From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5D3E9275862 for ; Fri, 30 May 2025 17:52:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748627555; cv=none; b=oLjcdVSYbZ84bXZVQ7dLQVPBFsvnPaVsJRI7+1iI6Y5EyWxFkK4b717NSW4UeweTm2/9HhnJjYFZgzH3XXOVlPGmYV9v5Od6t4Qvr+6cY509Yx1bsdflVHeePPByUoow1X9JsRFRuPqN0Wiu5QuEI42PK8fgHV4GopRPzY4a19M= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748627555; c=relaxed/simple; bh=T9YPJgaYZ/a5j1YrxZsSlGhZixXxXUYvqK6SvCoEN2s=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Xyfssafqof+m5xt9JPIA13484RJUJX2D9T6SDhrFFXJPIRxiG7orL/1LeUav1H2Si2mTTe4tsMrUkQdfKIQGEjRN5JvjsdBgDQSlgRB6U2RV8AijnN7JSD3d+Ueto6wiNC1bpsj8kQ4F2MuLaYNhzs8FsI7SbQ7K0YUYFEvQnmg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=NE/Xy0Ab; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="NE/Xy0Ab" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 87198C4CEF0; Fri, 30 May 2025 17:52:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1748627554; bh=T9YPJgaYZ/a5j1YrxZsSlGhZixXxXUYvqK6SvCoEN2s=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NE/Xy0AbwMboxdsgtzwWsVn3z5tyOfqNFE+G6YX3tzqgR6xG/D3QF+bdx7vib16o8 Da4LBwE/x6NZA85M/kh7myD8fwsfzhMBGojpiAyqu+QFD2NuPbuFVjbPLQAg95KIif kcSXFD/sRhAZImBBrp7wyWutYhJS4w0t6hdSvwugE2mpHDdm4YYU4yV2rfOlEDWp74 vEBEUJWPJ2KLgq8Lco7abv+cjJz0EBl4+dTlfnAS57ns9/4VrXOG2+cLh10iHdF+BJ hi70vRrDNkQGEJEeEqMk0bF80WjGNEIQNNP8CeRPkiaGKnMoy150K3fYLtFOaP70en Rmas1A/ASoNOQ== From: Chuck Lever To: Cc: Chuck Lever Subject: [PATCH v2 04/12] guestfs: Add a "bringup" tag to the guestfs role Date: Fri, 30 May 2025 13:52:21 -0400 Message-ID: <20250530175229.489925-5-cel@kernel.org> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250530175229.489925-1-cel@kernel.org> References: <20250530175229.489925-1-cel@kernel.org> Precedence: bulk X-Mailing-List: kdevops@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Chuck Lever Create a new "bringup" tag that bookends the existing "destroy" tag. All guestfs bringup steps will get this tag. Start by populating this new tag with the steps that provision the kdevops storage pool for guestfs. Signed-off-by: Chuck Lever --- playbooks/roles/guestfs/defaults/main.yml | 2 + .../tasks/bringup/storage-pool-path.yml | 78 +++++++++++++++++++ playbooks/roles/guestfs/tasks/main.yml | 8 ++ scripts/guestfs.Makefile | 6 +- 4 files changed, 93 insertions(+), 1 deletion(-) create mode 100644 playbooks/roles/guestfs/defaults/main.yml create mode 100644 playbooks/roles/guestfs/tasks/bringup/storage-pool-path.yml diff --git a/playbooks/roles/guestfs/defaults/main.yml b/playbooks/roles/guestfs/defaults/main.yml new file mode 100644 index 000000000000..6112b384bb57 --- /dev/null +++ b/playbooks/roles/guestfs/defaults/main.yml @@ -0,0 +1,2 @@ +--- +libvirt_uri_system: false diff --git a/playbooks/roles/guestfs/tasks/bringup/storage-pool-path.yml b/playbooks/roles/guestfs/tasks/bringup/storage-pool-path.yml new file mode 100644 index 000000000000..50f804cc304c --- /dev/null +++ b/playbooks/roles/guestfs/tasks/bringup/storage-pool-path.yml @@ -0,0 +1,78 @@ +--- +- name: Create storage pool path directory (libvirt session uri) + # noqa: risky-file-permissions + ansible.builtin.file: + path: "{{ libvirt_storage_pool_path }}" + state: directory + # mode: "u=rwx,g=rwx,o=rx" + when: + - not libvirt_uri_system|bool + +- name: Create storage pool path directory and set group (libvirt system uri) + become: true + become_flags: 'su - -c' + become_method: ansible.builtin.sudo + ansible.builtin.file: + path: "{{ libvirt_storage_pool_path }}" + state: directory + owner: root + group: "{{ libvirt_qemu_group }}" + mode: "u=rwx,g=rwx,o=rx" + when: + - libvirt_uri_system|bool + +- name: Create kdevops guestfs storage directory (libvirt session uri) + ansible.builtin.file: + path: "{{ guestfs_base_image_dir }}" + state: directory + mode: "u=rwx,g=rx,o=rx" + when: + - not libvirt_uri_system|bool + +- name: Create kdevops guestfs storage directory (libvirt system uri) + become: true + become_flags: 'su - -c' + become_method: ansible.builtin.sudo + ansible.builtin.file: + path: "{{ guestfs_base_image_dir }}" + state: directory + mode: "u=rwx,g=rwx,o=rx" + group: "{{ libvirt_qemu_group }}" + when: + - libvirt_uri_system|bool + +- name: Check if directory is owned by the correct group (libvirt system uri) + become: true + become_flags: 'su - -c' + become_method: ansible.builtin.sudo + ansible.builtin.command: + cmd: stat -c '%G' "{{ libvirt_storage_pool_path }}" + register: dir_group + changed_when: false + when: + - libvirt_uri_system|bool + +- name: Check if directory has group write permissions (libvirt system uri) + become: true + become_flags: 'su - -c' + become_method: ansible.builtin.sudo + ansible.builtin.command: + cmd: stat -c '%A' "{{ libvirt_storage_pool_path }}" + register: dir_perms + changed_when: false + when: + - libvirt_uri_system|bool + +- name: Verify storage pool path directory is group-writable (libvirt system uri) + become: true + become_flags: 'su - -c' + become_method: ansible.builtin.sudo + ansible.builtin.fail: + msg: | + The permissions for {{ libvirt_storage_pool_path }} should be group + writeable by the group used by libvirt: {{ libvirt_qemu_group }} + Current group: {{ dir_group.stdout }} + Current permissions: {{ dir_perms.stdout }} + when: + - libvirt_uri_system|bool + - (dir_group.stdout != libvirt_qemu_group) or (dir_perms.stdout[5] != 'w') diff --git a/playbooks/roles/guestfs/tasks/main.yml b/playbooks/roles/guestfs/tasks/main.yml index ba38a67c4baf..12064cb91d73 100644 --- a/playbooks/roles/guestfs/tasks/main.yml +++ b/playbooks/roles/guestfs/tasks/main.yml @@ -5,6 +5,14 @@ ansible.builtin.import_tasks: file: "{{role_path }}/tasks/install-deps/main.yml" +- name: Ensure a storage pool for guestfs exists + delegate_to: localhost + run_once: true + tags: + - bringup + ansible.builtin.import_tasks: + file: "{{role_path }}/tasks/bringup/storage-pool-path.yml" + - name: Shut down and destroy each target node tags: - destroy diff --git a/scripts/guestfs.Makefile b/scripts/guestfs.Makefile index 7f5fb6334846..571662d187ae 100644 --- a/scripts/guestfs.Makefile +++ b/scripts/guestfs.Makefile @@ -75,11 +75,15 @@ install_libguestfs: --tags install-deps bringup_guestfs: $(GUESTFS_BRINGUP_DEPS) + $(Q)ansible-playbook $(ANSIBLE_VERBOSE) \ + -i hosts playbooks/guestfs.yml \ + --extra-vars=@./extra_vars.yaml \ + --tags bringup $(Q)ansible-playbook $(ANSIBLE_VERBOSE) --connection=local \ --inventory localhost, \ playbooks/bringup_guestfs.yml \ --extra-vars=@./extra_vars.yaml \ - --tags network,storage-pool-path + --tags network $(Q)$(TOPDIR)/scripts/bringup_guestfs.sh $(Q)ansible-playbook $(ANSIBLE_VERBOSE) --connection=local \ --inventory localhost, \ -- 2.49.0