[RFC PATCH 4/5] guestfs: Move check-config, network, and storage-pool tags

[cel@kernel.org]

From: Chuck Lever <chuck.lever@oracle.com>

These steps are relocated because my plan is to remove the
bringup_guestfs role eventually.

I'm not sure the config-check steps are absolutely necessary, but
are retained for now.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 playbooks/roles/guestfs/defaults/main.yml     |  1 +
 .../roles/guestfs/tasks/config-check.yml      | 34 ++++++++
 playbooks/roles/guestfs/tasks/main.yml        | 18 ++++
 playbooks/roles/guestfs/tasks/network.yml     | 83 +++++++++++++++++++
 .../roles/guestfs/tasks/storage-pool-path.yml | 77 +++++++++++++++++
 scripts/guestfs.Makefile                      |  4 +-
 6 files changed, 215 insertions(+), 2 deletions(-)
 create mode 100644 playbooks/roles/guestfs/tasks/config-check.yml
 create mode 100644 playbooks/roles/guestfs/tasks/network.yml
 create mode 100644 playbooks/roles/guestfs/tasks/storage-pool-path.yml

diff --git a/playbooks/roles/guestfs/defaults/main.yml b/playbooks/roles/guestfs/defaults/main.yml
index 0d1e2ef82ae9..dc955d915d70 100644
--- a/playbooks/roles/guestfs/defaults/main.yml
+++ b/playbooks/roles/guestfs/defaults/main.yml
@@ -1,3 +1,4 @@
 # SPDX-License-Identifier GPL-2.0+
 ---
 libvirt_uri_system: false
+distro_debian_based: false
diff --git a/playbooks/roles/guestfs/tasks/config-check.yml b/playbooks/roles/guestfs/tasks/config-check.yml
new file mode 100644
index 000000000000..e8cbb9b623a7
--- /dev/null
+++ b/playbooks/roles/guestfs/tasks/config-check.yml
@@ -0,0 +1,34 @@
+---
+- name: Verify kdevops .config exists
+  ansible.builtin.stat:
+    path: "{{ topdir_path }}/.config"
+  register: config_file
+
+- name: Fail if kdevops .config is not present
+  ansible.builtin.fail:
+    msg: "kdevops is not confgured. You must run 'make menuconfig'"
+  when: not config_file.stat.exists or not config_file.stat.isreg
+
+- name: Check if guestfs directory exists
+  ansible.builtin.stat:
+    path: "{{ topdir_path }}/guestfs"
+  register: guestfs_dir_stat
+
+- name: Fail if guestfs directory does not exist
+  ansible.builtin.fail:
+    msg: "The guestfs directory does not exist. You must run make first."
+  when: not guestfs_dir_stat.stat.exists
+
+- name: Check for directories in guestfs/
+  ansible.builtin.find:
+    paths: "{{ topdir_path }}/guestfs"
+    file_type: directory
+    recurse: false
+    depth: 1
+  register: guestfs_subdirectories
+  when: guestfs_dir_stat.stat.exists
+
+- name: Fail if no directories found in guestfs/
+  ansible.builtin.fail:
+    msg: "No directories found in guestfs. You must run make first."
+  when: guestfs_subdirectories.matched == 0
diff --git a/playbooks/roles/guestfs/tasks/main.yml b/playbooks/roles/guestfs/tasks/main.yml
index a469d48a082b..bda91de79983 100644
--- a/playbooks/roles/guestfs/tasks/main.yml
+++ b/playbooks/roles/guestfs/tasks/main.yml
@@ -5,6 +5,24 @@
   ansible.builtin.import_tasks:
     file: "{{role_path }}/tasks/install-deps/main.yml"
 
+- name: Check basic guestfs configuration
+  tags:
+    - config-check
+  ansible.builtin.import_tasks:
+    file: "{{role_path }}/tasks/config-check.yml"
+
+- name: Configure libvirt storage pool
+  tags:
+    - storage-pool-path
+  ansible.builtin.import_tasks:
+    file: "{{role_path }}/tasks/storage-pool-path.yml"
+
+- name: Configure libvirt networking
+  tags:
+    - network
+  ansible.builtin.import_tasks:
+    file: "{{role_path }}/tasks/network.yml"
+
 - name: Set up target node console permissions
   tags:
     - console-permissions
diff --git a/playbooks/roles/guestfs/tasks/network.yml b/playbooks/roles/guestfs/tasks/network.yml
new file mode 100644
index 000000000000..8e7c9f1df7f3
--- /dev/null
+++ b/playbooks/roles/guestfs/tasks/network.yml
@@ -0,0 +1,83 @@
+---
+- name: Check for dnsmasq configuration files
+  ansible.builtin.stat:
+    path: "{{ item }}"
+  loop:
+    - /etc/dnsmasq.conf
+    - /etc/dnsmasq.d
+  register: dnsmasq_config_files
+  when:
+    - distro_debian_based|bool
+
+- name: Fail if dnsmasq configuration files exist
+  ansible.builtin.fail:
+    msg: |
+      dnsmasq configuration files or directories still exist.
+      Please remove the following to fully uninstall
+      dnsmasq:\n{{ dnsmasq_config_files | join('\n') }}
+  when:
+    - distro_debian_based|bool
+    - dnsmasq_config_files.results | selectattr('stat.exists') | list | length > 0
+
+- name: Check if dnsmasq service is enabled
+  # noqa: command-instead-of-module
+  become: true
+  become_flags: 'su - -c'
+  become_method: ansible.builtin.sudo
+  ansible.builtin.command:
+    cmd: "systemctl is-enabled dnsmasq"
+  register: dnsmasq_enabled
+  failed_when: false
+  changed_when: false
+  when:
+    - distro_debian_based|bool
+    - dnsmasq_config_files | length > 0
+
+- name: Check if dnsmasq service is active
+  # noqa: command-instead-of-module
+  become: true
+  become_flags: 'su - -c'
+  become_method: ansible.builtin.sudo
+  ansible.builtin.command:
+    cmd: "systemctl is-active dnsmasq"
+  register: dnsmasq_active
+  failed_when: false
+  changed_when: false
+  when:
+    - distro_debian_based|bool
+    - dnsmasq_config_files | length > 0
+
+- name: Fail if dnsmasq service is enabled or active
+  ansible.builtin.fail:
+    msg: |
+      dnsmasq service is
+      {{ 'enabled' if dnsmasq_enabled.rc == 0 else 'active' if dnsmasq_active.rc == 0 else 'present' }}.
+      Please ensure dnsmasq is fully uninstalled and disabled.
+      Run 'sudo systemctl disable dnsmasq' and 'sudo systemctl
+      stop dnsmasq' to disable and stop the service.
+  when:
+    - distro_debian_based|bool
+    - dnsmasq_config_files | length > 0
+    - (dnsmasq_enabled.rc == 0) or (dnsmasq_active.rc == 0)
+
+- name: Check if libvirt default network is running
+  become: true
+  become_flags: 'su - -c'
+  become_method: ansible.builtin.sudo
+  ansible.builtin.shell: virsh net-list | grep -q default
+  register: libvirt_default_net
+  ignore_errors: true
+  changed_when: false
+  when:
+    - libvirt_uri_system|bool
+
+- name: Start the libvirt default network
+  become: true
+  become_flags: 'su - -c'
+  become_method: ansible.builtin.sudo
+  ansible.builtin.command:
+    cmd: "virsh net-start default"
+  changed_when: true
+  when:
+    - libvirt_uri_system|bool
+    - libvirt_default_net.rc != 0
diff --git a/playbooks/roles/guestfs/tasks/storage-pool-path.yml b/playbooks/roles/guestfs/tasks/storage-pool-path.yml
new file mode 100644
index 000000000000..78781f0489c1
--- /dev/null
+++ b/playbooks/roles/guestfs/tasks/storage-pool-path.yml
@@ -0,0 +1,77 @@
+---
+- name: Create storage pool path directory (libvirt session uri)
+  ansible.builtin.file:
+    path: "{{ libvirt_storage_pool_path }}"
+    state: directory
+#   mode: "u=rwx,g=rwx,o=rx"
+  when:
+    - not libvirt_uri_system|bool
+
+- name: Create storage pool path directory and set group (libvirt system uri)
+  become: true
+  become_flags: 'su - -c'
+  become_method: ansible.builtin.sudo
+  ansible.builtin.file:
+    path: "{{ libvirt_storage_pool_path }}"
+    state: directory
+    owner: root
+    group: "{{ libvirt_qemu_group }}"
+    mode: "u=rwx,g=rwx,o=rx"
+  when:
+    - libvirt_uri_system|bool
+
+- name: Create kdevops guestfs storage directory (libvirt session uri)
+  ansible.builtin.file:
+    path: "{{ guestfs_base_image_dir }}"
+    state: directory
+    mode: "u=rwx,g=rx,o=rx"
+  when:
+    - not libvirt_uri_system|bool
+
+- name: Create kdevops guestfs storage directory (libvirt system uri)
+  become: true
+  become_flags: 'su - -c'
+  become_method: ansible.builtin.sudo
+  ansible.builtin.file:
+    path: "{{ guestfs_base_image_dir }}"
+    state: directory
+    mode: "u=rwx,g=rwx,o=rx"
+    group: "{{ libvirt_qemu_group }}"
+  when:
+    - libvirt_uri_system|bool
+
+- name: Check if directory is owned by the correct group (libvirt system uri)
+  become: true
+  become_flags: 'su - -c'
+  become_method: ansible.builtin.sudo
+  ansible.builtin.command:
+    cmd: stat -c '%G' "{{ libvirt_storage_pool_path }}"
+  register: dir_group
+  changed_when: false
+  when:
+    - libvirt_uri_system|bool
+
+- name: Check if directory has group write permissions (libvirt system uri)
+  become: true
+  become_flags: 'su - -c'
+  become_method: ansible.builtin.sudo
+  ansible.builtin.command:
+    cmd: stat -c '%A' "{{ libvirt_storage_pool_path }}"
+  register: dir_perms
+  changed_when: false
+  when:
+    - libvirt_uri_system|bool
+
+- name: Verify storage pool path directory is group-writable (libvirt system uri)
+  become: true
+  become_flags: 'su - -c'
+  become_method: ansible.builtin.sudo
+  ansible.builtin.fail:
+    msg: |
+      The permissions for {{ libvirt_storage_pool_path }} should be group
+      writeable by the group used by libvirt: {{ libvirt_qemu_group }}
+      Current group: {{ dir_group.stdout }}
+      Current permissions: {{ dir_perms.stdout }}
+  when:
+    - libvirt_uri_system|bool
+    - (dir_group.stdout != libvirt_qemu_group) or (dir_perms.stdout[5] != 'w')
diff --git a/scripts/guestfs.Makefile b/scripts/guestfs.Makefile
index 30bef9d17e99..290315ee9c9e 100644
--- a/scripts/guestfs.Makefile
+++ b/scripts/guestfs.Makefile
@@ -75,9 +75,9 @@ install_libguestfs:
 		--tags install-deps
 
 bringup_guestfs: $(GUESTFS_BRINGUP_DEPS)
-	$(Q)ansible-playbook $(ANSIBLE_VERBOSE) --connection=local \
+	$(Q)ansible-playbook $(ANSIBLE_VERBOSE) \
 		--inventory localhost, \
-		playbooks/bringup_guestfs.yml \
+		playbooks/guestfs.yml \
 		--extra-vars=@./extra_vars.yaml \
 		--tags config-check,network,storage-pool-path
 	$(Q)$(TOPDIR)/scripts/bringup_guestfs.sh
-- 
2.49.0