From 1f57c7d7cc6ecdc0dd01a8800e1df19cae302a1f Mon Sep 17 00:00:00 2001
From: Balazs Gibizer <gibi@redhat.com>
Date: Thu, 19 Oct 2023 15:44:52 +0200
Subject: [PATCH] [edpm_libvirt]Add libvirt user to the EDPM host

This is needed for two reasons:
1) to eventually add the nova user to the libvirt group on the host so
   that the incoming live migration connections can access the libvirt
   socket
2) to allow libvirt to be de-containerized while keeping the ui and guid
   of the libvirt user unchanged
---
 roles/edpm_libvirt/molecule/default/verify.yml | 14 ++++++++++++++
 roles/edpm_libvirt/tasks/main.yml              |  3 +++
 roles/edpm_libvirt/tasks/user.yml              | 11 +++++++++++
 3 files changed, 28 insertions(+)
 create mode 100644 roles/edpm_libvirt/tasks/user.yml

diff --git a/roles/edpm_libvirt/molecule/default/verify.yml b/roles/edpm_libvirt/molecule/default/verify.yml
index bcea45736..abd9e1cb1 100644
--- a/roles/edpm_libvirt/molecule/default/verify.yml
+++ b/roles/edpm_libvirt/molecule/default/verify.yml
@@ -48,3 +48,17 @@
         - { "name": "edpm_libvirt.target", "enabled": "static"}
         - { "name": "edpm_libvirt_guests.service", "running":false }
         - { "name": "virt-guest-shutdown.target", "enabled": "static", "running":false }
+
+    - name: Check if user exists
+      ansible.builtin.getent:
+        database: passwd
+        key: libvirt
+      register: libvirt_user
+
+    - name: Assert that libvirt user is created with kolla uid and gid
+      ansible.builtin.assert:
+        that:
+          # user
+          - "libvirt_user.ansible_facts.getent_passwd.libvirt[1] == '42473'"
+          # group
+          - "libvirt_user.ansible_facts.getent_passwd.libvirt[2] == '42473'"
diff --git a/roles/edpm_libvirt/tasks/main.yml b/roles/edpm_libvirt/tasks/main.yml
index 6db426ea0..6d0cde4dd 100644
--- a/roles/edpm_libvirt/tasks/main.yml
+++ b/roles/edpm_libvirt/tasks/main.yml
@@ -14,6 +14,9 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+- name: Ensure libvirt user
+  ansible.builtin.include_tasks: user.yml
+
 - name: Configure libvirt
   ansible.builtin.include_tasks: configure.yml
 
diff --git a/roles/edpm_libvirt/tasks/user.yml b/roles/edpm_libvirt/tasks/user.yml
new file mode 100644
index 000000000..3d8b93a9d
--- /dev/null
+++ b/roles/edpm_libvirt/tasks/user.yml
@@ -0,0 +1,11 @@
+---
+- name: Configure libvirt user and group on the host
+  ansible.builtin.import_role:
+    name: edpm_users
+  vars:
+    edpm_users_users:
+      # 42473 is matching with the uid and gid created by kolla in the libvirt containers
+      - {"name": "libvirt", "uid": "42473", "gid": "42473", "shell": "/sbin/nologin", "comment": "libvirt user"}
+    edpm_users_extra_dirs: []
+  tags:
+    - edpm_users