Refactor VM volume mounting

- Replace bind-mounts on /lmn/media/$USER with separate mounting for Home and Share SMB shares in the VM. - Update vm-run to start virtiofsd with /lmn/media/$USER (/home/$USER on localhome machines). - Use vm-vminfo to generate a JSON file containing user information, including Username, Groups, printer list krb5-ticket and some more - Configure vminfo.service (systemd-timer) to periodically call vm-vminfo. - Ensure krb5-ticket (TGT) is injected into the Windows VM. - Mount SMB-Home and SMB-Share shares as part of the new structure.
2025-07-02 13:54:19 +02:00 · 2025-07-02 13:54:19 +02:00 · b688a8df59
commit b688a8df59
parent efd48de6c7
12 changed files with 560 additions and 24 deletions
--- a/roles/lmn_vm/files/vm-link-images
+++ b/roles/lmn_vm/files/vm-link-images
@ -19,8 +19,9 @@ done
 shift "$((OPTIND -1))"

 # link system-VM-Images to User VM Directory
-for i in *.qcow2; do
-  [[ -f "${VM_DIR}/${i}" ]] || ln "${i}" "${VM_DIR}/${i}"
+for filename in "$@"; do
+  filename="$(basename ${filename})"
+  [[ -f "${VM_DIR}/${filename}" ]] || ln "${filename}" "${VM_DIR}/${filename}"
 done

 # allow lmnsynci to remove old vm images 
--- a/roles/lmn_vm/files/vm-run
+++ b/roles/lmn_vm/files/vm-run
@ -90,17 +90,21 @@ create_clone() {
    local VM_NAME="$1"

    if ! [[ -f "${VM_SYSDIR}/${VM_NAME}.qcow2" || -f "${VM_DIR}/${VM_NAME}.qcow2" ]]; then
-	echo "qcow2 File does not exists." >&2
-	exit 1
+      echo "qcow2 File does not exists." >&2
+      exit 1
    fi

    # Create User-VM-Dir and link system VM-Images
    [[ -d "${VM_DIR}" ]] || mkdir -p "${VM_DIR}"
-    if [[ "${PERSISTENT}" -eq 1 ]]; then
-        sudo /usr/local/bin/vm-link-images -p
-    else
-        sudo /usr/local/bin/vm-link-images
-    fi
+    IMAGE="${VM_NAME}.qcow2"
+    while [[ -n ${IMAGE} ]]; do
+      if [[ "${PERSISTENT}" -eq 1 ]]; then
+        sudo /usr/local/bin/vm-link-images -p "${IMAGE}"
+      else
+        sudo /usr/local/bin/vm-link-images "${IMAGE}"
+      fi
+      IMAGE="$(qemu-img info -U "${VM_DIR}/${IMAGE}" | grep "^backing file:" | cut -d ' ' -f 3)"
+    done

    # Create backing file
    cd "${VM_DIR}"
@ -130,18 +134,30 @@ create_printerlist() {
 }

 create_mountlist() {
-  if id | grep -q teachers; then
-    NETHOME=/srv/samba/schools/default-school/teachers/$USER
-  else
-    NETHOME=(/srv/samba/schools/default-school/students/*/"$USER")
-  fi
-  NETHOME="${NETHOME#/srv/samba/schools}"
-  cat << EOF > "/lmn/media/${USER}/.mounts.csv"
+  NETHOMEPART="${NETHOME#/srv/samba/schools}"
+  cat << EOF > "${VMINFO_DIR}/.mounts.csv"
 Drive;Remotepath
-H;\\\\10.190.1.1${NETHOME//\//\\}
-T;\\\\10.190.1.1\default-school\share
+H;\\\\server.pn.steinbeis.schule${NETHOMEPART//\//\\}
+T;\\\\server.pn.steinbeis.schule\\default-school\\share
 EOF
-  echo "${USER}" > "/lmn/media/${USER}/.user"
+  echo "${USER}" > "/${VMINFO_DIR}/.user"
+}
+
+start_virtiofs_service() {
+  local target_name=$1
+  local shared_dir=$2
+  local drive_letter=$3
+  local socket="/run/user/${UID}/virtiofs-${VM_NAME}-${target_name,,}.sock"
+
+  systemd-run --user /usr/local/bin/virtiofsd --uid-map=":${GUEST_UID}:${UID}:1:" --gid-map=":${GUEST_GID}:$(id -g):1:" \
+        --socket-path "${socket}" --shared-dir "${shared_dir}" --syslog
+
+  if [[ $? -ne 0 ]]; then
+    echo "Error starting virtiofsd for ${target_name}." >&2
+    return 1
+  fi
+
+  LIBVIRTOPTS="${LIBVIRTOPTS} --filesystem driver.type=virtiofs,accessmode=passthrough,target.dir=${target_name},xpath1.set=./source/@socket=${socket}"
 }

 start_virtiofsd() {
@ -151,9 +167,16 @@ start_virtiofsd() {
    [[ "$GUEST_GID" == 0 ]] && GUEST_GID=1010
  fi
  # END temporary fix
-  socket="/run/user/$(id -u $USER)/virtiofs-${VM_NAME}.sock"
-  systemd-run --user /usr/local/bin/virtiofsd --uid-map=:${GUEST_UID}:${UID}:1: --gid-map=:${GUEST_GID}:$(id -g):1: \
-	  --socket-path "$socket" --shared-dir "/lmn/media/${USER}" --syslog
+
+  # start_virtiofs_service "VM-Data" "/lmn/media/${USER}" "Y"
+  # start_virtiofs_service "default-school" "/srv/samba/schools/default-school" "Y"
+
+  # Home@PC / VM-Data
+  if [[ "${HOME}" != "${NETHOME}" ]]; then
+    start_virtiofs_service "Home_Linux" "${HOME}" "Y"
+  else
+    start_virtiofs_service "VM-Data" "/lmn/media/${USER}" "Y"
+  fi
 }

 ask_really_persistent() {
@ -316,18 +339,33 @@ if  ! virsh --connect="${QEMU}" list | grep "${VM_NAME}-clone"; then
      check_images
    fi
    if [[ "${NEWCLONE}" = 1 ]] || [[ ! -f "${VM_DIR}/${VM_NAME}-clone.qcow2" ]]; then
-        create_clone "${VM_NAME}"
+      create_clone "${VM_NAME}"
    fi
    # delete the old vm
    virsh --connect=qemu:///session undefine --nvram "${VM_NAME}-clone" || echo "${VM_NAME}-clone did not exist"
    #trap exit_script SIGHUP SIGINT SIGTERM

+    if id | grep -q teachers; then
+      NETHOME=/srv/samba/schools/default-school/teachers/$USER
+    else
+      NETHOME=(/srv/samba/schools/default-school/students/*/"$USER")
+    fi
+    if [[ "${HOME}" != "${NETHOME}" ]]; then
+      VMINFO_DIR="${HOME}"
+    else
+      VMINFO_DIR="/lmn/media/${USER}"
+    fi
    create_printerlist
    create_mountlist

    # start virtiofsd-service
    [[ "${QEMU}" = 'qemu:///session' ]] && start_virtiofsd

+    # Create VMInfo Json file
+    #( umask 027; ./vm-create-vminfo > "${VMINFO_DIR}/.vminfo.json" )
+    # Start vminfo.timer
+    systemctl --user start vminfo.timer
+
    uuid=$(openssl rand -hex 16)
    uuid="${uuid:0:8}-${uuid:8:4}-${uuid:12:4}-${uuid:16:4}-${uuid:20:12}"

@ -349,7 +387,6 @@ if  ! virsh --connect="${QEMU}" list | grep "${VM_NAME}-clone"; then
 	     --memorybacking source.type=memfd,access.mode=shared \
 	     --disk "${VM_DIR}/${VM_NAME}-clone.qcow2",driver.discard=unmap,target.bus=scsi,cache=writeback \
 	     --network=bridge=virbr0,model.type=virtio \
-             --filesystem driver.type=virtiofs,accessmode=passthrough,target.dir=virtiofs,xpath1.set=./source/@socket="/run/user/${UID}/virtiofs-${VM_NAME}.sock" \
 	     --controller type=scsi,model=virtio-scsi \
 	     --check path_in_use=off \
             --connect="${QEMU}" \
--- a/roles/lmn_vm/files/vm-vminfo
+++ b/roles/lmn_vm/files/vm-vminfo
@ -0,0 +1,113 @@
+#!/usr/bin/python3
+
+import argparse
+import struct
+import subprocess
+import json
+
+from os import environ,path
+from impacket.krb5.ccache import CCache
+from base64 import b64encode
+
+home = ""
+nethome = ""
+vminfo = {}
+
+def get_printers():
+    printers = []
+    try:
+        result = subprocess.run(['lpstat', '-v'], capture_output=True, text=True, check=True)
+        for line in result.stdout.splitlines():
+            # Extrahiere den Druckernamen
+            printer_name = line.split()[2].rstrip(':')
+            ipp_url = f"ipp://192.168.122.1/printers/{printer_name}"
+            printer = { 'Name': printer_name, 'IppURL': ipp_url }
+            printers.append(printer)
+        return printers
+    except subprocess.CalledProcessError as e:
+        print(f"Fehler beim Abrufen der Drucker: {e}")
+        return []
+
+def get_groups(username):
+    try:
+        result = subprocess.run(['id', '-Gnz',  username], capture_output=True, text=True, check=True)
+        groups = result.stdout.strip().split('\0')
+        return groups
+    except subprocess.CalledProcessError as e:
+        print(f"Fehler beim Abrufen der Gruppen: {e}")
+        return []
+
+def get_krb5 ():
+    krb5 = {}
+    ccachefilename = environ.get('KRB5CCNAME').replace('FILE:', '')
+    if ccachefilename:
+        try:
+            ccache = CCache.loadFile(ccachefilename)
+            cred = ccache.toKRBCRED()
+            cred_enc = b64encode(cred)
+            krb5['cred'] = cred_enc.decode('utf-8')
+            krb5['starttime'] = ccache.credentials[0]['time']['starttime']
+            krb5['endtime'] = ccache.credentials[0]['time']['endtime']
+            krb5['renew_till'] = ccache.credentials[0]['time']['renew_till']
+        except:
+            print("Fehler beim Ticket laden")
+    return krb5
+
+def get_mounts():
+    mounts = []
+    mounts.append({ 'Drive': 'H', 'RemotePath': '\\\\server.pn.steinbeis.schule' + nethome.replace('/srv/samba/schools','').replace('/','\\'), 'Name': 'Home_Server' })
+    mounts.append({ 'Drive': 'T', 'RemotePath': '\\\\server.pn.steinbeis.schule\default-school\share', 'Name': 'Tausch' })
+    return mounts
+
+def get_user_folders():
+    HOME="H:"
+    if environ.get('HOME') != nethome:
+        HOME="Y:"
+    folders = []
+    folders.append( {'Name': 'Personal', 'Path': f"{HOME}\Dokumente"} )
+    folders.append( {'Name': 'My Pictures', 'Path': f"{HOME}\Bilder"} )
+    folders.append( {'Name': 'My Music', 'Path': f"{HOME}\Musik"} )
+    folders.append( {'Name': 'My Video', 'Path': f"{HOME}\Videos"} )
+    return folders
+
+def get_quickaccess():
+    quickaccess = []
+    quickaccess.append( 'H:\\transfer' )
+    return quickaccess
+
+def parse_args():
+    parser = argparse.ArgumentParser()
+    #parser.add_argument('input_file', help="File in kirbi (KRB-CRED) or ccache format")
+    #parser.add_argument('output_file', help="Output file")
+    return parser.parse_args()
+
+
+def main():
+    global home, nethome
+
+    args = parse_args()
+
+    home = environ.get('HOME')
+
+    vminfo['User'] = environ.get('USER')
+    vminfo['Groups'] = get_groups(environ.get('USER'))
+
+    if 'teachers' in vminfo['Groups']:
+        nethome = f"/srv/samba/schools/default-school/teachers/{vminfo['User']}"
+    else:
+        result = subprocess.run(['find', '/srv/samba/schools/default-school/students/', '-name', vminfo['User'], '-maxdepth', '2', '-type', 'd'], capture_output=True, text=True, check=False)
+        nethome = result.stdout
+
+    vminfo['Printers'] = get_printers()
+    vminfo['krb5'] = get_krb5()
+    vminfo['Mounts'] = get_mounts()
+    vminfo['UserShellFolders'] = get_user_folders()
+    vminfo['QuickAccess'] = get_quickaccess()
+
+    vminfo_json = json.dumps(vminfo, ensure_ascii=False, indent=4)
+    print(vminfo_json) 
+
+if __name__ == '__main__':
+    main()
+
+