fix(dag): Add sudo to kcli commands in freeipa_deployment DAG

The E2E test workflow creates an SSH connection with the github-runner
user, but kcli requires root/sudo privileges to manage VMs via libvirt.

This fix adds sudo to all kcli commands in the FreeIPA deployment DAG:
- validate_environment: sudo kcli list images, sudo kcli --version
- create_freeipa_vm: sudo kcli info/create vm
- wait_for_vm: sudo kcli info vm
- prepare_ansible: sudo kcli info vm
- install_freeipa: sudo kcli info vm
- validate_freeipa: sudo kcli info vm
- destroy_freeipa: sudo kcli info/delete vm

Fixes E2E test failure:
https://github.com/Qubinode/qubinode_navigator/actions/runs/20721447025

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <[email protected]>

Author: tosin2013

airflow/dags/freeipa_deployment.py

@@ -110,9 +110,9 @@ def decide_action(**context):
         echo "[ERROR] kcli not installed"
         exit 1
     fi
-    echo "[OK] kcli installed: $(kcli --version 2>&1 | head -1)"
+    echo "[OK] kcli installed: $(sudo kcli --version 2>&1 | head -1)"
 
-    if kcli list images | grep -q "$IMAGE_NAME"; then
+    if sudo kcli list images | grep -q "$IMAGE_NAME"; then
         echo "[OK] Image $IMAGE_NAME available"
     else
         echo "[WARN] Image $IMAGE_NAME not found, will download during VM creation"
@@ -160,9 +160,9 @@ def decide_action(**context):
 
     VM_NAME=freeipa
 
-    if kcli info vm $VM_NAME &>/dev/null; then
+    if sudo kcli info vm $VM_NAME &>/dev/null; then
         echo "[WARN] VM $VM_NAME already exists"
-        kcli info vm $VM_NAME
+        sudo kcli info vm $VM_NAME
         exit 0
     fi
 
@@ -172,7 +172,7 @@ def decide_action(**context):
     echo "  CPUs: 2"
     echo "  Disk: 50 GB"
 
-    kcli create vm $VM_NAME \
+    sudo kcli create vm $VM_NAME \
         -i $IMAGE_NAME \
         -P memory=4096 \
         -P numcpus=2 \
@@ -185,7 +185,7 @@ def decide_action(**context):
 
     echo ""
     echo "[OK] VM created successfully"
-    kcli info vm $VM_NAME
+    sudo kcli info vm $VM_NAME
     """,
     cmd_timeout=600,
     dag=dag,
@@ -207,7 +207,7 @@ def decide_action(**context):
     echo "Waiting for VM to get IP address..."
 
     for i in $(seq 1 $MAX_ATTEMPTS); do
-        VM_INFO=$(kcli info vm $VM_NAME 2>/dev/null)
+        VM_INFO=$(sudo kcli info vm $VM_NAME 2>/dev/null)
         IP=$(echo "$VM_INFO" | grep "^ip:" | awk "{print \\$2}")
 
         if [ -n "$IP" ] && [ "$IP" != "None" ] && [ "$IP" != "" ]; then
@@ -263,7 +263,7 @@ def decide_action(**context):
 
     # Get IP via kcli on host
     VM_NAME="freeipa"
-    IP=$(kcli info vm $VM_NAME 2>/dev/null | grep "^ip:" | awk "{{{{print \\$2}}}}")
+    IP=$(sudo kcli info vm $VM_NAME 2>/dev/null | grep "^ip:" | awk "{{{{print \\$2}}}}")
 
     if [ -z "$IP" ] || [ "$IP" == "None" ]; then
         echo "[ERROR] Could not get VM IP"
@@ -348,7 +348,7 @@ def decide_action(**context):
     DNS_FORWARDER="{{{{ params.dns_forwarder }}}}"
 
     VM_NAME="freeipa"
-    IP=$(kcli info vm $VM_NAME 2>/dev/null | grep "^ip:" | awk "{{{{print \\$2}}}}")
+    IP=$(sudo kcli info vm $VM_NAME 2>/dev/null | grep "^ip:" | awk "{{{{print \\$2}}}}")
 
     if [ -z "$IP" ]; then
         echo "[ERROR] Could not get VM IP"
@@ -404,7 +404,7 @@ def decide_action(**context):
     RUN_ANSIBLE="{{ params.run_ansible_install }}"
 
     VM_NAME="freeipa"
-    IP=$(kcli info vm $VM_NAME 2>/dev/null | grep "^ip:" | awk "{print \\$2}")
+    IP=$(sudo kcli info vm $VM_NAME 2>/dev/null | grep "^ip:" | awk "{print \\$2}")
 
     echo "Checking FreeIPA services on $IP..."
 
@@ -444,9 +444,9 @@ def decide_action(**context):
 
     VM_NAME=freeipa
 
-    if kcli info vm $VM_NAME &>/dev/null; then
+    if sudo kcli info vm $VM_NAME &>/dev/null; then
         echo "Deleting VM: $VM_NAME"
-        kcli delete vm $VM_NAME -y
+        sudo kcli delete vm $VM_NAME -y
         echo "[OK] VM deleted"
     else
         echo "[WARN] VM $VM_NAME does not exist"