From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 75882211A35
	for <kdevops@lists.linux.dev>; Sat, 18 Oct 2025 02:31:57 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.133
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1760754719; cv=none; b=hh5Y6s8VXHRA4UfoNVbJCS6nwV90uMLAwRO5tQIOlcF+5xk6ZyhXVrEDDIW83YfdTS7kgwJV8VzK/CtTOnKvVnxSjfvZok0YWGNjv7Son1GDBlmdl68hjxPGYSQDkACCF77q5/QdLAr+7ZBfH7VTG5HR51xOB9ZXRqaqRV+rOxA=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1760754719; c=relaxed/simple;
	bh=3ppiL6weCAQb+yTwYrpjf/6+hFUVkxgGzbcw2w60Hd8=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version; b=u6Hhtlc3KY+VjGJZ03HaVMKz/qTVUlV+UnLcLRIoLBTi6KowndVA09IEmx8uYWtRHZ5Xf5oTD35G1C0OpJ0fqkzebWxR/1aH+dlmEjD3nhGyXEJoN/cfxrjY1dlkWAZHJ7sU8KM7iqBQKHTGd6a/doKtcaM7x0mOPJXOGad14og=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=kernel.org; spf=none smtp.mailfrom=infradead.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b=3TiQlpWC; arc=none smtp.client-ip=198.137.202.133
Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=kernel.org
Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=infradead.org
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="3TiQlpWC"
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding:
	MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:
	Reply-To:Content-Type:Content-ID:Content-Description;
	bh=ZjIRFdWI8/ucfud8kgocbRMuyNjKbd8us6qEaEDh6cs=; b=3TiQlpWCRa542DXet3c1QxU8BZ
	dGY02SypHW7h8pxqDTeqReg5YBFS+jcDU/4sgMAk1QAcEvrkt3XSmtbmJIN+xiZhEIBcDNotzJPta
	5UTlrhhbMK9BNGJek6qS5wtgkMjYahx25BnKYITRrR9yyLee/w3AHx6zL4OvNEtJRxRP/QXrbW6lX
	JbZhLx5NP4SbM11x0nrN4sGSosOCI31hLlBayFy40K9tzYDFPug3tZ/LnPUjDr+x5cJxkWkcKrz9e
	wDiRU7vWDYWqGUicyVO+xmAPLAIbu9Us6BWrEeVUAtM3altxfVKYYuJ8ierCggV32k0EZqjUSQr3I
	AC0cnW5g==;
Received: from mcgrof by bombadil.infradead.org with local (Exim 4.98.2 #2 (Red Hat Linux))
	id 1v9wjd-00000009Oei-0Ers;
	Sat, 18 Oct 2025 02:31:57 +0000
From: Luis Chamberlain <mcgrof@kernel.org>
To: Chuck Lever <cel@kernel.org>,
	Daniel Gomez <da.gomez@kruces.com>,
	kdevops@lists.linux.dev
Cc: Luis Chamberlain <mcgrof@kernel.org>
Subject: [PATCH 6/8] guestfs: Use sudo for base image copy with system libvirt
Date: Fri, 17 Oct 2025 19:31:51 -0700
Message-ID: <20251018023154.2239688-7-mcgrof@kernel.org>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251018023154.2239688-1-mcgrof@kernel.org>
References: <20251018023154.2239688-1-mcgrof@kernel.org>
Precedence: bulk
X-Mailing-List: kdevops@lists.linux.dev
List-Id: <kdevops.lists.linux.dev>
List-Subscribe: <mailto:kdevops+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:kdevops+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: Luis Chamberlain <mcgrof@infradead.org>

When using system libvirt (qemu:///system), the storage pool paths are
typically owned by root or the libvirt group, requiring elevated
privileges to copy base images.

Add conditional sudo support for image duplication:
- System libvirt (libvirt_uri_system=true): Use become/sudo
- Session libvirt (libvirt_uri_system=false): No privilege escalation

This fixes permission denied errors when copying base images to storage
pools like /xfs1/libvirt/kdevops/ that are not writable by the regular
user.

The --reflink=auto flag is preserved in both code paths to enable
efficient copy-on-write when the filesystem supports it (btrfs, XFS
with reflink).

Generated-by: Claude AI
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
---
 playbooks/roles/guestfs/tasks/bringup/main.yml | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/playbooks/roles/guestfs/tasks/bringup/main.yml b/playbooks/roles/guestfs/tasks/bringup/main.yml
index 81bac7ce..510e1a7d 100644
--- a/playbooks/roles/guestfs/tasks/bringup/main.yml
+++ b/playbooks/roles/guestfs/tasks/bringup/main.yml
@@ -50,10 +50,21 @@
         state: directory
       delegate_to: localhost
 
-    - name: Duplicate the root disk image for each target node
+    - name: Duplicate the root disk image for each target node (as root)
+      become: true
+      become_method: ansible.builtin.sudo
+      ansible.builtin.command:
+        cmd: "cp --reflink=auto {{ base_image }} {{ root_image }}"
+      delegate_to: localhost
+      when:
+        - libvirt_uri_system|bool
+
+    - name: Duplicate the root disk image for each target node (non-root)
       ansible.builtin.command:
         cmd: "cp --reflink=auto {{ base_image }} {{ root_image }}"
       delegate_to: localhost
+      when:
+        - not libvirt_uri_system|bool
 
     - name: Get the timezone of the control host
       ansible.builtin.command:
-- 
2.51.0