From 09c501c996037331d67267a54bfae80209db4007 Mon Sep 17 00:00:00 2001
From: Ian Kelling <iank@fsf.org>
Date: Tue, 4 Mar 2025 09:51:02 -0500
Subject: [PATCH] move out of private repo

---
 .../files/simple/usr/local/bin/create-vm      | 1311 +++++++++++++++++
 .../files/simple/usr/local/bin/savannah-virsh |    2 +-
 .../simple/usr/local/bin/unsafe-remove-vm     |  363 +++++
 3 files changed, 1675 insertions(+), 1 deletion(-)
 create mode 100755 roles/kvmhost/files/simple/usr/local/bin/create-vm
 create mode 100755 roles/kvmhost/files/simple/usr/local/bin/unsafe-remove-vm

diff --git a/roles/kvmhost/files/simple/usr/local/bin/create-vm b/roles/kvmhost/files/simple/usr/local/bin/create-vm
new file mode 100755
index 0000000..d11fa31
--- /dev/null
+++ b/roles/kvmhost/files/simple/usr/local/bin/create-vm
@@ -0,0 +1,1311 @@
+#!/bin/bash
+# Script managed by Ansible, do not edit
+#
+# Copyright (C) 2017  Free Software Foundation
+# Copyright (C) 2017  Ruben Rodriguez <ruben@fsf.org>
+# Copyright (C) 2022  Ian Kelling <iank@fsf.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
+#
+
+if [[ ! -s /usr/local/lib/err ]]; then
+  echo "$0: error, missing /usr/local/lib/err" >&2
+  exit 1
+fi
+source /usr/local/lib/err
+
+#### Begin function definitions ####
+
+## Add to these as needed and keep them in order
+cleanup_cmds=()
+err-cleanup() {
+  if (( ${#cleanup_cmds[@]} == 0 )); then
+    return 0
+  fi
+  cat <<'EOF'
+$0: BEGIN WARNING =================   WARNING"
+A command above has failed, and so the script is exiting.
+To cleanup a partially created vm, first consider if the failed command
+had some effect that needs to be undone (this is unlikely).
+Then, run the following (also stored as a script in /root/cleanup-create-vm):"
+$0: END WARNING =================   WARNING"
+EOF
+  cat >/root/cleanup-create-vm <<EOF
+#!/bin/bash
+set -xe
+# generated by create-vm on $(date -R)
+EOF
+  chmod +x /root/cleanup-create-vm
+  # Ensure we have no holes so we can loop backwards
+  tmparray=( "${cleanup_cmds[@]}" )
+  dosleep=false
+  for (( i=${#tmparray[@]} - 1; i >= 0; i-- )); do
+    if $dosleep; then
+      echo "sleep 3" | tee -a /root/cleanup-create-vm
+    fi
+    dosleep=true
+    echo "${cleanup_cmds[i]}" | tee -a /root/cleanup-create-vm
+  done
+  echo "$0: end of cleanup"
+}
+
+
+m() { printf "$pre %s\n"  "$*"; "$@"; }
+e() { printf "$pre %s\n"  "$*"; }
+err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; }
+
+usage() {
+  cat <<EOF
+Usage: $0 [OPTONS] FQDN DISK_SIZE(MB) RAM_SIZE(MB) CPU_COUNT [DISTRO_RELEASE_CODENAME]
+or
+$0 [OPTONS] -d DISK_NAME,MOUNT_POINT FQDN DISK_SIZE(MB)
+or
+$0 -l
+
+On non-gnuhope disks are grouped into sets of 3 disks, in which a per-vm raid arrays
+are created by creating lvm logical volumes and then creating an mdadm or btrfs
+array. While the disks themselves are not technically a single raid
+array, that is their functional purpose so we call them each an array.
+
+If there is more than one array on a single machine, we need to specify
+which one to use. There is a small difficulty that there is no os
+defined name or notion for the set of 3 disks. To deal with this, we
+specify the disk arrays in this script in the variable that starts with
+  disk_arrays=(
+and allow listing the sets
+on a machine with -l, and selecting one with -s or -t or -g.
+
+WARNING: If this script fails or is inturupted, it will output instructions
+to undo what it has done. Be sure to read the output!
+
+-d --disk DISK_NAME,MOUNT_POINT : Create and add a an extra disk to an
+                                 existing VM.  DISK_NAME could be
+                                 something like "data". If MOUNT_POINT is
+                                 "none", we will add it as a swap partition.
+
+-i --import : For importing/migrating existing vm: creates the vm with a
+                           mostly empty disk. Then you can mount the
+                           disk with the mount-vm script, rsync an OS,
+                           and umount with umount-vm.
+
+-g --vol-group VOL_GROUP : For non-gnuhope, select a disk array that has this volume group.
+                           See arrays + groups with -l. On gnuhope, the volume group name to create
+                           a local vm.
+
+-l : On nongnuhope, list available disk array volume groups.
+
+-m --mdraid : On nongnuhope, create an ext4 filesystem on mdraid. We force this
+                           option on hosts older than t11. WARNING: this
+                           could take an hour or more for a big disk, run
+                           in screen or tmux.
+
+-s --vg_size SIZE :   On nongnuhope, select disk array by specifying the size of the
+                   smallest disk in the array. Size specification: for disks >= 1t,
+                   NUMt, truncated to a whole terabyte, or for disks <1t, NUMg
+                   truncated to the nearest gigabyte.
+                   Disk sizes can be seen by running $0 -l or
+                   vgs to show all volume groups without their array groupings.
+
+todo: add an interactive selection of volume disk array.
+
+Example: $0 www.gnu.org 5000 512 2 flidas
+supported codenames are aramo, nabia, etiona, flidas, belenos and stretch
+
+Example of adding a disk to the above vm:
+
+create-vm -d data,/srv www.gnu.org 8000
+
+For migrating an existing vm, use the --import option. After rsyncing
+the old disk into the new disk, look at the os-prep function below, and
+see what of that should be done the to the vm disk.  For example, Ceph
+vms have a few extra files compared to other vm hosts.
+
+-h|--help  Print help and exit.
+
+Note: Uses util-linux getopt option parsing: spaces between args and
+options, short options can be combined, options before args.
+EOF
+  exit $1
+}
+
+cli-arg-check() {
+  local cpus_regex
+
+  if $dolist; then
+    return 0
+  fi
+
+  if $add_disk; then
+    if ! virsh list --name | grep -Fx $host &>/dev/null && mountpoint -q /mnt/$host; then
+      err "error: unmount the the vm from /mnt/$host first"
+      exit 1
+    fi
+    return 0
+  fi
+
+  ## from here, checks for when we are actually creating a vm
+
+  # TODO Remove this once we upgrade the kvmhosts to t9+
+  if [[ $release == aramo && $HOSTNAME == kvmhost[234] && \
+          ! -d /srv/debootstrap-cache/$release/etc ]] ; then
+    err "error: this os is too old to debootstrap aramo. rsync it first to
+/srv/debootstrap-cache/aramo"
+    exit 1
+  fi
+  if virsh list --all --name | grep -Fx $host &>/dev/null; then
+    echo "Guest $host already exists!"
+    exit 1
+  fi
+
+  cpus_regex='^[1-9][0-9]*$'
+  if [[ ! $cpus =~ $cpus_regex ]]; then
+    err "unexpected cpus arg: $cpus"
+    exit 1
+  fi
+
+  if ! getent hosts $host > /dev/null; then
+    echo "Could not resolve the hostname to an IP. Add it to the DNS first!"
+    exit 1
+  fi
+
+}
+
+# set initial global variables
+set-initial-vars() {
+  if $dolist; then
+    return 0
+  fi
+
+  hostshort=${host%%.*}
+
+  # Disk name
+  dname=$host$disk_name_suf
+
+  case $release in
+    nabia|etiona|flidas|belenos) mdraid=true ;;
+  esac
+
+
+  ip=$(getent ahostsv4 "$host" | awk '{ print $1 }' | head -n1)
+  ip6=$(getent ahostsv6 "$host" | awk '{ print $1 }' | head -n1)
+  case $ip6 in
+    ::*)
+      # If we dont have a global ip6 address, the lookup could
+      # give us a local one. for example, on HAL:
+      # ::ffff:192.168.0.145
+      ip6=
+      ;;
+  esac
+  case $HOSTNAME in
+    # once we have other networks, add condition here.
+    *)
+      gateway=209.51.188.1
+      gateway6=2001:470:142::1
+      ;;
+  esac
+
+
+  case $release in
+    aramo|nabia|etiona|flidas|belenos)
+      archive=http://us.archive.trisquel.info/trisquel
+      linux_pkg=linux-image-virtual
+      ;;
+    stretch)
+      archive=http://deb.debian.org/debian/
+      linux_pkg=linux-image-amd64
+      ;;
+    *)
+      err "error: unknown release"
+      exit 1
+      ;;
+  esac
+
+  fs_opts=noatime
+  fs_type=ext4
+  doswap=false
+  if [[ $disk_mountpoint == none ]]; then
+    doswap=true
+    fs_type=swap
+    fs_opts=sw
+  fi
+
+  # These numbers are what man 5 fstab says they should be.
+  fs_passno=1
+  if $doswap; then
+    fs_passno=0
+  elif $add_disk; then
+    fs_passno=2
+  fi
+
+
+  vm_internal_disk=/dev/vda
+  inside_vm_cmds=false
+
+  gnuhope=false
+  if [[ $HOSTNAME == kvmhost[234] ]]; then
+    gnuhope=true
+  fi
+
+  doceph=false
+  if $gnuhope && ! $dovg; then
+    doceph=true
+  fi
+
+  if $doswap && ! $gnuhope && ! $mdraid; then
+    err "error: swap should be on mdraid. exiting"
+    exit 1
+  fi
+}
+
+ceph-disk() {
+  pool=rbd
+  keyfile=/dev/shm/keyfile
+
+  # If adding disk, we reuse the same key
+  if $add_disk; then
+    read -r -p "Enter the VM's luks key so I can cryptsetup luksFormat the new disk " key_data
+    printf "%s" "$key_data" >$keyfile
+    cleanup_cmds+=("rm -f $keyfile")
+  else
+
+    e writing generated password to $keyfile
+    pwgen 128 -s -1 | tr -d '\n' >$keyfile
+    cleanup_cmds+=("rm -f $keyfile")
+
+    m tee /dev/shm/grub.cfg <<EOF
+cryptomount -k /keyfile hd0
+linux (crypto0)/vmlinuz root=/dev/mapper/$dname-crypt0 ro elevator=noop console=tty0 console=ttyS0,115200 biosdevname=0 net.ifnames=0
+initrd (crypto0)/initrd.img
+boot
+EOF
+    m dd if=/dev/zero of=/dev/shm/memdisk bs=1M count=1
+    m mkfs.ext2 /dev/shm/memdisk
+    cleanup_cmds+=("rm -f /dev/shm/memdisk /dev/shm/grub.cfg")
+    m mkdir -p /dev/shm/memdiskmount
+    m mount /dev/shm/memdisk /dev/shm/memdiskmount
+    cleanup_cmds+=("umount /dev/shm/memdiskmount")
+    m cp $keyfile /dev/shm/memdiskmount/
+    m umount /dev/shm/memdiskmount
+    unset "cleanup_cmds[-1]"
+
+    m grub-mkimage -C xz -c /dev/shm/grub.cfg  -O i386-pc  -o /var/lib/libvirt/images/grub-$host.bin  biosdisk ext2 linux xfs normal luks help crypto cryptodisk zfscrypt gcry_sha512 gcry_sha256 echo cat memdisk -m /dev/shm/memdisk
+    rm -f /dev/shm/memdisk /dev/shm/grub.cfg
+    unset "cleanup_cmds[-1]"
+    # This is slightly out of order because it is simpler than doing in
+    # proper order and removing cleanup_cmds[-2].
+    cleanup_cmds+=("rm -f /var/lib/libvirt/images/grub-$host.bin")
+  fi
+
+  m rbd create $dname --size $new_disk_mb -p $pool --image-format=2 --image-feature exclusive-lock,object-map,fast-diff,layering
+  cleanup_cmds+=("rbd rm $dname")
+  nbd_dev=$(rbd-nbd map $dname)
+  cleanup_cmds+=("rbd-nbd unmap $nbd_dev")
+
+  echo YES | m cryptsetup luksFormat -y --cipher aes-xts-plain64 --hash sha256 --use-urandom --key-size 256  $nbd_dev --key-file=$keyfile
+  luks_dev=/dev/mapper/$dname-crypt0
+  m cryptsetup luksOpen $nbd_dev $dname-crypt0 --key-file=$keyfile
+  cleanup_cmds+=("cryptsetup luksClose $luks_dev")
+  m mkfs.ext4 $luks_dev
+  m mount $luks_dev $target -o discard,noatime,nodiratime
+  cleanup_cmds+=("umount $target")
+  vm_internal_disk=$luks_dev
+
+  if $add_disk; then
+    if virsh list --name | grep -Fx $host &>/dev/null; then
+      # If the vm is running, record the commands to be run manually inside it.
+      inside_vm_cmds=true
+      cat >/root/generated-to-run-in-vm <<EOF
+set -x
+mknod /dev/sd$letter b 8 $disk_num
+echo "$dname-crypt0 /dev/sd$letter none luks,discard,keyscript=/boot/keyscript.sh,initramfs" >> /etc/crypttab
+mkdir -p $disk_mountpoint /etc
+echo "$luks_dev $disk_mountpoint $fs_type $fs_opts 0 $fs_passno" >>/etc/fstab
+cryptdisks_start $dname-crypt0
+mount $disk_mountpoint
+update-initramfs -k all -u
+EOF
+
+    else
+      m mount-vm -k $keyfile --first-disk $host
+      cleanup_cmds+=("umount-vm $host")
+
+      if [[ ! -e /mnt/$host/dev/sd$letter ]]; then
+        m mknod /mnt/$host/dev/sd$letter b 8 $disk_num
+      fi
+      echo "$dname-crypt0 /dev/sd$letter none luks,discard,keyscript=/boot/keyscript.sh,initramfs" >> /mnt/$host/etc/crypttab
+
+      cd /mnt/$host
+      for d in proc sys dev dev/pts; do
+        m mount -o bind /$d $d;
+        cleanup_cmds+=("umount $PWD/$d")
+      done
+      # note, this is normal output here:
+      # cryptsetup: WARNING: Couldn't determine cipher modules to load for
+      # tmp.fsf.org-data-crypt0
+      m chroot . update-initramfs -k all -u
+      for d in dev/pts dev sys proc; do
+        m umount $d
+        unset "cleanup_cmds[-1]"
+      done
+      cd
+
+      m mkdir -p /mnt/$host/$disk_mountpoint /mnt/$host/etc
+      echo "$luks_dev $disk_mountpoint $fs_type $fs_opts 0 $fs_passno" >>/mnt/$host/etc/fstab
+      m umount-vm $host
+      unset "cleanup_cmds[-1]"
+
+    fi
+  else
+    # Note: debootstrap would create these, I just want to setup the basic
+    # disk unlocking all in one place earlier on the script for
+    # convenience.
+    m mkdir -p $target/{boot,etc,dev}
+
+    m mknod $target/dev/sda b 8 0
+    m mkdir -p $target/dev/mapper
+    crypt_dev=$(readlink -f /dev/mapper/$dname-crypt0)
+    m cp -a $crypt_dev $target/dev/mapper/$dname-crypt0
+    m tee $target/boot/keyscript.sh <<EOF
+#!/bin/sh
+echo -n $(cat $keyfile)
+EOF
+    chmod 700 $target/boot/keyscript.sh $target/boot/
+    echo "$dname-crypt0 /dev/sda none luks,discard,keyscript=/boot/keyscript.sh,initramfs" > $target/etc/crypttab
+  fi
+}
+
+vg-disk() {
+  m lvcreate $vg -L $size -n $dname
+  lvdev=/dev/$vg/$dname
+  vm_disks=($lvdev)
+  cleanup_cmds+=("lvremove -f $lvdev")
+  m mkfs.ext4 $lvdev
+  m mount $lvdev $target
+  cleanup_cmds+=("umount $target")
+}
+
+nongnuhope-disk() {
+
+  # volume group names, separated by command at the start.
+  disk_arrays=(
+    ,
+    # community0p 3.46t rust disks as of 2024-09-07
+    vgata-WDC_WD4004FZWX-00GBGB0_NHG3PK4M
+    vgata-ST4000DM000-1F2168_Z3028BKA
+    vgata-WDC_WD40EZRX-00SPEB0_WD-WCC4E0304017
+    ,
+    # community0p 925g as of 2024-09-07
+    vgata-Samsung_SSD_850_EVO_1TB_S3PJNB0J902536K
+    vgata-Samsung_SSD_850_EVO_1TB_S3PJNF0J909382V
+    vgata-Samsung_SSD_850_EVO_1TB_S3PJNF0J909379K
+    ,
+    # community0p 3.49t as of 2024-09-07
+    vgata-INTEL_SSDSC2KB038T8_PHYF326101MC3P8EGN
+    vgata-Micron_5210_MTFDDAK3T8QDE_201026DBBEC2
+    vgata-Micron_5210_MTFDDAK3T8QDE_20222DC523FF
+    ,
+    # kvmhost5 1.74t as of 2024-09-07
+    vgata-INTEL_SSDSC2KB019TZ_PHYI34410AE21P9DGN
+    vgata-INTEL_SSDSC2KB019TZ_PHYI34410BGM1P9DGN
+    vgata-INTEL_SSDSC2KB019TZ_PHYI34410BLK1P9DGN
+    ,
+    # kvmhost6 1.74t as of 2024-09-07
+    vgata-INTEL_SSDSC2KB019TZ_PHYI335107XM1P9DGN
+    vgata-INTEL_SSDSC2KB019TZ_PHYI335107XR1P9DGN
+    vgata-INTEL_SSDSC2KG019T7_BTYM8376039Q1P9DGN
+    ,
+    # kvmhost7 3.64t as of 2024-09-07
+    vgata-CT4000MX500SSD1_2338E87806AA
+    vgata-CT4000MX500SSD1_2338E87806B9
+    vgata-Seagate_IronWolf_ZA4000NM10002-2ZG104_7TE00C14
+    ,
+    # kvmhost7 1.82t as of 2024-09-07
+    vgata-CT2000MX500SSD1_2405E89461C2
+    vgata-CT2000MX500SSD1_2405E895D8FB
+    vgata-Seagate_IronWolf_ZA2000NM10002-3R1103_70W002YX
+  )
+
+
+
+
+  i=0
+  disk_array_count=${#disk_arrays[@]}
+  found_array=false
+  volgroups=()
+  while (( i < disk_array_count )); do
+    i=$((i+1))
+    min_size=
+    array_exists=true
+    found_vg=false
+    this_vg_set=()
+    # loop over a single array, checking if this array is the one asked for by the user
+    while (( i < disk_array_count )) && [[ ${disk_arrays[i]} != , ]]; do
+      vg=${disk_arrays[i]}
+      if ! $array_exists || [[ ! -d /dev/$vg ]]; then
+        array_exists=false
+        i=$(( i + 1 ))
+        continue
+      fi
+      if $dovg && [[ $vg_opt == "$vg" ]]; then
+        found_vg=true
+      fi
+      if $dosize; then
+        vg_size=$(vgs -o vg_size --noheadings "$vg")
+        vg_size=${vg_size##*[< ]}
+        if [[ $vg_size == *g ]]; then
+          vg_size=${vg_size%g}
+          vg_size=${vg_size%%.*}
+        elif [[ $vg_size == *t ]]; then
+          vg_size=${vg_size%t}
+          vg_size=${vg_size%%.*}
+          vg_size=$(( vg_size * 1000 ))
+        else
+          err "found unexpected vg_size:$vg_size from vgs -o vg_size --noheadings $vg"
+          err-cleanup
+          exit 1
+        fi
+        if [[ ! $min_size ]] || (( vg_size < min_size )); then
+          min_size="$vg_size"
+        fi
+      fi
+      this_vg_set+=( ${disk_arrays[i]} )
+      i=$(( i + 1 ))
+    done
+    if ! $array_exists; then
+      continue
+    fi
+    if $dolist; then
+      vgs ${this_vg_set[@]}
+      continue
+    fi
+    # debugging
+    #echo min_size=$min_size size_opt=$size_opt
+    if ! $dosize && ! $dovg || $dosize && (( size_opt == min_size )) || $found_vg; then
+      if $found_array; then
+        err "We found two arrays without an option to select between them. Run with --help."
+        err-cleanup
+        exit 1
+      else
+        volgroups+=( ${this_vg_set[@]} )
+        found_array=true
+      fi
+    fi
+  done
+
+  if $dolist; then
+    return 0
+  fi
+
+  if (( ${#volgroups[@]} != 3 )); then
+    err "expected 3 volgroups, got: ${volgroups[*]}"
+    err-cleanup
+    exit 1
+  fi
+
+
+  if ! mountpoint -q /root/crypt-keys; then
+    err "error: expected /root/crypt-keys to be a mountpoint, run open-crypt-luks-keys"
+    err-cleanup
+    exit 1
+  fi
+
+
+  for vg in ${volgroups[@]}; do
+    lvdev=/dev/$vg/$dname
+    if [[ -e $lvdev  ]]; then
+      e "skipping creation of existing lv: $lvdev"
+    else
+      m lvcreate -L $new_disk_mb -n $dname $vg
+    fi
+    cleanup_cmds+=("lvremove -f $lvdev")
+  done
+
+  keyfile=/root/crypt-keys/$host
+  if [[ -s $keyfile ]]; then
+    e "keyfile=$keyfile exists. skipping creation"
+  else
+    e writing generated password to $keyfile
+    pwgen 128 -s -1 | tr -d '\n' >$keyfile
+  fi
+  cleanup_cmds+=("rm -f $keyfile")
+  # directory is already 700, just being thorough
+  m chmod 600 $keyfile
+
+
+  mountdir=/mnt/$host
+  m mkdir -p $mountdir
+  integrity_devs=()
+  if $mdraid; then
+    for vg in ${volgroups[@]}; do
+      lvdev=/dev/$vg/$dname
+      integrity_name=integrity-$vg-$dname
+      integrity_dev=/dev/mapper/$integrity_name
+      integrity_devs+=($integrity_dev)
+      if [[ -e $integrity_dev ]]; then
+        # This exists because creating integrity devs can take hours, so
+        # if something screws up later, we may want to preserve them and
+        # rerun the script.
+        e "skipping creation of existing integrity dev: $integrity_dev"
+      else
+        m time integritysetup --batch-mode format $lvdev
+        m integritysetup open --allow-discards $lvdev $integrity_name
+      fi
+      cleanup_cmds+=("integritysetup close $integrity_name")
+    done
+    mddev=/dev/md/md$dname
+    if [[ -e $mddev ]]; then
+      e "skipping creation of existing mddev: $mddev"
+    else
+      # Get stable auto-assembled names
+      # https://serverfault.com/questions/763870/raid-device-on-rename-appended-with-0
+      if ! grep -Fxq "HOMEHOST <ignore>" /etc/mdadm/mdadm.conf; then
+        sed -i '/^ *HOMEHOST/d' /etc/mdadm/mdadm.conf
+        echo "HOMEHOST <ignore>" >>/etc/mdadm/mdadm.conf
+        m update-initramfs -u -k all
+      fi
+      # Being paranoid because I had an unexplained failure on mdadm --create:
+      # mdadm: unexpected failure opening /dev/md122
+      # odd, there was a /dev/md123 and a /dev/md121 at the time.
+      # It was stuck in this state of failing any md creation, google found nothing.
+      # A reboot fixed it.
+      sleep 4
+      # background: --metadata=1.2 is the default metadata level at
+      # least in t9-t11. Passing it avoids a dumb "are you sure" prompt.
+      # We could avoid this by piping yes yes |, however that makes
+      # reading any errors more confusing. So, at the tradeoff that this
+      # may need changing in the future, do what helps us more now.
+      m mdadm --create -v $mddev --metadata=1.2 --level 1 --raid-devices=3 --bitmap=internal  ${integrity_devs[@]}
+      cleanup_cmds+=("mdadm -v --zero-superblock ${integrity_devs[*]}")
+      # For background, see comment in unsafe-remove-vm
+      cleanup_cmds+=("test ! -e /sys/devices/virtual/block/${mddev##*/}")
+      cleanup_cmds+=("mdadm -v --stop $mddev")
+    fi
+    luks_name=crypt-$dname
+    luks_dev=/dev/mapper/$luks_name
+    vm_disks=($luks_dev)
+    l="$luks_name $mddev $keyfile discard,luks"
+    if ! grep -Fxq "$l" /etc/crypttab; then
+      echo "$l" | m tee -a /etc/crypttab
+    fi
+    cleanup_cmds+=("sed -i /^$luks_name/d /etc/crypttab")
+    if [[ -e $luks_dev ]]; then
+      e "skipping creation of existing luks dev: $luks_dev"
+    else
+      # 141 is broken pipe, it is normal when doing yes
+      yes YES | m cryptsetup luksFormat $mddev $keyfile || [[ $? == 141 ]]
+      m cryptdisks_start $luks_name
+      cleanup_cmds+=("cryptsetup luksClose $luks_dev")
+      m mkfs.ext4 $luks_dev
+    fi
+    m mount $luks_dev $target
+  else
+
+    fs_type=btrfs
+    fs_opts+=,subvol=root
+
+    vm_disks=()
+    for vg in ${volgroups[@]}; do
+      lvdev=/dev/$vg/$dname
+      yes YES | m cryptsetup luksFormat $lvdev $keyfile  || [[ $? == 141 ]]
+      luks_name=crypt-$vg-$dname
+      line="$luks_name $lvdev $keyfile discard,luks,noauto"
+      if grep -Fq "$lvdev" /etc/crypttab; then
+        if grep -Fx "$line" /etc/crypttab; then
+          e "crypttab line already found above^. not adding"
+        else
+          err "error: found existing lvdev: $lvdev in /etc/crypttab that is different than expected:"
+          echo "$line"
+          err-cleanup
+          exit 1
+        fi
+      else
+        echo "$line" | m tee -a /etc/crypttab
+        cleanup_cmds+=("sed -i /^$luks_name/d /etc/crypttab")
+      fi
+      m cryptdisks_start $luks_name
+      vm_disks+=(/dev/mapper/$luks_name)
+      cleanup_cmds+=("cryptsetup luksClose /dev/mapper/$luks_name")
+    done
+
+    m mkfs.btrfs -f -m raid1c3 -d raid1c3 ${vm_disks[@]}
+    m mount ${vm_disks[0]} $mountdir
+    cleanup_cmds+=("umount $mountdir")
+    m btrfs sub create $mountdir/root
+    m umount $mountdir
+    unset "cleanup_cmds[-1]"
+    m mount -o subvol=root ${vm_disks[0]} $target
+  fi
+  # Note: If $add_disk is true, we did not need to mount to $target, but as the
+  # script is currently written, it would require several conditionals to avoid
+  # it, so just do it anyways for the sake of making the script simpler.
+  cleanup_cmds+=("umount $target")
+} # End nongnuhope-disk
+
+
+
+bootsym-image() {
+  name_suf+="-bootsym"
+  boot_prefix+="/boot"
+  mk-grub-image
+}
+
+mk-grub-image() {
+  f=/var/lib/libvirt/images/grub-i386-netnames$name_suf.bin
+  if [[ ! -s $f ]]; then
+    m tee /tmp/grub.cfg <<EOF
+linux (hd0)$boot_prefix/vmlinuz root=/dev/vda ro elevator=noop console=tty0 console=ttyS0,115200 earlyprint=serial,ttyS0,19200 biosdevname=0 net.ifnames=0 $kernel_args
+initrd (hd0)$boot_prefix/initrd.img
+boot
+EOF
+    m grub-mkimage --prefix "" -C xz -c /tmp/grub.cfg -O i386-pc -o $f biosdisk ext2 linux xfs btrfs
+  fi
+}
+
+
+
+os-bootstrap() {
+  excludes=resolvconf
+  case $release in
+    aramo)
+      # These dont exist in jammy, they only cause problems.
+      # <quidam> this happens when ubuntu removes packages at release time, they stay in our repos by default
+      #
+      # Having 2 system pythons requires a workaround for ansible
+      # to do package installs:
+      #
+      # It was fixed by following this <https://stackoverflow.com/a/69107017>
+      # cd /usr/lib/python3/dist-packages
+      # ln -s apt_inst.cpython* apt_inst.so
+      # ln -s apt_pkg.cpython* apt_pkg.so
+      #
+      # to find these on the next trisquel rlease, add ubuntu release apt sources, then
+      # apt list --installed | grep -o '^[^/]*' > pkgs
+      # while read -r l; do apt-cache policy $l | grep jammy >/dev/null || e $l; done<pkgs
+      excludes+=,libpython3.9-minimal,libpython3.9-stdlib,python3.9-minimal,python3.9,libicu67
+      ;;
+  esac
+
+
+  # Check for /etc sometimes the directory exists, but nothing underneath it
+  if [[ ! -d /srv/debootstrap-cache/$release/etc ]] ; then
+    m mkdir -p /srv/debootstrap-cache/$release
+    f=/usr/share/debootstrap/scripts/$release
+    if [[ ! -e $f ]]; then
+      # At least from t8 to t11, the debootstrap script has not changed in a
+      # way we care about.
+      ln -s trisquel $f
+    fi
+    # Note, on t8, debootstrap of t11, this gets to
+    # I: Extracting base-files...
+    # then fails with exit code 2 and no error message.
+    # So, I manually rsynced over this dir to t8 machines.
+    m eatmydata debootstrap --exclude=$excludes $release /srv/debootstrap-cache/$release $archive
+  fi
+  m eatmydata cp -a /srv/debootstrap-cache/$release/* $target
+}
+
+os-prep() {
+  m tee $target/etc/fstab <<EOF
+# <file system> <mount point>   <type>  <options>       <dump>  <pass>
+proc            /proc           proc    defaults        0       0
+$vm_internal_disk / $fs_type $fs_opts 0 $fs_passno
+EOF
+
+
+  m mount -t proc none $target/proc
+  cleanup_cmds+=("umount $target/proc")
+  m mount -o bind /dev $target/dev
+  cleanup_cmds+=("umount $target/dev")
+  # This is not needed afaik, just makes output nicer.
+  m mount -o bind /dev/pts $target/dev/pts
+  cleanup_cmds+=("umount $target/dev/pts")
+  # This is not needed afaik, but silences some complaints.
+  m mount -o bind /sys $target/sys
+  cleanup_cmds+=("umount $target/sys")
+
+  case $release in
+    stretch)
+      m tee $target/etc/apt/sources.list <<EOF
+deb http://http.us.debian.org/debian $release main
+deb http://security.debian.org/ $release/updates main
+deb http://http.us.debian.org/debian $release-updates main
+EOF
+      ;;
+    *)
+      m tee $target/etc/apt/sources.list <<EOF
+deb http://mirror.fsf.org/trisquel/ $release main
+deb http://mirror.fsf.org/trisquel/ $release-updates main
+deb http://archive.trisquel.info/trisquel $release-security main
+EOF
+      ;;
+  esac
+
+  # For disabling upstart during initial setup
+  m tee $target/usr/sbin/policy-rc.d <<EOF
+#!/bin/sh
+exit 101
+EOF
+
+  case $release in
+    etiona|flidas|belenos) : ;;
+    *)
+      # systemd-resolved takes over /etc/resolv.conf, and I do not see any
+      # benefit to using it. Also, it tries to do DNSSEC then fails queries
+      # when the server has not implemented it fully and perfectly.
+      m chroot $target systemctl disable systemd-resolved
+      rm -f $target/etc/resolv.conf
+  esac
+
+  m tee $target/etc/resolv.conf <<EOF
+domain fsf.org
+search fsf.org
+nameserver 209.51.188.16
+nameserver 209.51.188.27
+EOF
+
+
+  if $doceph; then
+    # For placing vmlinuz and initrd.img symlinks in / (root).
+    # Lets transition away from this nondefault behavior, so
+    # do not do it except for ceph at the moment.
+    echo link_in_boot=false > $target/etc/kernel-img.conf
+
+    # Make machines migrateable util we move everything to the
+    # default config without link_in_boot=false
+    ln -sfT ../vmlinuz $target/boot/vmlinuz
+    ln -sfT ../initrd.img $target/boot/initrd.img
+  else
+    ln -sfT boot/vmlinuz $target/vmlinuz
+    ln -sfT boot/initrd.img $target/vmlinuz
+  fi
+  # Note, add this before upgrading an etiona to nabia.
+  # if done after, you will need to manually run a command like:
+  # linux-update-symlinks install 5.4.0-169-generic /boot/vmlinuz-5.4.0-169-generic
+  # Also, run these commands:
+  # apt install -y cryptsetup-initramfs
+  # cd /
+  # ln -sf boot/initrd.img .
+  # ln -sf boot/vmlinuz .
+
+  chmod 755 $target/usr/sbin/policy-rc.d
+
+  cp /usr/lib/x86_64-linux-gnu/libeatmydata.so $target/usr/lib/x86_64-linux-gnu/libeatmydata.so
+
+
+  export DEBIAN_FRONTEND=noninteractive
+  chroot_apt="eatmydata chroot $target apt-get"
+  # eatmydata can fail due to libc differences. eg: t11 into a t10 chroot fails.
+  if ! m $chroot_apt update; then
+    chroot_apt="chroot $target apt-get"
+    m $chroot_apt update
+  fi
+
+  # /etc/kernel/postinst.d/initramfs-tools causes this, which is expected:
+  # update-initramfs: Generating /boot/initrd.img-5.4.0-125-generic
+  # cryptsetup: ERROR: nextcloud.fsf.org-crypt0: Source mismatch
+  # Processing triggers for initramfs-tools (0.136ubuntu6.7) ...
+  # update-initramfs: Generating /boot/initrd.img-5.4.0-125-generic
+  # cryptsetup: ERROR: nextcloud.fsf.org-crypt0: Source mismatch
+  # W: --force-yes is deprecated, use one of the options starting with --allow instead.
+
+  m $chroot_apt dist-upgrade --force-yes -y -o Dpkg::Options::="--force-confnew"
+  extra_pkgs=()
+
+  case $release in
+    stretch) extra_pkgs+=(busybox-static) ;;
+  esac
+
+  case $release in
+    # iank: 2022: python gives us python2. it doesnt exist in aramo and I do
+    # not think we need it in nabia. I assume the older distros needed it for
+    # ansible, but ansible has moved to python3 now.
+    etiona|flidas|belenos) extra_pkgs+=(python) ;;
+    *) extra_pkgs+=(cryptsetup-initramfs) ;;
+  esac
+
+  m $chroot_apt install --force-yes -y --no-install-recommends \
+    $linux_pkg initramfs-tools ssh acpid btrfs-progs cryptsetup \
+    python3-apt ifupdown ${extra_pkgs[@]}
+
+  rm -f $target/usr/sbin/policy-rc.d
+
+  # Set root password
+  rootpw=$(pwgen 12 -s -1)
+  echo root:$rootpw | chroot $target chpasswd
+
+  # This doesnt seem to be needed on etiona+
+  case $release in
+    flidas|belenos)
+      m tee $target/etc/init/ttykvm.conf <<EOF
+# ttykvm - getty
+#
+# This service maintains a getty on tty1 from the point the system is
+# started until it is shut down again.
+
+start on stopped rc RUNLEVEL=[2345]
+
+stop on runlevel [!2345]
+
+respawn
+exec /sbin/getty -8 115200 ttyS0 xterm
+EOF
+      ;;
+  esac
+
+
+  m mkdir -p $target/etc/network/
+  m tee $target/etc/network/interfaces <<EOF
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+auto eth0
+iface eth0 inet static
+  address $ip/24
+  gateway $gateway
+EOF
+
+  if [[ $gateway6 && $ip6 ]]; then
+    m tee -a $target/etc/network/interfaces <<EOF
+iface eth0 inet6 static
+  pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_dad
+  address $ip6/48
+  gateway $gateway6
+EOF
+  fi
+
+
+  echo $host > $target/etc/hostname
+
+  m tee $target/etc/hosts <<EOF
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+
+$ip    $host $hostshort
+EOF
+
+  m mkdir -p $target/root/.ssh
+  echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE6X/Bws7dNaK1wHi4kOKlv3z2viJwEdAFrwW0QubHKY Ansible' > $target/root/.ssh/authorized_keys
+
+  rm -f $target/usr/lib/x86_64-linux-gnu/libeatmydata.so
+
+  m umount $target/sys
+  unset "cleanup_cmds[-1]"
+  m umount $target/dev/pts
+  unset "cleanup_cmds[-1]"
+  m umount $target/dev
+  unset "cleanup_cmds[-1]"
+  m umount $target/proc
+  unset "cleanup_cmds[-1]"
+
+} # End os-prep
+
+
+create-vm() {
+
+  #### Begin virt-install/libvirt vm creation ####
+
+  ## Work around issue with /dev/kvm in bind mount getting a file ownership
+  ## change during apt run, with differing default gids for the 'kvm' user in
+  ## nabia. This issue affects the kvm host itself, thus this workaround.
+  chown root:kvm /dev/kvm
+
+  max_var=$(osinfo-query -f short-id os | sed -rn 's/.*ubuntu([0-9][0-9])\.04.*/\1/p' | sort -V | tail -n1)
+  case $release in
+    aramo) var=22 ;;
+    nabia) var=20 ;;
+    etiona|stretch) var=18 ;;
+    flidas) var=16 ;;
+    belenos) var=14 ;;
+  esac
+
+  if (( max_var < var )); then
+    var=$max_var
+  fi
+  var=ubuntu$var.04
+
+  # TODO In newer libvirt versions, we probably want
+  # --cpu host-passthrough,cache.mode=passthrough
+  vopts=(
+    --name $host
+    --graphics vnc
+    --cpu host-passthrough
+    --vcpus=$cpus
+    --cpuset=auto
+    --noautoconsole
+    --os-variant=$var
+    --import
+  )
+
+  #### Begin grub args ####
+  boot_prefix=kernel=/var/lib/libvirt/images/grub-i386-netnames
+  if $doceph; then
+    vopts+=(
+      --boot kernel=/var/lib/libvirt/images/grub-$host.bin
+    )
+  elif $mdraid || $dovg; then
+    vopts+=(
+      --boot $boot_prefix-bootsym.bin
+    )
+  else
+    vopts+=(
+      --boot $boot_prefix-btrfs-bootsym.bin
+    )
+  fi
+  #### End grub args ####
+
+  #### Begin disk args ####
+  if $doceph; then
+    vopts+=(
+      --disk none
+      --controller scsi,model=virtio-scsi
+    )
+  else
+    vopts+=(
+      ${vm_disks[@]/#/--disk path=}
+    )
+  fi
+  #### End disk args ####
+
+  #### Begin network args ####
+  # trustGuestRxFilters fixes ipv6, does neighbor discovery
+  #http://blog.flyingpenguintech.org/2017/12/ipv6-with-macvtap-and-libvirt.html
+  #https://superuser.com/questions/944678/how-to-configure-macvtap-to-let-it-pass-multicast-packet-correctly
+  # But the virt-install option doesnt exist yet on t8.
+  ipv6_option=
+  if virt-install --network=? | grep trustGuestRxFilters &>/dev/null; then
+    ipv6_option=",trustGuestRxFilters=yes"
+  fi
+  vopts+=(
+    --network type=direct,source=macvtap-bond0,source_mode=bridge,model=virtio$ipv6_option
+  )
+  #### End network args ####
+
+
+  if $gnuhope; then
+    vopts+=( --memory=$ram,hugepages=true )
+  else
+    vopts+=( --memory=$ram )
+  fi
+
+  # TODO When we upgrade kvmhosts, for ceph we can use --print-xml, then no
+  # need to destroy and dumpxml.
+  m virt-install ${vopts[@]}
+
+  # We have not figured out how to setup ceph disks in the initial
+  # virt-install, so just add them here.
+  if $doceph; then
+    m virsh destroy $host
+    ceph-add-disk
+    virsh dumpxml $host > /tmp/tmp.xml
+    #sed "1s#># xmlns:qemu=\'http://libvirt.org/schemas/domain/qemu/1.0'>#; s#</domain>#<qemu:commandline><qemu:arg value='-set'/><qemu:arg value='device.scsi0-0-0-0.min_io_size=4194304'/><qemu:arg value='-set'/><qemu:arg value='device.scsi0-0-0-0.opt_io_size=4194304'/></qemu:commandline></domain>#" /tmp/tmp.xml -i
+
+    # TODO When we get a newer libvirt, we could probably do this on
+    # virt-install with something like:
+    # --xml "./devices/controller[@type='scsi']/driver/@queues"
+    # --xml xpath.value=$cpus
+    # or maybe this will work:
+    # --controller type=scsi,model=virtio-scsi,driver.queues=1
+    sed -i "/virtio-scsi/a <driver queues='$cpus'/>" /tmp/tmp.xml
+    unset "cleanup_cmds[-1]"
+    virsh create /tmp/tmp.xml
+    rm -f /tmp/tmp.xml
+  fi
+
+  #### End virt-install/libvirt vm creation ####
+
+
+  cat <<EOF
+Created new virtual machine $host
+
+ROOT PASSWORD	: $rootpw
+IP		: $ip
+DISK MB		: $new_disk_mb
+RAM SIZE	: $ram
+EOF
+
+  if [[ $keyfile ]]; then
+    echo "LUKS KEY	: $(cat $keyfile)"
+    if $doceph; then
+      echo "RBD IMAGE	: $pool/$host"
+    fi
+  fi
+
+  if $import; then
+    e "--import specified, stopping the empty vm"
+    m virsh destroy $host
+  fi
+
+} # End create-vm
+
+ceph-add-disk() {
+  m tee /tmp/disk.xml <<EOF
+<disk type='network' device='disk'>
+  <driver name='qemu' cache='writeback' discard='unmap' type='raw'  />
+  <auth username='libvirt'>
+    <secret type='ceph' uuid='dc8e8240-15b4-47ae-896b-6632aec8103e'/>
+  </auth>
+  <source protocol='rbd' name='$pool/$dname'>
+    <host name='cephmon1' port='6789'/>
+    <host name='cephmon2' port='6789'/>
+    <host name='cephmon3' port='6789'/>
+  </source>
+  <target dev='sd$letter' bus='scsi'/>
+</disk>
+EOF
+  m virsh attach-device $host /tmp/disk.xml --persistent
+
+}
+#### End function definitions ####
+
+trap 'err-cleanup; trap - INT; kill -s INT "$$"' INT
+
+export LANG=C
+export LC_ALL=C
+
+pre="${0##*/}:"
+
+
+##### Begin command line parsing ########
+
+# Ensure we can handle args with spaces or empty.
+ret=0; getopt -T || ret=$?
+[[ $ret == 4 ]] || { echo "Install util-linux for enhanced getopt" >&2; exit 1; }
+
+# Defaults
+mdraid=false
+# Says whether we passed a vg name.
+dovg=false
+import=false
+add_disk=false
+dolist=false
+dosize=false
+temp=$(getopt -l help,disk:,vol-group:,import,mdraid,vg_size: hd:g:ilms: "$@") || usage 1
+eval set -- "$temp"
+while true; do
+  case $1 in
+    -d|--disk)
+      tmp=$2
+      disk_name_suf=-${tmp%,*}
+      disk_mountpoint=${tmp#*,}
+      add_disk=true
+      shift
+      ;;
+    -g|--vol-group)
+      vg_opt="$2"
+      dovg=true
+      shift
+      ;;
+    # todo: add option to pick which disk array for kvmhost5
+    -i|--import) import=true ;;
+    -l)
+      dolist=true
+      ;;
+    -m|--mdraid) mdraid=true ;;
+    -s|--size)
+      size_opt="$2"
+      size_regex="^[1-9][0-9]*[tg]$"
+      if [[ ! $size_opt =~ $size_regex ]]; then
+        err "size option: $size_opt does not match expected size_regex: $size_regex"
+        exit 1
+      fi
+      if [[ $size_opt == *g ]]; then
+        size_opt=${size_opt%g}
+      elif [[ $size_opt == *t ]]; then
+        size_opt=$(( ${size_opt%t} * 1000 ))
+      else
+        err "something went wrong in size_opt condition. read the source code"
+      fi
+
+      dosize=true
+      shift
+      ;;
+    -h|--help) usage ;;
+    --) shift; break ;;
+    *) e "unexpected args: $*" >&2 ; usage 1 ;;
+  esac
+  shift
+done
+read -r host new_disk_mb ram cpus _ <<<"$@"
+release=${5:-aramo}
+
+if $dolist; then
+  if (( $# != 0 )); then
+    err "error: expected 0 args with -l, got $#. exiting"
+    usage 1
+  fi
+elif $add_disk; then
+  if (( $# != 2 )); then
+    err "error: expected 2 args with -d, got $#. exiting"
+    usage 1
+  fi
+elif (( $# < 4 || $# > 5 )); then
+  err "error: expected 4-5 args, got $# exiting"
+  usage 1
+fi
+
+##### End command line parsing ########
+
+cli-arg-check
+set-initial-vars
+
+
+##### Start actually doing things, this goes on till the end of the script ####
+
+if $dolist; then
+  nongnuhope-disk
+  exit 0
+fi
+
+# Install required packages
+# https://dsa.debian.org/howto/install-kvm/
+pkgs=(libvirt-dev virtinst pwgen libosinfo-bin)
+for p in ${pkgs[@]}; do
+  if ! dpkg -s -- $p |& grep -Fx "Status: install ok installed" &> /dev/null; then
+    m apt install -y --no-install-recommends ${pkgs[@]}
+    break
+  fi
+done
+target=$(mktemp -d)
+
+
+###### Begin make common grub images if they dont exist ######
+name_suf=
+boot_prefix=
+kernel_args=
+mk-grub-image
+bootsym-image
+
+name_suf="-btrfs"
+boot_prefix=/root
+kernel_args=rootflags=subvol=root
+mk-grub-image
+bootsym-image
+###### End make common grub images if they dont exist ######
+
+
+
+letter=a
+if $add_disk; then
+  # In some distro newer than t8, we can do:
+  # xmllint --xpath "count(/domain/devices/disk)"
+  disk_num=$(virsh dumpxml $host | grep -cF '</disk>')
+  disk_letters=( {a..z} )
+  letter=${disk_letters[disk_num]}
+fi
+
+if $dovg && $gnuhope; then
+  vg-disk
+elif $doceph; then
+  ceph-disk
+else
+  nongnuhope-disk
+fi
+
+if ! $doceph && $add_disk; then
+  if virsh list --name | grep -Fx $host &>/dev/null; then
+    # If the VM is running, record the commands to be run manually inside it.
+    inside_vm_cmds=true
+    cat >/root/generated-to-run-in-vm <<EOF
+mkdir -p $disk_mountpoint /etc
+echo "/dev/vd$letter $disk_mountpoint $fs_type $fs_opts 0 $fs_passno" >>/etc/fstab
+mount $disk_mountpoint
+EOF
+
+  else
+    m mount-vm --first-disk $host
+    cleanup_cmds+=("umount-vm $host")
+    m mkdir -p /mnt/$host/$disk_mountpoint /mnt/$host/etc
+    echo "/dev/vd$letter $disk_mountpoint $fs_type $fs_opts 0 $fs_passno" >>/mnt/$host/etc/fstab
+    m umount-vm $host
+    unset "cleanup_cmds[-1]"
+  fi
+fi
+
+if ! $import && ! $add_disk; then
+  os-bootstrap
+  os-prep
+fi
+
+m umount $target
+unset "cleanup_cmds[-1]"
+
+
+# For ceph, decryption is done inside the VM.
+if $doceph; then
+  m cryptsetup luksClose $luks_dev
+  unset "cleanup_cmds[-1]"
+  m rbd-nbd unmap $nbd_dev
+  unset "cleanup_cmds[-1]"
+fi
+
+
+if $add_disk; then
+  if $doceph; then
+    ceph-add-disk
+  else
+    # Note: On a vg disk in kvmhost2, we had this:
+    #  <driver name='qemu' type='raw' cache='writethrough'/>
+    #  but my research says that we do not want that cache mode.
+
+    # libvirt will add a elements like these into the disk:
+    # <alias name='virtio-disk0'/>
+    # <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
+    # and the index here:
+    # <source dev='$disk' index='3'/>
+
+    for (( i=0; i < ${#vm_disks[@]}; i++ )); do
+      disk=${vm_disks[i]}
+      letter=${disk_letters[disk_num+i]}
+      # TODO After we upgrade all our kvmhosts, check out virsh attach-disk.
+      m tee /tmp/disk.xml <<EOF
+<disk type='block' device='disk'>
+  <driver name='qemu' type='raw' cache='none' io='native' discard='unmap'/>
+  <source dev='$disk'/>
+  <target dev='vd$letter' bus='virtio'/>
+</disk>
+EOF
+      m virsh attach-device $host /tmp/disk.xml --persistent
+    done
+  fi
+else
+  create-vm
+fi
+
+# we dont keep ceph keyfiles
+if [[ $keyfile == /dev/shm/* ]]; then
+  rm -f $keyfile
+fi
+
+
+if $inside_vm_cmds; then
+  cat <<EOF
+
+$0: ======= WARNING!!!: The VM was running, so you must run the
+following commands inside the VM to complete the disk addition (also
+stored as /root/generated-to-run-in-vm):
+
+EOF
+  cat /root/generated-to-run-in-vm
+fi
+
+if ! backup-crypt-luks-keys; then
+  echo "$0: this was the last command of create-vm, so just sort out any error and hopefully continue to use the vm"
+fi
+
+exit 0
diff --git a/roles/kvmhost/files/simple/usr/local/bin/savannah-virsh b/roles/kvmhost/files/simple/usr/local/bin/savannah-virsh
index fb8e3e5..3e9a6c0 100755
--- a/roles/kvmhost/files/simple/usr/local/bin/savannah-virsh
+++ b/roles/kvmhost/files/simple/usr/local/bin/savannah-virsh
@@ -48,7 +48,7 @@ case "$arg1" in
     virsh list --name
     exit 0
     ;;
-  console|reboot|reset|start|destroy) true ;;
+  console|reboot|reset|start|destroy|create-vm|unsafe-remove-vm) true ;;
   *)
     echo "error: bad argument" >&2; exit 1
     ;;
diff --git a/roles/kvmhost/files/simple/usr/local/bin/unsafe-remove-vm b/roles/kvmhost/files/simple/usr/local/bin/unsafe-remove-vm
new file mode 100755
index 0000000..dabbe88
--- /dev/null
+++ b/roles/kvmhost/files/simple/usr/local/bin/unsafe-remove-vm
@@ -0,0 +1,363 @@
+#!/bin/bash
+# File managed by Ansible, do not edit
+
+# unsafe-remove-vm.sh
+# Copyright (C) 2020 Michael McMahon, Ian Kelling, Andrew Engelbrecht
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+
+source /usr/local/lib/err
+
+##### begin command line parsing ########
+if (( $# != 1 )); then
+  cat <<EOF
+$0 will remove a VM from the kvmhost and delete its disks"
+Usage: $0 hostname.foo.bar
+EOF
+  exit 1
+fi
+
+host=$1
+
+##### end command line parsing ########
+
+script_gen=/root/unsafe-remove-vm-generated
+cat >$script_gen <<EOF
+#!/bin/bash
+set -xe
+# generated by unsave-remove-vm on $(date -R)
+EOF
+chmod +x $script_gen
+
+dosleep=false
+m() {
+  # with no sleeps, i got this example output:
+  #+ integritysetup close /dev/dm-68
+  # device-mapper: remove ioctl on integrity-vgata-Samsung_SSD_850_EVO_1TB_S3PJNF0J909379K-nextcloud.fsf.org  failed: Device or resource busy
+  # however, the command didnt fail and the overall script
+  # still succeeded. anyways, just adding sleeps out of extra caution.
+  # Not like we run this very often, it also allows you to press ctrl-c
+  # if you see some output you dont like.
+  if $dosleep; then
+    echo "sleep 3" >>$script_gen
+  fi
+  dosleep=true
+  if [[ $BASH_VERSION == 5* ]]; then
+    # This is more robust, but got introduced in bash 5.1 or 5.0.
+    # too old for t8.
+    echo "${@@Q}" >>$script_gen
+  else
+    printf "%s\n" "$*" >>$script_gen
+  fi
+}
+
+
+##### begin probing/sanity checking ########
+
+xmltmp=$(mktemp)
+rbdnames=()
+devpaths=()
+if virsh dumpxml $host >$xmltmp; then
+  xpathtmp=$(mktemp)
+  # 10 exit code is when result is empty
+  xmllint --xpath "/domain/devices/disk[@type='block']/source/@dev" $xmltmp >$xpathtmp 2>/dev/null || [[ $? == 10 ]]
+  # https://mywiki.wooledge.org/BashFAQ/001#My_text_files_are_broken.21__They_lack_their_final_newlines.21
+  while read -r line || [[ $line ]]; do
+    for word in $line; do
+      path=$(echo "<a $word></a>" | xmllint --xpath "string(//a/@dev)" -)
+      echo "$0: found associated device to delete: $path"
+      devpaths+=($path)
+    done
+  done <$xpathtmp
+  rm -f $xpathtmp
+  xmllint --xpath "/domain/devices/disk/source[@protocol='rbd']/@name" $xmltmp >$xpathtmp 2>/dev/null || [[ $? == 10 ]]
+  while read -r line || [[ $line ]]; do
+    # newer xmllint outputs lines, older one outputs words
+    for word in $line; do
+      name=$(echo "<a $word></a>" | xmllint --xpath "string(//a/@name)" -)
+      name="${name#rbd/}"
+      echo "$0: found associated rbd disk to delete: $name"
+      rbdnames+=( "$name" )
+    done
+  done <$xpathtmp
+else
+  if type -p rbd &>/dev/null && rbd ls | grep -Fx $host &>/dev/null; then
+    echo "$0: WARNING!!!! the domain is not defined, but found likely associated rbd disk named $host"
+    echo "$0: WARNING!!!! Are you sure this is the right kvm host?"
+    rbdnames+=($host)
+  else
+    echo "$0: error: the domain is not defined and we found no likely disks to delete"
+    exit 1
+  fi
+fi
+
+
+
+if virsh list --name | grep -Fx $host &>/dev/null; then
+  m virsh destroy $host
+fi
+
+### begin grub file search ###
+grub_in_use=false
+grub_file=$(xmllint --xpath "string(/domain/os/kernel)" $xmltmp)
+tmpf=$(mktemp)
+for f in $(virsh list --all --name); do
+  case $name in
+    "$host") : ;;
+    *)
+      virsh dumpxml $f >$tmpf
+      grub2=$(xmllint --xpath "string(/domain/os/kernel)" $tmpf ||:)
+      if [[ $grub_file == "$grub2" ]]; then
+        grub_in_use=true
+      fi
+      ;;
+  esac
+done
+### end grub file search ###
+
+if ! $grub_in_use && [[ -f $grub_file ]]; then
+  m rm -f $grub_file
+fi
+if virsh list --name --all | grep -Fx $host &>/dev/null; then
+  m virsh undefine $host
+fi
+
+lvrm() {
+  local lv
+  lv="$1"
+  lvs "$lv" &>/dev/null || return $?
+  echo "$0: found logical volume. output of lvs $lv :"
+  lvs "$lv"
+  # wipefs makes it so when a new lv is created later, it doesn't give a
+  # prompt warning that an existing filesystem signature is found.
+  m wipefs -a "$lv"
+  m lvremove -f "$lv"
+}
+
+declare -A keyfiles
+for devpath in ${devpaths[@]}; do
+  if lvrm "$devpath" &>/dev/null; then
+    ## we are a simple unencrypted vg-disk. lvrm took care of things
+    :
+  elif under_crypt_dev=$(cryptsetup status "$devpath" | awk '$1 == "device:" {print $2}') && [[ $under_crypt_dev ]]; then
+    ## This whole block is for community0p
+    m cryptsetup luksClose "$devpath"
+    # we assume all the libvirt xml crypt paths are /dev/mapper/
+    crypt_name=${devpath##*/}
+    keyfile=$(awk '$1 == "'$crypt_name'" {print $3}' /etc/crypttab)
+    if [[ $keyfile && -f $keyfile && ! ${keyfiles[$keyfile]} ]]; then
+      keyfiles[$keyfile]=t
+      m rm -f $keyfile
+    fi
+    m sed -i "/^$crypt_name/d" /etc/crypttab
+    if lvrm "$under_crypt_dev"; then
+      # we are in a btrfs setup on community
+      :
+    elif [[ $under_crypt_dev == /dev/md* ]]; then
+      # we are in a mdraid setup on community
+      stat=$(awk '$1 == "'${under_crypt_dev##*/}'"' /proc/mdstat)
+      m mdadm -v --stop "$under_crypt_dev"
+      # see comment at end of script for background on this.
+      m test ! -e "/sys/devices/virtual/block/${under_crypt_dev##*/}"
+      for w in $stat; do
+        dm=${w%%\[*}
+        if [[ $dm && $dm != "$w" ]]; then
+          for f in /dev/mapper/*; do
+            if [[ $(readlink -f "$f") == "/dev/$dm" ]]; then
+              under_md_dev="$f"
+              break
+            fi
+          done
+          m mdadm -v --zero-superblock "$under_md_dev"
+          if under_integrity_dev=$(integritysetup status "$under_md_dev" | awk '$1 == "device:" {print $2}') && [[ $under_integrity_dev ]]; then
+            m integritysetup close "$under_md_dev"
+            lvrm "$under_integrity_dev" ||:
+          fi
+        fi
+      done
+    fi
+  fi
+done
+
+for rbdname in ${rbdnames[@]}; do
+  snapshot_count=$(rbd info $rbdname | awk '$1 == "snapshot_count:" {print $2}')
+  if [[ $snapshot_count != 0 ]]; then
+    cat <<EOF
+$0: error found snapshot_count = $snapshot_count, != 0 for rbd image $rbdname."
+see https://docs.ceph.com/en/quincy/rbd/rbd-snapshot/
+flatten or remove snapshots first and consider vms using them.
+eg:
+
+rbd snap protect jitsi2p.fsf.org@working2p
+rbd clone jitsi2p.fsf.org@working2p jitsi2p-working
+rbd flatten rbd/jitsi2p-working
+rbd snap unprotect jitsi2p.fsf.org@working2p
+rbd snap rm jitsi2p.fsf.org@working2p
+
+
+output of rbd snap ls $rbdname:
+
+EOF
+    rbd snap ls $rbdname
+    echo
+    echo "$0: exiting 1"
+    exit 1
+  fi
+done
+
+
+for rbdname in ${rbdnames[@]}; do
+  parent=$(rbd info $rbdname | awk '$1 == "parent:" {print $2}')
+  m rbd rm $rbdname
+  if [[ $parent ]]; then
+    m rbd snap unprotect $parent
+    m rbd snap rm $parent
+  fi
+done
+
+##### end probing/sanity checking ########
+
+echo "planned commands, cat $script_gen:"
+cat $script_gen
+echo
+echo "end of cat $script_gen"
+
+read -r -p "Do you want to completely remove $host from this kvmhost and delete its disks based on the planned commands? (y/N): " yn
+
+case $yn in
+  Y|y|YES|Yes|yes)
+    $script_gen
+    exit 0
+    ;;
+  * )
+    echo "Non-yes answer, exiting"
+    exit 0
+    ;;
+esac
+
+
+# background on test ! -e "/sys/devices/virtual/block/${under_crypt_dev##*/}"
+
+# I ran unsafe-remove-vm, and it succeeded. However, a later create-vm
+# failed on md creation with a cryptic error. So I looked in dmesg saw
+# the error below. The timestamps are from when I ran unsafe-remove-vm,
+# and the 1st 2 lines are normal output after running mdadm
+# --stop. Google searches came up with very little for this error. So,
+# in order to hopefully help avoid this error, I've increased the sleep
+# between commands from 1 to 3 and added a check that the sysfs device
+# is gone so we can catch the problem.
+
+# Note: When searching for mdadm array removal, some old instructions
+# say you need to do mdadm --remove /dev/mdXXX after --stop if it
+# exists, but I've yet to see that needed.
+
+# Nov 13 02:29:27 community0p kernel: md121: detected capacity change from 914061312 to 0
+# Nov 13 02:29:27 community0p kernel: md: md121 stopped.
+# Nov 13 02:29:27 community0p kernel: sysfs: cannot create duplicate filename '/devices/virtual/block/md121'
+# Nov 13 02:29:27 community0p kernel: CPU: 10 PID: 4905 Comm: mdadm Tainted: G        W         5.15.0-47-generic #51+11.0trisquel11
+# Nov 13 02:29:27 community0p kernel: Hardware name: ASUS KGPE-D16/KGPE-D16, BIOS c57e03c 09/07/2016
+# Nov 13 02:29:27 community0p kernel: Call Trace:
+# Nov 13 02:29:27 community0p kernel:  <TASK>
+# Nov 13 02:29:27 community0p kernel:  show_stack+0x52/0x5c
+# Nov 13 02:29:27 community0p kernel:  dump_stack_lvl+0x4a/0x63
+# Nov 13 02:29:27 community0p kernel:  dump_stack+0x10/0x16
+# Nov 13 02:29:27 community0p kernel:  sysfs_warn_dup.cold+0x17/0x2b
+# Nov 13 02:29:27 community0p kernel:  sysfs_create_dir_ns+0xbc/0xd0
+# Nov 13 02:29:27 community0p kernel:  create_dir+0x28/0x170
+# Nov 13 02:29:27 community0p kernel:  kobject_add_internal+0x9e/0x1d0
+# Nov 13 02:29:27 community0p kernel:  kobject_add+0x7e/0xb0
+# Nov 13 02:29:27 community0p kernel:  ? mutex_lock+0x13/0x50
+# Nov 13 02:29:27 community0p kernel:  device_add+0x11d/0x7b0
+# Nov 13 02:29:27 community0p kernel:  ? dev_set_name+0x53/0x70
+# Nov 13 02:29:27 community0p kernel:  device_add_disk+0xfb/0x3c0
+# Nov 13 02:29:27 community0p kernel:  md_alloc+0x15e/0x400
+# Nov 13 02:29:27 community0p kernel:  md_probe+0x52/0x60
+# Nov 13 02:29:27 community0p kernel:  blk_request_module+0x7f/0x110
+# Nov 13 02:29:27 community0p kernel:  blkdev_get_no_open+0xa9/0xe0
+# Nov 13 02:29:27 community0p kernel:  blkdev_get_by_dev.part.0+0x21/0x320
+# Nov 13 02:29:27 community0p kernel:  blkdev_get_by_dev+0x55/0x70
+# Nov 13 02:29:27 community0p kernel:  ? blkdev_close+0x40/0x40
+# Nov 13 02:29:27 community0p kernel:  blkdev_open+0x50/0x90
+# Nov 13 02:29:27 community0p kernel:  do_dentry_open+0x159/0x390
+# Nov 13 02:29:27 community0p kernel:  vfs_open+0x2d/0x40
+# Nov 13 02:29:27 community0p kernel:  do_open+0x20d/0x3d0
+# Nov 13 02:29:27 community0p kernel:  path_openat+0x112/0x2b0
+# Nov 13 02:29:27 community0p kernel:  ? kmem_cache_free+0x249/0x290
+# Nov 13 02:29:27 community0p kernel:  ? rseq_get_rseq_cs.isra.0+0x1b/0x230
+# Nov 13 02:29:27 community0p kernel:  do_filp_open+0xb2/0x160
+# Nov 13 02:29:27 community0p kernel:  ? __check_object_size+0x1d/0x30
+# Nov 13 02:29:27 community0p kernel:  ? alloc_fd+0x53/0x180
+# Nov 13 02:29:27 community0p kernel:  do_sys_openat2+0x9f/0x160
+# Nov 13 02:29:27 community0p kernel:  __x64_sys_openat+0x55/0x90
+# Nov 13 02:29:27 community0p kernel:  do_syscall_64+0x5c/0xc0
+# Nov 13 02:29:27 community0p kernel:  ? irqentry_exit_to_user_mode+0x9/0x20
+# Nov 13 02:29:27 community0p kernel:  ? irqentry_exit+0x1d/0x30
+# Nov 13 02:29:27 community0p kernel:  ? sysvec_call_function_single+0x4e/0x90
+# Nov 13 02:29:27 community0p kernel:  entry_SYSCALL_64_after_hwframe+0x61/0xcb
+# Nov 13 02:29:27 community0p kernel: RIP: 0033:0x7f8a3cfa76eb
+# Nov 13 02:29:27 community0p kernel: Code: 25 00 00 41 00 3d 00 00 41 00 74 4b 64 8b 04 25 18 00 00 00 85 c0 75 67 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0
+# f 87 91 00 00 00 48 8b 54 24 28 64 48 2b 14 25
+# Nov 13 02:29:27 community0p kernel: RSP: 002b:00007fff5ca451c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
+# Nov 13 02:29:27 community0p kernel: RAX: ffffffffffffffda RBX: 0000000000000014 RCX: 00007f8a3cfa76eb
+# Nov 13 02:29:27 community0p kernel: RDX: 0000000000000000 RSI: 0000562d70b95300 RDI: 00000000ffffff9c
+# Nov 13 02:29:27 community0p kernel: RBP: 0000562d70b95300 R08: 0000000000000014 R09: 0000000000000000
+# Nov 13 02:29:27 community0p kernel: R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
+# Nov 13 02:29:27 community0p kernel: R13: 0000000000000000 R14: 0000562d70b95270 R15: 0000562d70b95270
+# Nov 13 02:29:27 community0p kernel:  </TASK>
+# Nov 13 02:29:27 community0p kernel: kobject_add_internal failed for md121 with -EEXIST, don't try to register things with the same name in the same directory.
+# Nov 13 02:29:27 community0p kernel: ------------[ cut here ]------------
+# Nov 13 02:29:27 community0p kernel: WARNING: CPU: 10 PID: 4905 at block/genhd.c:544 device_add_disk+0x121/0x3c0
+# Nov 13 02:29:27 community0p kernel: Modules linked in: vhost_net vhost vhost_iotlb dm_integrity dm_bufio dm_crypt xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp nft_compat nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nft_counter nf_tables nfnetlink macvtap macvlan tap sunrpc nls_iso8859_1 amd64_edac edac_mce_amd snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec kvm_amd snd_hda_core ccp snd_hwdep kvm snd_pcm input_leds snd_timer serio_raw snd fam15h_power k10temp soundcore mac_hid sch_fq_codel w83627ehf hwmon_vid w83795 bonding tls br_netfilter bridge stp llc usbhid ramoops hid pstore_blk reed_solomon mtd pstore_zone efi_pstore ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear ast i2c_algo_bit drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops cec crct10dif_pclmul
+# Nov 13 02:29:27 community0p kernel:  pata_acpi crc32_pclmul rc_core firewire_ohci uas ghash_clmulni_intel aesni_intel ahci firewire_core crypto_simd cryptd psmouse drm usb_storage crc_itu_t e1000e i2c_piix4 pata_atiixp libahci
+# Nov 13 02:29:27 community0p kernel: CPU: 10 PID: 4905 Comm: mdadm Tainted: G        W         5.15.0-47-generic #51+11.0trisquel11
+# Nov 13 02:29:27 community0p kernel: Hardware name: ASUS KGPE-D16/KGPE-D16, BIOS c57e03c 09/07/2016
+# Nov 13 02:29:27 community0p kernel: RIP: 0010:device_add_disk+0x121/0x3c0
+# Nov 13 02:29:27 community0p kernel: Code: 15 28 26 00 85 c0 75 14 4c 89 e7 e8 99 b8 00 00 85 c0 74 34 4c 89 ff e8 ad fc 25 00 41 81 3c 24 03 01 00 00 0f 84 83 00 00 00 <0f> 0b 41 b8 01 00 00 00 48 83 c4 08 44 89 c0 5b 41 5c 41 5d 41 5e
+# Nov 13 02:29:27 community0p kernel: RSP: 0018:ffffac30016ffb00 EFLAGS: 00010287
+# Nov 13 02:29:27 community0p kernel: RAX: 00000000ffffffef RBX: ffff9df9547babc0 RCX: 00000000001c6dfd
+# Nov 13 02:29:27 community0p kernel: RDX: 00000000001c6dfc RSI: a61588aaaedf7f56 RDI: ffff9df9547bac38
+# Nov 13 02:29:27 community0p kernel: RBP: ffffac30016ffb30 R08: 0000000000000003 R09: 0000000000000001
+# Nov 13 02:29:27 community0p kernel: R10: ffff9dfc62d93d00 R11: ffffffffc040f0e0 R12: ffff9dfd28427000
+# Nov 13 02:29:27 community0p kernel: R13: 0000000000000000 R14: 0000000000000000 R15: ffff9df9547bac00
+# Nov 13 02:29:27 community0p kernel: FS:  00007f8a3d0f8740(0000) GS:ffff9e17f7a80000(0000) knlGS:0000000000000000
+# Nov 13 02:29:27 community0p kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+# Nov 13 02:29:27 community0p kernel: CR2: 00007f4d63a67000 CR3: 000000010a158000 CR4: 00000000000406e0
+# Nov 13 02:29:27 community0p kernel: Call Trace:
+# Nov 13 02:29:27 community0p kernel:  <TASK>
+# Nov 13 02:29:27 community0p kernel:  md_alloc+0x15e/0x400
+# Nov 13 02:29:27 community0p kernel:  md_probe+0x52/0x60
+# Nov 13 02:29:27 community0p kernel:  blk_request_module+0x7f/0x110
+# Nov 13 02:29:27 community0p kernel:  blkdev_get_no_open+0xa9/0xe0
+# Nov 13 02:29:27 community0p kernel:  blkdev_get_by_dev.part.0+0x21/0x320
+# Nov 13 02:29:27 community0p kernel:  blkdev_get_by_dev+0x55/0x70
+# Nov 13 02:29:27 community0p kernel:  ? blkdev_close+0x40/0x40
+# Nov 13 02:29:27 community0p kernel:  blkdev_open+0x50/0x90
+# Nov 13 02:29:27 community0p kernel:  do_dentry_open+0x159/0x390
+# Nov 13 02:29:27 community0p kernel:  vfs_open+0x2d/0x40
+# Nov 13 02:29:27 community0p kernel:  do_open+0x20d/0x3d0
+# Nov 13 02:29:27 community0p kernel:  path_openat+0x112/0x2b0
+# Nov 13 02:29:27 community0p kernel:  ? kmem_cache_free+0x249/0x290
+# Nov 13 02:29:27 community0p kernel:  ? rseq_get_rseq_cs.isra.0+0x1b/0x230
+# Nov 13 02:29:27 community0p kernel:  do_filp_open+0xb2/0x160
+# Nov 13 02:29:27 community0p kernel:  ? __check_object_size+0x1d/0x30
+# Nov 13 02:29:27 community0p kernel:  ? alloc_fd+0x53/0x180
+# Nov 13 02:29:27 community0p kernel:  do_sys_openat2+0x9f/0x160
+# Nov 13 02:29:27 community0p kernel:  __x64_sys_openat+0x55/0x90
+# Nov 13 02:29:27 community0p kernel:  do_syscall_64+0x5c/0xc0
+# Nov 13 02:29:27 community0p kernel:  ? irqentry_exit_to_user_mode+0x9/0x20
+# Nov 13 02:29:27 community0p kernel:  ? irqentry_exit+0x1d/0x30
+# Nov 13 02:29:27 community0p kernel:  ? sysvec_call_function_single+0x4e/0x90
+# Nov 13 02:29:27 community0p kernel:  entry_SYSCALL_64_after_hwframe+0x61/0xcb
+# Nov 13 02:29:27 community0p kernel: RIP: 0033:0x7f8a3cfa76eb
+# Nov 13 02:29:27 community0p kernel: Code: 25 00 00 41 00 3d 00 00 41 00 74 4b 64 8b 04 25 18 00 00 00 85 c0 75 67 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 91 00 00 00 48 8b 54 24 28 64 48 2b 14 25
+# Nov 13 02:29:27 community0p kernel: RSP: 002b:00007fff5ca451c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
+# Nov 13 02:29:27 community0p kernel: RAX: ffffffffffffffda RBX: 0000000000000014 RCX: 00007f8a3cfa76eb
+# Nov 13 02:29:27 community0p kernel: RDX: 0000000000000000 RSI: 0000562d70b95300 RDI: 00000000ffffff9c
+# Nov 13 02:29:27 community0p kernel: RBP: 0000562d70b95300 R08: 0000000000000014 R09: 0000000000000000
+# Nov 13 02:29:27 community0p kernel: R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
+# Nov 13 02:29:27 community0p kernel: R13: 0000000000000000 R14: 0000562d70b95270 R15: 0000562d70b95270
+# Nov 13 02:29:27 community0p kernel:  </TASK>
+# Nov 13 02:29:27 community0p kernel: ---[ end trace 4567bea8adb921ba ]---
+# Nov 13 02:29:27 community0p kernel: kobject_add_internal failed for md (error: -2 parent: md121)
+# Nov 13 02:29:27 community0p kernel: clocksource: timekeeping watchdog on CPU17: hpet wd-wd read-back delay of 262044ns
+# Nov 13 02:29:27 community0p kernel: clocksource: wd-tsc-wd read-back delay of 264000ns, clock-skew test skipped!
-- 
2.25.1