guestfs: provide console.log sane permission

mcgrof · mcgrof · commit 9002c4b31e20 · 2024-10-17T16:33:33.000-07:00
We want to have user level permissions on the console.log for two
reasons:

 - Leveraging the console as a backup in case the systemd remote
   journal files are not present
 - CI - we want to upload these as artifacts

This leverages the new bringup_guestfs role, and we can use this
after the script, so we can also grow the role with tags of tasks
to run at the end as part of the guestfs bring up process.

Signed-off-by: Luis Chamberlain &lt;mcgrof@kernel.org&gt;
diff --git a/playbooks/roles/bringup_guestfs/tasks/main.yml b/playbooks/roles/bringup_guestfs/tasks/main.yml
@@ -112,3 +112,41 @@
     - 'libvirt_uri_system|bool'
     - libvirt_default_net.rc != 0
   tags: [ 'network' ]
+
+- name: Get the actual user who invoked Ansible
+  command: whoami
+  register: reg_user
+  changed_when: false
+  when:
+    - 'libvirt_uri_system|bool'
+  tags: ['console-permissions']
+
+- name: Look for console.log files in guestfs subdirectories to check for CI enablement
+  become: yes
+  become_flags: 'su - -c'
+  become_method: sudo
+  find:
+    paths: "{{ topdir_path }}/guestfs"
+    patterns: "console.log"
+    file_type: file
+    recurse: yes
+  register: console_log_files
+  when:
+    - 'libvirt_uri_system|bool'
+  tags: ['console-permissions']
+
+- name: Ensure console.log files are owned by the main user for CI monitoring
+  become: yes
+  become_flags: 'su - -c'
+  become_method: sudo
+  file:
+    path: "{{ item.path }}"
+    owner: "{{ reg_user.stdout }}"
+    group: "{{ reg_user.stdout }}"
+  loop: "{{ console_log_files.files }}"
+  loop_control:
+    label: "{{ item.path | regex_replace('^.*guestfs/', 'guestfs/') }}"
+  when:
+    - 'libvirt_uri_system|bool'
+    - console_log_files.matched > 0
+  tags: ['console-permissions']
diff --git a/scripts/guestfs.Makefile b/scripts/guestfs.Makefile
@@ -80,6 +80,12 @@ bringup_guestfs: $(GUESTFS_BRINGUP_DEPS)
 		--extra-vars=@./extra_vars.yaml \
 		--tags config-check,network
 	$(Q)$(TOPDIR)/scripts/bringup_guestfs.sh
+	$(Q)ansible-playbook $(ANSIBLE_VERBOSE) --connection=local \
+		--inventory localhost, \
+		playbooks/bringup_guestfs.yml \
+		-e 'ansible_python_interpreter=/usr/bin/python3' \
+		--extra-vars=@./extra_vars.yaml \
+		--tags console-permissions
 PHONY += bringup_guestfs
 
 destroy_guestfs:
