"
> +    - "{{ kdevops_storage_pool_path }}/guestfs/{{ inventory_hostname }}"

Does this remove a directory? If so then:

Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>

  Luis

Re: [RFC PATCH 1/5] guestfs: Replace scripts/destroy_guestfs.sh with an Ansible playbook

[Chuck Lever]

On 5/22/25 1:02 PM, Luis Chamberlain wrote:
> On Thu, May 22, 2025 at 09:31:33AM -0400, cel@kernel.org wrote:
>> From: Chuck Lever <chuck.lever@oracle.com>
>>
>> Start to make use of the Ansible libvirt module to handle libvirt
>> guest configuration, and replace the open-coded loop over the
>> content of guestfs/kdevops_nodes.yml.
>>
>> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
>> +- name: Remove per-node configuration files
>> +  ansible.builtin.file:
>> +    path: "{{ item }}"
>> +    state: absent
>> +  loop:
>> +    - "{{ guestfs_path }}/{{ inventory_hostname }}"
>> +    - "{{ kdevops_storage_pool_path }}/guestfs/{{ inventory_hostname }}"
> 
> Does this remove a directory? If so then:
> 
> Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
> 
>   Luis

I think it does remove directories: guestfs/ is empty after these
steps complete.


-- 
Chuck Lever

[RFC PATCH 2/5] Move the guestfs install-deps to the guestfs playbook

[cel]

From: Chuck Lever <chuck.lever@oracle.com>

In addition to copying the install-deps scripts, switch to using
import_tasks, which has more dependable behavior and avoids the
need to add a "tags:" keyword on each step.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 .../tasks/install-deps/debian/main.yml        | 10 +++++++++
 .../roles/guestfs/tasks/install-deps/main.yml | 21 +++++++++++++++++++
 .../tasks/install-deps/redhat/main.yml        | 12 +++++++++++
 .../guestfs/tasks/install-deps/suse/main.yml  |  9 ++++++++
 playbooks/roles/guestfs/tasks/main.yml        |  6 ++++++
 scripts/guestfs.Makefile                      |  4 ++--
 6 files changed, 60 insertions(+), 2 deletions(-)
 create mode 100644 playbooks/roles/guestfs/tasks/install-deps/debian/main.yml
 create mode 100644 playbooks/roles/guestfs/tasks/install-deps/main.yml
 create mode 100644 playbooks/roles/guestfs/tasks/install-deps/redhat/main.yml
 create mode 100644 playbooks/roles/guestfs/tasks/install-deps/suse/main.yml

diff --git a/playbooks/roles/guestfs/tasks/install-deps/debian/main.yml b/playbooks/roles/guestfs/tasks/install-deps/debian/main.yml
new file mode 100644
index 000000000000..5935f752a493
--- /dev/null
+++ b/playbooks/roles/guestfs/tasks/install-deps/debian/main.yml
@@ -0,0 +1,10 @@
+---
+- name: Install guestfs dependencies for Debian
+  become: true
+  become_method: ansible.builtin.sudo
+  ansible.builtin.package:
+    update_cache: true
+    name:
+      - libguestfs-tools
+      - isc-dhcp-client
+    state: present
diff --git a/playbooks/roles/guestfs/tasks/install-deps/main.yml b/playbooks/roles/guestfs/tasks/install-deps/main.yml
new file mode 100644
index 000000000000..5cbc55dcb188
--- /dev/null
+++ b/playbooks/roles/guestfs/tasks/install-deps/main.yml
@@ -0,0 +1,21 @@
+---
+- name: Gathering facts
+  ansible.builtin.gather_facts:
+
+- name: Debian-specific setup
+  ansible.builtin.import_tasks:
+    file: debian/main.yml
+  when:
+    - ansible_os_family == "Debian"
+
+- name: SuSE-specific setup
+  ansible.builtin.import_tasks:
+    file: suse/main.yml
+  when:
+    - ansible_os_family == "Suse"
+
+- name: Red Hat-specific setup
+  ansible.builtin.import_tasks:
+    file: redhat/main.yml
+  when:
+    - ansible_os_family == "Redhat"
diff --git a/playbooks/roles/guestfs/tasks/install-deps/redhat/main.yml b/playbooks/roles/guestfs/tasks/install-deps/redhat/main.yml
new file mode 100644
index 000000000000..c28a16a07c7a
--- /dev/null
+++ b/playbooks/roles/guestfs/tasks/install-deps/redhat/main.yml
@@ -0,0 +1,12 @@
+---
+- name: Install guestfs dependencies for Red Hat Enterprise
+  become: true
+  become_method: ansible.builtin.sudo
+  ansible.builtin.package:
+    update_cache: true
+    name:
+      - libguestfs-tools
+      - dhcpcd
+    state: present
+  when:
+    - ansible_distribution != "Fedora"
diff --git a/playbooks/roles/guestfs/tasks/install-deps/suse/main.yml b/playbooks/roles/guestfs/tasks/install-deps/suse/main.yml
new file mode 100644
index 000000000000..c1bf24354612
--- /dev/null
+++ b/playbooks/roles/guestfs/tasks/install-deps/suse/main.yml
@@ -0,0 +1,9 @@
+---
+- name: Install guestfs dependencies for Suse
+  become: true
+  become_method: ansible.builtin.sudo
+  ansible.builtin.package:
+    name:
+      - libguestfs-tools
+      - dhcpcd
+    state: present
diff --git a/playbooks/roles/guestfs/tasks/main.yml b/playbooks/roles/guestfs/tasks/main.yml
index 60d4ffd40a20..ba38a67c4baf 100644
--- a/playbooks/roles/guestfs/tasks/main.yml
+++ b/playbooks/roles/guestfs/tasks/main.yml
@@ -1,4 +1,10 @@
 ---
+- name: Install guestfs dependencies on the Ansible controller
+  tags:
+    - install-deps
+  ansible.builtin.import_tasks:
+    file: "{{role_path }}/tasks/install-deps/main.yml"
+
 - name: Shut down and destroy each target node
   tags:
     - destroy
diff --git a/scripts/guestfs.Makefile b/scripts/guestfs.Makefile
index 5d355ec70f8c..4ad347544cf6 100644
--- a/scripts/guestfs.Makefile
+++ b/scripts/guestfs.Makefile
@@ -68,9 +68,9 @@ $(KDEVOPS_PROVISIONED_SSH):
 	$(Q)touch $(KDEVOPS_PROVISIONED_SSH)
 
 install_libguestfs:
-	$(Q)ansible-playbook $(ANSIBLE_VERBOSE) --connection=local \
+	$(Q)ansible-playbook $(ANSIBLE_VERBOSE) \
 		--inventory localhost, \
-		playbooks/bringup_guestfs.yml \
+		playbooks/guestfs.yml \
 		--extra-vars=@./extra_vars.yaml \
 		--tags install-deps
 
-- 
2.49.0

Re: [RFC PATCH 2/5] Move the guestfs install-deps to the guestfs playbook

[Luis Chamberlain]

On Thu, May 22, 2025 at 09:31:34AM -0400, cel@kernel.org wrote:
> From: Chuck Lever <chuck.lever@oracle.com>
> 
> In addition to copying the install-deps scripts, switch to using
> import_tasks, which has more dependable behavior and avoids the
> need to add a "tags:" keyword on each step.
> 
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> diff --git a/playbooks/roles/guestfs/tasks/install-deps/debian/main.yml b/playbooks/roles/guestfs/tasks/install-deps/debian/main.yml
> +  become: true
> +  become_method: ansible.builtin.sudo
> +  ansible.builtin.package:
> +    update_cache: true
> +    name:
> +      - libguestfs-tools
> +      - isc-dhcp-client
> +    state: present
> diff --git a/playbooks/roles/guestfs/tasks/install-deps/main.yml b/playbooks/roles/guestfs/tasks/install-deps/main.yml
> +++ b/playbooks/roles/guestfs/tasks/install-deps/redhat/main.yml
> +  become: true
> +  become_method: ansible.builtin.sudo
> +  ansible.builtin.package:
> +    update_cache: true
> +    name:
> +      - libguestfs-tools
> +      - dhcpcd
> +    state: present
> +  when:
> +    - ansible_distribution != "Fedora"
> diff --git a/playbooks/roles/guestfs/tasks/install-deps/suse/main.yml b/playbooks/roles/guestfs/tasks/install-deps/suse/main.yml
> new file mode 100644
> index 000000000000..c1bf24354612
> --- /dev/null
> +++ b/playbooks/roles/guestfs/tasks/install-deps/suse/main.yml
> +  become: true
> +  become_method: ansible.builtin.sudo
> +  ansible.builtin.package:
> +    name:
> +      - libguestfs-tools
> +      - dhcpcd
> +    state: present

If you use the pkg role then we'd just need to add a definition
overide for dhcpd for debian as isc-dhcp-client and we'd have one
shared install step here.

Otherwise:

Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>

  Luis

Re: [RFC PATCH 2/5] Move the guestfs install-deps to the guestfs playbook

[Chuck Lever]

On 5/22/25 1:07 PM, Luis Chamberlain wrote:
> On Thu, May 22, 2025 at 09:31:34AM -0400, cel@kernel.org wrote:
>> From: Chuck Lever <chuck.lever@oracle.com>
>>
>> In addition to copying the install-deps scripts, switch to using
>> import_tasks, which has more dependable behavior and avoids the
>> need to add a "tags:" keyword on each step.
>>
>> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
>> diff --git a/playbooks/roles/guestfs/tasks/install-deps/debian/main.yml b/playbooks/roles/guestfs/tasks/install-deps/debian/main.yml
>> +  become: true
>> +  become_method: ansible.builtin.sudo
>> +  ansible.builtin.package:
>> +    update_cache: true
>> +    name:
>> +      - libguestfs-tools
>> +      - isc-dhcp-client
>> +    state: present
>> diff --git a/playbooks/roles/guestfs/tasks/install-deps/main.yml b/playbooks/roles/guestfs/tasks/install-deps/main.yml
>> +++ b/playbooks/roles/guestfs/tasks/install-deps/redhat/main.yml
>> +  become: true
>> +  become_method: ansible.builtin.sudo
>> +  ansible.builtin.package:
>> +    update_cache: true
>> +    name:
>> +      - libguestfs-tools
>> +      - dhcpcd
>> +    state: present
>> +  when:
>> +    - ansible_distribution != "Fedora"
>> diff --git a/playbooks/roles/guestfs/tasks/install-deps/suse/main.yml b/playbooks/roles/guestfs/tasks/install-deps/suse/main.yml
>> new file mode 100644
>> index 000000000000..c1bf24354612
>> --- /dev/null
>> +++ b/playbooks/roles/guestfs/tasks/install-deps/suse/main.yml
>> +  become: true
>> +  become_method: ansible.builtin.sudo
>> +  ansible.builtin.package:
>> +    name:
>> +      - libguestfs-tools
>> +      - dhcpcd
>> +    state: present
> 
> If you use the pkg role then we'd just need to add a definition
> overide for dhcpd for debian as isc-dhcp-client and we'd have one
> shared install step here.

Almost true. Check redhat/main.yml -- there is a little extra logic
there.

Also, I've done that kind of de-duplication in the past, and half
the time I end up undo-ing it because more logic is needed at a
later point.

Thinking ahead (always dangerous).


> Otherwise:
> 
> Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
> 
>   Luis


-- 
Chuck Lever

Re: [RFC PATCH 2/5] Move the guestfs install-deps to the guestfs playbook

[Luis Chamberlain]

On Thu, May 22, 2025 at 01:13:33PM -0400, Chuck Lever wrote:
> Almost true. Check redhat/main.yml -- there is a little extra logic
> there.

Ahhh.

> Also, I've done that kind of de-duplication in the past, and half
> the time I end up undo-ing it because more logic is needed at a
> later point.

I see...

> Thinking ahead (always dangerous).

Good to know, ok so we'll need to live with this, and have to just
take this up in the future with the ansible community long term.

  Luis

[RFC PATCH 3/5] guestfs: Move console-related steps to guestfs role

[cel]

From: Chuck Lever <chuck.lever@oracle.com>

These steps are relocated because my plan is to remove the
bringup_guestfs role eventually.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 playbooks/roles/guestfs/defaults/main.yml     |  3 ++
 .../guestfs/tasks/console-permissions.yml     | 31 +++++++++++++++++++
 playbooks/roles/guestfs/tasks/main.yml        |  8 +++++
 scripts/guestfs.Makefile                      |  4 +--
 4 files changed, 44 insertions(+), 2 deletions(-)
 create mode 100644 playbooks/roles/guestfs/defaults/main.yml
 create mode 100644 playbooks/roles/guestfs/tasks/console-permissions.yml

diff --git a/playbooks/roles/guestfs/defaults/main.yml b/playbooks/roles/guestfs/defaults/main.yml
new file mode 100644
index 000000000000..0d1e2ef82ae9
--- /dev/null
+++ b/playbooks/roles/guestfs/defaults/main.yml
@@ -0,0 +1,3 @@
+# SPDX-License-Identifier GPL-2.0+
+---
+libvirt_uri_system: false
diff --git a/playbooks/roles/guestfs/tasks/console-permissions.yml b/playbooks/roles/guestfs/tasks/console-permissions.yml
new file mode 100644
index 000000000000..ad169a4eab31
--- /dev/null
+++ b/playbooks/roles/guestfs/tasks/console-permissions.yml
@@ -0,0 +1,31 @@
+---
+- name: Get the user who invoked Ansible
+  ansible.builtin.command:
+    cmd: whoami
+  register: reg_user
+  changed_when: false
+
+- name: Look for console.log files in guestfs subdirectories to check for CI enablement
+  become: true
+  become_flags: 'su - -c'
+  become_method: ansible.builtin.sudo
+  ansible.builtin.find:
+    paths: "{{ topdir_path }}/guestfs"
+    patterns: "console.log"
+    file_type: file
+    recurse: true
+  register: console_log_files
+
+- name: Ensure console.log files are owned by the main user for CI monitoring
+  become: true
+  become_flags: 'su - -c'
+  become_method: ansible.builtin.sudo
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    owner: "{{ reg_user.stdout }}"
+    group: "{{ reg_user.stdout }}"
+  loop: "{{ console_log_files.files }}"
+  loop_control:
+    label: "{{ item.path | regex_replace('^.*guestfs/', 'guestfs/') }}"
+  when:
+    - console_log_files.matched > 0
diff --git a/playbooks/roles/guestfs/tasks/main.yml b/playbooks/roles/guestfs/tasks/main.yml
index ba38a67c4baf..a469d48a082b 100644
--- a/playbooks/roles/guestfs/tasks/main.yml
+++ b/playbooks/roles/guestfs/tasks/main.yml
@@ -5,6 +5,14 @@
   ansible.builtin.import_tasks:
     file: "{{role_path }}/tasks/install-deps/main.yml"
 
+- name: Set up target node console permissions
+  tags:
+    - console-permissions
+  ansible.builtin.import_tasks:
+    file: "{{ role_path }}/tasks/console-permissions.yml"
+  when:
+    - libvirt_uri_system|bool
+
 - name: Shut down and destroy each target node
   tags:
     - destroy
diff --git a/scripts/guestfs.Makefile b/scripts/guestfs.Makefile
index 4ad347544cf6..30bef9d17e99 100644
--- a/scripts/guestfs.Makefile
+++ b/scripts/guestfs.Makefile
@@ -81,9 +81,9 @@ bringup_guestfs: $(GUESTFS_BRINGUP_DEPS)
 		--extra-vars=@./extra_vars.yaml \
 		--tags config-check,network,storage-pool-path
 	$(Q)$(TOPDIR)/scripts/bringup_guestfs.sh
-	$(Q)ansible-playbook $(ANSIBLE_VERBOSE) --connection=local \
+	$(Q)ansible-playbook $(ANSIBLE_VERBOSE) \
 		--inventory localhost, \
-		playbooks/bringup_guestfs.yml \
+		playbooks/guestfs.yml \
 		--extra-vars=@./extra_vars.yaml \
 		--tags console-permissions
 PHONY += bringup_guestfs
-- 
2.49.0

Re: [RFC PATCH 3/5] guestfs: Move console-related steps to guestfs role

[Luis Chamberlain]

On Thu, May 22, 2025 at 09:31:35AM -0400, cel@kernel.org wrote:
> From: Chuck Lever <chuck.lever@oracle.com>
> 
> These steps are relocated because my plan is to remove the
> bringup_guestfs role eventually.
> 
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

For 4 and 5:

But just one nit-pick: it says move, but its not deleting the code it
is moving.

Reviewed-by: Luis Chamberlain <mcgrof@kernel.orG>

 LUis

Re: [RFC PATCH 3/5] guestfs: Move console-related steps to guestfs role

[Chuck Lever]

On 5/22/25 1:09 PM, Luis Chamberlain wrote:
> On Thu, May 22, 2025 at 09:31:35AM -0400, cel@kernel.org wrote:
>> From: Chuck Lever <chuck.lever@oracle.com>
>>
>> These steps are relocated because my plan is to remove the
>> bringup_guestfs role eventually.
>>
>> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> 
> For 4 and 5:
> 
> But just one nit-pick: it says move, but its not deleting the code it
> is moving.
> 
> Reviewed-by: Luis Chamberlain <mcgrof@kernel.orG>
> 
>  LUis

I'm planning to include a patch at the end that removes the
bringup_guestfs role. But fair enough, I will change the verb
to "copy".


-- 
Chuck Lever

Re: [RFC PATCH 3/5] guestfs: Move console-related steps to guestfs role

[Luis Chamberlain]

On Thu, May 22, 2025 at 01:11:08PM -0400, Chuck Lever wrote:
> On 5/22/25 1:09 PM, Luis Chamberlain wrote:
> > On Thu, May 22, 2025 at 09:31:35AM -0400, cel@kernel.org wrote:
> >> From: Chuck Lever <chuck.lever@oracle.com>
> >>
> >> These steps are relocated because my plan is to remove the
> >> bringup_guestfs role eventually.
> >>
> >> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> > 
> > For 4 and 5:
> > 
> > But just one nit-pick: it says move, but its not deleting the code it
> > is moving.
> > 
> > Reviewed-by: Luis Chamberlain <mcgrof@kernel.orG>
> > 
> >  LUis
> 
> I'm planning to include a patch at the end that removes the
> bringup_guestfs role. But fair enough, I will change the verb
> to "copy".

Fine by me, nuke nuke nuke!

  Luis

[RFC PATCH 4/5] guestfs: Move check-config, network, and storage-pool tags

[cel]

From: Chuck Lever <chuck.lever@oracle.com>

These steps are relocated because my plan is to remove the
bringup_guestfs role eventually.

I'm not sure the config-check steps are absolutely necessary, but
are retained for now.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 playbooks/roles/guestfs/defaults/main.yml     |  1 +
 .../roles/guestfs/tasks/config-check.yml      | 34 ++++++++
 playbooks/roles/guestfs/tasks/main.yml        | 18 ++++
 playbooks/roles/guestfs/tasks/network.yml     | 83 +++++++++++++++++++
 .../roles/guestfs/tasks/storage-pool-path.yml | 77 +++++++++++++++++
 scripts/guestfs.Makefile                      |  4 +-
 6 files changed, 215 insertions(+), 2 deletions(-)
 create mode 100644 playbooks/roles/guestfs/tasks/config-check.yml
 create mode 100644 playbooks/roles/guestfs/tasks/network.yml
 create mode 100644 playbooks/roles/guestfs/tasks/storage-pool-path.yml

diff --git a/playbooks/roles/guestfs/defaults/main.yml b/playbooks/roles/guestfs/defaults/main.yml
index 0d1e2ef82ae9..dc955d915d70 100644
--- a/playbooks/roles/guestfs/defaults/main.yml
+++ b/playbooks/roles/guestfs/defaults/main.yml
@@ -1,3 +1,4 @@
 # SPDX-License-Identifier GPL-2.0+
 ---
 libvirt_uri_system: false
+distro_debian_based: false
diff --git a/playbooks/roles/guestfs/tasks/config-check.yml b/playbooks/roles/guestfs/tasks/config-check.yml
new file mode 100644
index 000000000000..e8cbb9b623a7
--- /dev/null
+++ b/playbooks/roles/guestfs/tasks/config-check.yml
@@ -0,0 +1,34 @@
+---
+- name: Verify kdevops .config exists
+  ansible.builtin.stat:
+    path: "{{ topdir_path }}/.config"
+  register: config_file
+
+- name: Fail if kdevops .config is not present
+  ansible.builtin.fail:
+    msg: "kdevops is not confgured. You must run 'make menuconfig'"
+  when: not config_file.stat.exists or not config_file.stat.isreg
+
+- name: Check if guestfs directory exists
+  ansible.builtin.stat:
+    path: "{{ topdir_path }}/guestfs"
+  register: guestfs_dir_stat
+
+- name: Fail if guestfs directory does not exist
+  ansible.builtin.fail:
+    msg: "The guestfs directory does not exist. You must run make first."
+  when: not guestfs_dir_stat.stat.exists
+
+- name: Check for directories in guestfs/
+  ansible.builtin.find:
+    paths: "{{ topdir_path }}/guestfs"
+    file_type: directory
+    recurse: false
+    depth: 1
+  register: guestfs_subdirectories
+  when: guestfs_dir_stat.stat.exists
+
+- name: Fail if no directories found in guestfs/
+  ansible.builtin.fail:
+    msg: "No directories found in guestfs. You must run make first."
+  when: guestfs_subdirectories.matched == 0
diff --git a/playbooks/roles/guestfs/tasks/main.yml b/playbooks/roles/guestfs/tasks/main.yml
index a469d48a082b..bda91de79983 100644
--- a/playbooks/roles/guestfs/tasks/main.yml
+++ b/playbooks/roles/guestfs/tasks/main.yml
@@ -5,6 +5,24 @@
   ansible.builtin.import_tasks:
     file: "{{role_path }}/tasks/install-deps/main.yml"
 
+- name: Check basic guestfs configuration
+  tags:
+    - config-check
+  ansible.builtin.import_tasks:
+    file: "{{role_path }}/tasks/config-check.yml"
+
+- name: Configure libvirt storage pool
+  tags:
+    - storage-pool-path
+  ansible.builtin.import_tasks:
+    file: "{{role_path }}/tasks/storage-pool-path.yml"
+
+- name: Configure libvirt networking
+  tags:
+    - network
+  ansible.builtin.import_tasks:
+    file: "{{role_path }}/tasks/network.yml"
+
 - name: Set up target node console permissions
   tags:
     - console-permissions
diff --git a/playbooks/roles/guestfs/tasks/network.yml b/playbooks/roles/guestfs/tasks/network.yml
new file mode 100644
index 000000000000..8e7c9f1df7f3
--- /dev/null
+++ b/playbooks/roles/guestfs/tasks/network.yml
@@ -0,0 +1,83 @@
+---
+- name: Check for dnsmasq configuration files
+  ansible.builtin.stat:
+    path: "{{ item }}"
+  loop:
+    - /etc/dnsmasq.conf
+    - /etc/dnsmasq.d
+  register: dnsmasq_config_files
+  when:
+    - distro_debian_based|bool
+
+- name: Fail if dnsmasq configuration files exist
+  ansible.builtin.fail:
+    msg: |
+      dnsmasq configuration files or directories still exist.
+      Please remove the following to fully uninstall
+      dnsmasq:\n{{ dnsmasq_config_files | join('\n') }}
+  when:
+    - distro_debian_based|bool
+    - dnsmasq_config_files.results | selectattr('stat.exists') | list | length > 0
+
+- name: Check if dnsmasq service is enabled
+  # noqa: command-instead-of-module
+  become: true
+  become_flags: 'su - -c'
+  become_method: ansible.builtin.sudo
+  ansible.builtin.command:
+    cmd: "systemctl is-enabled dnsmasq"
+  register: dnsmasq_enabled
+  failed_when: false
+  changed_when: false
+  when:
+    - distro_debian_based|bool
+    - dnsmasq_config_files | length > 0
+
+- name: Check if dnsmasq service is active
+  # noqa: command-instead-of-module
+  become: true
+  become_flags: 'su - -c'
+  become_method: ansible.builtin.sudo
+  ansible.builtin.command:
+    cmd: "systemctl is-active dnsmasq"
+  register: dnsmasq_active
+  failed_when: false
+  changed_when: false
+  when:
+    - distro_debian_based|bool
+    - dnsmasq_config_files | length > 0
+
+- name: Fail if dnsmasq service is enabled or active
+  ansible.builtin.fail:
+    msg: |
+      dnsmasq service is
+      {{ 'enabled' if dnsmasq_enabled.rc == 0 else 'active' if dnsmasq_active.rc == 0 else 'present' }}.
+      Please ensure dnsmasq is fully uninstalled and disabled.
+      Run 'sudo systemctl disable dnsmasq' and 'sudo systemctl
+      stop dnsmasq' to disable and stop the service.
+  when:
+    - distro_debian_based|bool
+    - dnsmasq_config_files | length > 0
+    - (dnsmasq_enabled.rc == 0) or (dnsmasq_active.rc == 0)
+
+- name: Check if libvirt default network is running
+  become: true
+  become_flags: 'su - -c'
+  become_method: ansible.builtin.sudo
+  ansible.builtin.shell: virsh net-list | grep -q default
+  register: libvirt_default_net
+  ignore_errors: true
+  changed_when: false
+  when:
+    - libvirt_uri_system|bool
+
+- name: Start the libvirt default network
+  become: true
+  become_flags: 'su - -c'
+  become_method: ansible.builtin.sudo
+  ansible.builtin.command:
+    cmd: "virsh net-start default"
+  changed_when: true
+  when:
+    - libvirt_uri_system|bool
+    - libvirt_default_net.rc != 0
diff --git a/playbooks/roles/guestfs/tasks/storage-pool-path.yml b/playbooks/roles/guestfs/tasks/storage-pool-path.yml
new file mode 100644
index 000000000000..78781f0489c1
--- /dev/null
+++ b/playbooks/roles/guestfs/tasks/storage-pool-path.yml
@@ -0,0 +1,77 @@
+---
+- name: Create storage pool path directory (libvirt session uri)
+  ansible.builtin.file:
+    path: "{{ libvirt_storage_pool_path }}"
+    state: directory
+#   mode: "u=rwx,g=rwx,o=rx"
+  when:
+    - not libvirt_uri_system|bool
+
+- name: Create storage pool path directory and set group (libvirt system uri)
+  become: true
+  become_flags: 'su - -c'
+  become_method: ansible.builtin.sudo
+  ansible.builtin.file:
+    path: "{{ libvirt_storage_pool_path }}"
+    state: directory
+    owner: root
+    group: "{{ libvirt_qemu_group }}"
+    mode: "u=rwx,g=rwx,o=rx"
+  when:
+    - libvirt_uri_system|bool
+
+- name: Create kdevops guestfs storage directory (libvirt session uri)
+  ansible.builtin.file:
+    path: "{{ guestfs_base_image_dir }}"
+    state: directory
+    mode: "u=rwx,g=rx,o=rx"
+  when:
+    - not libvirt_uri_system|bool
+
+- name: Create kdevops guestfs storage directory (libvirt system uri)
+  become: true
+  become_flags: 'su - -c'
+  become_method: ansible.builtin.sudo
+  ansible.builtin.file:
+    path: "{{ guestfs_base_image_dir }}"
+    state: directory
+    mode: "u=rwx,g=rwx,o=rx"
+    group: "{{ libvirt_qemu_group }}"
+  when:
+    - libvirt_uri_system|bool
+
+- name: Check if directory is owned by the correct group (libvirt system uri)
+  become: true
+  become_flags: 'su - -c'
+  become_method: ansible.builtin.sudo
+  ansible.builtin.command:
+    cmd: stat -c '%G' "{{ libvirt_storage_pool_path }}"
+  register: dir_group
+  changed_when: false
+  when:
+    - libvirt_uri_system|bool
+
+- name: Check if directory has group write permissions (libvirt system uri)
+  become: true
+  become_flags: 'su - -c'
+  become_method: ansible.builtin.sudo
+  ansible.builtin.command:
+    cmd: stat -c '%A' "{{ libvirt_storage_pool_path }}"
+  register: dir_perms
+  changed_when: false
+  when:
+    - libvirt_uri_system|bool
+
+- name: Verify storage pool path directory is group-writable (libvirt system uri)
+  become: true
+  become_flags: 'su - -c'
+  become_method: ansible.builtin.sudo
+  ansible.builtin.fail:
+    msg: |
+      The permissions for {{ libvirt_storage_pool_path }} should be group
+      writeable by the group used by libvirt: {{ libvirt_qemu_group }}
+      Current group: {{ dir_group.stdout }}
+      Current permissions: {{ dir_perms.stdout }}
+  when:
+    - libvirt_uri_system|bool
+    - (dir_group.stdout != libvirt_qemu_group) or (dir_perms.stdout[5] != 'w')
diff --git a/scripts/guestfs.Makefile b/scripts/guestfs.Makefile
index 30bef9d17e99..290315ee9c9e 100644
--- a/scripts/guestfs.Makefile
+++ b/scripts/guestfs.Makefile
@@ -75,9 +75,9 @@ install_libguestfs:
 		--tags install-deps
 
 bringup_guestfs: $(GUESTFS_BRINGUP_DEPS)
-	$(Q)ansible-playbook $(ANSIBLE_VERBOSE) --connection=local \
+	$(Q)ansible-playbook $(ANSIBLE_VERBOSE) \
 		--inventory localhost, \
-		playbooks/bringup_guestfs.yml \
+		playbooks/guestfs.yml \
 		--extra-vars=@./extra_vars.yaml \
 		--tags config-check,network,storage-pool-path
 	$(Q)$(TOPDIR)/scripts/bringup_guestfs.sh
-- 
2.49.0

[RFC PATCH 5/5] guestfs: Convert part of scripts/bringup_guestfs.sh to Ansible

[cel]

From: Chuck Lever <chuck.lever@oracle.com>

The part of bringup_guestfs.sh that provisions and starts up target
nodes is converted to Ansible. This parallelizes node bringup.
The new Ansible code takes a stab at being more idempotent than the
script was, as well.

The part of bringup_guestfs.sh that creates missing base images is
left in place for the moment.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 playbooks/roles/guestfs/defaults/main.yml     |   1 +
 playbooks/roles/guestfs/tasks/bringup.yml     | 157 ++++++++++++++++++
 playbooks/roles/guestfs/tasks/extra_disks.yml |  16 ++
 playbooks/roles/guestfs/tasks/largeio.yml     |  11 ++
 playbooks/roles/guestfs/tasks/main.yml        |   6 +
 scripts/bringup_guestfs.sh                    |  76 +--------
 scripts/guestfs.Makefile                      |   5 +
 7 files changed, 197 insertions(+), 75 deletions(-)
 create mode 100644 playbooks/roles/guestfs/tasks/bringup.yml
 create mode 100644 playbooks/roles/guestfs/tasks/extra_disks.yml
 create mode 100644 playbooks/roles/guestfs/tasks/largeio.yml

diff --git a/playbooks/roles/guestfs/defaults/main.yml b/playbooks/roles/guestfs/defaults/main.yml
index dc955d915d70..448ff1f0c6c5 100644
--- a/playbooks/roles/guestfs/defaults/main.yml
+++ b/playbooks/roles/guestfs/defaults/main.yml
@@ -2,3 +2,4 @@
 ---
 libvirt_uri_system: false
 distro_debian_based: false
+libvirt_enable_largeio: false
diff --git a/playbooks/roles/guestfs/tasks/bringup.yml b/playbooks/roles/guestfs/tasks/bringup.yml
new file mode 100644
index 000000000000..b871e2c82ffa
--- /dev/null
+++ b/playbooks/roles/guestfs/tasks/bringup.yml
@@ -0,0 +1,157 @@
+---
+- name: Check if target nodes are already defined
+  ansible.builtin.command:
+    cmd: "virsh domstate {{ inventory_hostname }}"
+  register: domstate_output
+  changed_when: false
+  failed_when: false
+
+- name: Ensure the target node is up
+  community.libvirt.virt:
+    name: "{{ inventory_hostname }}"
+    uri: "{{ libvirt_uri }}"
+    state: running
+  when:
+    - domstate_output.rc == 0
+
+- name: The target node is already defined
+  ansible.builtin.meta: end_host
+  when:
+    - domstate_output.rc == 0
+
+- name: Set the pathname of the ssh directory for the target node
+  ansible.builtin.set_fact:
+    ssh_key_dir: "{{ guestfs_path }}/{{ inventory_hostname }}/ssh"
+
+- name: Set the pathname of the ssh key for the target node
+  ansible.builtin.set_fact:
+    ssh_key: "{{ ssh_key_dir }}/id_ed25519"
+
+- name: Generate ssh keys for the target node
+  block:
+    - name: Create the ssh key directory on the control host
+      ansible.builtin.file:
+        path: "{{ ssh_key_dir }}"
+        state: directory
+        mode: "u=rwx"
+
+#   - name: Destroy old keys for the target node
+#     ansible.builtin.file:
+#       path: "{{ item }}"
+#       state: absent
+#     loop:
+#       - "{{ ssh_key }}"
+#       - "{{ ssh_key }}.pub"
+
+    - name: Generate fresh keys for the target node
+      ansible.builtin.command:
+        cmd: 'ssh-keygen -q -t ed25519 -f {{ ssh_key }} -N ""'
+
+- name: Set the pathname of storage pool directory
+  ansible.builtin.set_fact:
+    storagedir: "{{ kdevops_storage_pool_path }}/guestfs"
+
+- name: Set the pathname of root image for the target node
+  ansible.builtin.set_fact:
+    rootimg: "{{ storagedir }}/{{ inventory_hostname }}/root.raw"
+
+- name: Set the pathname of the OS base image
+  ansible.builtin.set_fact:
+    base_image: "{{ storagedir }}/base_images/{{ virtbuilder_os_version }}.raw"
+
+- name: Create the storage pool directory for the target node
+  ansible.builtin.file:
+    path: "{{ storagedir }}/{{ inventory_hostname }}"
+    state: directory
+
+- name: Copy the base image
+  ansible.builtin.command:
+    cmd: "cp --reflink=auto {{ base_image }} {{ rootimg }}"
+
+- name: Get the timezone of the control host
+  ansible.builtin.command:
+    cmd: "timedatectl show -p Timezone --value"
+  register: host_timezone
+
+- name: Prep the boot image for the target node (as root)
+  become: true
+  become_method: ansible.builtin.sudo
+  ansible.builtin.command:
+    argv:
+      - "virt-sysprep"
+      - "-a"
+      - "{{ rootimg }}"
+      - "--hostname"
+      - "{{ inventory_hostname }}"
+      - "--ssh-inject"
+      - "kdevops:file:{{ ssh_key }}.pub"
+      - "--timezone"
+      - "{{ host_timezone.stdout }}"
+  when:
+    - libvirt_uri_system|bool
+
+- name: Prep the boot image for the target node (non-root)
+  ansible.builtin.command:
+    argv:
+      - "virt-sysprep"
+      - "-a"
+      - "{{ rootimg }}"
+      - "--hostname"
+      - "{{ inventory_hostname }}"
+      - "--ssh-inject"
+      - "kdevops:file:{{ ssh_key }}.pub"
+      - "--timezone"
+      - "{{ host_timezone.stdout }}"
+  when:
+    - not libvirt_uri_system|bool
+
+- name: Build largeio devices
+  ansible.builtin.include_tasks:
+    file: "{{ role_path }}/tasks/largeio.yml"
+  when:
+    - libvirt_enable_largeio|bool
+
+- name: Create extra disks
+  vars:
+    path: "{{ storagedir }}/{{ inventory_hostname }}/extra{{ item }}.{{ libvirt_extra_drive_format }}"
+  ansible.builtin.include_tasks:
+    file: "{{ role_path }}/tasks/extra_disks.yml"
+  loop: "{{ range(0, 4) | list }}"
+  when:
+    - not libvirt_enable_largeio|bool
+
+- name: Define the target nodes
+  vars:
+    xml_file: "{{ guestfs_path }}/{{ inventory_hostname }}/{{ inventory_hostname }}.xml"
+  community.libvirt.virt:
+    command: define
+    name: "{{ inventory_hostname }}"
+    xml: "{{ lookup('file', xml_file) }}"
+    uri: "{{ libvirt_uri }}"
+
+- name: Find PCIe passthrough devices
+  ansible.builtin.find:
+    paths: "{{ guestfs_path }}/{{ inventory_hostname }}"
+    file_type: file
+    patterns: "pcie_passthrough_*.xml"
+  register: passthrough_devices
+
+- name: Attach PCIe passthrough devices
+  ansible.builtin.command:
+    argv:
+      - "virsh"
+      - "attach-device"
+      - "{{ inventory_hostname }}"
+      - "{{ item }}"
+      - "--config"
+  loop: "{{ passthrough_devices.files }}"
+  loop_control:
+    label: "Doing PCI-E passthrough for device {{ item }}"
+  when:
+    - passthrough_devices.matched > 0
+
+- name: Boot the target nodes
+  community.libvirt.virt:
+    name: "{{ inventory_hostname }}"
+    uri: "{{ libvirt_uri }}"
+    state: running
diff --git a/playbooks/roles/guestfs/tasks/extra_disks.yml b/playbooks/roles/guestfs/tasks/extra_disks.yml
new file mode 100644
index 000000000000..c8a9bd63885f
--- /dev/null
+++ b/playbooks/roles/guestfs/tasks/extra_disks.yml
@@ -0,0 +1,16 @@
+---
+- name: Create the new drive image
+  ansible.builtin.command:
+    argv:
+      - "qemu-img"
+      - "create"
+      - "-f"
+      - "{{ libvirt_extra_drive_format }}"
+      - "{{ path }}"
+      - "100G"
+
+- name: Adjust the permission settings of the drive image file
+  ansible.builtin.file:
+    path: "{{ path }}"
+    group: "{{ libvirt_qemu_group }}"
+    mode: "g+rw,o-rw"
diff --git a/playbooks/roles/guestfs/tasks/largeio.yml b/playbooks/roles/guestfs/tasks/largeio.yml
new file mode 100644
index 000000000000..4246677d18d8
--- /dev/null
+++ b/playbooks/roles/guestfs/tasks/largeio.yml
@@ -0,0 +1,11 @@
+---
+- name: Compute the total number of devices to build
+  ansible.builtin.set_fact:
+    total_devices: "{{ libvirt_largeio_pow_limit * libvirt_largeio_drives_per_space }}"
+
+- name: Create largeio block devices
+  ansible.builtin.include_tasks:
+    file: "{{ role_path }}/tasks/extra_disks.yml"
+  vars:
+    path: "{{ storagedir }}/{{ inventory_hostname }}/extra{{ item }}.{{ libvirt_extra_drive_format }}"
+  loop: "{{ range(0, total_devices) | list }}"
diff --git a/playbooks/roles/guestfs/tasks/main.yml b/playbooks/roles/guestfs/tasks/main.yml
index bda91de79983..e63484b0229d 100644
--- a/playbooks/roles/guestfs/tasks/main.yml
+++ b/playbooks/roles/guestfs/tasks/main.yml
@@ -23,6 +23,12 @@
   ansible.builtin.import_tasks:
     file: "{{role_path }}/tasks/network.yml"
 
+- name: Bring up each target node
+  tags:
+    - bringup
+  ansible.builtin.import_tasks:
+    file: "{{role_path }}/tasks/bringup.yml"
+
 - name: Set up target node console permissions
   tags:
     - console-permissions
diff --git a/scripts/bringup_guestfs.sh b/scripts/bringup_guestfs.sh
index 67f85a5fdb0a..be9ec3405037 100755
--- a/scripts/bringup_guestfs.sh
+++ b/scripts/bringup_guestfs.sh
@@ -322,78 +322,4 @@ if [ ! -f $BASE_IMAGE ]; then
 	fi
 fi
 
-# FIXME: is there a yaml equivalent of jq?
-grep -e '^  - name: ' ${TOPDIR}/guestfs/kdevops_nodes.yaml | sed 's/^  - name: //' | while read name
-do
-	#
-	# If the guest is already defined, then just stop what we're doing
-	# and plead to the developer to clean things up.
-	#
-	if virsh list --all | grep --quiet --word-regexp "$name"; then
-		output_domstate=$(virsh domstate $name 2>/dev/null)
-		echo "Domain $name is already defined. (state: $output_domstate)"
-		if [ "$output_domstate" != "running" ]; then
-			virsh start $name
-		fi
-		exit 0
-	fi
-
-	SSH_KEY_DIR="${GUESTFSDIR}/$name/ssh"
-	SSH_KEY="${SSH_KEY_DIR}/id_ed25519"
-
-	# Generate a new ssh key
-	mkdir -p "$SSH_KEY_DIR"
-	chmod 0700 "$SSH_KEY_DIR"
-	rm -f $SSH_KEY $SSH_KEY.pub
-	ssh-keygen -q -t ed25519 -f $SSH_KEY -N ""
-
-	mkdir -p "$STORAGEDIR/$name"
-
-	# Copy the base image and prep it
-	ROOTIMG="$STORAGEDIR/$name/root.raw"
-	cp --reflink=auto $BASE_IMAGE $ROOTIMG
-	TZ="$(timedatectl show -p Timezone --value)"
-	$USE_SUDO virt-sysprep -a $ROOTIMG --hostname $name --ssh-inject "kdevops:file:$SSH_KEY.pub" --timezone $TZ
-
-	if [[ "${CONFIG_LIBVIRT_ENABLE_LARGEIO+x}" && \
-		  "$CONFIG_LIBVIRT_ENABLE_LARGEIO" == "y" ]]; then
-		lbs_idx=0
-		for i in $(seq 1 $(($CONFIG_QEMU_LARGEIO_MAX_POW_LIMIT+1))); do
-			for x in $(seq 0 $CONFIG_QEMU_EXTRA_DRIVE_LARGEIO_NUM_DRIVES_PER_SPACE); do
-				diskimg="$STORAGEDIR/$name/extra${lbs_idx}.${IMG_FMT}"
-				rm -f $diskimg
-				qemu-img create -f $IMG_FMT "$diskimg" 100G
-				if [[ "$CONFIG_LIBVIRT_URI_SYSTEM" == "y" ]]; then
-					chmod g+rw $diskimg
-					chgrp $QEMU_GROUP $diskimg
-				fi
-				let lbs_idx=$lbs_idx+1
-			done
-		done
-	else
-		# build some extra disks
-		for i in $(seq 0 3); do
-			diskimg="$STORAGEDIR/$name/extra${i}.${IMG_FMT}"
-			rm -f $diskimg
-			qemu-img create -f $IMG_FMT "$STORAGEDIR/$name/extra${i}.$IMG_FMT" 100G
-			if [[ "$CONFIG_LIBVIRT_URI_SYSTEM" == "y" ]]; then
-				chmod g+rw $STORAGEDIR/$name/extra${i}.$IMG_FMT
-				chgrp $QEMU_GROUP $STORAGEDIR/$name/extra${i}.$IMG_FMT
-			fi
-		done
-	fi
-
-	virsh define $GUESTFSDIR/$name/$name.xml
-	XML_DEVICES_COUNT=$(find $GUESTFSDIR/$name/ -name pcie_passthrough_*.xml | wc -l)
-	if [[ $XML_DEVICES_COUNT -gt 0 ]]; then
-		for xml in $GUESTFSDIR/$name/pcie_passthrough_*.xml; do
-			echo "Doing PCI-E passthrough for device $xml"
-			virsh attach-device $name $xml --config
-		done
-	fi
-	virsh start $name
-	if [[ $? -ne 0 ]]; then
-		echo "Failed to start $name"
-		exit 1
-	fi
-done
+exit 0
diff --git a/scripts/guestfs.Makefile b/scripts/guestfs.Makefile
index 290315ee9c9e..84cf99db982d 100644
--- a/scripts/guestfs.Makefile
+++ b/scripts/guestfs.Makefile
@@ -81,6 +81,11 @@ bringup_guestfs: $(GUESTFS_BRINGUP_DEPS)
 		--extra-vars=@./extra_vars.yaml \
 		--tags config-check,network,storage-pool-path
 	$(Q)$(TOPDIR)/scripts/bringup_guestfs.sh
+	$(Q)ansible-playbook $(ANSIBLE_VERBOSE) \
+		-i hosts \
+		playbooks/guestfs.yml \
+		--extra-vars=@./extra_vars.yaml \
+		--tags bringup
 	$(Q)ansible-playbook $(ANSIBLE_VERBOSE) \
 		--inventory localhost, \
 		playbooks/guestfs.yml \
-- 
2.49.0

Re: [RFC PATCH 5/5] guestfs: Convert part of scripts/bringup_guestfs.sh to Ansible

[Luis Chamberlain]

On Thu, May 22, 2025 at 09:31:37AM -0400, cel@kernel.org wrote:
> From: Chuck Lever <chuck.lever@oracle.com>
> 
> The part of bringup_guestfs.sh that provisions and starts up target
> nodes is converted to Ansible. This parallelizes node bringup.
> The new Ansible code takes a stab at being more idempotent than the
> script was, as well.
> 
> The part of bringup_guestfs.sh that creates missing base images is
> left in place for the moment.
> 
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

Wow, just wow, thanks for all this.

Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>

  Luis