From c6a7fa88b2ec6e064abb82be3e79e89cd058a506 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= <cjeanner@redhat.com>
Date: Mon, 9 Sep 2024 10:29:17 +0200
Subject: [PATCH] Ensure we configure any "managed" VM

UNtile now, we didn't generate any config drive for VM that weren't
started, even though we wanted them managed.

This patch corrects the issue, and also ensure we don't rely on SSH to
configure anything on the VMs.

We just keep plain SSH accesses for OCP/CRC, since they can't rely on
cloud-init.
---
 roles/libvirt_manager/tasks/create_vms.yml    |  1 -
 roles/libvirt_manager/tasks/deploy_layout.yml |  1 -
 roles/libvirt_manager/tasks/manage_vms.yml    | 15 ++++++++-------
 3 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/roles/libvirt_manager/tasks/create_vms.yml b/roles/libvirt_manager/tasks/create_vms.yml
index 7b04a11ae7..82478d1667 100644
--- a/roles/libvirt_manager/tasks/create_vms.yml
+++ b/roles/libvirt_manager/tasks/create_vms.yml
@@ -135,7 +135,6 @@
   when:
     - vm_data.disk_file_name != 'blank'
     - vm is not match('^(crc|ocp).*$')
-    - vm_data.start | default(true) | bool
     - vm_data.manage | default(true) | bool
   vars:
     _img_dir: "{{ cifmw_libvirt_manager_basedir }}/workload"
diff --git a/roles/libvirt_manager/tasks/deploy_layout.yml b/roles/libvirt_manager/tasks/deploy_layout.yml
index 4b90496dbb..4e97a79f74 100644
--- a/roles/libvirt_manager/tasks/deploy_layout.yml
+++ b/roles/libvirt_manager/tasks/deploy_layout.yml
@@ -188,7 +188,6 @@
 - name: "Configure managed VMs"
   when:
     - vm_data.manage | default(true) | bool
-    - vm_data.start | default(true) | bool
     - vm_data.disk_file_name != 'blank'
   vars:
     vm_type: "{{ _vm.value }}"
diff --git a/roles/libvirt_manager/tasks/manage_vms.yml b/roles/libvirt_manager/tasks/manage_vms.yml
index dee7d2e9a9..98a3f354f2 100644
--- a/roles/libvirt_manager/tasks/manage_vms.yml
+++ b/roles/libvirt_manager/tasks/manage_vms.yml
@@ -53,18 +53,16 @@
   ansible.builtin.include_role:
     name: "ssh_jumper"
 
+# TODO: consider ignition/butane instead
 - name: "Configure ssh access on VM {{ vm }}"
-  vars:
-    _user: >-
-      {{
-        (vm_type is match('^(crc|ocp).*$')) |
-        ternary('core', _init_admin_user)
-      }}
+  when:
+    - vm is match('^(ocp|crc).*')
+    - _cifmw_libvirt_manager_layout.vms[vm_type].start | default(true)
   ansible.builtin.shell:
     cmd: >-
       set -o pipefail;
       cat ~/.ssh/authorized_keys |
-      ssh -v {{ _user }}@{{ vm_con_name }} "cat >> ~/.ssh/authorized_keys"
+      ssh -v core@{{ vm_con_name }} "cat >> ~/.ssh/authorized_keys"
   retries: 5
   delay: 10
   register: _ssh_access
@@ -74,6 +72,7 @@
 - name: Ensure we grow volume for OCP cluster members
   when:
     - vm is match('^ocp.*')
+    - _cifmw_libvirt_manager_layout.vms[vm_type].start | default(true)
   vars:
     _root_part: "{{ vm_data.root_part_id | default('1') }}"
   ansible.builtin.shell:
@@ -84,6 +83,7 @@
 - name: "Inject private key on hosts {{ vm }}"
   when:
     - vm_type is match('^controller.*$')
+    - _cifmw_libvirt_manager_layout.vms[vm_type].start | default(true)
   delegate_to: "{{ vm_con_name }}"
   remote_user: "{{ _init_admin_user }}"
   ansible.builtin.copy:
@@ -96,6 +96,7 @@
 - name: "Inject public key on hosts {{ vm }}"
   when:
     - vm_type is match('^controller.*$')
+    - _cifmw_libvirt_manager_layout.vms[vm_type].start | default(true)
   delegate_to: "{{ vm_con_name }}"
   remote_user: "{{ _init_admin_user }}"
   ansible.builtin.copy: