node-common

045e9cc4 · Szeberényi Imre · 14cf0607 · 045e9cc4 · 045e9cc4 · 045e9cc4
Commit 045e9cc4 authored Dec 01, 2025 by Szeberényi Imre
10 changed files
--- a/minimal-comfort.sh
+++ b/minimal-comfort.sh
+#!/usr/bin/env bash
+set -euo pipefail
+if [[ $EUID -ne 0 ]]; then
+  echo "Kérlek rootként futtasd: sudo ./minimal-comfort.sh"
+  exit 1
+fi
+export DEBIAN_FRONTEND=noninteractive
+echo "[*] APT frissítés + alap csomagok telepítése..."
+apt-get update -y
+apt-get install -y \
+  iproute2 iputils-ping net-tools dnsutils \
+  curl wget ca-certificates \
+  less lsof traceroute tcpdump \
+  nano vim htop \
+  unzip zip tar gzip bzip2 xz-utils \
+  git jq rsync \
+  isc-dhcp-client
+# VLAN modul (802.1Q)
+echo "[*] 8021q modul engedélyezése (VLAN-hoz)..."
+install -d /etc/modules-load.d
+echo "8021q" > /etc/modules-load.d/vlan-8021q.conf
+modprobe 8021q || true
+# Kényelmi aliasok és kisegítők (globálisan minden usernek)
+echo "[*] Aliasok és kényelmi beállítások hozzáadása..."
+cat >/etc/profile.d/99-comfort.sh <<'EOC'
+# Komfort aliasok
+alias ll='ls -alF'
+alias la='ls -A'
+alias l='ls -CF'
+alias grep='grep --color=auto'
+alias ipw='ip -c -br a'
+alias ports='ss -tulpen'
+# kevésbé idegesítő less
+export LESS='-R'
+# default editor
+export EDITOR=vim
+# Egyszerű, informatív prompt
+# pl: [root@host 12:34] /current/dir $
+if [ -n "$PS1" ]; then
+  PS1='[\u@\h \A] \w \$ '
+fi
+EOC
+chmod 0644 /etc/profile.d/99-comfort.sh
+# Vim alap beállítás (ha valaki inkább ezt használja)
+cat >/etc/vim/vimrc.local <<'EOV'
+set number
+set ruler
+set mouse=
+set backspace=indent,eol,start
+syntax on
+EOV
+# Nano: egységes tab/indent és sorjelölés
+install -d /etc/nano
+cat >/etc/nanorc <<'EON'
+set linenumbers
+set tabsize 2
+set smooth
+set nowrap
+EON
+echo
+echo "[✓] Kész! Lépj ki és be újra (vagy futtasd: source /etc/profile) az aliasokhoz/prompthoz."
+echo "[i] Hasznos parancsok:"
+echo "    - ipw            # rövid IP összefoglaló"
+echo "    - ports          # nyitott portok/folyamatok"
+echo "    - dhclient IFACE # DHCP kliens kézzel (pl. dhclient enp3s0.5)"
--- a/playbooks/nfs-client.yml
+++ b/playbooks/nfs-client.yml
 - hosts: all
-  become: true
  roles:
    - nfs-client
--- a/playbooks/node-common.yml
+++ b/playbooks/node-common.yml
+---
+- name: Prepare fixed UID/GID layout for libvirt/NFS hosts
+  hosts: all
+  become: yes
+  gather_facts: no
+  vars:
+    temp_uid_offset: 50000
+    temp_gid_offset: 50000
+    fixed_groups:
+      - { name: "lxd",             gid: 101 }
+      - { name: "libvirt-qemu",    gid: 107 }
+      - { name: "uuidd",           gid: 108 }
+      - { name: "incron",          gid: 109 }
+      - { name: "libvirt",         gid: 110 }
+      - { name: "libvirt-dnsmasq", gid: 111 }
+      - { name: "kvm",             gid: 994 }
+      - { name: "cloud",           gid: 1000 }
+    fixed_users:
+      - name: "libvirt-qemu"
+        uid: 107
+        gid: 107
+        home: "/var/lib/libvirt"
+        shell: "/usr/sbin/nologin"
+        system: true
+      - name: "uuidd"
+        uid: 108
+        gid: 108
+        home: "/run/uuidd"
+        shell: "/usr/sbin/nologin"
+        system: true
+      - name: "statd"
+        uid: 109
+        gid: 65534           # nogroup
+        home: "/var/lib/nfs"
+        shell: "/usr/sbin/nologin"
+        system: true
+      - name: "chrony"
+        uid: 110
+        gid: 110
+        home: "/var/lib/chrony"
+        shell: "/usr/sbin/nologin"
+        system: true
+      - name: "libvirt-dnsmasq"
+        uid: 111
+        gid: 111
+        home: "/var/lib/libvirt/dnsmasq"
+        shell: "/usr/sbin/nologin"
+        system: true
+      - name: "cloud"
+        uid: 1000
+        gid: 1000
+        home: "/home/cloud"
+        shell: "/bin/bash"
+        system: false
+  tasks:
+    - name: Ensure basic tools are present
+      package:
+        name: [ "findutils", "coreutils" ]
+        state: present
+    #######################################################################
+    # 1) GROUP KONFLIKTUSOK KEZELÉSE
+    #######################################################################
+    - name: Resolve GID conflicts (move foreign groups to temp GID)
+      shell: |
+        set -e
+        desired_name="{{ item.name }}"
+        desired_gid="{{ item.gid }}"
+        current_name="$(getent group "$desired_gid" | cut -d: -f1 || true)"
+        # Ha nincs ilyen gid, vagy már a jó group név használja, kilépünk
+        if [ -z "$current_name" ] || [ "$current_name" = "$desired_name" ]; then
+          exit 0
+        fi
+        temp_gid=$(( desired_gid + {{ temp_gid_offset }} ))
+        echo "GID $desired_gid foglalt a(z) $current_name által, átmozgatás $temp_gid-re..."
+        groupmod -g "$temp_gid" "$current_name"
+        # régi GID-vel rendelkező fájlok tulajdonát visszaállítjuk a group névre
+        find / -xdev -gid "$desired_gid" -exec chgrp "$current_name" {} \; || true
+      args:
+        executable: /bin/bash
+      loop: "{{ fixed_groups }}"
+      loop_control:
+        label: "{{ item.name }}"
+    - name: Ensure fixed groups exist with correct GID
+      group:
+        name: "{{ item.name }}"
+        gid: "{{ item.gid }}"
+        system: yes
+        state: present
+      loop: "{{ fixed_groups }}"
+      loop_control:
+        label: "{{ item.name }}"
+    #######################################################################
+    # 2) USER KONFLIKTUSOK KEZELÉSE
+    #######################################################################
+    - name: Resolve UID conflicts (move foreign users to temp UID)
+      shell: |
+        set -e
+        desired_name="{{ item.name }}"
+        desired_uid="{{ item.uid }}"
+        current_name="$(getent passwd "$desired_uid" | cut -d: -f1 || true)"
+        # Ha nincs ilyen uid, vagy már a jó user használja, kilépünk
+        if [ -z "$current_name" ] || [ "$current_name" = "$desired_name" ]; then
+          exit 0
+        fi
+        temp_uid=$(( desired_uid + {{ temp_uid_offset }} ))
+        echo "UID $desired_uid foglalt a(z) $current_name által, átmozgatás $temp_uid-re..."
+        usermod -u "$temp_uid" "$current_name"
+        # régi UID-vel rendelkező fájlok tulajdonát visszaállítjuk a user névre
+        find / -xdev -uid "$desired_uid" -exec chown "$current_name" {} \; || true
+      args:
+        executable: /bin/bash
+      loop: "{{ fixed_users }}"
+      loop_control:
+        label: "{{ item.name }}"
+    - name: Ensure fixed users exist with correct UID/GID
+      user:
+        name: "{{ item.name }}"
+        uid: "{{ item.uid }}"
+        group: "{{ item.gid }}"
+        home: "{{ item.home }}"
+        shell: "{{ item.shell }}"
+        system: "{{ item.system }}"
+        create_home: "{{ item.system | ternary(false, true) }}"
+        state: present
+      loop: "{{ fixed_users }}"
+      loop_control:
+        label: "{{ item.name }}"
+    - name: Ensure cloud is member of libvirt group
+      user:
+        name: cloud
+        groups: libvirt
+        append: yes
+    - name: Ensure home/system dirs exist and owned properly
+      file:
+        path: "{{ item.home }}"
+        state: directory
+        owner: "{{ item.name }}"
+        group: "{{ item.gid }}"
+        mode: "0750"
+      loop: "{{ fixed_users }}"
+      loop_control:
+        label: "{{ item.name }}"
+      when: item.home not in ["/nonexistent", "/"]
+    #######################################################################
+    # 3) (OPCIONÁLIS) REBOOT
+    #######################################################################
+    # - name: Reboot after UID/GID changes
+    #   reboot:
+    #     msg: "Reboot after UID/GID preparation"
+    #     reboot_timeout: 600
--- a/playbooks/vmdriver.yml
+++ b/playbooks/vmdriver.yml
---
 - hosts: all
-  become: true
  roles:
    - role: vmdriver
--- a/roles/agentdriver/tasks/main.yml
+++ b/roles/agentdriver/tasks/main.yml
@@ -19,9 +19,9 @@
 - name: Checkout repository
  ansible.builtin.git:
-    repo: "{{ agentdriver_repo_name }}"
+    repo: "{{ agentdriver_repo_url }}"
    dest: "{{ agentdriver_base_dir }}"
-    version: "{{ agentdriver_repo_revision }}"
+    version: "{{ agentdriver_repo_rev }}"
    update: "{{ agentdriver_git_update | bool }}"
    accept_hostkey: yes
  become: yes
@@ -76,6 +76,12 @@
  become_user: "{{ agentdriver_app_user }}"
  tags: [ 'deps' ]
+- name: Ensure incron is installed
+  become: yes
+  package:
+    name: incron
+    state: present
 - name: copy incron
  ansible.builtin.copy:
    src: "{{ agentdriver_repo_dir }}/miscellaneous/agentdriver.incron"
@@ -85,6 +91,12 @@
    mode: "0644"
  become: yes
+- name: Ensure incron daemon is enabled and running
+  service:
+    name: incron
+    state: started
+    enabled: yes
 - name: copy service
  ansible.builtin.copy:
    src: "{{ agentdriver_repo_dir }}/miscellaneous/agentdriver.service"

--- a/roles/agentdriver/vars/main.yml
+++ b/roles/agentdriver/vars/main.yml
 # Default variables for the agentdriver role
 agentdriver_app_user: "cloud"
 agentdriver_git_update: true
-agentdriver_repo_name: "https://git.ik.bme.hu/circle3/agentdriver.git"
+agentdriver_repo_url: "https://git.ik.bme.hu/circle3/agentdriver.git"
-agentdriver_repo_revision: "master"
+agentdriver_repo_rev: "master"
 agentdriver_base_dir: "/home/{{ agentdriver_app_user }}/agentdriver"
 agentdriver_repo_dir: "/home/{{ agentdriver_app_user }}/agentdriver"
 agentdriver_venv_dir: "/home/{{ agentdriver_app_user }}/.virtualenvs/agentdriver"

--- a/roles/nfs-client/task/main.yml
+++ b/roles/nfs-client/task/main.yml
 - name: Include OS-specific vars
-  ansible.builtin.include_vars: "{{ item }}"
+  ansible.builtin.include_vars:
-  with_first_found:
+    file: "{{ ansible_os_family }}.yml"
-    - "{{ ansible_os_family }}.yml"
+- name: Debug nfs_client_packages
+  debug:
+    var: nfs_client_packages
 - name: Install NFS client packages
+  become: true
  ansible.builtin.package:
    name: "{{ nfs_client_packages }}"
    state: present
 - name: Ensure rpcbind is enabled and running (needed for NFSv3)
+  become: true
  ansible.builtin.systemd:
    name: rpcbind
    state: started

--- a/roles/vmdriver/tasks/main.yml
+++ b/roles/vmdriver/tasks/main.yml
@@ -4,6 +4,7 @@
    - "{{ ansible_os_family }}.yml"
 - name: Ensure required packages are present
+  become: yes
  package:
    name: "{{ vmdriver_packages }}"
    state: present
@@ -92,42 +93,74 @@
  args:
    creates: /sys/class/net/cloud
- name: Clone vmdriver repository
+- name: Ensure base dir exists (owned by user)
-  git:
+  ansible.builtin.file:
-    repo: "{{ vmdriver_repo_url }}"
+    path: "{{ vmdriver_base_dir }}"
-    version: "{{ vmdriver_repo_rev }}"
+    state: directory
-    dest: "{{ vmdriver_repo_dir }}"
+    owner: "{{ vmdriver_user }}"
-    update: true
+    group: "{{ vmdriver_user }}"
-    force: true
+    mode: "0755"
-  become: true
-  become_user: "{{ vmdriver_user }}"
- name: Ensure virtualenv base dir exists
+- name: Ensure repo dir exists (owned by app user)
-  file:
+  ansible.builtin.file:
-    path: "{{ vmdriver_venv_dir | dirname }}"
+    path: "{{ vmdriver_base_dir }}"
    state: directory
    owner: "{{ vmdriver_user }}"
    group: "{{ vmdriver_user }}"
    mode: "0755"
+- name: Checkout repository
+  ansible.builtin.git:
+    repo: "{{ vmdriver_repo_url }}"
+    dest: "{{ vmdriver_base_dir }}"
+    version: "{{ vmdriver_repo_rev }}"
+    update: "{{ vmdriver_git_update | bool }}"
+    accept_hostkey: yes
+  become: yes
+  become_user: "{{ vmdriver_user }}"
+  tags: [ 'git' ]
+#- name: Ensure virtualenv base dir exists
+#  file:
+#    path: "{{ vmdriver_venv_dir | dirname }}"
+#    state: directory
+#    owner: "{{ vmdriver_user }}"
+#    group: "{{ vmdriver_user }}"
+#    mode: "0755"
 - name: Create Python venv
  pip:
    name: pip
    state: latest
    virtualenv: "{{ vmdriver_venv_dir }}"
    virtualenv_python: python3.9
+  become: yes
+  become_user: "{{ vmdriver_user }}"
- name: Install pip requirements into venv
+#- name: Install pip requirements into venv
-  pip:
+#  pip:
-    requirements: "{{ vmdriver_repo_dir }}/requirements/install_first.txt"
+#    requirements: "{{ vmdriver_repo_dir }}/requirements/install_first.txt"
+#    virtualenv: "{{ vmdriver_venv_dir }}"
+#    virtualenv_python: python3.9
+- name: Bootstrap pip/setuptools/wheel (pinned first stage)
+  ansible.builtin.pip:
+    name: "{{ vmdriver_pip_bootstrap }}"
    virtualenv: "{{ vmdriver_venv_dir }}"
    virtualenv_python: python3.9
+    state: present
+  become: yes
+  become_user: "{{ vmdriver_user }}"
+  tags: [ 'pip' ]
- name: Install Python requirements into venv
+- name: Install Python requirements
-  pip:
+  ansible.builtin.pip:
-    requirements: "{{ vmdriver_repo_dir }}/requirements/{{ deployment_type }}.txt"
+    requirements: "{{ vmdriver_requirements_file }}"
    virtualenv: "{{ vmdriver_venv_dir }}"
    virtualenv_python: python3.9
+  become: yes
+  become_user: "{{ vmdriver_user }}"
+  tags: [ 'deps' ]
 - name: Deploy sudoers fragment
  copy:

--- a/roles/vmdriver/vars/Debian.yml
+++ b/roles/vmdriver/vars/Debian.yml
@@ -3,4 +3,8 @@ vmdriver_packages:
  - libvirt-clients
  - qemu-kvm
  - openvswitch-switch
+  - libvirt-dev
+  - pkg-config
+  - python3-dev
+  - build-essential
--- a/roles/vmdriver/vars/main.yml
+++ b/roles/vmdriver/vars/main.yml
 ---
+# Default variables for the vmdriver role
 vmdriver_user: cloud
+vmdriver_git_update: true
 vmdriver_repo_url: "https://git.ik.bme.hu/circle3/vmdriver.git"
 vmdriver_repo_rev: "master"
-vmdriver_hypervisor_type: "qemu"
+vmdriver_base_dir: "/home/{{ vmdriver_user }}/vmdriver"
 vmdriver_repo_dir: "/home/{{ vmdriver_user }}/vmdriver"
 vmdriver_venv_dir: "/home/{{ vmdriver_user }}/.virtualenvs/vmdriver"
+vmdriver_hypervisor_type: "qemu"
+# Pin pip/setuptools/wheel first (Celery 4-friendly pip<24.1)
+vmdriver_pip_bootstrap:
+  - "pip<24.1"
+  - "setuptools>=58,<70"
+  - "wheel"
+# Requirements file path inside repo
+vmdriver_requirements_file: "{{ vmdriver_base_dir }}/requirements/{{ deployment_type }}.txt"
+# Systemd service name
+#### vmdriver_systemd_service: "vmdriver.service"
 # vmdriver_enable_services:
 #   - node.service
 #   - 'vmcelery@cloud.service'
+#