From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 057BB28AAF9 for ; Thu, 22 May 2025 13:31:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747920702; cv=none; b=o4OrjuczIzfmxjJ1jt1fxRc3i5nX5G074whOJAwBHQZkRLCAoa4msMipy0/DUQrdNaSks+UETCnJw1dTP/+ZpEByKBNLXdEKXHprB0B4KYnHrcxk0bVR1KuEjYkcebZ7YK6k9rA4PObqMuE55JZ77QaeXwHfgJvjMckg+syqaag= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747920702; c=relaxed/simple; bh=zDKHObpXRT2O0624PCRyTWGwHnHdzbEzhm8KTnbLz3g=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=UpPR3g4fMLlvLUps4LLPRPE+f2j7BGllJYjNLxlvx9tVJ+1qETOmifJC+OZBouQduGP3KI0ocGIqLPbg4MovWbJ78yV2FBIjjSpkbPpNxe7T0NsY/DlF2n7h/SK88DsGjYA535XYs9GcJQ5vTacNnk5crm0MllDXjDfmaFcmc04= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=IgXoG3nj; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="IgXoG3nj" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 51B3EC4CEEB; Thu, 22 May 2025 13:31:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1747920701; bh=zDKHObpXRT2O0624PCRyTWGwHnHdzbEzhm8KTnbLz3g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=IgXoG3njFMmCzjnvC3n30CwAJx5zY5BCZ1vLsT5+dN997nBrlL2SLoN6jIdJ4QCVP WzUPXBNhMPteOep60PnD5sC6PPkc00o+TY2dQ+10u7VEq/hWeEYh9gs5ZjVCMbzZ/d IxsAeZKbbi7oCDX0Is5w47xiK1tnWofMBN3SAoH+HwGv3Omnw2m01eeCb0vik6A7FY Gvq1a/KADo1SC33csjHZJaqy8wEcnYdjh7Q//MyQ+D8qZR9giRCWZSnTjJyckjpG1R 2qoSid0ZXCO5NH6iuw3w7riYXn29BJMS3elXdveqfUeLfhDHpIQJ9MwwEjWoJe0Cbb b7QMZ8c9G7HhQ== From: cel@kernel.org To: Cc: Chuck Lever Subject: [RFC PATCH 4/5] guestfs: Move check-config, network, and storage-pool tags Date: Thu, 22 May 2025 09:31:36 -0400 Message-ID: <20250522133137.989457-5-cel@kernel.org> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250522133137.989457-1-cel@kernel.org> References: <20250522133137.989457-1-cel@kernel.org> Precedence: bulk X-Mailing-List: kdevops@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Chuck Lever These steps are relocated because my plan is to remove the bringup_guestfs role eventually. I'm not sure the config-check steps are absolutely necessary, but are retained for now. Signed-off-by: Chuck Lever --- playbooks/roles/guestfs/defaults/main.yml | 1 + .../roles/guestfs/tasks/config-check.yml | 34 ++++++++ playbooks/roles/guestfs/tasks/main.yml | 18 ++++ playbooks/roles/guestfs/tasks/network.yml | 83 +++++++++++++++++++ .../roles/guestfs/tasks/storage-pool-path.yml | 77 +++++++++++++++++ scripts/guestfs.Makefile | 4 +- 6 files changed, 215 insertions(+), 2 deletions(-) create mode 100644 playbooks/roles/guestfs/tasks/config-check.yml create mode 100644 playbooks/roles/guestfs/tasks/network.yml create mode 100644 playbooks/roles/guestfs/tasks/storage-pool-path.yml diff --git a/playbooks/roles/guestfs/defaults/main.yml b/playbooks/roles/guestfs/defaults/main.yml index 0d1e2ef82ae9..dc955d915d70 100644 --- a/playbooks/roles/guestfs/defaults/main.yml +++ b/playbooks/roles/guestfs/defaults/main.yml @@ -1,3 +1,4 @@ # SPDX-License-Identifier GPL-2.0+ --- libvirt_uri_system: false +distro_debian_based: false diff --git a/playbooks/roles/guestfs/tasks/config-check.yml b/playbooks/roles/guestfs/tasks/config-check.yml new file mode 100644 index 000000000000..e8cbb9b623a7 --- /dev/null +++ b/playbooks/roles/guestfs/tasks/config-check.yml @@ -0,0 +1,34 @@ +--- +- name: Verify kdevops .config exists + ansible.builtin.stat: + path: "{{ topdir_path }}/.config" + register: config_file + +- name: Fail if kdevops .config is not present + ansible.builtin.fail: + msg: "kdevops is not confgured. You must run 'make menuconfig'" + when: not config_file.stat.exists or not config_file.stat.isreg + +- name: Check if guestfs directory exists + ansible.builtin.stat: + path: "{{ topdir_path }}/guestfs" + register: guestfs_dir_stat + +- name: Fail if guestfs directory does not exist + ansible.builtin.fail: + msg: "The guestfs directory does not exist. You must run make first." + when: not guestfs_dir_stat.stat.exists + +- name: Check for directories in guestfs/ + ansible.builtin.find: + paths: "{{ topdir_path }}/guestfs" + file_type: directory + recurse: false + depth: 1 + register: guestfs_subdirectories + when: guestfs_dir_stat.stat.exists + +- name: Fail if no directories found in guestfs/ + ansible.builtin.fail: + msg: "No directories found in guestfs. You must run make first." + when: guestfs_subdirectories.matched == 0 diff --git a/playbooks/roles/guestfs/tasks/main.yml b/playbooks/roles/guestfs/tasks/main.yml index a469d48a082b..bda91de79983 100644 --- a/playbooks/roles/guestfs/tasks/main.yml +++ b/playbooks/roles/guestfs/tasks/main.yml @@ -5,6 +5,24 @@ ansible.builtin.import_tasks: file: "{{role_path }}/tasks/install-deps/main.yml" +- name: Check basic guestfs configuration + tags: + - config-check + ansible.builtin.import_tasks: + file: "{{role_path }}/tasks/config-check.yml" + +- name: Configure libvirt storage pool + tags: + - storage-pool-path + ansible.builtin.import_tasks: + file: "{{role_path }}/tasks/storage-pool-path.yml" + +- name: Configure libvirt networking + tags: + - network + ansible.builtin.import_tasks: + file: "{{role_path }}/tasks/network.yml" + - name: Set up target node console permissions tags: - console-permissions diff --git a/playbooks/roles/guestfs/tasks/network.yml b/playbooks/roles/guestfs/tasks/network.yml new file mode 100644 index 000000000000..8e7c9f1df7f3 --- /dev/null +++ b/playbooks/roles/guestfs/tasks/network.yml @@ -0,0 +1,83 @@ +--- +- name: Check for dnsmasq configuration files + ansible.builtin.stat: + path: "{{ item }}" + loop: + - /etc/dnsmasq.conf + - /etc/dnsmasq.d + register: dnsmasq_config_files + when: + - distro_debian_based|bool + +- name: Fail if dnsmasq configuration files exist + ansible.builtin.fail: + msg: | + dnsmasq configuration files or directories still exist. + Please remove the following to fully uninstall + dnsmasq:\n{{ dnsmasq_config_files | join('\n') }} + when: + - distro_debian_based|bool + - dnsmasq_config_files.results | selectattr('stat.exists') | list | length > 0 + +- name: Check if dnsmasq service is enabled + # noqa: command-instead-of-module + become: true + become_flags: 'su - -c' + become_method: ansible.builtin.sudo + ansible.builtin.command: + cmd: "systemctl is-enabled dnsmasq" + register: dnsmasq_enabled + failed_when: false + changed_when: false + when: + - distro_debian_based|bool + - dnsmasq_config_files | length > 0 + +- name: Check if dnsmasq service is active + # noqa: command-instead-of-module + become: true + become_flags: 'su - -c' + become_method: ansible.builtin.sudo + ansible.builtin.command: + cmd: "systemctl is-active dnsmasq" + register: dnsmasq_active + failed_when: false + changed_when: false + when: + - distro_debian_based|bool + - dnsmasq_config_files | length > 0 + +- name: Fail if dnsmasq service is enabled or active + ansible.builtin.fail: + msg: | + dnsmasq service is + {{ 'enabled' if dnsmasq_enabled.rc == 0 else 'active' if dnsmasq_active.rc == 0 else 'present' }}. + Please ensure dnsmasq is fully uninstalled and disabled. + Run 'sudo systemctl disable dnsmasq' and 'sudo systemctl + stop dnsmasq' to disable and stop the service. + when: + - distro_debian_based|bool + - dnsmasq_config_files | length > 0 + - (dnsmasq_enabled.rc == 0) or (dnsmasq_active.rc == 0) + +- name: Check if libvirt default network is running + become: true + become_flags: 'su - -c' + become_method: ansible.builtin.sudo + ansible.builtin.shell: virsh net-list | grep -q default + register: libvirt_default_net + ignore_errors: true + changed_when: false + when: + - libvirt_uri_system|bool + +- name: Start the libvirt default network + become: true + become_flags: 'su - -c' + become_method: ansible.builtin.sudo + ansible.builtin.command: + cmd: "virsh net-start default" + changed_when: true + when: + - libvirt_uri_system|bool + - libvirt_default_net.rc != 0 diff --git a/playbooks/roles/guestfs/tasks/storage-pool-path.yml b/playbooks/roles/guestfs/tasks/storage-pool-path.yml new file mode 100644 index 000000000000..78781f0489c1 --- /dev/null +++ b/playbooks/roles/guestfs/tasks/storage-pool-path.yml @@ -0,0 +1,77 @@ +--- +- name: Create storage pool path directory (libvirt session uri) + ansible.builtin.file: + path: "{{ libvirt_storage_pool_path }}" + state: directory +# mode: "u=rwx,g=rwx,o=rx" + when: + - not libvirt_uri_system|bool + +- name: Create storage pool path directory and set group (libvirt system uri) + become: true + become_flags: 'su - -c' + become_method: ansible.builtin.sudo + ansible.builtin.file: + path: "{{ libvirt_storage_pool_path }}" + state: directory + owner: root + group: "{{ libvirt_qemu_group }}" + mode: "u=rwx,g=rwx,o=rx" + when: + - libvirt_uri_system|bool + +- name: Create kdevops guestfs storage directory (libvirt session uri) + ansible.builtin.file: + path: "{{ guestfs_base_image_dir }}" + state: directory + mode: "u=rwx,g=rx,o=rx" + when: + - not libvirt_uri_system|bool + +- name: Create kdevops guestfs storage directory (libvirt system uri) + become: true + become_flags: 'su - -c' + become_method: ansible.builtin.sudo + ansible.builtin.file: + path: "{{ guestfs_base_image_dir }}" + state: directory + mode: "u=rwx,g=rwx,o=rx" + group: "{{ libvirt_qemu_group }}" + when: + - libvirt_uri_system|bool + +- name: Check if directory is owned by the correct group (libvirt system uri) + become: true + become_flags: 'su - -c' + become_method: ansible.builtin.sudo + ansible.builtin.command: + cmd: stat -c '%G' "{{ libvirt_storage_pool_path }}" + register: dir_group + changed_when: false + when: + - libvirt_uri_system|bool + +- name: Check if directory has group write permissions (libvirt system uri) + become: true + become_flags: 'su - -c' + become_method: ansible.builtin.sudo + ansible.builtin.command: + cmd: stat -c '%A' "{{ libvirt_storage_pool_path }}" + register: dir_perms + changed_when: false + when: + - libvirt_uri_system|bool + +- name: Verify storage pool path directory is group-writable (libvirt system uri) + become: true + become_flags: 'su - -c' + become_method: ansible.builtin.sudo + ansible.builtin.fail: + msg: | + The permissions for {{ libvirt_storage_pool_path }} should be group + writeable by the group used by libvirt: {{ libvirt_qemu_group }} + Current group: {{ dir_group.stdout }} + Current permissions: {{ dir_perms.stdout }} + when: + - libvirt_uri_system|bool + - (dir_group.stdout != libvirt_qemu_group) or (dir_perms.stdout[5] != 'w') diff --git a/scripts/guestfs.Makefile b/scripts/guestfs.Makefile index 30bef9d17e99..290315ee9c9e 100644 --- a/scripts/guestfs.Makefile +++ b/scripts/guestfs.Makefile @@ -75,9 +75,9 @@ install_libguestfs: --tags install-deps bringup_guestfs: $(GUESTFS_BRINGUP_DEPS) - $(Q)ansible-playbook $(ANSIBLE_VERBOSE) --connection=local \ + $(Q)ansible-playbook $(ANSIBLE_VERBOSE) \ --inventory localhost, \ - playbooks/bringup_guestfs.yml \ + playbooks/guestfs.yml \ --extra-vars=@./extra_vars.yaml \ --tags config-check,network,storage-pool-path $(Q)$(TOPDIR)/scripts/bringup_guestfs.sh -- 2.49.0