Refactor VM volume mounting

- Replace bind-mounts on /lmn/media/$USER with separate mounting for Home and Share SMB shares in the VM. - Update vm-run to start virtiofsd with /lmn/media/$USER (/home/$USER on localhome machines). - Use vm-vminfo to generate a JSON file containing user information, including Username, Groups, printer list krb5-ticket and some more - Configure vminfo.service (systemd-timer) to periodically call vm-vminfo. - Ensure krb5-ticket (TGT) is injected into the Windows VM. - Mount SMB-Home and SMB-Share shares as part of the new structure.
2025-07-02 13:54:19 +02:00 · 2025-07-02 13:54:19 +02:00 · b688a8df59
commit b688a8df59
parent efd48de6c7
12 changed files with 560 additions and 24 deletions
--- a/roles/lmn_vm/files/vm-run
+++ b/roles/lmn_vm/files/vm-run
@ -90,17 +90,21 @@ create_clone() {
    local VM_NAME="$1"

    if ! [[ -f "${VM_SYSDIR}/${VM_NAME}.qcow2" || -f "${VM_DIR}/${VM_NAME}.qcow2" ]]; then
-	echo "qcow2 File does not exists." >&2
-	exit 1
+      echo "qcow2 File does not exists." >&2
+      exit 1
    fi

    # Create User-VM-Dir and link system VM-Images
    [[ -d "${VM_DIR}" ]] || mkdir -p "${VM_DIR}"
-    if [[ "${PERSISTENT}" -eq 1 ]]; then
-        sudo /usr/local/bin/vm-link-images -p
-    else
-        sudo /usr/local/bin/vm-link-images
-    fi
+    IMAGE="${VM_NAME}.qcow2"
+    while [[ -n ${IMAGE} ]]; do
+      if [[ "${PERSISTENT}" -eq 1 ]]; then
+        sudo /usr/local/bin/vm-link-images -p "${IMAGE}"
+      else
+        sudo /usr/local/bin/vm-link-images "${IMAGE}"
+      fi
+      IMAGE="$(qemu-img info -U "${VM_DIR}/${IMAGE}" | grep "^backing file:" | cut -d ' ' -f 3)"
+    done

    # Create backing file
    cd "${VM_DIR}"
@ -130,18 +134,30 @@ create_printerlist() {
 }

 create_mountlist() {
-  if id | grep -q teachers; then
-    NETHOME=/srv/samba/schools/default-school/teachers/$USER
-  else
-    NETHOME=(/srv/samba/schools/default-school/students/*/"$USER")
-  fi
-  NETHOME="${NETHOME#/srv/samba/schools}"
-  cat << EOF > "/lmn/media/${USER}/.mounts.csv"
+  NETHOMEPART="${NETHOME#/srv/samba/schools}"
+  cat << EOF > "${VMINFO_DIR}/.mounts.csv"
 Drive;Remotepath
-H;\\\\10.190.1.1${NETHOME//\//\\}
-T;\\\\10.190.1.1\default-school\share
+H;\\\\server.pn.steinbeis.schule${NETHOMEPART//\//\\}
+T;\\\\server.pn.steinbeis.schule\\default-school\\share
 EOF
-  echo "${USER}" > "/lmn/media/${USER}/.user"
+  echo "${USER}" > "/${VMINFO_DIR}/.user"
+}
+
+start_virtiofs_service() {
+  local target_name=$1
+  local shared_dir=$2
+  local drive_letter=$3
+  local socket="/run/user/${UID}/virtiofs-${VM_NAME}-${target_name,,}.sock"
+
+  systemd-run --user /usr/local/bin/virtiofsd --uid-map=":${GUEST_UID}:${UID}:1:" --gid-map=":${GUEST_GID}:$(id -g):1:" \
+        --socket-path "${socket}" --shared-dir "${shared_dir}" --syslog
+
+  if [[ $? -ne 0 ]]; then
+    echo "Error starting virtiofsd for ${target_name}." >&2
+    return 1
+  fi
+
+  LIBVIRTOPTS="${LIBVIRTOPTS} --filesystem driver.type=virtiofs,accessmode=passthrough,target.dir=${target_name},xpath1.set=./source/@socket=${socket}"
 }

 start_virtiofsd() {
@ -151,9 +167,16 @@ start_virtiofsd() {
    [[ "$GUEST_GID" == 0 ]] && GUEST_GID=1010
  fi
  # END temporary fix
-  socket="/run/user/$(id -u $USER)/virtiofs-${VM_NAME}.sock"
-  systemd-run --user /usr/local/bin/virtiofsd --uid-map=:${GUEST_UID}:${UID}:1: --gid-map=:${GUEST_GID}:$(id -g):1: \
-	  --socket-path "$socket" --shared-dir "/lmn/media/${USER}" --syslog
+
+  # start_virtiofs_service "VM-Data" "/lmn/media/${USER}" "Y"
+  # start_virtiofs_service "default-school" "/srv/samba/schools/default-school" "Y"
+
+  # Home@PC / VM-Data
+  if [[ "${HOME}" != "${NETHOME}" ]]; then
+    start_virtiofs_service "Home_Linux" "${HOME}" "Y"
+  else
+    start_virtiofs_service "VM-Data" "/lmn/media/${USER}" "Y"
+  fi
 }

 ask_really_persistent() {
@ -316,18 +339,33 @@ if  ! virsh --connect="${QEMU}" list | grep "${VM_NAME}-clone"; then
      check_images
    fi
    if [[ "${NEWCLONE}" = 1 ]] || [[ ! -f "${VM_DIR}/${VM_NAME}-clone.qcow2" ]]; then
-        create_clone "${VM_NAME}"
+      create_clone "${VM_NAME}"
    fi
    # delete the old vm
    virsh --connect=qemu:///session undefine --nvram "${VM_NAME}-clone" || echo "${VM_NAME}-clone did not exist"
    #trap exit_script SIGHUP SIGINT SIGTERM

+    if id | grep -q teachers; then
+      NETHOME=/srv/samba/schools/default-school/teachers/$USER
+    else
+      NETHOME=(/srv/samba/schools/default-school/students/*/"$USER")
+    fi
+    if [[ "${HOME}" != "${NETHOME}" ]]; then
+      VMINFO_DIR="${HOME}"
+    else
+      VMINFO_DIR="/lmn/media/${USER}"
+    fi
    create_printerlist
    create_mountlist

    # start virtiofsd-service
    [[ "${QEMU}" = 'qemu:///session' ]] && start_virtiofsd

+    # Create VMInfo Json file
+    #( umask 027; ./vm-create-vminfo > "${VMINFO_DIR}/.vminfo.json" )
+    # Start vminfo.timer
+    systemctl --user start vminfo.timer
+
    uuid=$(openssl rand -hex 16)
    uuid="${uuid:0:8}-${uuid:8:4}-${uuid:12:4}-${uuid:16:4}-${uuid:20:12}"

@ -349,7 +387,6 @@ if  ! virsh --connect="${QEMU}" list | grep "${VM_NAME}-clone"; then
 	     --memorybacking source.type=memfd,access.mode=shared \
 	     --disk "${VM_DIR}/${VM_NAME}-clone.qcow2",driver.discard=unmap,target.bus=scsi,cache=writeback \
 	     --network=bridge=virbr0,model.type=virtio \
-             --filesystem driver.type=virtiofs,accessmode=passthrough,target.dir=virtiofs,xpath1.set=./source/@socket="/run/user/${UID}/virtiofs-${VM_NAME}.sock" \
 	     --controller type=scsi,model=virtio-scsi \
 	     --check path_in_use=off \
             --connect="${QEMU}" \