ci: add tiny linux image prep for acc shutdown test

Author: dmacvicar

.github/workflows/test.yml

@@ -84,6 +84,7 @@ jobs:
           sudo apt-get update
           sudo apt-get install -y \
             qemu-system-x86 \
+            qemu-utils \
             libvirt-daemon-system \
             libvirt-clients \
             libvirt-dev
@@ -92,10 +93,28 @@ jobs:
         run: |
           sudo systemctl start libvirtd
           sudo systemctl status libvirtd
+          # Normalize qemu runtime user on ephemeral runners to avoid storage DAC
+          # mismatches (qemu uid cannot read newly created volume files).
+          sudo sed -i 's/^#\?user = .*/user = "root"/' /etc/libvirt/qemu.conf
+          sudo sed -i 's/^#\?group = .*/group = "root"/' /etc/libvirt/qemu.conf
+          sudo sed -i 's/^#\?dynamic_ownership = .*/dynamic_ownership = 0/' /etc/libvirt/qemu.conf
+          # Disable AppArmor confinement for QEMU so that VMs can access
+          # volumes in non-default pool paths during acceptance tests.
+          echo 'security_driver = "none"' | sudo tee -a /etc/libvirt/qemu.conf
+          sudo systemctl restart libvirtd
           # Add runner to libvirt group
           sudo usermod -a -G libvirt runner
           # Change socket permissions to allow group access
           sudo chmod 666 /var/run/libvirt/libvirt-sock
+          # Ensure default storage path is traversable by dynamically labeled qemu UIDs.
+          sudo mkdir -p /var/lib/libvirt/images
+          sudo chmod 1777 /var/lib/libvirt/images
+          # Ensure default pool exists and is active in this ephemeral runner.
+          if ! virsh -c qemu:///system pool-info default >/dev/null 2>&1; then
+            virsh -c qemu:///system pool-define-as --name default --type dir --target /var/lib/libvirt/images
+          fi
+          virsh -c qemu:///system pool-start default || true
+          virsh -c qemu:///system pool-autostart default || true
 
       - name: Install Terraform
         if: matrix.tf-binary == 'terraform'
@@ -109,6 +128,16 @@ jobs:
         with:
           tofu_version: latest
 
+      - name: Cache acceptance test images
+        uses: actions/cache@v4
+        with:
+          path: .cache/test-images
+          key: ${{ runner.os }}-acc-images-alpine-3.23.3-r0
+
+      - name: Prepare Tiny Linux test image
+        run: |
+          make testdeps-acc-tinylinux
+
       - name: Run Acceptance Tests
         env:
           TF_ACC: "1"
@@ -122,5 +151,38 @@ jobs:
           else
             export TF_ACC_TERRAFORM_PATH=$(which terraform)
           fi
+          ACPI_IMAGE="$PWD/.cache/test-images/alpine-3.23.3-x86_64-bios-tiny-r0.qcow2"
+          if [ -f "$ACPI_IMAGE" ]; then
+            export LIBVIRT_TEST_ACPI_IMAGE="$ACPI_IMAGE"
+          fi
           echo "Using Terraform CLI at: $TF_ACC_TERRAFORM_PATH"
+          if [ -n "${LIBVIRT_TEST_ACPI_IMAGE:-}" ]; then
+            echo "Using ACPI test image: $LIBVIRT_TEST_ACPI_IMAGE"
+          else
+            echo "LIBVIRT_TEST_ACPI_IMAGE not set; image-gated ACPI shutdown test will be skipped."
+          fi
           make testacc
+
+      - name: Debug Libvirt/QEMU Storage Access
+        if: always()
+        run: |
+          echo "=== qemu.conf ==="
+          sudo grep -E '^(user|group|dynamic_ownership)[[:space:]]*=' /etc/libvirt/qemu.conf || true
+          echo
+          echo "=== libvirt daemon status ==="
+          sudo systemctl status libvirtd --no-pager || true
+          echo
+          echo "=== qemu processes ==="
+          ps -ef | grep -E '[q]emu-system|[l]ibvirtd|[v]irtqemud' || true
+          echo
+          echo "=== default pool info ==="
+          virsh -c qemu:///system pool-info default || true
+          virsh -c qemu:///system pool-dumpxml default || true
+          echo
+          echo "=== images dir permissions ==="
+          ls -ld /var/lib/libvirt/images || true
+          stat -c '%a %U:%G %n' /var/lib/libvirt/images || true
+          echo
+          echo "=== test volume file permissions ==="
+          ls -l /var/lib/libvirt/images/test-volume-shutdown-image.qcow2 || true
+          stat -c '%a %U:%G %n' /var/lib/libvirt/images/test-volume-shutdown-image.qcow2 || true

Makefile

@@ -1,4 +1,4 @@
-.PHONY: help build install test testacc testacc-tofu sweep lint fmt clean generate testdeps-acc
+.PHONY: help build install test testacc testacc-tofu sweep lint fmt clean generate testdeps-acc testdeps-acc-tinylinux
 
 # Default target
 .DEFAULT_GOAL := help
@@ -9,6 +9,11 @@ CIRROS_VERSION ?= 0.6.2
 TEST_IMAGE_DIR ?= .cache/test-images
 CIRROS_IMAGE ?= $(TEST_IMAGE_DIR)/cirros-$(CIRROS_VERSION)-x86_64-disk.img
 CIRROS_URL ?= https://download.cirros-cloud.net/$(CIRROS_VERSION)/cirros-$(CIRROS_VERSION)-x86_64-disk.img
+ALPINE_TINY_VERSION ?= 3.23.3
+ALPINE_TINY_RELEASE ?= r0
+ALPINE_TINY_VHD ?= $(TEST_IMAGE_DIR)/aws_alpine-$(ALPINE_TINY_VERSION)-x86_64-bios-tiny-$(ALPINE_TINY_RELEASE).vhd
+ALPINE_TINY_QCOW2 ?= $(TEST_IMAGE_DIR)/alpine-$(ALPINE_TINY_VERSION)-x86_64-bios-tiny-$(ALPINE_TINY_RELEASE).qcow2
+ALPINE_TINY_URL ?= https://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/cloud/aws_alpine-$(ALPINE_TINY_VERSION)-x86_64-bios-tiny-$(ALPINE_TINY_RELEASE).vhd
 
 # Build flags
 LDFLAGS := -ldflags "-X main.version=$(VERSION)"
@@ -50,6 +55,27 @@ testdeps-acc: ## Download/cache acceptance test image dependencies (CirrOS)
 	fi
 	@echo "Set LIBVIRT_TEST_ACPI_IMAGE=$(CIRROS_IMAGE) to run image-based shutdown ACC test."
 
+testdeps-acc-tinylinux: ## Download/cache Tiny Linux acceptance test image (Alpine BIOS tiny)
+	@echo "Preparing Tiny Linux acceptance test image..."
+	@mkdir -p $(TEST_IMAGE_DIR)
+	@if [ ! -f "$(ALPINE_TINY_VHD)" ]; then \
+		echo "Downloading $(ALPINE_TINY_URL) -> $(ALPINE_TINY_VHD)"; \
+		curl -fL --retry 3 --retry-delay 2 -o "$(ALPINE_TINY_VHD)" "$(ALPINE_TINY_URL)"; \
+	else \
+		echo "Using cached VHD image: $(ALPINE_TINY_VHD)"; \
+	fi
+	@if [ ! -f "$(ALPINE_TINY_QCOW2)" ]; then \
+		if ! command -v qemu-img >/dev/null 2>&1; then \
+			echo "qemu-img is required to convert Tiny Linux VHD to QCOW2"; \
+			exit 1; \
+		fi; \
+		echo "Converting $(ALPINE_TINY_VHD) -> $(ALPINE_TINY_QCOW2)"; \
+		qemu-img convert -f vpc -O qcow2 "$(ALPINE_TINY_VHD)" "$(ALPINE_TINY_QCOW2)"; \
+	else \
+		echo "Using cached QCOW2 image: $(ALPINE_TINY_QCOW2)"; \
+	fi
+	@echo "Set LIBVIRT_TEST_ACPI_IMAGE=$(ALPINE_TINY_QCOW2) to run image-based shutdown ACC test."
+
 testacc-tofu: ## Run acceptance tests with OpenTofu
 	@TF_ACC_TERRAFORM_PATH=$$(which tofu) TF_ACC_PROVIDER_NAMESPACE=dmacvicar TF_ACC_PROVIDER_HOST=registry.terraform.io $(MAKE) testacc
 

internal/provider/domain_resource_test.go

@@ -466,15 +466,14 @@ func TestAccDomainResource_destroyShutdownRunningWithImage(t *testing.T) {
 	if _, err := os.Stat(imagePath); err != nil {
 		t.Skipf("LIBVIRT_TEST_ACPI_IMAGE does not exist: %v", err)
 	}
-	testAccRequireDefaultPool(t)
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:                 func() { testAccPreCheck(t) },
 		ProtoV6ProviderFactories: testAccProtoV6ProviderFactories,
 		CheckDestroy:             testAccCheckDomainDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccDomainResourceConfigDestroyShutdownRunningWithImage("test-domain-shutdown-image", "test-volume-shutdown-image", imagePath, 120),
+				Config: testAccDomainResourceConfigDestroyShutdownRunningWithImage("test-domain-shutdown-image", "test-volume-shutdown-image", "test-pool-shutdown-image", "/var/lib/libvirt/images/test-pool-shutdown-image", imagePath, 120),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttr("libvirt_domain.test", "name", "test-domain-shutdown-image"),
 					resource.TestCheckResourceAttr("libvirt_domain.test", "running", "true"),
@@ -484,31 +483,13 @@ func TestAccDomainResource_destroyShutdownRunningWithImage(t *testing.T) {
 			{
 				// Give the guest time to finish early boot before testing shutdown behavior.
 				PreConfig: func() { time.Sleep(45 * time.Second) },
-				Config:    testAccDomainResourceConfigDestroyShutdownRunningWithImage("test-domain-shutdown-image", "test-volume-shutdown-image", imagePath, 120),
+				Config:    testAccDomainResourceConfigDestroyShutdownRunningWithImage("test-domain-shutdown-image", "test-volume-shutdown-image", "test-pool-shutdown-image", "/var/lib/libvirt/images/test-pool-shutdown-image", imagePath, 120),
 				Destroy:   true,
 			},
 		},
 	})
 }
 
-func testAccRequireDefaultPool(t *testing.T) {
-	t.Helper()
-
-	ctx := context.Background()
-	client, err := libvirtclient.NewClient(ctx, testAccLibvirtURI())
-	if err != nil {
-		t.Skipf("failed to create libvirt client: %v", err)
-	}
-	defer func() { _ = client.Close() }()
-
-	pool, err := client.Libvirt().StoragePoolLookupByName("default")
-	if err != nil {
-		t.Skipf("default storage pool not available: %v", err)
-	}
-
-	// Ignore error if pool is already active; we only need a usable pool.
-	_ = client.Libvirt().StoragePoolCreate(pool, 0)
-}
 
 func TestAccDomainResource_updateWithRunning(t *testing.T) {
 	resource.Test(t, resource.TestCase{
@@ -752,19 +733,33 @@ resource "libvirt_domain" "test" {
 `, name)
 }
 
-func testAccDomainResourceConfigDestroyShutdownRunningWithImage(domainName, volumeName, imagePath string, timeout int64) string {
+func testAccDomainResourceConfigDestroyShutdownRunningWithImage(domainName, volumeName, poolName, poolPath, imagePath string, timeout int64) string {
 	return fmt.Sprintf(`
+resource "libvirt_pool" "test" {
+  name = %[3]q
+  type = "dir"
+  target = {
+    path = %[4]q
+    permissions = {
+      mode = "777"
+    }
+  }
+}
+
 resource "libvirt_volume" "test" {
   name = "%[2]s.qcow2"
-  pool = "default"
+  pool = libvirt_pool.test.name
   target = {
+    permissions = {
+      mode = "666"
+    }
     format = {
       type = "qcow2"
     }
   }
   create = {
     content = {
-      url = %[3]q
+      url = %[5]q
     }
   }
 }
@@ -779,7 +774,7 @@ resource "libvirt_domain" "test" {
 
   destroy = {
     shutdown = {
-      timeout = %[4]d
+      timeout = %[6]d
     }
   }
 
@@ -798,7 +793,7 @@ resource "libvirt_domain" "test" {
       {
         source = {
           volume = {
-            pool   = "default"
+            pool   = libvirt_pool.test.name
             volume = libvirt_volume.test.name
           }
         }
@@ -822,7 +817,7 @@ resource "libvirt_domain" "test" {
     ]
   }
 }
-`, domainName, volumeName, imagePath, timeout)
+`, domainName, volumeName, poolName, poolPath, imagePath, timeout)
 }
 
 func testAccCheckDomainIsRunning(name string) resource.TestCheckFunc {