base_image: apply virt-builder template to custom images

Custom images were bypassing the virt-builder template entirely,
missing essential customizations like kdevops user creation and
SSH service configuration. This caused virt-sysprep SSH injection
to fail with "user kdevops does not exist on the guest".

Add virt-customize step to apply the same virt-builder.j2 template
to custom images after download, ensuring they get:
- kdevops user creation with proper UID
- SSH service configuration (stop/reconfigure/start)
- sudo permissions setup
- All other template customizations

The customization is only applied once when the sentinel file
doesn't exist, avoiding redundant processing on subsequent runs.

Generated-by: Claude AI
Signed-off-by: Daniel Gomez <[email protected]>

Author: dkruces

playbooks/roles/base_image/tasks/custom-image.yml

@@ -85,6 +85,78 @@
         chdir: "{{ custom_image_dir }}"
       changed_when: false
 
+    - name: Get the UID of the kdevops user on the control host
+      ansible.builtin.command:
+        cmd: "id -u kdevops"
+      register: id_output
+      changed_when: false
+      failed_when: false
+      when:
+        - not sentinel_stat.stat.exists
+
+    - name: Set the kdevops UID for custom image
+      ansible.builtin.set_fact:
+        kdevops_uid: "-u {{ id_output.stdout }}"
+      when:
+        - not sentinel_stat.stat.exists
+        - id_output.rc == 0
+
+    - name: Set default kdevops UID for custom image if user doesn't exist
+      ansible.builtin.set_fact:
+        kdevops_uid: ""
+      when:
+        - not sentinel_stat.stat.exists
+        - id_output.rc != 0
+
+    - name: Create a temporary file for virt-customize commands
+      ansible.builtin.tempfile:
+        state: file
+      register: custom_command_file
+      when:
+        - not sentinel_stat.stat.exists
+
+    - name: Construct the virt-customize command file for custom image
+      ansible.builtin.template:
+        src: "{{ role_path }}/templates/virt-builder.j2"
+        dest: "{{ custom_command_file.path }}"
+        mode: "u=rw"
+      when:
+        - not sentinel_stat.stat.exists
+
+    - name: Customize the downloaded image with kdevops user and settings
+      become: true
+      become_method: ansible.builtin.sudo
+      ansible.builtin.command:
+        argv:
+          - "virt-customize"
+          - "-a"
+          - "{{ custom_image }}"
+          - "--commands-from-file"
+          - "{{ custom_command_file.path }}"
+      when:
+        - libvirt_uri_system|bool
+        - not sentinel_stat.stat.exists
+
+    - name: Customize the downloaded image with kdevops user and settings (non-root)
+      ansible.builtin.command:
+        argv:
+          - "virt-customize"
+          - "-a"
+          - "{{ custom_image }}"
+          - "--commands-from-file"
+          - "{{ custom_command_file.path }}"
+      when:
+        - not libvirt_uri_system|bool
+        - not sentinel_stat.stat.exists
+
+    - name: Clean up the virt-customize command file
+      ansible.builtin.file:
+        path: "{{ custom_command_file.path }}"
+        state: absent
+      when:
+        - custom_command_file.path is defined
+        - not sentinel_stat.stat.exists
+
     - name: Touch the custom image sentinel
       ansible.builtin.file:
         path: "{{ custom_image_ok }}"

playbooks/roles/guestfs/tasks/bringup/main.yml

@@ -58,12 +58,6 @@
           - "{{ root_image }}"
           - "--hostname"
           - "{{ inventory_hostname }}"
-          - "--run-command"
-          - "useradd -s /bin/bash -m kdevops || true"
-          - "--run-command"
-          - "echo 'kdevops   ALL=(ALL)       NOPASSWD: ALL' > /etc/sudoers.d/kdevops"
-          - "--password"
-          - "kdevops:password:kdevops"
           - "--ssh-inject"
           - "kdevops:file:{{ ssh_key }}.pub"
           - "--timezone"
@@ -79,12 +73,6 @@
           - "{{ root_image }}"
           - "--hostname"
           - "{{ inventory_hostname }}"
-          - "--run-command"
-          - "useradd -s /bin/bash -m kdevops || true"
-          - "--run-command"
-          - "echo 'kdevops   ALL=(ALL)       NOPASSWD: ALL' > /etc/sudoers.d/kdevops"
-          - "--password"
-          - "kdevops:password:kdevops"
           - "--ssh-inject"
           - "kdevops:file:{{ ssh_key }}.pub"
           - "--timezone"

playbooks/roles/guestfs/tasks/main.yml

@@ -31,6 +31,18 @@
     - bringup
   ansible.builtin.set_fact:
     base_image: "{{ storagedir }}/base_images/{{ virtbuilder_os_version }}.raw"
+  when:
+    - not guestfs_has_custom_raw_image|bool
+  delegate_to: localhost
+
+- name: Set the pathname of the custom OS base image
+  tags:
+    - base_image
+    - bringup
+  ansible.builtin.set_fact:
+    base_image: "{{ storagedir }}/custom_images/{{ virtbuilder_os_version }}/{{ virtbuilder_os_version }}.raw"
+  when:
+    - guestfs_has_custom_raw_image|bool
   delegate_to: localhost
 
 - name: Ensure the required base OS image exists

playbooks/roles/monitoring/files/plot_migration_stats.py

@@ -155,7 +155,10 @@ def plot_folio_migration(stats_files, output_file):
 
             # Different line styles for baseline vs dev
             if is_dev:
-                linestyle = (0, (5, 3))  # Custom dash pattern: 5 points on, 3 points off
+                linestyle = (
+                    0,
+                    (5, 3),
+                )  # Custom dash pattern: 5 points on, 3 points off
                 linewidth = 2.3
                 alpha = 0.9
             else:
@@ -167,7 +170,10 @@ def plot_folio_migration(stats_files, output_file):
             color = color_map.get(name, plt.cm.tab10(idx % 10))
 
             if is_dev:
-                linestyle = (0, (5, 3))  # Custom dash pattern: 5 points on, 3 points off
+                linestyle = (
+                    0,
+                    (5, 3),
+                )  # Custom dash pattern: 5 points on, 3 points off
                 linewidth = 2.3
                 alpha = 0.9
             else: