diff --git a/roles/lmn_mount/files/lmn-linkhome.sh b/roles/lmn_mount/files/lmn-linkhome.sh
index cae89fc..59e0800 100644
--- a/roles/lmn_mount/files/lmn-linkhome.sh
+++ b/roles/lmn_mount/files/lmn-linkhome.sh
@@ -1,4 +1,4 @@
if [[ "${UID}" -gt 60000 ]]; then
- [[ -L "/media/${USER}/share" ]] || ln -s .default-school/share "/media/${USER}/share"
- [[ -L "/media/${USER}/home" ]] || ln -s ".default-school/${HOME##/srv/samba/schools/default-school/}" "/media/${USER}/home"
+ [[ -L "/lmn/media/${USER}/share" ]] || ln -s .default-school/share "/lmn/media/${USER}/share"
+ [[ -L "/lmn/media/${USER}/home" ]] || ln -s ".default-school/${HOME##/srv/samba/schools/default-school/}" "/lmn/media/${USER}/home"
fi
diff --git a/roles/lmn_mount/tasks/main.yml b/roles/lmn_mount/tasks/main.yml
index c4a85ca..ea542a1 100644
--- a/roles/lmn_mount/tasks/main.yml
+++ b/roles/lmn_mount/tasks/main.yml
@@ -26,15 +26,15 @@
fstype="cifs"
server="{{ smb_server }}"
path="{{ smb_share }}"
- mountpoint="/media/%(USER)/.default-school"
+ mountpoint="/lmn/media/%(USER)/.default-school"
options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks,nobrl"
>rootansibleDebian-gdmsddmvirti
rootansibleDebian-gdmsddmvirti
insertafter: ""
@@ -78,12 +78,20 @@
line: KillUserProcesses=yes
insertafter: '#KillUserProcesses=no'
-- name: Deploy script to generate links in /media/$USER/
+- name: Deploy script to generate links in /lmn/media/$USER/
copy:
src: lmn-linkhome.sh
dest: /etc/profile.d/
mode: '0644'
+- name: Bind mount lmn/media with nosuid directory
+ ansible.posix.mount:
+ src: /lmn/media
+ path: /lmn/nosuidmedia
+ opts: nosuid,bind
+ state: present
+ fstype: none
+
- name: Mount NFSv4 home directory
ansible.posix.mount:
src: server:/default-school
diff --git a/roles/lmn_vm/files/create-clone.sh b/roles/lmn_vm/files/create-clone.sh
index 973c616..1da0640 100755
--- a/roles/lmn_vm/files/create-clone.sh
+++ b/roles/lmn_vm/files/create-clone.sh
@@ -11,19 +11,19 @@ if [[ $# -ne 1 ]]; then
fi
# change to image-directory
-cd /var/lib/libvirt/images
+cd /lmn/vm
VM_NAME=$1
-VM_DIR="/tmp/${UID}/vmimages"
-VM_XML="${VM_DIR}/xml/${VM_NAME}-clone.xml"
+VM_DIR="/tmp/${UID}/vm"
+VM_XML="${VM_DIR}/${VM_NAME}-clone.xml"
-if ! [[ -f "xml/${VM_NAME}.xml" && -f "${VM_NAME}.qcow2" ]] && ! [[ -f "${VM_DIR}/xml/${VM_NAME}.xml" && -f "${VM_DIR}/${VM_NAME}.qcow2" ]]; then
+if ! [[ -f "${VM_NAME}.xml" && -f "${VM_NAME}.qcow2" ]] && ! [[ -f "${VM_DIR}/${VM_NAME}.xml" && -f "${VM_DIR}/${VM_NAME}.qcow2" ]]; then
echo "xml or qcow2 File does not exists." >&2
exit 1
fi
# Create User-VM-Dir and link system VM-Images
-[[ -d "${VM_DIR}/xml" ]] || mkdir -p "${VM_DIR}/xml"
+[[ -d "${VM_DIR}" ]] || mkdir -p "${VM_DIR}"
sudo /usr/local/bin/link-images.sh
# Create backing file
@@ -31,7 +31,7 @@ cd "${VM_DIR}"
qemu-img create -f qcow2 -F qcow2 -b "${VM_NAME}.qcow2" "${VM_NAME}-clone.qcow2"
# Create machine-definition-file
-cp "${VM_DIR}/xml/${VM_NAME}.xml" "${VM_XML}"
+cp "${VM_DIR}/${VM_NAME}.xml" "${VM_XML}"
# set VM_DIR:
sed -i "s:VMIMAGEDIR:${VM_DIR}:" "${VM_XML}"
diff --git a/roles/lmn_vm/files/linbo-torrent b/roles/lmn_vm/files/linbo-torrent
index e22ed0b..958b2bb 100644
--- a/roles/lmn_vm/files/linbo-torrent
+++ b/roles/lmn_vm/files/linbo-torrent
@@ -30,4 +30,4 @@ MAXUP=""
TIMEOUT="300"
# user to run ctorrent (server only)
-CTUSER="nobody"
+CTUSER="lmnsynci"
diff --git a/roles/lmn_vm/files/linbo-torrenthelper.sh b/roles/lmn_vm/files/linbo-torrenthelper.sh
index 2775dcf..8f6d4f1 100755
--- a/roles/lmn_vm/files/linbo-torrenthelper.sh
+++ b/roles/lmn_vm/files/linbo-torrenthelper.sh
@@ -12,7 +12,6 @@ torrent="$1"
# get ctorrent options from file
[ -e /etc/default/linbo-torrent ] && source /etc/default/linbo-torrent
-[ -e /home/raphael/git/fvsclient/etc/default/linbo-torrent ] && source /home/raphael/git/fvsclient/etc/default/linbo-torrent
[ -n "$SEEDHOURS" ] && OPTIONS="$OPTIONS -e $SEEDHOURS"
[ -n "$MAXPEERS" ] && OPTIONS="$OPTIONS -M $MAXPEERS"
@@ -25,7 +24,8 @@ OPTIONS="$OPTIONS $torrent"
[ -n "$CTUSER" ] && SUDO="/usr/bin/sudo -u $CTUSER"
while true; do
- $SUDO /usr/bin/ctorrent $OPTIONS || exit 1
+ #$SUDO /usr/bin/ctorrent $OPTIONS || exit 1
+ /usr/bin/ctorrent $OPTIONS || exit 1
# hash check only on initial start, add -f parameter
echo "$OPTIONS" | grep -q ^"-f " || OPTIONS="-f $OPTIONS"
done
diff --git a/roles/lmn_vm/files/link-images.sh b/roles/lmn_vm/files/link-images.sh
index 2a465ec..17bb1bb 100755
--- a/roles/lmn_vm/files/link-images.sh
+++ b/roles/lmn_vm/files/link-images.sh
@@ -4,19 +4,16 @@
set -eu
# change to image-directory
-cd /var/lib/libvirt/images
+cd /lmn/vm
-VM_DIR="/tmp/${SUDO_UID}/vmimages"
+VM_DIR="/tmp/${SUDO_UID}/vm"
# link system-VM-Images to User VM Directory
for i in *.qcow2; do
[[ -f "${VM_DIR}/${i}" ]] || ln "${i}" "${VM_DIR}/${i}"
done
-# change to image-directory
-cd /var/lib/libvirt/images/xml
-
# link system-VM-Machine-Definitions to User VM Directory
for i in *.xml; do
- [[ -f "${VM_DIR}/xml/${i}" ]] || ln "${i}" "${VM_DIR}/xml/${i}"
+ [[ -f "${VM_DIR}/xml/${i}" ]] || ln "${i}" "${VM_DIR}/${i}"
done
diff --git a/roles/lmn_vm/files/lmn-sync-vm b/roles/lmn_vm/files/lmn-sync-vm
index 284508b..1947e30 100644
--- a/roles/lmn_vm/files/lmn-sync-vm
+++ b/roles/lmn_vm/files/lmn-sync-vm
@@ -1,3 +1,3 @@
-%role-teacher ALL=(root) NOPASSWD: /usr/local/bin/sync-vm.sh
-%role-student ALL=(root) NOPASSWD: /usr/local/bin/sync-vm.sh
-%examusers ALL=(root) NOPASSWD: /usr/local/bin/sync-vm.sh
+%role-teacher ALL=(lmnsynci) NOPASSWD: /usr/local/bin/sync-vm.sh
+%role-student ALL=(lmnsynci) NOPASSWD: /usr/local/bin/sync-vm.sh
+%examusers ALL=(lmnsynci) NOPASSWD: /usr/local/bin/sync-vm.sh
diff --git a/roles/lmn_vm/files/mounthome.sh b/roles/lmn_vm/files/mounthome.sh
index 3c2dd8b..f41c958 100755
--- a/roles/lmn_vm/files/mounthome.sh
+++ b/roles/lmn_vm/files/mounthome.sh
@@ -14,7 +14,7 @@ exit_script() {
if [[ "$#" -gt 0 ]] && [[ "$1" = '-u' ]]; then
findmnt "/media/${SUDO_USER}/home" && umount "/media/${SUDO_USER}/home" && rmdir "/media/${SUDO_USER}/home"
- findmnt "/media/${SUDO_USER}/share" && umount "/media/${SUDO_USER}/share" && rmdir "/media/${SUDO_USER}/share"
+ #findmnt "/media/${SUDO_USER}/share" && umount "/media/${SUDO_USER}/share" && rmdir "/media/${SUDO_USER}/share"
findmnt "/media/${SUDO_USER}/oldhome" && umount "/media/${SUDO_USER}/oldhome" && rmdir "/media/${SUDO_USER}/oldhome"
findmnt "/media/${SUDO_USER}/linuxhome" && umount "/media/${SUDO_USER}/linuxhome" && rmdir "/media/${SUDO_USER}/linuxhome"
elif [ "$#" -gt 0 ] && [ "$1" = '-o' ]; then
@@ -51,13 +51,14 @@ elif [ "$#" -gt 0 ] && [ "$1" = '-l' ]; then
trap exit_script SIGHUP SIGINT SIGTERM
sleep infinity
else
- mkdir -p "/media/${SUDO_USER}"
- chown "${SUDO_USER}:1010" "/media/${SUDO_USER}"
- chmod 0770 "/media/${SUDO_USER}"
- mkdir -p "/media/${SUDO_USER}/home"
- mkdir -p "/media/${SUDO_USER}/share"
- mount -t cifs -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks" \
- "//server/default-school/${home}" "/media/${SUDO_USER}/home"
- mount -t cifs -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks" \
- "//server/default-school/share" "/media/${SUDO_USER}/share"
+ #mkdir -p "/media/${SUDO_USER}"
+ #chown "${SUDO_USER}:1010" "/media/${SUDO_USER}"
+ chgrp 1010 "/lmn/media/${SUDO_USER}"
+ chmod 0770 "/lmn/media/${SUDO_USER}"
+ #mkdir -p "/media/${SUDO_USER}/home"
+ #mkdir -p "/media/${SUDO_USER}/share"
+ #mount -t cifs -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks" \
+ # "//server/default-school/${home}" "/media/${SUDO_USER}/home"
+ #mount -t cifs -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks" \
+ # "//server/default-school/share" "/media/${SUDO_USER}/share"
fi
diff --git a/roles/lmn_vm/files/run-vm.sh b/roles/lmn_vm/files/run-vm.sh
index 3e48545..1f5d496 100755
--- a/roles/lmn_vm/files/run-vm.sh
+++ b/roles/lmn_vm/files/run-vm.sh
@@ -8,7 +8,7 @@ show_help() {
Usage: $(basename "$0") [-n] vmname"
Create a new clone, start the vm (if not yet running) and run virt-viewer.
Squid-Proxy will be started too.
-User Home will be mounted on /media/USERNAME/home
+### remove, old ### User Home will be mounted on /media/USERNAME/home
-n new clone will be created, even if exists
-s qemu:///system instead of default qemu:///session
EOF
@@ -48,39 +48,56 @@ if [[ $# -ne 1 ]] ; then
exit 1
fi
-# sync vm-torrents and machine definition file
-sudo /usr/local/bin/sync-vm.sh -t
-
VM_NAME=$1
-VM_DIR="/tmp/${UID}/vmimages"
+VM_DIR="/tmp/${UID}/vm"
+check_images() {
+ # sync vm-torrents and machine definition file
+ sudo -u lmnsynci /usr/local/bin/sync-vm.sh -t
-if [[ ! -f "/var/lib/libvirt/images/${VM_NAME}.qcow2" && ! -f "${VM_DIR}/${VM_NAME}.qcow2" ]]; then
- if [[ ! -f "/var/lib/libvirt/images/${VM_NAME}.qcow2.torrent" ]]; then
- echo "no base VM disk '${VM_NAME}.qcow2' found and/or ${VM_NAME} not found on server" >&2
- exit 1
- fi
- # sync vm-disk image by torrent
- sudo /usr/local/bin/sync-vm.sh "${VM_NAME}"
- echo "sudo /usr/local/bin/sync-vm.sh ${VM_NAME}"
-fi
+ BACKINGARRAY=()
+ imgfile="/lmn/vm/${VM_NAME}.qcow2" && [[ -f "${VM_DIR}/${VM_NAME}.qcow2" ]] && imgfile="${VM_DIR}/${VM_NAME}.qcow2"
+ BACKINGARRAY+=("${imgfile}")
+ echo "Imgfile=$imgfile"
+ if [[ ! -f "${imgfile}" ]] || ! qemu-img info -U "${imgfile}" | grep "file format: qcow2"; then
+ if [[ ! -f "/lmn/vm/${VM_NAME}.qcow2.torrent" ]]; then
+ echo "no base VM disk '${VM_NAME}.qcow2' found and/or ${VM_NAME} not found on server" >&2
+ exit 1
+ fi
+ # sync vm-disk image by torrent
+ echo "Try to sync VM ${VM_NAME} by torrent"
+ sudo -u lmnsynci /usr/local/bin/sync-vm.sh "${VM_NAME}"
+ fi
-echo "qcow2 seems to be available"
+ backingfile=$(qemu-img info -U "${imgfile}" | grep "^backing file:" | cut -d ' ' -f 3)
+ while [[ ! -z "${backingfile}" ]]; do
+ echo "Backingfile required: ${backingfile}"
+ imgfile="/lmn/vm/${backingfile}" && [[ -f "${VM_DIR}/${backingfile}" ]] && imgfile="${VM_DIR}/${backingfile}"
+ BACKINGARRAY+=("${imgfile}")
+ if [[ ! -f "${imgfile}" ]] || ! qemu-img info -U "${imgfile}" | grep "file format: qcow2"; then
+ # sync vm-disk image by torrent
+ echo "Try to sync backingfile ${backingfile} by torrent"
+ sudo -u lmnsynci /usr/local/bin/sync-vm.sh "${backingfile%.qcow2}"
+ fi
+ backingfile=$(qemu-img info -U "${imgfile}" | grep "^backing file:" | cut -d ' ' -f 3)
+ done
-imgfile="/var/lib/libvirt/images/${VM_NAME}.qcow2" && [[ -f "${VM_DIR}/${VM_NAME}.qcow2" ]] && imgfile="${VM_DIR}/${VM_NAME}.qcow2"
-#backingfile=$(qemu-img info -U "${imgfile}" | grep ^image: | cut -d' ' -f2)
+ echo "VM-Image and required backingfiles available"
+ echo "Now, let's check the images."
-backingfile=$(qemu-img info -U "${imgfile}" | grep "^backing file:" | cut -d ' ' -f 3)
-while [[ ! -z "${backingfile}" ]]; do
- echo $backingfile
- if [[ ! -f "/var/lib/libvirt/images/${backingfile}" && ! -f "${VM_DIR}/${backingfile}" ]]; then
- # sync vm-disk image by torrent
- sudo /usr/local/bin/sync-vm.sh "${backingfile//.qcow2/}"
- echo "sudo /usr/local/bin/sync-vm.sh ${backingfile//.qcow2/}"
- fi
- imgfile="/var/lib/libvirt/images/${backingfile}" && [[ -f "${VM_DIR}/${backingfile}" ]] && imgfile="${VM_DIR}/${backingfile}"
- backingfile=$(qemu-img info -U "${imgfile}" | grep "^backing file:" | cut -d ' ' -f 3)
-done
+ # Check VM-Images in reverse order
+ for ((i=${#BACKINGARRAY[@]}-1; i>=0; i--))
+ do
+ echo "Checking ${BACKINGARRAY[$i]}"
+ if ! qemu-img check -U "${BACKINGARRAY[$i]}" 2>/dev/null; then
+ echo "check failed!"
+ echo "sync ${BACKINGARRAY[$i]} again"
+ sudo -u lmnsynci /usr/local/bin/sync-vm.sh $(basename "${BACKINGARRAY[$i]}" .qcow2)
+ fi
+ done
+
+ echo "VM-Image and required backingfiles available and checked"
+}
# check, if we have to start squid
if ! killall -s 0 squid; then
@@ -88,23 +105,25 @@ if ! killall -s 0 squid; then
/usr/sbin/squid -f /etc/squid/squid-usermode.conf
fi
-# check, if we have to mount home
-if ! findmnt "/media/${USER}/home"; then
- echo "mounting home."
+## check, if we have to mount home
+#if ! findmnt "/media/${USER}/home"; then
+# echo "mounting home."
sudo mounthome.sh
-fi
+#fi
+# because virsh has problems with long pathnames, using diffent configdir
export XDG_CONFIG_HOME="/tmp/${UID}/.config"
if ! virsh --connect="${QEMU}" list | grep "${VM_NAME}-clone"; then
- echo "VM not yet running. Try to clone and start."
+ echo "VM not yet running."
+ check_images
if [[ "${NEWCLONE}" = 1 ]] || [[ ! -f "${VM_DIR}/${VM_NAME}-clone.qcow2" ]]; then
create-clone.sh "${VM_NAME}"
fi
# delete the old vm
virsh --connect=qemu:///session undefine "${VM_NAME}-clone" || echo "${VM_NAME}-clone did not exist"
# finally, create the new vm
- virsh --connect=qemu:///session define "${VM_DIR}/xml/${VM_NAME}-clone.xml"
+ virsh --connect=qemu:///session define "${VM_DIR}/${VM_NAME}-clone.xml"
trap exit_script SIGHUP SIGINT SIGTERM
[[ "${QEMU}" = 'qemu:///session' ]] && sudo /usr/local/bin/start-virtiofsd.sh "${VM_NAME}"
virsh --connect="${QEMU}" start "${VM_NAME}-clone"
diff --git a/roles/lmn_vm/files/start-virtiofsd.sh b/roles/lmn_vm/files/start-virtiofsd.sh
index b7d17b1..83926eb 100755
--- a/roles/lmn_vm/files/start-virtiofsd.sh
+++ b/roles/lmn_vm/files/start-virtiofsd.sh
@@ -19,7 +19,7 @@ fi
[[ -S "${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" ]] && /usr/bin/rm "${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock"
#sudo /usr/lib/qemu/virtiofsd --socket-path="${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" --socket-group="${SUDO_USER}" --announce-submounts -o source="/media/${USER}" -o sandbox=chroot > /dev/null &
#sudo /usr/lib/qemu/virtiofsd --socket-path="${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" --socket-group="${SUDO_USER}" -o source="/media/${USER}" -o sandbox=chroot > /dev/null &
-/usr/lib/qemu/virtiofsd --socket-path="${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" -o source="/media/${SUDO_USER}" -o sandbox=chroot > /dev/null &
+/usr/lib/qemu/virtiofsd --socket-path="${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" -o source="/lmn/nosuidmedia/${SUDO_USER}" -o sandbox=chroot > /dev/null &
# Wait until socket-File exists and chown to user
until [[ -S "${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" ]]; do
echo "waiting for ${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock"
diff --git a/roles/lmn_vm/files/sync-vm.sh b/roles/lmn_vm/files/sync-vm.sh
index 157150f..e0ee196 100755
--- a/roles/lmn_vm/files/sync-vm.sh
+++ b/roles/lmn_vm/files/sync-vm.sh
@@ -13,21 +13,18 @@ EOF
}
download_image() {
- rsync -av --password-file=/etc/rsync.secret \
- "rsync://vmuser@server:/vmimages-download/${VM_NAME}.qcow2" \
- /var/lib/libvirt/images/
- rsync -av --password-file=/etc/rsync.secret \
- "rsync://vmuser@server:/vmimages-download/xml/${VM_NAME}.xml" \
- /var/lib/libvirt/images/xml/
- rsync -av --password-file=/etc/rsync.secret \
- "rsync://vmuser@server:/vmimages-download/${VM_NAME}.qcow2.torrent" \
- /var/lib/libvirt/images/
+ rsync -av "rsync://server:/vmimages-download/${VM_NAME}.qcow2" \
+ /lmn/vm/
+ rsync -av "rsync://server:/vmimages-download/${VM_NAME}.xml" \
+ /lmn/vm/
+ rsync -av "rsync://server:/vmimages-download/${VM_NAME}.qcow2.torrent" \
+ /lmn/vm/
/usr/local/bin/vmimage-torrent restart "${VM_NAME}.qcow2"
}
torrent_image() {
- if [[ -f "/var/lib/libvirt/images/${VM_NAME}.qcow2.torrent" ]]; then
- cd /var/lib/libvirt/images
+ if [[ -f "/lmn/vm/${VM_NAME}.qcow2.torrent" ]]; then
+ cd /lmn/vm
ctorrent -e 0 "${VM_NAME}.qcow2.torrent"
/usr/local/bin/vmimage-torrent restart "${VM_NAME}.qcow2"
else
@@ -37,16 +34,16 @@ torrent_image() {
}
sync_all_images() {
- rsync -av --password-file=/etc/rsync.secret --files-from=/var/lib/libvirt/images/images.list \
- rsync://vmuser@server:/vmimages-download/ /var/lib/libvirt/images/
- rsync -av --password-file=/etc/rsync.secret rsync://vmuser@server:/vmimages-download/xml \
- /var/lib/libvirt/images/
+ rsync -av --files-from=/lmn/vm/images.list \
+ rsync://server:/vmimages-download/ /lmn/vm/
+ rsync -av rsync://server:/vmimages-download/*.xml \
+ /lmn/vm/
}
sync_all_torrents() {
- rsync -ai rsync://vmuser@server:/vmimages-download/*.torrent /var/lib/libvirt/images/
- rsync -ai rsync://vmuser@server:/vmimages-download/xml /var/lib/libvirt/images/
- RSYNC_COMMAND=$(rsync -ai --delete rsync://vmuser@server:/vmimages-download/desktop/*.desktop /usr/local/share/applications/)
+ rsync -ai rsync://server:/vmimages-download/*.torrent /lmn/vm/
+ rsync -ai rsync://server:/vmimages-download/*.xml /lmn/vm/
+ RSYNC_COMMAND=$(rsync -ai --delete rsync://server:/vmimages-download/desktop/*.desktop /usr/local/share/applications/)
if [[ $? -eq 0 ]] && [[ -n "${RSYNC_COMMAND}" ]]; then
echo "${RSYNC_COMMAND}"
update-desktop-database /usr/local/share/applications
@@ -74,6 +71,12 @@ EOF
fi
}
+if [[ "$(id -nu)" != "lmnsynci" ]]; then
+ echo "$(basename "$0") must be run as lmnsynci user"
+ show_help
+ exit 1
+fi
+
while getopts ':dat' OPTION; do
case "$OPTION" in
d)
diff --git a/roles/lmn_vm/files/vmimage-torrent b/roles/lmn_vm/files/vmimage-torrent
index c9a4a20..4ec8bd6 100755
--- a/roles/lmn_vm/files/vmimage-torrent
+++ b/roles/lmn_vm/files/vmimage-torrent
@@ -11,7 +11,7 @@
THELPER=linbo-torrenthelper.sh
#. $LINBOSHAREDIR/helperfunctions.sh || exit 1
LINBOIMGEXT="qcow2 qdiff"
-LINBOIMGDIR="/var/lib/libvirt/images"
+LINBOIMGDIR="/lmn/vm"
serverip="10.190.1.1"
# start of functions
diff --git a/roles/lmn_vm/files/vmimage-torrent.service b/roles/lmn_vm/files/vmimage-torrent.service
index 10e6fd2..576e6e1 100644
--- a/roles/lmn_vm/files/vmimage-torrent.service
+++ b/roles/lmn_vm/files/vmimage-torrent.service
@@ -5,6 +5,8 @@ After=network.target
[Service]
Type=oneshot
RemainAfterExit=yes
+User=lmnsynci
+Group=lmnsynci
ExecStart=/usr/local/bin/vmimage-torrent start
ExecStop=/usr/local/bin/vmimage-torrent stop
ExecReload=/usr/local/bin/vmimage-torrent reload
diff --git a/roles/lmn_vm/tasks/main.yml b/roles/lmn_vm/tasks/main.yml
index d6dd915..395e528 100644
--- a/roles/lmn_vm/tasks/main.yml
+++ b/roles/lmn_vm/tasks/main.yml
@@ -18,12 +18,12 @@
autoremove: true
when: ansible_distribution_release == 'bookworm'
-- name: allow all users to use VMs
- lineinfile:
- dest: /etc/libvirt/libvirtd.conf
- line: 'auth_unix_rw = "none"'
- insertafter: '#auth_unix_rw = "polkit"'
- notify: reload libvirtd
+ #- name: allow all users to use VMs
+ # lineinfile:
+ # dest: /etc/libvirt/libvirtd.conf
+ # line: 'auth_unix_rw = "none"'
+ # insertafter: '#auth_unix_rw = "polkit"'
+ # notify: reload libvirtd
- name: autostart default network for VMs
file:
@@ -31,6 +31,20 @@
dest: /etc/libvirt/qemu/networks/autostart/default.xml
state: link
+- name: create system-user syncing VM-files and others
+ ansible.builtin.user:
+ name: lmnsynci
+ comment: lmn sync user
+ system: true
+
+- name: create vm directory
+ file:
+ path: /lmn/vm
+ state: directory
+ owner: lmnsynci
+ group: lmnsynci
+ mode: 0755
+
- name: install squid
apt:
name:
@@ -136,6 +150,12 @@
- /usr/local/share/desktop-directories
notify: Run update-desktop-database
+- name: set owner lmnsynci for menu entry directory
+ file:
+ path: /usr/local/share/applications
+ state: directory
+ owner: lmnsynci
+
- name: Copy fvs.directory
ansible.builtin.copy:
src: fvs.directory
@@ -150,6 +170,8 @@
- name: sync .torrent, .xml and .desktop files and run update-desktop-database
command: /usr/local/bin/sync-vm.sh -t
+ become: true
+ become_user: lmnsynci
register: result
changed_when: result.stdout | length > 0
@@ -164,6 +186,8 @@
command: >
rsync -a --itemize-changes
rsync://server:/vmimages-download/xml /var/lib/libvirt/images/
+ become: true
+ become_user: lmnsynci
register: result
changed_when: result.stdout | length > 0
when: not run_in_installer | default(false) | bool
@@ -172,6 +196,8 @@
command: >
rsync -a -i --files-from=/var/lib/libvirt/images/images.list
rsync://server:/vmimages-download/ /var/lib/libvirt/images/
+ become: true
+ become_user: lmnsynci
register: result
changed_when: result.stdout | length > 0
when: >