node-common

minimal-comfort.sh

+#!/usr/bin/env bash
+set -euo pipefail
+
+if [[ $EUID -ne 0 ]]; then
+  echo "Kérlek rootként futtasd: sudo ./minimal-comfort.sh"
+  exit 1
+fi
+
+export DEBIAN_FRONTEND=noninteractive
+
+echo "[*] APT frissítés + alap csomagok telepítése..."
+apt-get update -y
+apt-get install -y \
+  iproute2 iputils-ping net-tools dnsutils \
+  curl wget ca-certificates \
+  less lsof traceroute tcpdump \
+  nano vim htop \
+  unzip zip tar gzip bzip2 xz-utils \
+  git jq rsync \
+  isc-dhcp-client
+
+# VLAN modul (802.1Q)
+echo "[*] 8021q modul engedélyezése (VLAN-hoz)..."
+install -d /etc/modules-load.d
+echo "8021q" > /etc/modules-load.d/vlan-8021q.conf
+modprobe 8021q || true
+
+# Kényelmi aliasok és kisegítők (globálisan minden usernek)
+echo "[*] Aliasok és kényelmi beállítások hozzáadása..."
+cat >/etc/profile.d/99-comfort.sh <<'EOC'
+# Komfort aliasok
+alias ll='ls -alF'
+alias la='ls -A'
+alias l='ls -CF'
+alias grep='grep --color=auto'
+alias ipw='ip -c -br a'
+alias ports='ss -tulpen'
+
+# kevésbé idegesítő less
+export LESS='-R'
+
+# default editor
+export EDITOR=vim
+
+# Egyszerű, informatív prompt
+# pl: [root@host 12:34] /current/dir $
+if [ -n "$PS1" ]; then
+  PS1='[\u@\h \A] \w \$ '
+fi
+EOC
+
+chmod 0644 /etc/profile.d/99-comfort.sh
+
+# Vim alap beállítás (ha valaki inkább ezt használja)
+cat >/etc/vim/vimrc.local <<'EOV'
+set number
+set ruler
+set mouse=
+set backspace=indent,eol,start
+syntax on
+EOV
+
+# Nano: egységes tab/indent és sorjelölés
+install -d /etc/nano
+cat >/etc/nanorc <<'EON'
+set linenumbers
+set tabsize 2
+set smooth
+set nowrap
+EON
+
+echo
+echo "[✓] Kész! Lépj ki és be újra (vagy futtasd: source /etc/profile) az aliasokhoz/prompthoz."
+echo "[i] Hasznos parancsok:"
+echo "    - ipw            # rövid IP összefoglaló"
+echo "    - ports          # nyitott portok/folyamatok"
+echo "    - dhclient IFACE # DHCP kliens kézzel (pl. dhclient enp3s0.5)"

playbooks/nfs-client.yml

 - hosts: all
-  become: true
   roles:
     - nfs-client
 

playbooks/node-common.yml

+---
+- name: Prepare fixed UID/GID layout for libvirt/NFS hosts
+  hosts: all
+  become: yes
+  gather_facts: no
+
+  vars:
+    temp_uid_offset: 50000
+    temp_gid_offset: 50000
+
+    fixed_groups:
+      - { name: "lxd",             gid: 101 }
+      - { name: "libvirt-qemu",    gid: 107 }
+      - { name: "uuidd",           gid: 108 }
+      - { name: "incron",          gid: 109 }
+      - { name: "libvirt",         gid: 110 }
+      - { name: "libvirt-dnsmasq", gid: 111 }
+      - { name: "kvm",             gid: 994 }
+      - { name: "cloud",           gid: 1000 }
+
+    fixed_users:
+      - name: "libvirt-qemu"
+        uid: 107
+        gid: 107
+        home: "/var/lib/libvirt"
+        shell: "/usr/sbin/nologin"
+        system: true
+
+      - name: "uuidd"
+        uid: 108
+        gid: 108
+        home: "/run/uuidd"
+        shell: "/usr/sbin/nologin"
+        system: true
+
+      - name: "statd"
+        uid: 109
+        gid: 65534           # nogroup
+        home: "/var/lib/nfs"
+        shell: "/usr/sbin/nologin"
+        system: true
+
+      - name: "chrony"
+        uid: 110
+        gid: 110
+        home: "/var/lib/chrony"
+        shell: "/usr/sbin/nologin"
+        system: true
+
+      - name: "libvirt-dnsmasq"
+        uid: 111
+        gid: 111
+        home: "/var/lib/libvirt/dnsmasq"
+        shell: "/usr/sbin/nologin"
+        system: true
+
+      - name: "cloud"
+        uid: 1000
+        gid: 1000
+        home: "/home/cloud"
+        shell: "/bin/bash"
+        system: false
+
+  tasks:
+
+    - name: Ensure basic tools are present
+      package:
+        name: [ "findutils", "coreutils" ]
+        state: present
+
+    #######################################################################
+    # 1) GROUP KONFLIKTUSOK KEZELÉSE
+    #######################################################################
+
+    - name: Resolve GID conflicts (move foreign groups to temp GID)
+      shell: |
+        set -e
+        desired_name="{{ item.name }}"
+        desired_gid="{{ item.gid }}"
+        current_name="$(getent group "$desired_gid" | cut -d: -f1 || true)"
+
+        # Ha nincs ilyen gid, vagy már a jó group név használja, kilépünk
+        if [ -z "$current_name" ] || [ "$current_name" = "$desired_name" ]; then
+          exit 0
+        fi
+
+        temp_gid=$(( desired_gid + {{ temp_gid_offset }} ))
+        echo "GID $desired_gid foglalt a(z) $current_name által, átmozgatás $temp_gid-re..."
+        groupmod -g "$temp_gid" "$current_name"
+
+        # régi GID-vel rendelkező fájlok tulajdonát visszaállítjuk a group névre
+        find / -xdev -gid "$desired_gid" -exec chgrp "$current_name" {} \; || true
+      args:
+        executable: /bin/bash
+      loop: "{{ fixed_groups }}"
+      loop_control:
+        label: "{{ item.name }}"
+
+    - name: Ensure fixed groups exist with correct GID
+      group:
+        name: "{{ item.name }}"
+        gid: "{{ item.gid }}"
+        system: yes
+        state: present
+      loop: "{{ fixed_groups }}"
+      loop_control:
+        label: "{{ item.name }}"
+
+    #######################################################################
+    # 2) USER KONFLIKTUSOK KEZELÉSE
+    #######################################################################
+
+    - name: Resolve UID conflicts (move foreign users to temp UID)
+      shell: |
+        set -e
+        desired_name="{{ item.name }}"
+        desired_uid="{{ item.uid }}"
+        current_name="$(getent passwd "$desired_uid" | cut -d: -f1 || true)"
+
+        # Ha nincs ilyen uid, vagy már a jó user használja, kilépünk
+        if [ -z "$current_name" ] || [ "$current_name" = "$desired_name" ]; then
+          exit 0
+        fi
+
+        temp_uid=$(( desired_uid + {{ temp_uid_offset }} ))
+        echo "UID $desired_uid foglalt a(z) $current_name által, átmozgatás $temp_uid-re..."
+        usermod -u "$temp_uid" "$current_name"
+
+        # régi UID-vel rendelkező fájlok tulajdonát visszaállítjuk a user névre
+        find / -xdev -uid "$desired_uid" -exec chown "$current_name" {} \; || true
+      args:
+        executable: /bin/bash
+      loop: "{{ fixed_users }}"
+      loop_control:
+        label: "{{ item.name }}"
+
+    - name: Ensure fixed users exist with correct UID/GID
+      user:
+        name: "{{ item.name }}"
+        uid: "{{ item.uid }}"
+        group: "{{ item.gid }}"
+        home: "{{ item.home }}"
+        shell: "{{ item.shell }}"
+        system: "{{ item.system }}"
+        create_home: "{{ item.system | ternary(false, true) }}"
+        state: present
+      loop: "{{ fixed_users }}"
+      loop_control:
+        label: "{{ item.name }}"
+    - name: Ensure cloud is member of libvirt group
+      user:
+        name: cloud
+        groups: libvirt
+        append: yes
+
+    - name: Ensure home/system dirs exist and owned properly
+      file:
+        path: "{{ item.home }}"
+        state: directory
+        owner: "{{ item.name }}"
+        group: "{{ item.gid }}"
+        mode: "0750"
+      loop: "{{ fixed_users }}"
+      loop_control:
+        label: "{{ item.name }}"
+      when: item.home not in ["/nonexistent", "/"]
+
+    #######################################################################
+    # 3) (OPCIONÁLIS) REBOOT
+    #######################################################################
+    # - name: Reboot after UID/GID changes
+    #   reboot:
+    #     msg: "Reboot after UID/GID preparation"
+    #     reboot_timeout: 600
+

playbooks/vmdriver.yml

----
 - hosts: all
-  become: true
   roles:
     - role: vmdriver

roles/agentdriver/tasks/main.yml

@@ -19,9 +19,9 @@
 
 - name: Checkout repository
   ansible.builtin.git:
-    repo: "{{ agentdriver_repo_name }}"
+    repo: "{{ agentdriver_repo_url }}"
     dest: "{{ agentdriver_base_dir }}"
-    version: "{{ agentdriver_repo_revision }}"
+    version: "{{ agentdriver_repo_rev }}"
     update: "{{ agentdriver_git_update | bool }}"
     accept_hostkey: yes
   become: yes
@@ -76,6 +76,12 @@
   become_user: "{{ agentdriver_app_user }}"
   tags: [ 'deps' ]
 
+- name: Ensure incron is installed
+  become: yes
+  package:
+    name: incron
+    state: present
+
 - name: copy incron
   ansible.builtin.copy:
     src: "{{ agentdriver_repo_dir }}/miscellaneous/agentdriver.incron"
@@ -85,6 +91,12 @@
     mode: "0644"
   become: yes
 
+- name: Ensure incron daemon is enabled and running
+  service:
+    name: incron
+    state: started
+    enabled: yes
+
 - name: copy service
   ansible.builtin.copy:
     src: "{{ agentdriver_repo_dir }}/miscellaneous/agentdriver.service"

roles/agentdriver/vars/main.yml

 # Default variables for the agentdriver role
 agentdriver_app_user: "cloud"
 agentdriver_git_update: true
-agentdriver_repo_name: "https://git.ik.bme.hu/circle3/agentdriver.git"
-agentdriver_repo_revision: "master"
+agentdriver_repo_url: "https://git.ik.bme.hu/circle3/agentdriver.git"
+agentdriver_repo_rev: "master"
 agentdriver_base_dir: "/home/{{ agentdriver_app_user }}/agentdriver"
 agentdriver_repo_dir: "/home/{{ agentdriver_app_user }}/agentdriver"
 agentdriver_venv_dir: "/home/{{ agentdriver_app_user }}/.virtualenvs/agentdriver"

roles/nfs-client/task/main.yml → roles/nfs-client/tasks/main.yml

 - name: Include OS-specific vars
-  ansible.builtin.include_vars: "{{ item }}"
-  with_first_found:
-    - "{{ ansible_os_family }}.yml"
+  ansible.builtin.include_vars:
+    file: "{{ ansible_os_family }}.yml"
+
+- name: Debug nfs_client_packages
+  debug:
+    var: nfs_client_packages
 
 - name: Install NFS client packages
+  become: true
   ansible.builtin.package:
     name: "{{ nfs_client_packages }}"
     state: present
 
 - name: Ensure rpcbind is enabled and running (needed for NFSv3)
+  become: true
   ansible.builtin.systemd:
     name: rpcbind
     state: started

roles/vmdriver/tasks/main.yml

@@ -4,6 +4,7 @@
     - "{{ ansible_os_family }}.yml"
 
 - name: Ensure required packages are present
+  become: yes
   package:
     name: "{{ vmdriver_packages }}"
     state: present
@@ -92,42 +93,74 @@
   args:
     creates: /sys/class/net/cloud
 
-- name: Clone vmdriver repository
-  git:
-    repo: "{{ vmdriver_repo_url }}"
-    version: "{{ vmdriver_repo_rev }}"
-    dest: "{{ vmdriver_repo_dir }}"
-    update: true
-    force: true
-  become: true
-  become_user: "{{ vmdriver_user }}"
+- name: Ensure base dir exists (owned by user)
+  ansible.builtin.file:
+    path: "{{ vmdriver_base_dir }}"
+    state: directory
+    owner: "{{ vmdriver_user }}"
+    group: "{{ vmdriver_user }}"
+    mode: "0755"
 
-- name: Ensure virtualenv base dir exists
-  file:
-    path: "{{ vmdriver_venv_dir | dirname }}"
+- name: Ensure repo dir exists (owned by app user)
+  ansible.builtin.file:
+    path: "{{ vmdriver_base_dir }}"
     state: directory
     owner: "{{ vmdriver_user }}"
     group: "{{ vmdriver_user }}"
     mode: "0755"
 
+- name: Checkout repository
+  ansible.builtin.git:
+    repo: "{{ vmdriver_repo_url }}"
+    dest: "{{ vmdriver_base_dir }}"
+    version: "{{ vmdriver_repo_rev }}"
+    update: "{{ vmdriver_git_update | bool }}"
+    accept_hostkey: yes
+  become: yes
+  become_user: "{{ vmdriver_user }}"
+  tags: [ 'git' ]
+
+#- name: Ensure virtualenv base dir exists
+#  file:
+#    path: "{{ vmdriver_venv_dir | dirname }}"
+#    state: directory
+#    owner: "{{ vmdriver_user }}"
+#    group: "{{ vmdriver_user }}"
+#    mode: "0755"
+
 - name: Create Python venv
   pip:
     name: pip
     state: latest
     virtualenv: "{{ vmdriver_venv_dir }}"
     virtualenv_python: python3.9
+  become: yes
+  become_user: "{{ vmdriver_user }}"
 
-- name: Install pip requirements into venv
-  pip:
-    requirements: "{{ vmdriver_repo_dir }}/requirements/install_first.txt"
+#- name: Install pip requirements into venv
+#  pip:
+#    requirements: "{{ vmdriver_repo_dir }}/requirements/install_first.txt"
+#    virtualenv: "{{ vmdriver_venv_dir }}"
+#    virtualenv_python: python3.9
+
+- name: Bootstrap pip/setuptools/wheel (pinned first stage)
+  ansible.builtin.pip:
+    name: "{{ vmdriver_pip_bootstrap }}"
     virtualenv: "{{ vmdriver_venv_dir }}"
     virtualenv_python: python3.9
+    state: present
+  become: yes
+  become_user: "{{ vmdriver_user }}"
+  tags: [ 'pip' ]
 
-- name: Install Python requirements into venv
-  pip:
-    requirements: "{{ vmdriver_repo_dir }}/requirements/{{ deployment_type }}.txt"
+- name: Install Python requirements
+  ansible.builtin.pip:
+    requirements: "{{ vmdriver_requirements_file }}"
     virtualenv: "{{ vmdriver_venv_dir }}"
     virtualenv_python: python3.9
+  become: yes
+  become_user: "{{ vmdriver_user }}"
+  tags: [ 'deps' ]
 
 - name: Deploy sudoers fragment
   copy:

roles/vmdriver/vars/Debian.yml

@@ -3,4 +3,8 @@ vmdriver_packages:
   - libvirt-clients
   - qemu-kvm
   - openvswitch-switch
+  - libvirt-dev
+  - pkg-config
+  - python3-dev
+  - build-essential
 

roles/vmdriver/vars/main.yml

 ---
+# Default variables for the vmdriver role
 vmdriver_user: cloud
+vmdriver_git_update: true
 vmdriver_repo_url: "https://git.ik.bme.hu/circle3/vmdriver.git"
 vmdriver_repo_rev: "master"
-vmdriver_hypervisor_type: "qemu"
-
+vmdriver_base_dir: "/home/{{ vmdriver_user }}/vmdriver"
 vmdriver_repo_dir: "/home/{{ vmdriver_user }}/vmdriver"
 vmdriver_venv_dir: "/home/{{ vmdriver_user }}/.virtualenvs/vmdriver"
+vmdriver_hypervisor_type: "qemu"
+
+# Pin pip/setuptools/wheel first (Celery 4-friendly pip<24.1)
+vmdriver_pip_bootstrap:
+  - "pip<24.1"
+  - "setuptools>=58,<70"
+  - "wheel"
+
+# Requirements file path inside repo
+vmdriver_requirements_file: "{{ vmdriver_base_dir }}/requirements/{{ deployment_type }}.txt"
+
+# Systemd service name
+#### vmdriver_systemd_service: "vmdriver.service"
 
 # vmdriver_enable_services:
 #   - node.service
 #   - 'vmcelery@cloud.service'
+#
+