From patchwork Fri Jan 31 20:19:29 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Chuck Lever <cel@kernel.org>
X-Patchwork-Id: 13955730
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9BA7B482EB
	for <kdevops@lists.linux.dev>; Fri, 31 Jan 2025 20:19:37 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1738354777; cv=none;
 b=tbzL2DYgzL8hh8f1QCr/psCOI7XeW0OlfayD3ePPcTLV9cxUEuh8aG9b+dC1VzCRst85AnUNWRxzw+y5pq1IJlgcarOQWTZ+Qng8sNL9lY2d/ICHxiDAfnO55b1CIgZa/Z2oNkoKes6rhhPMytZITUIaTzrlXz4nBl3anzGmny8=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1738354777; c=relaxed/simple;
	bh=DszmmslPLgkgyPItwtsIaCp20Zkko5qa8sokpQARrVI=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=rtJ91sSZdAw86qC/2pggQN5+4dVyyLOY7uqEuplVGRhSnyAC9ttCjjibUUOlRcj5ekCqCAbDLihU/ObSnjhY2kbdxztWAze25BFU+RpiDYyDzsHl6F9g+YfkSW91QcowBo0QyElqeQvFP0f0pwlMNOZN7X9TzRXyga2ijSuAh78=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=OdKP10WA; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="OdKP10WA"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id C0FB8C4CEE1;
	Fri, 31 Jan 2025 20:19:36 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1738354777;
	bh=DszmmslPLgkgyPItwtsIaCp20Zkko5qa8sokpQARrVI=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=OdKP10WALacfMyVv/bez+2Aeckdp4/9KKX7VsPTpQ//5T3ntX4/Fh0bJ46o145t6t
	 6MtF8+/LE0PTpPbCS9fA0vW3oIMZX7wd02DMZlcY3rJ3AT1T6WNxi8oCiyue7Xc2ZQ
	 4Ghf94q69NALwsZKJHCm8V19UudGffWNZo2PXV2djjeLtIegsANiicP+dLuj3PLicI
	 M1iGfoGn8Yyfk9VGpOdP9ExOtsVmwLfNZLcg2eGRUMRyn9kpuUiEZw1nh1xhTfgyUu
	 KEjlicuYM7nCVYxaf4TTcpQeEItDAStCRy53ZPDCLsLDo/0QSnqUbN731yDMSV5q9Y
	 ksJot04Iuajxg==
From: cel@kernel.org
To: <kdevops@lists.linux.dev>
Cc: Chuck Lever <chuck.lever@oracle.com>
Subject: [RFC PATCH 1/4] guestfs: Rename the update_ssh_config_guestfs role
Date: Fri, 31 Jan 2025 15:19:29 -0500
Message-ID: <20250131201932.449083-2-cel@kernel.org>
X-Mailer: git-send-email 2.48.1
In-Reply-To: <20250131201932.449083-1-cel@kernel.org>
References: <20250131201932.449083-1-cel@kernel.org>
Precedence: bulk
X-Mailing-List: kdevops@lists.linux.dev
List-Id: <kdevops.lists.linux.dev>
List-Subscribe: <mailto:kdevops+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:kdevops+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Chuck Lever <chuck.lever@oracle.com>

The update_ssh_config_guestfs role inserts an "Include" directive
into the user's .ssh/config file. The included file is managed
solely by kdevops.

The plan is to use this same mechanism for terraform as well. So
give this role a generic name, perform a few clean-ups, and run it
during "make deps". This situates the Include directive into the
control user's .ssh/config for all virtualization methods.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 .../roles/update_ssh_config/tasks/main.yml    | 106 ++++++++++++++++++
 .../update_ssh_config_guestfs/tasks/main.yml  |  71 ------------
 playbooks/update_ssh_config.yml               |   5 +
 playbooks/update_ssh_config_guestfs.yml       |   4 -
 scripts/guestfs.Makefile                      |   5 -
 scripts/ssh.Makefile                          |  13 +++
 6 files changed, 124 insertions(+), 80 deletions(-)
 create mode 100644 playbooks/roles/update_ssh_config/tasks/main.yml
 delete mode 100644 playbooks/roles/update_ssh_config_guestfs/tasks/main.yml
 create mode 100644 playbooks/update_ssh_config.yml
 delete mode 100644 playbooks/update_ssh_config_guestfs.yml

diff --git a/playbooks/roles/update_ssh_config/tasks/main.yml b/playbooks/roles/update_ssh_config/tasks/main.yml
new file mode 100644
index 000000000000..583d006c85c3
--- /dev/null
+++ b/playbooks/roles/update_ssh_config/tasks/main.yml
@@ -0,0 +1,106 @@
+---
+- name: Set the pathname of the controller's .ssh directory
+  ansible.builtin.set_fact:
+    sshdir: "{{ lookup('ansible.builtin.env', 'HOME') }}/.ssh"
+  tags:
+    - vars
+
+- name: Check that the user's ssh config file exists
+  delegate_to: localhost
+  run_once: true
+  ansible.builtin.stat:
+    path: "{{ sshdir }}/config"
+  register: ssh_config
+  tags:
+    - deps
+
+- name: Check that the kdevops Include directive is present
+  delegate_to: localhost
+  run_once: true
+  ansible.builtin.lineinfile:
+    path: "{{ sshdir }}/config"
+    regexp: "Include ~/.ssh/config_kdevops_*"
+    state: absent
+  check_mode: true
+  changed_when: false
+  register: kdevops_ssh_include
+  when:
+    - ssh_config.stat.exists
+  tags:
+    - deps
+
+- name: Check that the Include directive has a kdevops_version comment
+  delegate_to: localhost
+  run_once: true
+  ansible.builtin.lineinfile:
+    path: "{{ sshdir }}/config"
+    regexp: "^#(.*)kdevops_version(.*)"
+    state: absent
+  check_mode: true
+  changed_when: false
+  register: fixed_ssh_entry
+  when:
+    - ssh_config.stat.exists
+  tags:
+    - deps
+
+- name: Check if the correct Include directive is present
+  ansible.builtin.meta: end_play
+  when:
+    - ssh_config.stat.exists
+    - kdevops_ssh_include.found
+    - fixed_ssh_entry.found
+  tags:
+    - deps
+
+- name: Remove the stale Include directive
+  delegate_to: localhost
+  run_once: true
+  ansible.builtin.lineinfile:
+    path: "{{ sshdir }}/config"
+    line: "Include ~/.ssh/config_kdevops_*"
+    state: absent
+  when:
+    - ssh_config.stat.exists
+  tags:
+    - deps
+
+- name: Remove stale kdevops comments
+  delegate_to: localhost
+  run_once: true
+  ansible.builtin.lineinfile:
+    path: "{{ sshdir }}/config"
+    regexp: "^#(.*)kdevops(.*)"
+    state: absent
+  when:
+    - ssh_config.stat.exists
+  tags:
+    - deps
+
+- name: Remove extraneous new lines
+  delegate_to: localhost
+  run_once: true
+  ansible.builtin.replace:
+    path: "{{ sshdir }}/config"
+    regexp: '(^\s*$)'
+    replace: ''
+  when:
+    - ssh_config.stat.exists
+  tags:
+    - deps
+
+- name: Add a proper Include directive to ~/.ssh/config
+  delegate_to: localhost
+  run_once: true
+  ansible.builtin.blockinfile:
+    path: "{{ sshdir }}/config"
+    insertbefore: BOF
+    marker: "{mark}"
+    marker_begin: "# Automatically added by kdevops\n# kdevops_version: {{ kdevops_version }}"
+    marker_end: ""
+    create: true
+    mode: "u=rw,g=r,o=r"
+    block: |
+      Include ~/.ssh/config_kdevops_*
+  tags:
+    - deps
diff --git a/playbooks/roles/update_ssh_config_guestfs/tasks/main.yml b/playbooks/roles/update_ssh_config_guestfs/tasks/main.yml
deleted file mode 100644
index 98c86f164612..000000000000
--- a/playbooks/roles/update_ssh_config_guestfs/tasks/main.yml
+++ /dev/null
@@ -1,71 +0,0 @@
-- name: Check if the ssh config file exists
-  stat:
-    path: "~/.ssh/config"
-  register: ssh_config
-
-# Check if the include directive is already presetn
-- name: Check if the kdevops include directive was used
-  lineinfile:
-    path: ~/.ssh/config
-    regexp: "Include ~/.ssh/config_kdevops_*"
-    state: absent
-  check_mode: yes
-  changed_when: false
-  register: kdevops_ssh_include
-  when: ssh_config.stat.exists
-
-# Check if the the kdevops_version was added in a comment
-- name: Check if the new include directive was used with a kdevops_version comment
-  lineinfile:
-    path: ~/.ssh/config
-    regexp: "^#(.*)kdevops_version(.*)"
-    state: absent
-  check_mode: yes
-  changed_when: false
-  register: fixed_ssh_entry
-  when: ssh_config.stat.exists
-
-# If both the include directive was found and kdevops version comment was found
-# we bail right away to avoid updating the ssh config file always.
-- name: Check if the new fixed include directive was used
-  meta: end_play
-  when:
-    - ssh_config.stat.exists
-    - kdevops_ssh_include.found
-    - fixed_ssh_entry.found
-
-# If we're still running it means the correct include directive following a new
-# line was not found. So remove old stale include directives which may be
-# buggy.
-- name: Remove buggy stale include directive to ~/.ssh/config without a new line
-  lineinfile:
-    path: ~/.ssh/config
-    line: "Include ~/.ssh/config_kdevops_*"
-    state: absent
-  when: ssh_config.stat.exists
-
-- name: Remove any stale kdevops comments
-  lineinfile:
-    path: ~/.ssh/config
-    regexp: "^#(.*)kdevops(.*)"
-    state: absent
-  when: ssh_config.stat.exists
-
-- name: Remove any extra new lines
-  replace:
-    path: ~/.ssh/config
-    regexp: '(^\s*$)'
-    replace: ''
-  when: ssh_config.stat.exists
-
-# ssh include directives must follow a new line.
-- name: Add Include directive to ~/.ssh/config
-  blockinfile:
-    path: ~/.ssh/config
-    insertbefore: BOF
-    marker: "{mark}"
-    marker_begin: "# Automatically added by kdevops\n# kdevops_version: {{ kdevops_version }}"
-    marker_end: ""
-    create: true
-    block: |
-      Include ~/.ssh/config_kdevops_*
diff --git a/playbooks/update_ssh_config.yml b/playbooks/update_ssh_config.yml
new file mode 100644
index 000000000000..e2603df526d4
--- /dev/null
+++ b/playbooks/update_ssh_config.yml
@@ -0,0 +1,5 @@
+---
+- hosts: all
+  gather_facts: false
+  roles:
+    - role: update_ssh_config
diff --git a/playbooks/update_ssh_config_guestfs.yml b/playbooks/update_ssh_config_guestfs.yml
deleted file mode 100644
index 346b90245637..000000000000
--- a/playbooks/update_ssh_config_guestfs.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-- hosts: localhost
-  roles:
-    - role: update_ssh_config_guestfs
diff --git a/scripts/guestfs.Makefile b/scripts/guestfs.Makefile
index 03909641aac4..8d3f01c35758 100644
--- a/scripts/guestfs.Makefile
+++ b/scripts/guestfs.Makefile
@@ -62,11 +62,6 @@ libvirt_pcie_passthrough_permissions:
 
 $(KDEVOPS_PROVISIONED_SSH):
 	$(Q)if [[ "$(CONFIG_KDEVOPS_SSH_CONFIG_UPDATE)" == "y" ]]; then \
-		ansible-playbook $(ANSIBLE_VERBOSE) --connection=local \
-			--inventory localhost, \
-			playbooks/update_ssh_config_guestfs.yml \
-			--extra-vars=@./extra_vars.yaml \
-			-e 'ansible_python_interpreter=/usr/bin/python3' ;\
 		LIBVIRT_DEFAULT_URI=$(CONFIG_LIBVIRT_URI) $(TOPDIR)/scripts/update_ssh_config_guestfs.py; \
 	fi
 	$(Q)ansible $(ANSIBLE_VERBOSE) -i hosts all -e 'ansible_python_interpreter=/usr/bin/python3' -m wait_for_connection
diff --git a/scripts/ssh.Makefile b/scripts/ssh.Makefile
index 3ee9437b1b4c..aee58e4bcef3 100644
--- a/scripts/ssh.Makefile
+++ b/scripts/ssh.Makefile
@@ -21,3 +21,16 @@ $(KDEVOPS_SSH_PRIVKEY): .config
 	$(NQ) Generating new private key: $(KDEVOPS_SSH_PRIVKEY)
 	$(NQ) Generating new public key: $(KDEVOPS_SSH_PUBKEY)
 	$(Q)$(TOPDIR)/scripts/gen_ssh_key.sh
+
+PHONY += update-ssh-config
+update-ssh-config:
+	$(Q)ansible-playbook $(ANSIBLE_VERBOSE) --connection=local \
+		--inventory localhost, \
+		playbooks/update_ssh_config.yml \
+		--extra-vars=@./extra_vars.yaml \
+		-e 'ansible_python_interpreter=/usr/bin/python3' \
+		--tags vars,deps
+
+ifeq (y,$(CONFIG_KDEVOPS_SSH_CONFIG_UPDATE))
+LOCALHOST_SETUP_WORK += update-ssh-config
+endif