From e32a5ee7deb9a381ab285aba92c4de23e3c6ee2e Mon Sep 17 00:00:00 2001

From: Laszlo Ersek <lersek@redhat.com>

Date: Mon, 13 Jun 2022 19:01:35 +0200

Subject: [PATCH] convert_linux: install the QEMU guest agent with a firstboot

 script

Register a firstboot script, for installing the guest agent with the

guest's own package manager -- that is, "Guest_packages.install_command".

For installing the package, network connectivity is required. Check it

first with "nmcli" (also checking whether NetworkManager is running), then

with "systemd-networkd-wait-online" (dependent on systemd-networkd). Note

that NetworkManager and systemd-networkd are never supposed to be enabled

at the same time.

The source domain's SELinux policy may not allow our firstboot service to

execute the package's installation scripts (if any). For that reason,

temporarily disable SELinux around package installation.

After installation, register another script for launching the agent.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2028764

Signed-off-by: Laszlo Ersek <lersek@redhat.com>

Message-Id: <20220613170135.12557-5-lersek@redhat.com>

Reviewed-by: Richard W.M. Jones <rjones@redhat.com>

(cherry picked from commit e64356896377af1ac75a03d6a4c6a4208910bbf4)

---

 convert/convert_linux.ml | 78 ++++++++++++++++++++++++++++++++++++++--

 1 file changed, 76 insertions(+), 2 deletions(-)

diff --git a/convert/convert_linux.ml b/convert/convert_linux.ml

index 2ddbc07a..59d143bd 100644

--- a/convert/convert_linux.ml

+++ b/convert/convert_linux.ml

@@ -562,8 +562,82 @@ let convert (g : G.guestfs) source inspect keep_serial_console _ =

               name = qga_pkg

           ) inspect.i_apps in

         if not has_qemu_guest_agent then

-          (* FIXME -- install qemu-guest-agent here *)

-          ()

+          try

+            let inst_cmd = Guest_packages.install_command [qga_pkg]

+                             inspect.i_package_management in

+

+            (* Use only the portable filename character set in this. *)

+            let selinux_enforcing = "/root/virt-v2v-fb-selinux-enforcing"

+            and timeout = 30 in

+            let fbs =

+              Firstboot.add_firstboot_script g inspect.i_root

+            in

+            info (f_"The QEMU Guest Agent will be installed for this guest at \

+                     first boot.");

+

+            (* Wait for the network to come online in the guest (best effort).

+             *)

+            fbs "wait online"

+              (sprintf "#!/bin/sh\n\

+                        if conn=$(nmcli networking connectivity); then\n\

+                        \ \ tries=0\n\

+                        \ \ while\n\

+                        \ \ \ \ test $tries -lt %d &&\n\

+                        \ \ \ \ test full != \"$conn\"\n\

+                        \ \ do\n\

+                        \ \ \ \ sleep 1\n\

+                        \ \ \ \ tries=$((tries + 1))\n\

+                        \ \ \ \ conn=$(nmcli networking connectivity)\n\

+                        \ \ done\n\

+                        elif systemctl -q is-active systemd-networkd; then\n\

+                        \ \ /usr/lib/systemd/systemd-networkd-wait-online \\\n\

+                        \ \ \ \ -q --timeout=%d\n\

+                        fi\n" timeout timeout);

+

+            (* Disable SELinux temporarily around package installation. Refer to

+             * <https://bugzilla.redhat.com/show_bug.cgi?id=2028764#c7> and

+             * <https://bugzilla.redhat.com/show_bug.cgi?id=2028764#c8>.

+             *)

+            fbs "setenforce 0"

+              (sprintf "#!/bin/sh\n\

+                        rm -f %s\n\

+                        if command -v getenforce >/dev/null &&\n\

+                        \ \ test Enforcing = \"$(getenforce)\"\n\

+                        then\n\

+                        \ \ touch %s\n\

+                        \ \ setenforce 0\n\

+                        fi\n" selinux_enforcing selinux_enforcing);

+            fbs "install qga" inst_cmd;

+            fbs "setenforce restore"

+              (sprintf "#!/bin/sh\n\

+                        if test -f %s; then\n\

+                        \ \ setenforce 1\n\

+                        \ \ rm -f %s\n\

+                        fi\n" selinux_enforcing selinux_enforcing);

+

+            (* Start the agent now and at subsequent boots. The following

+             * commands should work on both sysvinit distros / distro versions

+             * (regardless of "/etc/rc.d/" vs. "/etc/init.d/" being the scheme

+             * in use) and systemd distros (via redirection to systemctl).

+             *

+             * On distros where the chkconfig command is redirected to

+             * systemctl, the chkconfig command is likely superfluous. That's

+             * because on systemd distros, the QGA package comes with such

+             * runtime dependencies / triggers that the presence of the

+             * virtio-serial port named "org.qemu.guest_agent.0" automatically

+             * starts the agent during (second and later) boots. However, even

+             * on such distros, the chkconfig command should do no harm.

+             *)

+            fbs "start qga"

+              (sprintf "#!/bin/sh\n\

+                        service %s start\n\

+                        chkconfig %s on\n" qga_pkg qga_pkg)

+          with

+          | Guest_packages.Unknown_package_manager msg

+          | Guest_packages.Unimplemented_package_manager msg ->

+            warning (f_"The QEMU Guest Agent will not be installed.  The \

+                        install command for package ‘%s’ could not be created: \

+                        %s.") qga_pkg msg

   and configure_kernel () =

     (* Previously this function would try to install kernels, but we