From d1b3cd6d756711f7f2a472b462abe828c38eaacb Mon Sep 17 00:00:00 2001 From: Daniel Gomez Date: Wed, 29 Oct 2025 13:40:43 +0100 Subject: [PATCH 01/15] base_image: restore locales-all installation for Debian Trixie The virt-customize phase was failing with "update-locale: Error: invalid locale settings" because commit 6bb3bfb2c257 removed the locales-all package installation but left the locale configuration commands that depend on it. The update-locale command validates all settings in /etc/default/locale, and without locales-all providing the necessary locale infrastructure, it rejects the LANGUAGE=en_US:en setting as invalid during image build. Restore the locales-all installation within the Debian Trixie conditional block, placing it immediately before the locale configuration sequence so the image has proper locale support from the start. This prevents SSH locale warnings on first boot while keeping the package Debian-specific. Generated-by: Claude AI Reviewed-by: Chuck Lever Link: https://lore.kernel.org/r/20251029-fedora-on-debian-v2-1-ddc6e5bebc15@samsung.com Signed-off-by: Daniel Gomez --- playbooks/roles/base_image/templates/virt-builder.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/playbooks/roles/base_image/templates/virt-builder.j2 b/playbooks/roles/base_image/templates/virt-builder.j2 index 3069e95f8..289ee9e5e 100644 --- a/playbooks/roles/base_image/templates/virt-builder.j2 +++ b/playbooks/roles/base_image/templates/virt-builder.j2 @@ -73,6 +73,7 @@ append-line /etc/nsswitch.conf:ethers: db files append-line /etc/nsswitch.conf:rpc: db files append-line /etc/nsswitch.conf:netgroup: nis uninstall cloud-init +install locales-all write /etc/default/locale:LANG=en_US.UTF-8 append-line /etc/default/locale:LANGUAGE=en_US:en write /etc/locale.gen:en_US.UTF-8 UTF-8 From 046cd0cdb86e065c3fb406bc3cf1f9da93649e95 Mon Sep 17 00:00:00 2001 From: Daniel Gomez Date: Wed, 29 Oct 2025 13:40:44 +0100 Subject: [PATCH 02/15] guestfs: fix Kconfig indentation style Fix help text indentation in Kconfig.guestfs to use tabs consistently instead of mixed tabs and spaces. Kconfig style requires tabs for indentation with tab+2spaces acceptable for help text continuation. Reviewed-by: Chuck Lever Link: https://lore.kernel.org/r/20251029-fedora-on-debian-v2-2-ddc6e5bebc15@samsung.com Signed-off-by: Daniel Gomez --- kconfigs/Kconfig.guestfs | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/kconfigs/Kconfig.guestfs b/kconfigs/Kconfig.guestfs index d0ac66fc8..451c3d38d 100644 --- a/kconfigs/Kconfig.guestfs +++ b/kconfigs/Kconfig.guestfs @@ -194,9 +194,9 @@ config GUESTFS_DEBIAN_IMAGE_NAME default "debian-12" if GUESTFS_DEBIAN_BUSTER config GUESTFS_DEBIAN_BOX_SHORT - string - default "debian13" if GUESTFS_DEBIAN_TRIXIE - default "debian12" if GUESTFS_DEBIAN_BUSTER + string + default "debian13" if GUESTFS_DEBIAN_TRIXIE + default "debian12" if GUESTFS_DEBIAN_BUSTER config GUESTFS_DEBIAN_COPY_HOST_SOURCES bool @@ -223,14 +223,14 @@ config GUESTFS_DEBIAN_COPY_HOST_SOURCES endif # GUESTFS_DEBIAN config VIRT_BUILDER_OS_VERSION - string "virt-builder os-version" - default "fedora-39" if GUESTFS_FEDORA - default GUESTFS_DEBIAN_IMAGE_NAME if GUESTFS_DEBIAN - help - Have virt-builder use this os-version string to - build a root image for the guest. Run "virt-builder -l" - to get a list of operating systems and versions supported - by guestfs. + string "virt-builder os-version" + default "fedora-39" if GUESTFS_FEDORA + default GUESTFS_DEBIAN_IMAGE_NAME if GUESTFS_DEBIAN + help + Have virt-builder use this os-version string to + build a root image for the guest. Run "virt-builder -l" + to get a list of operating systems and versions supported + by guestfs. choice prompt "Guestfs bringup debug mode" From c91c2ec27f776d7a8d2880d2857b5bf44d8a17e3 Mon Sep 17 00:00:00 2001 From: Daniel Gomez Date: Wed, 29 Oct 2025 13:40:45 +0100 Subject: [PATCH 03/15] guestfs: remove unused bringup debug Kconfig options Remove GUESTFS_BRINGUP_DEBUG_* configuration options as they reference scripts/guestfs_bringup.sh which no longer exists after the migration to Ansible-based bringup in the guestfs role. Reviewed-by: Chuck Lever Link: https://lore.kernel.org/r/20251029-fedora-on-debian-v2-3-ddc6e5bebc15@samsung.com Signed-off-by: Daniel Gomez --- kconfigs/Kconfig.guestfs | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/kconfigs/Kconfig.guestfs b/kconfigs/Kconfig.guestfs index 451c3d38d..63262a8c9 100644 --- a/kconfigs/Kconfig.guestfs +++ b/kconfigs/Kconfig.guestfs @@ -232,25 +232,4 @@ config VIRT_BUILDER_OS_VERSION to get a list of operating systems and versions supported by guestfs. -choice - prompt "Guestfs bringup debug mode" - default GUESTFS_BRINGUP_DEBUG_DISABLED - -config GUESTFS_BRINGUP_DEBUG_DISABLED - bool "Disabled" - help - Disables bringup debug. - -config GUESTFS_BRINGUP_DEBUG_0 - bool "set -x" - help - Enables 'set -x' when running scripts/guestfs_bringup.sh. - -config GUESTFS_BRINGUP_DEBUG_1 - bool "set -euxo pipefile" - help - Enables 'set -euxo pipefile' when running scripts/guestfs_bringup.sh. - -endchoice - endif # GUESTFS From 7263e0c52b699f14bc32846f52e8cc13b65c2773 Mon Sep 17 00:00:00 2001 From: Daniel Gomez Date: Wed, 29 Oct 2025 13:40:46 +0100 Subject: [PATCH 04/15] guestfs: fix spelling errors and Debian capitalization Fix multiple minor spelling errors in Kconfig help text. Capitalize "Debian" when referring to the distribution name per proper noun conventions, while keeping lowercase in technical contexts like "debian-testing" repository names. Reviewed-by: Chuck Lever Link: https://lore.kernel.org/r/20251029-fedora-on-debian-v2-4-ddc6e5bebc15@samsung.com Signed-off-by: Daniel Gomez --- kconfigs/Kconfig.guestfs | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/kconfigs/Kconfig.guestfs b/kconfigs/Kconfig.guestfs index 63262a8c9..f7601bc98 100644 --- a/kconfigs/Kconfig.guestfs +++ b/kconfigs/Kconfig.guestfs @@ -118,12 +118,12 @@ config GUESTFS_DEBIAN_TRIXIE select GUESTFS_HAS_CUSTOM_RAW_IMAGE_SHA512SUMS select GUESTFS_HAS_CUSTOM_RAW_IMAGE_ROLLING help - Select this for debian trixie, debian 13. Since debian does not yet - provie a virt-builder repo, we must download mock up our own URL - for trixie release, as the default guestfs repo only has debian buster. + Select this for Debian Trixie, Debian 13. Since Debian does not yet + provide a virt-builder repo, we must download mock up our own URL + for trixie release, as the default guestfs repo only has Debian Buster. We download the image for you once, and once its there we don't refresh it. We can later add support to force a refresh using the latest URL, - as trixie is debian-testing and debian testing always has an new + as trixie is debian-testing and Debian Testing always has a new up to date image release, that is, its a rolling distribution release. This doesn't work yet.. it gets stuck on the grub prompt. @@ -132,7 +132,7 @@ config GUESTFS_DEBIAN_BUSTER bool "Debian 12 - Buster" output yaml help - Select this for debian buster, debian 12. + Select this for Debian Buster, Debian 12. endchoice @@ -204,16 +204,16 @@ config GUESTFS_DEBIAN_COPY_HOST_SOURCES default DISTRO_DEBIAN_HAS_HOP1_SOURCES select GUESTFS_COPY_SOURCES_FROM_HOST_TO_GUEST help - We have detected that you are running debian on the host, this option + We have detected that you are running Debian on the host, this option will be enabled by default if we detect that your /etc/apt/sources.list is using a source we determine has only one hop via traceroute to it, for details of that heuristic see the script: ./scripts/get-distro-has-hop-count-sources.sh - If your hop distance to your mirror is just 1, you are using debian on - the host, want to use debian guests, both host and guest match the - target release, then its a good assumtion you'd likely want to take + If your hop distance to your mirror is just 1, you are using Debian on + the host, want to use Debian guests, both host and guest match the + target release, then its a good assumption you'd likely want to take advantage of that same mirror for your guests. So disable this if you really don't want to take advantage of your sources.list. From 4ecfa2602defbb4b9e1c3d456ccaf478f53d2769 Mon Sep 17 00:00:00 2001 From: Daniel Gomez Date: Wed, 29 Oct 2025 13:40:47 +0100 Subject: [PATCH 05/15] base_image: set selinux to permissive for fedora on debian hosts When building Fedora guest images on Debian hosts, SELinux contexts cannot be properly set because Debian lacks SELinux kernel support. Libguestfs cannot persist security.selinux extended attributes to filesystems when mounting from non-SELinux hosts, causing all files to have unlabeled_t context. This creates a boot failure where SELinux blocks all binary execution (195 AVC denials, 211 exit 127 errors), including the autorelabel service itself. Configure Fedora images to use SELinux permissive mode instead of enforcing when built on Debian/Ubuntu hosts. This allows guests to boot successfully while still loading SELinux policy for development and testing. Add --no-selinux-relabel to virt-sysprep to prevent it from creating .autorelabel files that would trigger failed relabeling attempts on first boot. Generated-by: Claude AI Reviewed-by: Chuck Lever Link: https://lore.kernel.org/r/20251029-fedora-on-debian-v2-5-ddc6e5bebc15@samsung.com Signed-off-by: Daniel Gomez --- .../roles/base_image/tasks/base-image.yml | 34 +++++++++++++++++++ .../roles/guestfs/tasks/bringup/main.yml | 4 +++ 2 files changed, 38 insertions(+) diff --git a/playbooks/roles/base_image/tasks/base-image.yml b/playbooks/roles/base_image/tasks/base-image.yml index fc022649f..a7f2da2d0 100644 --- a/playbooks/roles/base_image/tasks/base-image.yml +++ b/playbooks/roles/base_image/tasks/base-image.yml @@ -52,6 +52,7 @@ creates: "{{ base_image_pathname }}" when: - libvirt_uri_system|bool + register: virt_builder_result_system - name: Generate a new base image for {{ base_image_os_version }} ansible.builtin.command: @@ -71,6 +72,39 @@ creates: "{{ base_image_pathname }}" when: - not libvirt_uri_system|bool + register: virt_builder_result_user + +- name: Set SELinux to permissive mode for Fedora images on non-SELinux hosts (system libvirt) + become: true + become_method: ansible.builtin.sudo + ansible.builtin.command: + argv: + - "virt-customize" + - "-a" + - "{{ base_image_pathname }}" + - "--run-command" + - "sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config" + when: + - libvirt_uri_system|bool + - guestfs_fedora is defined + - guestfs_fedora|bool + - ansible_distribution|lower in ['debian', 'ubuntu'] + - virt_builder_result_system is changed + +- name: Set SELinux to permissive mode for Fedora images on non-SELinux hosts (user libvirt) + ansible.builtin.command: + argv: + - "virt-customize" + - "-a" + - "{{ base_image_pathname }}" + - "--run-command" + - "sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config" + when: + - not libvirt_uri_system|bool + - guestfs_fedora is defined + - guestfs_fedora|bool + - ansible_distribution|lower in ['debian', 'ubuntu'] + - virt_builder_result_user is changed - name: Set proper ownership on base image for rcloud access (system libvirt) become: true diff --git a/playbooks/roles/guestfs/tasks/bringup/main.yml b/playbooks/roles/guestfs/tasks/bringup/main.yml index 510e1a7dc..f3645b903 100644 --- a/playbooks/roles/guestfs/tasks/bringup/main.yml +++ b/playbooks/roles/guestfs/tasks/bringup/main.yml @@ -91,6 +91,10 @@ "--firstboot-command", "if command -v ufw >/dev/null 2>&1 && systemctl is-active ufw >/dev/null 2>&1; then ufw allow " + (ansible_cfg_ssh_port | string) + "/tcp; fi" ] if ansible_cfg_ssh_port | int != 22 else [] + ) + ( + ["--no-selinux-relabel"] + if (guestfs_fedora is defined and guestfs_fedora|bool and ansible_distribution|lower in ['debian', 'ubuntu']) + else [] ) }} From b8e0ee9f48a4b7dde23fec736fa45083f273687b Mon Sep 17 00:00:00 2001 From: Daniel Gomez Date: Wed, 29 Oct 2025 13:40:48 +0100 Subject: [PATCH 06/15] ansible_provisioning: fix help text indentation style Fix Kconfig help text indentation to consistently use tabs. Several help entries were using spaces instead of tabs for indentation, and one had incorrect placement of the "help" keyword. Reviewed-by: Chuck Lever Link: https://lore.kernel.org/r/20251029-fedora-on-debian-v2-6-ddc6e5bebc15@samsung.com Signed-off-by: Daniel Gomez --- kconfigs/Kconfig.ansible_provisioning | 56 +++++++++++++-------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/kconfigs/Kconfig.ansible_provisioning b/kconfigs/Kconfig.ansible_provisioning index 52b648549..590a11487 100644 --- a/kconfigs/Kconfig.ansible_provisioning +++ b/kconfigs/Kconfig.ansible_provisioning @@ -37,7 +37,7 @@ config KDEVOPS_DEVCONFIG_ENABLE_CONSOLE depends on KDEVOPS_DEVCONFIG_ENABLE help Enable this so that we configure and enable console serial settings - for you on /etc/default/grub. + for you on /etc/default/grub. if KDEVOPS_DEVCONFIG_ENABLE_CONSOLE @@ -45,26 +45,26 @@ config KDEVOPS_DEVCONFIG_KERNEL_CONSOLE_SETTINGS string "Kernel command line console kernel parameters to use" default "console=tty0 console=tty1 console=ttyS0,115200n8" help - Linux kernel console kernel parameters to use. This will be appended + Linux kernel console kernel parameters to use. This will be appended to the GRUB configuration file /etc/default/grub on the variable - GRUB_CMDLINE_LINUX_DEFAULT, if and only if you did not have any - console settings already set. + GRUB_CMDLINE_LINUX_DEFAULT, if and only if you did not have any + console settings already set. config KDEVOPS_DEVCONFIG_GRUB_SERIAL_COMMAND string "GRUB specific serial settings" default "serial --speed=115200 --unit=0 --parity=no --stop=1" help - GRUB console settings to use. This will be appended to the GRUB - configuration file /etc/default/grub on the variable - GRUB_SERIAL_COMMAND, if and only if we did change the your console - settings as per the above configured kernel parameters passed. + GRUB console settings to use. This will be appended to the GRUB + configuration file /etc/default/grub on the variable + GRUB_SERIAL_COMMAND, if and only if we did change the your console + settings as per the above configured kernel parameters passed. config KDEVOPS_GRUB_TIMEOUT int "GRUB timeout" default 2 help - GRUB timeout to wait for user interaction to let you pick another - kernel or boot options. + GRUB timeout to wait for user interaction to let you pick another + kernel or boot options. endif # KDEVOPS_DEVCONFIG_ENABLE_CONSOLE @@ -72,7 +72,7 @@ config KDEVOPS_DEVCONFIG_ENABLE_SYSTEMD_WATCHDOG bool "Enable systemd watchdog setup" default y depends on KDEVOPS_DEVCONFIG_ENABLE - help + help Enable this to allow you to configure your systemd watchdog configuration. For details refer to: https://www.freedesktop.org/software/systemd/man/systemd-system.conf.html @@ -81,20 +81,20 @@ if KDEVOPS_DEVCONFIG_ENABLE_SYSTEMD_WATCHDOG config KDEVOPS_DEVCONFIG_SYSTEMD_WATCHDOG_TIMEOUT_RUNTIME string "Configures the RuntimeWatchdogSec settting" default "5min" - help - Configures the systemd watchdog RuntimeWatchdogSec setting. + help + Configures the systemd watchdog RuntimeWatchdogSec setting. config KDEVOPS_DEVCONFIG_SYSTEMD_WATCHDOG_TIMEOUT_REBOOT string "Configures the RebootWatchdogSec settting" default "10min" - help - Configures the systemd watchdog RebootWatchdogSec setting. + help + Configures the systemd watchdog RebootWatchdogSec setting. config KDEVOPS_DEVCONFIG_SYSTEMD_WATCHDOG_TIMEOUT_KEXEC string "Configures the KexecWatchdogSec settting" default "5min" - help - Configures the systemd watchdog KexecWatchdogSec setting. + help + Configures the systemd watchdog KexecWatchdogSec setting. endif # KDEVOPS_DEVCONFIG_ENABLE_SYSTEMD_WATCHDOG @@ -131,8 +131,8 @@ config DEVCONFIG_ENABLE_SYSTEMD_JOURNAL_REMOTE select DEVCONFIG_ENABLE_SYSTEMD_TIMESYNCD select DEVCONFIG_ENABLE_SYSTEMD_TIMESYNCD_NTP help - It is a pain to have to ssh to target nodes one is testing to check - for kernel logs. Enable this to allow us to set up the host with + It is a pain to have to ssh to target nodes one is testing to check + for kernel logs. Enable this to allow us to set up the host with systemd-journal-remote.service on then we will also congigure all test nodes with systemd-journal-upload.service so to upload their systemd journal to the host. By default we rely on insecure http @@ -168,8 +168,8 @@ config DEVCONFIG_SYSTEMD_JOURNAL_USE_HTTP bool "Use simple insecure http" default y help - For a simple setup you don't want to set up SSL cert files. - If you disable this you are on your own for now on setting up the + For a simple setup you don't want to set up SSL cert files. + If you disable this you are on your own for now on setting up the SSL cert files. For cloud environments you may want to have a command and control server within the network on the nodes, and assign that node as the systemd service. @@ -178,8 +178,8 @@ config DEVCONFIG_SYSTEMD_JOURNAL_REMOTE_URL string "systemd-remote URL" default $(shell, scripts/append-makefile-vars.sh http:// $(KDEVOPS_DEFAULT_BRIDGE_IP_GUESTFS)) if GUESTFS help - This is used for the client /etc/systemd/journal-upload.conf URL line. - By default we won't use SSL for now. If you should make sure the + This is used for the client /etc/systemd/journal-upload.conf URL line. + By default we won't use SSL for now. If you should make sure the IP address used here matches what the node should use. If using libvirt then ensure it is the same for your virtualization setup. If you are using libvirt on debian on the host it would seem the @@ -191,7 +191,7 @@ config DEVCONFIG_ENABLE_SYSTEMD_TIMESYNCD bool "Set up systemd-timesyncd" default n help - It if often useful to have the host and target nodes on the same + It if often useful to have the host and target nodes on the same time. This is usefult to optimize watchdogs so that we can use on local time instead of remote time for a sense of how much time has lapsed. Enable this if you want to benefit from this. @@ -202,7 +202,7 @@ config DEVCONFIG_ENABLE_SYSTEMD_TIMESYNCD_NTP bool "Enable systemd-timesyncd NTP" default y help - Enable NTP service using systemd-timesyncd. + Enable NTP service using systemd-timesyncd. if DEVCONFIG_ENABLE_SYSTEMD_TIMESYNCD_NTP @@ -238,9 +238,9 @@ config KDEVOPS_DEVCONFIG_ENABLE_CUSTOM_REPOS bool "Allow user to add custom repositories and install packages from them" default n help - Enable Kconfig options to allow user to add custom package - repositories and to also specify packages to be installed - from them. + Enable Kconfig options to allow user to add custom package + repositories and to also specify packages to be installed + from them. config KDEVOPS_DEVCONFIG_CUSTOM_REPOS string "Comma separated list of custom repositories to be enabled" From 986e302c02f06b611dee2994db575863e458d393 Mon Sep 17 00:00:00 2001 From: Daniel Gomez Date: Wed, 29 Oct 2025 13:40:49 +0100 Subject: [PATCH 07/15] devconfig: fix undefined custom repos/packages variables Ansible fails with "'kdevops_devconfig_custom_repos' is undefined" when KDEVOPS_DEVCONFIG_ENABLE_CUSTOM_REPOS is disabled (the default). Kconfig has a limitation where "output yaml" will not export variables that have unmet "depends on" conditions, leaving them completely undefined in extra_vars.yaml. This causes Ansible to fail when checking these variables even though they have default values in Kconfig. The fix migrates both variables to proper output yaml in Kconfig while removing the redundant legacy Makefile ANSIBLE_EXTRA_ARGS exports. To ensure the variables always exist regardless of kconfig conditions, the devconfig role's defaults/main.yml now provides empty string fallbacks. This follows standard Ansible patterns and makes the playbook portable for standalone use outside kdevops. Generated-by: Claude AI Reviewed-by: Chuck Lever Link: https://lore.kernel.org/r/20251029-fedora-on-debian-v2-7-ddc6e5bebc15@samsung.com Signed-off-by: Daniel Gomez --- Makefile | 7 ------- kconfigs/Kconfig.ansible_provisioning | 2 ++ playbooks/roles/devconfig/defaults/main.yml | 4 ++++ 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index bf72eee9a..f8d36572e 100644 --- a/Makefile +++ b/Makefile @@ -213,13 +213,6 @@ endif KDEVOPS_ANSIBLE_PROVISION_PLAYBOOK:=$(subst ",,$(CONFIG_KDEVOPS_ANSIBLE_PROVISION_PLAYBOOK)) ifeq (y,$(CONFIG_KDEVOPS_ANSIBLE_PROVISION_ENABLE)) ANSIBLE_EXTRA_ARGS += kdevops_ansible_provision_playbook='$(KDEVOPS_ANSIBLE_PROVISION_PLAYBOOK)' - -KDEVOPS_DEVCONFIG_CUSTOM_REPOS:=$(subst ",,$(CONFIG_KDEVOPS_DEVCONFIG_CUSTOM_REPOS)) -ANSIBLE_EXTRA_ARGS += kdevops_devconfig_custom_repos='$(KDEVOPS_DEVCONFIG_CUSTOM_REPOS)' - -KDEVOPS_DEVCONFIG_CUSTOM_PACKAGES:=$(subst ",,$(CONFIG_KDEVOPS_DEVCONFIG_CUSTOM_PACKAGES)) -ANSIBLE_EXTRA_ARGS += kdevops_devconfig_custom_packages='$(KDEVOPS_DEVCONFIG_CUSTOM_PACKAGES)' - endif include scripts/gen-hosts.Makefile diff --git a/kconfigs/Kconfig.ansible_provisioning b/kconfigs/Kconfig.ansible_provisioning index 590a11487..93cc395f8 100644 --- a/kconfigs/Kconfig.ansible_provisioning +++ b/kconfigs/Kconfig.ansible_provisioning @@ -245,6 +245,7 @@ config KDEVOPS_DEVCONFIG_ENABLE_CUSTOM_REPOS config KDEVOPS_DEVCONFIG_CUSTOM_REPOS string "Comma separated list of custom repositories to be enabled" default "" + output yaml depends on KDEVOPS_DEVCONFIG_ENABLE_CUSTOM_REPOS=y help Comma separated list of custom repositories to be enabled @@ -252,6 +253,7 @@ config KDEVOPS_DEVCONFIG_CUSTOM_REPOS config KDEVOPS_DEVCONFIG_CUSTOM_PACKAGES string "Comma separated list of custom packages to be installed" default "" + output yaml depends on KDEVOPS_DEVCONFIG_ENABLE_CUSTOM_REPOS=y help Comma separated list of custom packages to be installed diff --git a/playbooks/roles/devconfig/defaults/main.yml b/playbooks/roles/devconfig/defaults/main.yml index b5d4724d3..122cb8985 100644 --- a/playbooks/roles/devconfig/defaults/main.yml +++ b/playbooks/roles/devconfig/defaults/main.yml @@ -60,3 +60,7 @@ unattended_upgrades_installed: false workflow_infer_user_and_group: false kdevops_use_declared_hosts: false kdevops_enable_terraform: false + +# Custom repository and package installation defaults +kdevops_devconfig_custom_repos: "" +kdevops_devconfig_custom_packages: "" From ee5f9c70eee98e72550d284855d97c339953ea0e Mon Sep 17 00:00:00 2001 From: Daniel Gomez Date: Wed, 29 Oct 2025 13:40:50 +0100 Subject: [PATCH 08/15] devconfig: fix Ansible boolean conditional for custom repos Newer Ansible versions reject string variables in conditionals without explicit boolean expressions, producing "Conditional result was derived from type 'str'" errors. Remove the redundant string variable check. The length test already evaluates to boolean (length > 1), properly handling empty strings by skipping the task. Generated-by: Claude AI Reviewed-by: Chuck Lever Link: https://lore.kernel.org/r/20251029-fedora-on-debian-v2-8-ddc6e5bebc15@samsung.com Signed-off-by: Daniel Gomez --- .../tasks/config-custom-repos-and-packages/redhat/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/playbooks/roles/devconfig/tasks/config-custom-repos-and-packages/redhat/main.yml b/playbooks/roles/devconfig/tasks/config-custom-repos-and-packages/redhat/main.yml index 0a772dd71..76d1ce3c0 100644 --- a/playbooks/roles/devconfig/tasks/config-custom-repos-and-packages/redhat/main.yml +++ b/playbooks/roles/devconfig/tasks/config-custom-repos-and-packages/redhat/main.yml @@ -10,7 +10,6 @@ mode: "0644" with_items: "{{ kdevops_devconfig_custom_repos | trim | split(',') }}" when: - - kdevops_devconfig_custom_repos - kdevops_devconfig_custom_repos | trim | length > 1 - name: Install custom packages @@ -24,5 +23,4 @@ until: result.rc == 0 with_items: "{{ kdevops_devconfig_custom_packages | trim | split(',') }}" when: - - kdevops_devconfig_custom_packages - kdevops_devconfig_custom_packages | trim | length > 1 From 89e29f6f91381a30932c33ff9117b5838f72fcb2 Mon Sep 17 00:00:00 2001 From: Daniel Gomez Date: Wed, 29 Oct 2025 13:40:51 +0100 Subject: [PATCH 09/15] bootlinux: fix os detection for 9p build dependency installation Dependency installation for 9P builds was checking ansible_os_family, which references the target guest's OS instead of the control host where packages are actually installed. This caused incorrect packages to be installed when building Fedora guests on Debian hosts. Replace ansible_os_family checks with Kconfig distro variables (distro_debian_based, distro_fedora, etc.) which correctly detect the control host's distribution. Add fallback defaults to ensure the variables are always defined for standalone role usage. Generated-by: Claude AI Suggested-by: Chuck Lever Reviewed-by: Chuck Lever Link: https://lore.kernel.org/r/20251029-fedora-on-debian-v2-9-ddc6e5bebc15@samsung.com Signed-off-by: Daniel Gomez --- playbooks/roles/bootlinux/defaults/main.yml | 6 ++++++ playbooks/roles/bootlinux/tasks/build/9p.yml | 2 +- playbooks/roles/bootlinux/tasks/install-deps/main.yml | 6 +++--- .../roles/bootlinux/tasks/install-deps/redhat/main.yml | 4 ++-- 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/playbooks/roles/bootlinux/defaults/main.yml b/playbooks/roles/bootlinux/defaults/main.yml index 1ae70b2c1..78e4e28ff 100644 --- a/playbooks/roles/bootlinux/defaults/main.yml +++ b/playbooks/roles/bootlinux/defaults/main.yml @@ -141,3 +141,9 @@ bootlinux_fragment_x86: false bootlinux_fragment_xarray: false bootlinux_fragment_xarray_no_multi: false + +# Distro controls +distro_debian_based: false +distro_fedora: false +distro_redhat_based: false +distro_suse_based: false diff --git a/playbooks/roles/bootlinux/tasks/build/9p.yml b/playbooks/roles/bootlinux/tasks/build/9p.yml index f390f028d..809d342ae 100644 --- a/playbooks/roles/bootlinux/tasks/build/9p.yml +++ b/playbooks/roles/bootlinux/tasks/build/9p.yml @@ -14,7 +14,7 @@ when: - target_linux_install_b4 is defined - target_linux_install_b4 - - ansible_facts['os_family']|lower != 'debian' + - not distro_debian_based|bool run_once: true delegate_to: localhost diff --git a/playbooks/roles/bootlinux/tasks/install-deps/main.yml b/playbooks/roles/bootlinux/tasks/install-deps/main.yml index 51a207416..058f39268 100644 --- a/playbooks/roles/bootlinux/tasks/install-deps/main.yml +++ b/playbooks/roles/bootlinux/tasks/install-deps/main.yml @@ -2,14 +2,14 @@ - name: Debian-specific setup ansible.builtin.import_tasks: debian/main.yml when: - - ansible_os_family == "Debian" + - distro_debian_based|bool - name: SuSE-specific setup ansible.builtin.import_tasks: suse/main.yml when: - - ansible_os_family == "Suse" + - distro_suse_based|bool - name: Red Hat-specific setup ansible.builtin.import_tasks: redhat/main.yml when: - - ansible_os_family == "RedHat" + - distro_redhat_based|bool diff --git a/playbooks/roles/bootlinux/tasks/install-deps/redhat/main.yml b/playbooks/roles/bootlinux/tasks/install-deps/redhat/main.yml index 7f1955bf4..e9a0c6e23 100644 --- a/playbooks/roles/bootlinux/tasks/install-deps/redhat/main.yml +++ b/playbooks/roles/bootlinux/tasks/install-deps/redhat/main.yml @@ -3,7 +3,7 @@ ansible.builtin.include_role: name: epel-release when: - - ansible_distribution != "Fedora" + - not distro_fedora|bool - name: Install packages we care about become: true @@ -67,7 +67,7 @@ vars: packages: - btrfs-progs - when: ansible_distribution == 'Fedora' + when: distro_fedora|bool - name: Install clang become: true From 38fd1912808664ed2298dc0a54c1a1a1fdf91050 Mon Sep 17 00:00:00 2001 From: Daniel Gomez Date: Wed, 29 Oct 2025 13:40:52 +0100 Subject: [PATCH 10/15] selftests: fix os detection for 9p build dependency installation The selftests role calls install-deps twice: once on the target guest and once on localhost for 9P builds. When delegated to localhost, ansible_facts still references the target guest's OS rather than the control host's OS, causing the wrong package manager to be invoked (e.g., dnf on Debian hosts when building Fedora guests). Split install-deps into two separate files: main.yml uses ansible_facts for detecting the guest OS in normal execution, while main-localhost.yml uses Kconfig distro variables for detecting the control host OS when delegated to localhost. Add distro variable fallbacks to defaults/main.yml to ensure the Kconfig variables are always defined when the role runs. This prevents "Could not detect which major revision of dnf is in use" errors when building Fedora guests on Debian control hosts with 9P. Generated-by: Claude AI Reviewed-by: Chuck Lever Link: https://lore.kernel.org/r/20251029-fedora-on-debian-v2-10-ddc6e5bebc15@samsung.com Signed-off-by: Daniel Gomez --- playbooks/roles/selftests/defaults/main.yml | 6 ++++++ .../selftests/tasks/install-deps/main-localhost.yml | 10 ++++++++++ playbooks/roles/selftests/tasks/main.yml | 2 +- 3 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 playbooks/roles/selftests/tasks/install-deps/main-localhost.yml diff --git a/playbooks/roles/selftests/defaults/main.yml b/playbooks/roles/selftests/defaults/main.yml index 45cb5022b..216236908 100644 --- a/playbooks/roles/selftests/defaults/main.yml +++ b/playbooks/roles/selftests/defaults/main.yml @@ -37,3 +37,9 @@ selftest_kernelspace: false selftest_xarray: false selftest_maple: false selftest_vma: false + +# Distro controls +distro_debian_based: false +distro_fedora: false +distro_redhat_based: false +distro_suse_based: false diff --git a/playbooks/roles/selftests/tasks/install-deps/main-localhost.yml b/playbooks/roles/selftests/tasks/install-deps/main-localhost.yml new file mode 100644 index 000000000..4817f530b --- /dev/null +++ b/playbooks/roles/selftests/tasks/install-deps/main-localhost.yml @@ -0,0 +1,10 @@ +--- +# tasks to install dependencies for selftests on localhost (for 9P builds) +# Uses Kconfig distro variables instead of ansible_facts to detect control host OS +- name: Debian-specific setup for localhost + ansible.builtin.import_tasks: tasks/install-deps/debian/main.yml + when: distro_debian_based|bool +- ansible.builtin.import_tasks: tasks/install-deps/suse/main.yml + when: distro_suse_based|bool +- ansible.builtin.import_tasks: tasks/install-deps/redhat/main.yml + when: distro_redhat_based|bool diff --git a/playbooks/roles/selftests/tasks/main.yml b/playbooks/roles/selftests/tasks/main.yml index f8af3080d..3f5e0319f 100644 --- a/playbooks/roles/selftests/tasks/main.yml +++ b/playbooks/roles/selftests/tasks/main.yml @@ -19,7 +19,7 @@ - name: Install dependencies to build Linux selftests on host tags: ["deps"] run_once: true - ansible.builtin.import_tasks: install-deps/main.yml + ansible.builtin.import_tasks: install-deps/main-localhost.yml delegate_to: localhost when: - bootlinux_9p|bool From b341888d991b7d6238fdcb6ba74f9412c7a1b0c3 Mon Sep 17 00:00:00 2001 From: Daniel Gomez Date: Wed, 29 Oct 2025 13:40:53 +0100 Subject: [PATCH 11/15] guestfs: generate fedora distribution-specific hostname prefixes Add GUESTFS_FEDORA_BOX_SHORT configuration to generate version-specific short prefixes (fedora41, fedora40, fedora39) for Fedora guests, matching the existing Debian implementation. Enable HAVE_CUSTOM_DISTRO_HOST_PREFIX and HAVE_DISTRO_PREFERS_CUSTOM_HOST_PREFIX for Fedora to allow automatic hostname prefix generation based on the selected Fedora version, helping distinguish different distribution releases in multi-VM test environments. Generated-by: Claude AI Reviewed-by: Chuck Lever Link: https://lore.kernel.org/r/20251029-fedora-on-debian-v2-11-ddc6e5bebc15@samsung.com Signed-off-by: Daniel Gomez --- kconfigs/Kconfig.guestfs | 9 +++++++++ kconfigs/Kconfig.kdevops | 1 + 2 files changed, 10 insertions(+) diff --git a/kconfigs/Kconfig.guestfs b/kconfigs/Kconfig.guestfs index f7601bc98..3bc4b0603 100644 --- a/kconfigs/Kconfig.guestfs +++ b/kconfigs/Kconfig.guestfs @@ -78,6 +78,8 @@ choice config GUESTFS_FEDORA bool "Fedora (or derived distro)" output yaml + select HAVE_CUSTOM_DISTRO_HOST_PREFIX + select HAVE_DISTRO_PREFERS_CUSTOM_HOST_PREFIX select HAVE_DISTRO_XFS_PREFERS_MANUAL if FSTESTS_XFS select HAVE_DISTRO_BTRFS_PREFERS_MANUAL if FSTESTS_BTRFS select HAVE_DISTRO_EXT4_PREFERS_MANUAL if FSTESTS_EXT4 @@ -222,6 +224,13 @@ config GUESTFS_DEBIAN_COPY_HOST_SOURCES endif # GUESTFS_DEBIAN +config GUESTFS_FEDORA_BOX_SHORT + string + default "fedora41" if VIRT_BUILDER_OS_VERSION = "fedora-41" + default "fedora40" if VIRT_BUILDER_OS_VERSION = "fedora-40" + default "fedora39" if VIRT_BUILDER_OS_VERSION = "fedora-39" + default "fedora" + config VIRT_BUILDER_OS_VERSION string "virt-builder os-version" default "fedora-39" if GUESTFS_FEDORA diff --git a/kconfigs/Kconfig.kdevops b/kconfigs/Kconfig.kdevops index 1b40db5b0..68e91193d 100644 --- a/kconfigs/Kconfig.kdevops +++ b/kconfigs/Kconfig.kdevops @@ -25,6 +25,7 @@ config HAVE_DISTRO_REQUIRES_CUSTOM_SSH_KEXALGORITHMS config CUSTOM_DISTRO_HOST_PREFIX string depends on HAVE_CUSTOM_DISTRO_HOST_PREFIX + default GUESTFS_FEDORA_BOX_SHORT if GUESTFS_FEDORA default GUESTFS_DEBIAN_BOX_SHORT if GUESTFS_DEBIAN config CUSTOM_SSH_KEXALGORITHMS From 91dae79963985d1efa41adb89762a20c6c1eef81 Mon Sep 17 00:00:00 2001 From: Daniel Gomez Date: Wed, 29 Oct 2025 13:40:54 +0100 Subject: [PATCH 12/15] defconfigs: add fedora-41 fragment for guestfs Add configuration fragment for selecting Fedora 41 as the guest OS. This allows overriding defconfig guest OS choices via merge_config.sh and enables CI workflows to test Fedora-specific configurations. Reviewed-by: Chuck Lever Link: https://lore.kernel.org/r/20251029-fedora-on-debian-v2-12-ddc6e5bebc15@samsung.com Signed-off-by: Daniel Gomez --- defconfigs/configs/guestfs-fedora-41.config | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 defconfigs/configs/guestfs-fedora-41.config diff --git a/defconfigs/configs/guestfs-fedora-41.config b/defconfigs/configs/guestfs-fedora-41.config new file mode 100644 index 000000000..bfbd4cf8e --- /dev/null +++ b/defconfigs/configs/guestfs-fedora-41.config @@ -0,0 +1,2 @@ +CONFIG_GUESTFS_FEDORA=y +CONFIG_VIRT_BUILDER_OS_VERSION="fedora-41" From 614c1cd6ffe113e4573cecf334c010cf9373073e Mon Sep 17 00:00:00 2001 From: Daniel Gomez Date: Wed, 29 Oct 2025 13:40:55 +0100 Subject: [PATCH 13/15] defconfigs: add debian-13 fragment for guestfs Add configuration fragment for selecting Debian 13 (Trixie) as the guest OS. This allows overriding defconfig guest OS choices via merge_config.sh and enables CI workflows to test Debian-specific configurations. Reviewed-by: Chuck Lever Link: https://lore.kernel.org/r/20251029-fedora-on-debian-v2-13-ddc6e5bebc15@samsung.com Signed-off-by: Daniel Gomez --- defconfigs/configs/guestfs-debian-13.config | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 defconfigs/configs/guestfs-debian-13.config diff --git a/defconfigs/configs/guestfs-debian-13.config b/defconfigs/configs/guestfs-debian-13.config new file mode 100644 index 000000000..b638304ae --- /dev/null +++ b/defconfigs/configs/guestfs-debian-13.config @@ -0,0 +1,2 @@ +CONFIG_GUESTFS_DEBIAN=y +CONFIG_GUESTFS_DEBIAN_TRIXIE=y From f96f43e39c8a21cdcb933f6744823a5323fbcd1d Mon Sep 17 00:00:00 2001 From: Daniel Gomez Date: Wed, 29 Oct 2025 13:40:56 +0100 Subject: [PATCH 14/15] github: add guest OS selection for CI testing Add manual guest OS selection to GitHub Actions workflows, allowing testing of distribution-specific fixes across Debian and Fedora guests. The workflow_dispatch trigger accepts 'default', 'debian-13', or 'fedora-41', merging the corresponding guestfs config fragment to override the defconfig's guest OS choice. This enables validation of cross-distribution compatibility for fixes like the locale and SELinux changes in this series. Link: https://lore.kernel.org/kdevops/7e469eeb-1c96-47e2-8a7a-ccf1aa1245fa@kernel.org/ Generated-by: Claude AI Reviewed-by: Chuck Lever Link: https://lore.kernel.org/r/20251029-fedora-on-debian-v2-14-ddc6e5bebc15@samsung.com Signed-off-by: Daniel Gomez --- .github/actions/configure/action.yml | 22 +++++++++++++++++++++- .github/workflows/kdevops.yml | 10 ++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/.github/actions/configure/action.yml b/.github/actions/configure/action.yml index 68c4e7434..9c35b4a6e 100644 --- a/.github/actions/configure/action.yml +++ b/.github/actions/configure/action.yml @@ -20,6 +20,10 @@ inputs: required: false type: string default: 'kdevops-ci' + guest_os: + required: false + type: string + default: 'default' runs: using: "composite" @@ -112,11 +116,27 @@ runs: echo "Using Linux CI configuration (4GB/8core VMs)" fi + # Configure guest OS if specified + GUEST_OS_CONFIG= + if [[ "${{ inputs.guest_os }}" != "default" ]]; then + GUEST_OS_CONFIG="defconfigs/configs/guestfs-${{ inputs.guest_os }}.config" + + if [[ ! -f "$GUEST_OS_CONFIG" ]]; then + echo "Error: Guest OS config not found: $GUEST_OS_CONFIG" + exit 1 + fi + + echo "Using guest OS configuration: $GUEST_OS_CONFIG" + else + echo "Using default guest OS from defconfig" + fi + ./scripts/kconfig/merge_config.sh \ -n .config \ defconfigs/configs/diy.config \ defconfigs/configs/ci.config \ - ${VM_CONFIG_ARG} + ${VM_CONFIG_ARG} \ + ${GUEST_OS_CONFIG} - name: Run kdevops make shell: bash diff --git a/.github/workflows/kdevops.yml b/.github/workflows/kdevops.yml index 6fc583c6a..d94a7e7f8 100644 --- a/.github/workflows/kdevops.yml +++ b/.github/workflows/kdevops.yml @@ -88,6 +88,15 @@ on: options: - 'kdevops-ci' - 'linux-ci' + guest_os: + description: 'Guest OS for testing' + required: false + default: 'default' + type: choice + options: + - default # Use defconfig's default (typically Debian 13 on debian hosts) + - debian-13 # Force Debian 13 Trixie + - fedora-41 # Force Fedora 41 tests: description: 'Custom test to run (for kdevops-ci mode only)' required: false @@ -231,6 +240,7 @@ jobs: uses: ./.github/actions/configure with: ci_workflow: ${{ matrix.ci_workflow }} + guest_os: ${{ github.event.inputs.guest_os || 'default' }} kernel_ref: >- ${{ github.event_name == 'schedule' && needs.generate_kernel_ref.outputs.kernel_ref From df8beea887ebb2783cf92d772ed3b046b10e4b08 Mon Sep 17 00:00:00 2001 From: Daniel Gomez Date: Wed, 29 Oct 2025 13:40:57 +0100 Subject: [PATCH 15/15] guestfs: increase SSH config timeout for Fedora on Debian hosts Fedora guests running on Debian hosts timeout after 60 seconds while waiting for network configuration during first boot. The 60-second timeout is insufficient due to slower boot times caused by SELinux permissive mode initialization on non-SELinux hosts. Increase the default timeout from 60 to 180 seconds to accommodate Fedora boot times. Make the timeout configurable via KDEVOPS_SSH_CONFIG_TIMEOUT environment variable for flexibility in different environments. Improve the error message to include the configured timeout value and suggest using 'virsh console' for boot diagnostics. Generated-by: Claude AI Reviewed-by: Chuck Lever Link: https://lore.kernel.org/r/20251029-fedora-on-debian-v2-15-ddc6e5bebc15@samsung.com Signed-off-by: Daniel Gomez --- scripts/update_ssh_config_guestfs.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/scripts/update_ssh_config_guestfs.py b/scripts/update_ssh_config_guestfs.py index 40f1ccad0..0ec329597 100755 --- a/scripts/update_ssh_config_guestfs.py +++ b/scripts/update_ssh_config_guestfs.py @@ -33,11 +33,15 @@ # We take the first IPv4 address on the first non-loopback interface. def get_addr(name): + # Timeout increased to 180s to account for slower boot times with Fedora guests + # on Debian hosts (SELinux permissive mode initialization takes longer). + timeout_seconds = int(os.environ.get("KDEVOPS_SSH_CONFIG_TIMEOUT", "180")) attempt = 0 while True: attempt += 1 - if attempt > 60: - raise Exception(f"Unable to get an address for {name} after 60s") + if attempt > timeout_seconds: + raise Exception(f"Unable to get an address for {name} after {timeout_seconds}s. " + f"VM may be taking longer to boot. Check 'virsh console {name}' for boot status.") result = subprocess.run( [