From 1ddc5b9148193a9665119b6c11d83bd0a272924a Mon Sep 17 00:00:00 2001
From: Ian Kelling <iank@fsf.org>
Date: Wed, 5 Mar 2025 04:20:19 -0500
Subject: [PATCH] wip snapshot, bunch of fixes and features

---
 .../files/simple/usr/local/bin/attach-vm-disk | 105 ++++
 .../files/simple/usr/local/bin/create-vm      | 540 ++++++++++--------
 .../files/simple/usr/local/bin/savannah-virsh | 173 +++++-
 .../simple/usr/local/bin/unsafe-remove-vm     |  24 +-
 .../simple/usr/local/lib/fsf-virsh-bash-lib   |  37 ++
 5 files changed, 628 insertions(+), 251 deletions(-)
 create mode 100755 roles/kvmhost/files/simple/usr/local/bin/attach-vm-disk
 create mode 100644 roles/kvmhost/files/simple/usr/local/lib/fsf-virsh-bash-lib

diff --git a/roles/kvmhost/files/simple/usr/local/bin/attach-vm-disk b/roles/kvmhost/files/simple/usr/local/bin/attach-vm-disk
new file mode 100755
index 0000000..6e58bc1
--- /dev/null
+++ b/roles/kvmhost/files/simple/usr/local/bin/attach-vm-disk
@@ -0,0 +1,105 @@
+#!/bin/bash
+
+
+# in addition, we need virsh detach, and preferably rm.
+
+set -e; . /usr/local/lib/bash-bear; set +e
+shopt -s nullglob
+
+# note: you have to run shellcheck from this directory for this to work. kinda dumb.
+# shellcheck source=../lib/fsf-virsh-bash-lib
+source /usr/local/lib/fsf-virsh-bash-lib
+
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+usage() {
+  cat <<EOF
+Usage: ${0##*/} SOURCE_VM_NAME SOURCE_DEV_PATH TARGET_VM_NAME
+One line description
+
+-h|--help  Print help and exit.
+
+
+For ceph disks, the path is the name attribute in its xml:
+<source protocol='rbd' name='rbd/frontend2.savannah.gnu.org'>
+
+For non-ceph disks, the path is the dev attribute in its vm xml:
+ <source dev='/dev/mapper/crypt-nfs2.savannah.gnu.org' index='4'/>
+
+The SOURCE_DEV_PATH has to be attached to SOURCE_VM_NAME. This is just so we can
+filter SOURCE_VM_NAME as a simple access control.
+
+
+Note: Uses util-linux getopt option parsing: spaces between args and
+options, short options can be combined, options before args.
+EOF
+  exit $1
+}
+
+get-attached-devs() {
+  local tmps vm="$1"
+  tmps=$(virsh dumpxml $vm)
+  tmps=$(xmllint --xpath "$xpath" - <<<"$tmps" | sed 's/^[^"]*"// ; s/"[^"]*$//')
+  mapfile -t attached_devs <<<"$tmps"
+}
+
+check-source-dev() {
+  local found_source attached_dev
+  local -a attached_devs
+
+  get-attached-devs $source_vm
+
+  found_source=false
+  for attached_dev in "${attached_devs[@]}"; do
+    if [[ $source_dev == "$attached_dev" ]]; then
+      found_source=true
+      break
+    fi
+  done
+
+  if ! $found_source; then
+    echo "$0: error: failed to find SOURCE_DEV_PATH in SOURCE_VM_NAME's xml"
+    exit 1
+  fi
+}
+
+
+##### begin command line parsing ########
+
+# ensure we can handle args with spaces or empty.
+ret=0; getopt -T || ret=$?
+[[ $ret == 4 ]] || { echo "Install util-linux for enhanced getopt" >&2; exit 1; }
+
+temp=$(getopt -l help h "$@") || usage 1
+eval set -- "$temp"
+while true; do
+  case $1 in
+    -h|--help) usage ;;
+    --) shift; break ;;
+    *) echo "$0: unexpected args: $*" >&2 ; usage 1 ;;
+  esac
+  shift
+done
+read -r source_vm source_dev target_vm <<<"$@"
+
+##### end command line parsing ########
+
+ceph=false
+xpath=/domain/devices/disk/source/@dev
+if [[ $HOSTNAME == kvmhost[234] ]]; then
+  ceph=true
+  xpath="/domain/devices/disk/source[@protocol='rbd']/@name"
+fi
+
+check-source-dev
+
+get-attached-devs $target_vm
+
+disk_letters=( {a..z} )
+letter=${disk_letters[${#attached_devs[@]}]}
+
+if $ceph; then
+  add-ceph-disk $source_dev
+else
+  add-local-disk $source_dev
+fi
diff --git a/roles/kvmhost/files/simple/usr/local/bin/create-vm b/roles/kvmhost/files/simple/usr/local/bin/create-vm
index d11fa31..f89cf67 100755
--- a/roles/kvmhost/files/simple/usr/local/bin/create-vm
+++ b/roles/kvmhost/files/simple/usr/local/bin/create-vm
@@ -20,16 +20,27 @@
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
 #
 
-if [[ ! -s /usr/local/lib/err ]]; then
-  echo "$0: error, missing /usr/local/lib/err" >&2
-  exit 1
-fi
-source /usr/local/lib/err
+set -e; . /usr/local/lib/bash-bear; set +e
+# shellcheck source=../lib/fsf-virsh-bash-lib
+source /usr/local/lib/fsf-virsh-bash-lib
 
 #### Begin function definitions ####
 
 ## Add to these as needed and keep them in order
 cleanup_cmds=()
+mkdir -p /root/create-vm-logs
+cleanup_log=/root/create-vm-logs/cleanup-$(date "+%F_%T").log
+cat >$cleanup_log <<'EOF'
+#!/bin/bash
+set -xe
+# To use this cleanup log:
+#
+# 1. find if there is an end or section that has pop: and remove the no
+# longer relevant lines.
+#
+# 2. tac LOG |tee tmpx; bash -xe tmpx
+EOF
+
 err-cleanup() {
   if (( ${#cleanup_cmds[@]} == 0 )); then
     return 0
@@ -68,64 +79,60 @@ err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; }
 
 usage() {
   cat <<EOF
-Usage: $0 [OPTONS] FQDN DISK_SIZE(MB) RAM_SIZE(MB) CPU_COUNT [DISTRO_RELEASE_CODENAME]
+Usage: $0 [OPTONS] DISK_SIZE(MB) RAM_SIZE(MB) CPU_COUNT DISTRO_RELEASE_CODENAME FQDN
 or
-$0 [OPTONS] -d DISK_NAME,MOUNT_POINT FQDN DISK_SIZE(MB)
+$0 [OPTONS] -d DISK_SIZE(MB) DISK_NAME/MOUNT_POINT FQDN
 or
 $0 -l
 
-On non-gnuhope disks are grouped into sets of 3 disks, in which a per-vm raid arrays
-are created by creating lvm logical volumes and then creating an mdadm or btrfs
-array. While the disks themselves are not technically a single raid
-array, that is their functional purpose so we call them each an array.
+On vm hosts with local storage, disks are grouped into sets of 3 disks, in which a
+per-vm raid arrays are created by creating lvm logical volumes and then
+creating an mdadm or btrfs array. While the disks themselves are not
+technically a single raid array, that is their functional purpose so we
+call them each an array.
 
 If there is more than one array on a single machine, we need to specify
-which one to use. There is a small difficulty that there is no os
-defined name or notion for the set of 3 disks. To deal with this, we
-specify the disk arrays in this script in the variable that starts with
-  disk_arrays=(
-and allow listing the sets
-on a machine with -l, and selecting one with -s or -t or -g.
+which one to use by passing the name of one its VG members with
+-g. Known disk arrays are defined in this script in the variable that
+starts with disk_arrays=( and -l shows their free space.
+
 
 WARNING: If this script fails or is inturupted, it will output instructions
 to undo what it has done. Be sure to read the output!
 
--d --disk DISK_NAME,MOUNT_POINT : Create and add a an extra disk to an
+
+-d --disk    : Create and add an extra disk to an
                                  existing VM.  DISK_NAME could be
                                  something like "data". If MOUNT_POINT is
                                  "none", we will add it as a swap partition.
+                          This is not yet supported outside ceph.
 
 -i --import : For importing/migrating existing vm: creates the vm with a
                            mostly empty disk. Then you can mount the
                            disk with the mount-vm script, rsync an OS,
                            and umount with umount-vm.
 
--g --vol-group VOL_GROUP : For non-gnuhope, select a disk array that has this volume group.
-                           See arrays + groups with -l. On gnuhope, the volume group name to create
-                           a local vm.
+-l : List free disk, memory & cpu stats.
 
--l : On nongnuhope, list available disk array volume groups.
+-g --vol-group VOL_GROUP : Use the the local 3 disk array with
+                           VOL_GROUP as one of the 3 volume groups in
+                           the array.
 
--m --mdraid : On nongnuhope, create an ext4 filesystem on mdraid. We force this
+-m --mdraid :     Create an ext4 filesystem on mdraid. We force this
                            option on hosts older than t11. WARNING: this
                            could take an hour or more for a big disk, run
                            in screen or tmux.
 
--s --vg_size SIZE :   On nongnuhope, select disk array by specifying the size of the
-                   smallest disk in the array. Size specification: for disks >= 1t,
-                   NUMt, truncated to a whole terabyte, or for disks <1t, NUMg
-                   truncated to the nearest gigabyte.
-                   Disk sizes can be seen by running $0 -l or
-                   vgs to show all volume groups without their array groupings.
-
-todo: add an interactive selection of volume disk array.
 
 Example: $0 www.gnu.org 5000 512 2 flidas
-supported codenames are aramo, nabia, etiona, flidas, belenos and stretch
+
+Supported codenames are aramo (recommended), nabia, etiona, flidas,
+belenos and stretch. Codenames older than the recommended are more
+likely to expose a bug in this script.
 
 Example of adding a disk to the above vm:
 
-create-vm -d data,/srv www.gnu.org 8000
+create-vm -d 8000 data,/srv www.gnu.org
 
 For migrating an existing vm, use the --import option. After rsyncing
 the old disk into the new disk, look at the os-prep function below, and
@@ -136,7 +143,20 @@ vms have a few extra files compared to other vm hosts.
 
 Note: Uses util-linux getopt option parsing: spaces between args and
 options, short options can be combined, options before args.
+
 EOF
+
+  #potential feature:
+  #-s SOME_DISK_ARG
+  #
+  #
+  #   An option for making a vm like cephmon4, which is backed by mdraid
+  #                          -> lvm single volume setup outside of any
+  #                          script.  vg-disk() in this file was
+  #                          maintained for that kind of case, but I commented
+  #                          it out because it may be a very long time if ever
+  #                          that we want that code, so keep it simpler.
+
   exit $1
 }
 
@@ -184,6 +204,12 @@ cli-arg-check() {
 
 # set initial global variables
 set-initial-vars() {
+
+  doceph=false
+  if [[ $HOSTNAME == kvmhost[234] ]]; then
+    doceph=true
+  fi
+
   if $dolist; then
     return 0
   fi
@@ -234,39 +260,96 @@ set-initial-vars() {
 
   fs_opts=noatime
   fs_type=ext4
-  doswap=false
+  fs_passno=1
   if [[ $disk_mountpoint == none ]]; then
-    doswap=true
     fs_type=swap
     fs_opts=sw
-  fi
-
-  # These numbers are what man 5 fstab says they should be.
-  fs_passno=1
-  if $doswap; then
     fs_passno=0
-  elif $add_disk; then
-    fs_passno=2
   fi
 
+  # These numbers are what man 5 fstab says they should be.
 
   vm_internal_disk=/dev/vda
   inside_vm_cmds=false
 
-  gnuhope=false
-  if [[ $HOSTNAME == kvmhost[234] ]]; then
-    gnuhope=true
-  fi
+}
 
-  doceph=false
-  if $gnuhope && ! $dovg; then
-    doceph=true
+free-memory() {
+  local tmps
+  local -a vm_names
+  tmps=$(virsh list --name)
+  mapfile -t vm_names <<<"$tmps"
+  vm_count="${#vm_names[@]}"
+  x=1024
+  while read -r l; do
+    x=$(( x + (l /1024) )) # l = kilobytes
+  done < <(virsh domstats "${vm_names[@]}" |sed -n 's/balloon.maximum=//p')
+  total_mem=$(( $(awk '/MemTotal/ {print $2}' /proc/meminfo) / 1024  ))
+  low_estimate=$(( total_mem - (x + 600 * vm_count) ))
+  high_estimate=$(( total_mem - (x + 200 * vm_count) ))
+
+  # switch to gb for final output.
+  low_estimate=$(echo "scale=1; $low_estimate /1024"|bc -l)
+  high_estimate=$(echo "scale=1; $high_estimate /1024"|bc -l)
+
+  echo "
+####### Free Memory ########
+
+Estimate: ${low_estimate}GB to ${high_estimate}GB memory is safe to allocate to VMs.
+
+
+The range is due to unknown and variable per vm memory overhead, my guess is 200mb to 600mb per VM.
+
+Note: running free is misleadingly low vm hosts. free -m:"
+  free -m
+
+}
+
+ceph-df() {
+  tmps=$(ceph df -f json | jq -r '"\(.stats.total_bytes) \(.stats.total_used_bytes)"')
+  if [[ $( printf "%s\n" "$tmps" | wc -w) != 2 ]]; then
+    echo "error: unexpected ceph df output"
+    exit 1
   fi
+  read -r used_bytes total_bytes <<<"$tmps"
+  max_percent_used=79
+  gb_available=$(( ( used_bytes * max_percent_used / 100 - total_bytes )  / ( 3 * 1024 * 1024 * 1024) ))
+
+  cat <<EOF
+
+######### Free Disk ##########
+$gb_available GB of ceph 3x redundant SSD is available for VMs.
+
+This considers disks full at ${max_percent_used}%. Note: The rbd pool
+may need to grow before using the final 50GB or so.
+
+
+ceph df:
+EOF
+  ceph df
 
-  if $doswap && ! $gnuhope && ! $mdraid; then
-    err "error: swap should be on mdraid. exiting"
+  if $dolist; then return 0; fi
+
+  # Internet folk wisdom says that above that there is too much risk of
+  # SSDs dying or partially dying and the cluster performance tanking. All
+  # our SSDs are already beyond a reasonable number of years. If you want
+  # more space, bug Ian to go install new disks that are on his desk.
+
+  if (( new_disk_mb * 1024 > gb_available )); then
+    err "error: requested size $((new_disk_mb * 1024))GB is greater than the available space."
     exit 1
   fi
+
+}
+
+push-cleanup() {
+  cleanup_cmds+=("$*")
+  e "adding cleanup command to $cleanup_log"
+  printf "%s\n" "$*" | tee -a $cleanup_log
+}
+pop-cleanup() {
+  printf "pop: %s\n" "${cleanup_cmds[-1]}" | tee -a $cleanup_log
+  unset "cleanup_cmds[-1]"
 }
 
 ceph-disk() {
@@ -276,13 +359,18 @@ ceph-disk() {
   # If adding disk, we reuse the same key
   if $add_disk; then
     read -r -p "Enter the VM's luks key so I can cryptsetup luksFormat the new disk " key_data
+    key_regex='^[[:alnum:]]+$'
+    if [[ ! $key_data =~ $key_regex ]] || (( ${#key_data} > 1000 || ${#key_data} < 30 )); then
+      echo "error: bad key"
+      exit 1
+    fi
     printf "%s" "$key_data" >$keyfile
-    cleanup_cmds+=("rm -f $keyfile")
+    push-cleanup "rm -f $keyfile"
   else
 
     e writing generated password to $keyfile
     pwgen 128 -s -1 | tr -d '\n' >$keyfile
-    cleanup_cmds+=("rm -f $keyfile")
+    push-cleanup "rm -f $keyfile"
 
     m tee /dev/shm/grub.cfg <<EOF
 cryptomount -k /keyfile hd0
@@ -292,34 +380,34 @@ boot
 EOF
     m dd if=/dev/zero of=/dev/shm/memdisk bs=1M count=1
     m mkfs.ext2 /dev/shm/memdisk
-    cleanup_cmds+=("rm -f /dev/shm/memdisk /dev/shm/grub.cfg")
+    push-cleanup "rm -f /dev/shm/memdisk /dev/shm/grub.cfg"
     m mkdir -p /dev/shm/memdiskmount
     m mount /dev/shm/memdisk /dev/shm/memdiskmount
-    cleanup_cmds+=("umount /dev/shm/memdiskmount")
+    push-cleanup "umount /dev/shm/memdiskmount"
     m cp $keyfile /dev/shm/memdiskmount/
     m umount /dev/shm/memdiskmount
-    unset "cleanup_cmds[-1]"
+    pop-cleanup
 
     m grub-mkimage -C xz -c /dev/shm/grub.cfg  -O i386-pc  -o /var/lib/libvirt/images/grub-$host.bin  biosdisk ext2 linux xfs normal luks help crypto cryptodisk zfscrypt gcry_sha512 gcry_sha256 echo cat memdisk -m /dev/shm/memdisk
     rm -f /dev/shm/memdisk /dev/shm/grub.cfg
-    unset "cleanup_cmds[-1]"
+    pop-cleanup
     # This is slightly out of order because it is simpler than doing in
     # proper order and removing cleanup_cmds[-2].
-    cleanup_cmds+=("rm -f /var/lib/libvirt/images/grub-$host.bin")
+    push-cleanup "rm -f /var/lib/libvirt/images/grub-$host.bin"
   fi
 
   m rbd create $dname --size $new_disk_mb -p $pool --image-format=2 --image-feature exclusive-lock,object-map,fast-diff,layering
-  cleanup_cmds+=("rbd rm $dname")
+  push-cleanup "rbd rm $dname"
   nbd_dev=$(rbd-nbd map $dname)
-  cleanup_cmds+=("rbd-nbd unmap $nbd_dev")
+  push-cleanup "rbd-nbd unmap $nbd_dev"
 
   echo YES | m cryptsetup luksFormat -y --cipher aes-xts-plain64 --hash sha256 --use-urandom --key-size 256  $nbd_dev --key-file=$keyfile
   luks_dev=/dev/mapper/$dname-crypt0
   m cryptsetup luksOpen $nbd_dev $dname-crypt0 --key-file=$keyfile
-  cleanup_cmds+=("cryptsetup luksClose $luks_dev")
+  push-cleanup "cryptsetup luksClose $luks_dev"
   m mkfs.ext4 $luks_dev
   m mount $luks_dev $target -o discard,noatime,nodiratime
-  cleanup_cmds+=("umount $target")
+  push-cleanup "umount $target"
   vm_internal_disk=$luks_dev
 
   if $add_disk; then
@@ -339,7 +427,7 @@ EOF
 
     else
       m mount-vm -k $keyfile --first-disk $host
-      cleanup_cmds+=("umount-vm $host")
+      push-cleanup "umount-vm $host"
 
       if [[ ! -e /mnt/$host/dev/sd$letter ]]; then
         m mknod /mnt/$host/dev/sd$letter b 8 $disk_num
@@ -348,8 +436,8 @@ EOF
 
       cd /mnt/$host
       for d in proc sys dev dev/pts; do
-        m mount -o bind /$d $d;
-        cleanup_cmds+=("umount $PWD/$d")
+        m mount -ov bind /$d $d;
+        push-cleanup "umount $PWD/$d"
       done
       # note, this is normal output here:
       # cryptsetup: WARNING: Couldn't determine cipher modules to load for
@@ -357,14 +445,14 @@ EOF
       m chroot . update-initramfs -k all -u
       for d in dev/pts dev sys proc; do
         m umount $d
-        unset "cleanup_cmds[-1]"
+        pop-cleanup
       done
       cd
 
       m mkdir -p /mnt/$host/$disk_mountpoint /mnt/$host/etc
       echo "$luks_dev $disk_mountpoint $fs_type $fs_opts 0 $fs_passno" >>/mnt/$host/etc/fstab
       m umount-vm $host
-      unset "cleanup_cmds[-1]"
+      pop-cleanup
 
     fi
   else
@@ -386,17 +474,25 @@ EOF
   fi
 }
 
-vg-disk() {
-  m lvcreate $vg -L $size -n $dname
-  lvdev=/dev/$vg/$dname
-  vm_disks=($lvdev)
-  cleanup_cmds+=("lvremove -f $lvdev")
-  m mkfs.ext4 $lvdev
-  m mount $lvdev $target
-  cleanup_cmds+=("umount $target")
-}
 
-nongnuhope-disk() {
+# vg-disk() {
+#   m lvcreate $vg -L $new_disk_mb -n $dname
+#   lvdev=/dev/$vg/$dname
+#   vm_disks=($lvdev)
+#   push-cleanup "lvremove -f $lvdev"
+#   m mkfs.ext4 $lvdev
+#   m mount $lvdev $target
+#   push-cleanup "umount $target"
+# }
+
+nonceph-disk() {
+  cat <<EOF
+
+
+######### Free Disk ##########
+
+EOF
+
 
   # volume group names, separated by command at the start.
   disk_arrays=(
@@ -437,70 +533,85 @@ nongnuhope-disk() {
     vgata-Seagate_IronWolf_ZA2000NM10002-3R1103_70W002YX
   )
 
-
-
-
-  i=0
-  disk_array_count=${#disk_arrays[@]}
-  found_array=false
+  local -i i=0 vg_set_count=0
+  disk_arrays_item_count=${#disk_arrays[@]}
   volgroups=()
-  while (( i < disk_array_count )); do
+
+  while (( i < disk_arrays_item_count )); do
     i=$((i+1))
     min_size=
-    array_exists=true
+    min_free=
     found_vg=false
     this_vg_set=()
     # loop over a single array, checking if this array is the one asked for by the user
-    while (( i < disk_array_count )) && [[ ${disk_arrays[i]} != , ]]; do
+    while (( i < disk_arrays_item_count )) && [[ ${disk_arrays[i]} != , ]]; do
       vg=${disk_arrays[i]}
-      if ! $array_exists || [[ ! -d /dev/$vg ]]; then
-        array_exists=false
+      if [[ ! -d /dev/$vg ]]; then
         i=$(( i + 1 ))
         continue
       fi
-      if $dovg && [[ $vg_opt == "$vg" ]]; then
+      if [[ $vg_opt == "$vg" ]]; then
         found_vg=true
       fi
-      if $dosize; then
-        vg_size=$(vgs -o vg_size --noheadings "$vg")
-        vg_size=${vg_size##*[< ]}
-        if [[ $vg_size == *g ]]; then
-          vg_size=${vg_size%g}
-          vg_size=${vg_size%%.*}
-        elif [[ $vg_size == *t ]]; then
-          vg_size=${vg_size%t}
-          vg_size=${vg_size%%.*}
-          vg_size=$(( vg_size * 1000 ))
-        else
-          err "found unexpected vg_size:$vg_size from vgs -o vg_size --noheadings $vg"
-          err-cleanup
-          exit 1
-        fi
-        if [[ ! $min_size ]] || (( vg_size < min_size )); then
-          min_size="$vg_size"
-        fi
+
+      #### vg size parsing ####
+      vg_size=$(vgs --units g -o vg_size --noheadings "$vg")
+      if [[ $vg_size != *g ]]; then
+        echo "error: found unexpected vg_size:$vg_size from vgs -o vg_size --noheadings $vg"
+        echo "continuing in hopes we find a different array that has expected outputs"
+        continue
+      fi
+
+      vg_size=${vg_size##*[< ]}
+      vg_size=${vg_size%g}
+      vg_size=${vg_size%%.*}
+      if [[ ! $min_size ]] || (( vg_size < min_size )); then
+        min_size="$vg_size"
+      fi
+      #### vg free parsing, copies pattern in above block ####
+      vg_free=$(vgs --units g -o vg_free --noheadings "$vg")
+      if [[ $vg_free != *g ]]; then
+        err "found unexpected vg_free:$vg_free from vgs -o vg_free --noheadings $vg"
+        err-cleanup
+        exit 1
+      fi
+      vg_free=${vg_free##*[< ]} # dunno where this came from but i havent seen it.
+      vg_free=${vg_free%g}
+      vg_free=${vg_free%%.*}
+      if [[ ! $min_free ]] || (( vg_free < min_free )); then
+        min_free="$vg_free"
       fi
-      this_vg_set+=( ${disk_arrays[i]} )
+
+      this_vg_set+=( $vg )
       i=$(( i + 1 ))
     done
-    if ! $array_exists; then
+
+    this_vg_set_count=${#this_vg_set[@]}
+    if (( this_vg_set_count == 3 )); then
+      vg_set_count+=1
+    fi
+
+    if (( this_vg_set_count == 0 )); then
       continue
+    elif (( this_vg_set_count < 3 )); then
+      echo "WARNING: Found partial array. Ignoring it."
     fi
-    if $dolist; then
-      vgs ${this_vg_set[@]}
+
+    reserve_percent=15
+    reserved_gb=$(( min_size * reserve_percent / 100 ))
+    available_gb=$(( min_free - reserved_gb ))
+    echo "### $available_gb / $(( min_size - reserved_gb )) GB of 3x redundant disk available for VMs.
+"
+    vgs ${this_vg_set[@]}
+    echo
+
+    if $dolist || (( this_vg_set_count < 3 )); then
       continue
     fi
-    # debugging
-    #echo min_size=$min_size size_opt=$size_opt
-    if ! $dosize && ! $dovg || $dosize && (( size_opt == min_size )) || $found_vg; then
-      if $found_array; then
-        err "We found two arrays without an option to select between them. Run with --help."
-        err-cleanup
-        exit 1
-      else
-        volgroups+=( ${this_vg_set[@]} )
-        found_array=true
-      fi
+
+    if $found_vg; then
+      volgroups=( ${this_vg_set[@]} )
+      break
     fi
   done
 
@@ -508,8 +619,13 @@ nongnuhope-disk() {
     return 0
   fi
 
+  ## if there is just one set on this machine, use it.
+  if [[ ! $vg_opt ]] && (( vg_set_count == 1 && this_vg_set_count == 3 )); then
+    volgroups=( ${this_vg_set[@]} )
+  fi
+
   if (( ${#volgroups[@]} != 3 )); then
-    err "expected 3 volgroups, got: ${volgroups[*]}"
+    err "error: failed to find array of 3 volgroups, got: ${volgroups[*]}"
     err-cleanup
     exit 1
   fi
@@ -529,7 +645,7 @@ nongnuhope-disk() {
     else
       m lvcreate -L $new_disk_mb -n $dname $vg
     fi
-    cleanup_cmds+=("lvremove -f $lvdev")
+    push-cleanup "lvremove -f $lvdev"
   done
 
   keyfile=/root/crypt-keys/$host
@@ -539,7 +655,7 @@ nongnuhope-disk() {
     e writing generated password to $keyfile
     pwgen 128 -s -1 | tr -d '\n' >$keyfile
   fi
-  cleanup_cmds+=("rm -f $keyfile")
+  push-cleanup "rm -f $keyfile"
   # directory is already 700, just being thorough
   m chmod 600 $keyfile
 
@@ -562,7 +678,7 @@ nongnuhope-disk() {
         m time integritysetup --batch-mode format $lvdev
         m integritysetup open --allow-discards $lvdev $integrity_name
       fi
-      cleanup_cmds+=("integritysetup close $integrity_name")
+      push-cleanup "integritysetup close $integrity_name"
     done
     mddev=/dev/md/md$dname
     if [[ -e $mddev ]]; then
@@ -587,10 +703,10 @@ nongnuhope-disk() {
       # reading any errors more confusing. So, at the tradeoff that this
       # may need changing in the future, do what helps us more now.
       m mdadm --create -v $mddev --metadata=1.2 --level 1 --raid-devices=3 --bitmap=internal  ${integrity_devs[@]}
-      cleanup_cmds+=("mdadm -v --zero-superblock ${integrity_devs[*]}")
+      push-cleanup "mdadm -v --zero-superblock ${integrity_devs[*]}"
       # For background, see comment in unsafe-remove-vm
-      cleanup_cmds+=("test ! -e /sys/devices/virtual/block/${mddev##*/}")
-      cleanup_cmds+=("mdadm -v --stop $mddev")
+      push-cleanup "test ! -e /sys/devices/virtual/block/${mddev##*/}"
+      push-cleanup "mdadm -v --stop $mddev"
     fi
     luks_name=crypt-$dname
     luks_dev=/dev/mapper/$luks_name
@@ -599,14 +715,14 @@ nongnuhope-disk() {
     if ! grep -Fxq "$l" /etc/crypttab; then
       echo "$l" | m tee -a /etc/crypttab
     fi
-    cleanup_cmds+=("sed -i /^$luks_name/d /etc/crypttab")
+    push-cleanup "sed -i /^$luks_name/d /etc/crypttab"
     if [[ -e $luks_dev ]]; then
       e "skipping creation of existing luks dev: $luks_dev"
     else
       # 141 is broken pipe, it is normal when doing yes
       yes YES | m cryptsetup luksFormat $mddev $keyfile || [[ $? == 141 ]]
       m cryptdisks_start $luks_name
-      cleanup_cmds+=("cryptsetup luksClose $luks_dev")
+      push-cleanup "cryptsetup luksClose $luks_dev"
       m mkfs.ext4 $luks_dev
     fi
     m mount $luks_dev $target
@@ -632,26 +748,26 @@ nongnuhope-disk() {
         fi
       else
         echo "$line" | m tee -a /etc/crypttab
-        cleanup_cmds+=("sed -i /^$luks_name/d /etc/crypttab")
+        push-cleanup "sed -i /^$luks_name/d /etc/crypttab"
       fi
       m cryptdisks_start $luks_name
       vm_disks+=(/dev/mapper/$luks_name)
-      cleanup_cmds+=("cryptsetup luksClose /dev/mapper/$luks_name")
+      push-cleanup "cryptsetup luksClose /dev/mapper/$luks_name"
     done
 
     m mkfs.btrfs -f -m raid1c3 -d raid1c3 ${vm_disks[@]}
     m mount ${vm_disks[0]} $mountdir
-    cleanup_cmds+=("umount $mountdir")
+    push-cleanup "umount $mountdir"
     m btrfs sub create $mountdir/root
     m umount $mountdir
-    unset "cleanup_cmds[-1]"
+    pop-cleanup
     m mount -o subvol=root ${vm_disks[0]} $target
   fi
   # Note: If $add_disk is true, we did not need to mount to $target, but as the
   # script is currently written, it would require several conditionals to avoid
   # it, so just do it anyways for the sake of making the script simpler.
-  cleanup_cmds+=("umount $target")
-} # End nongnuhope-disk
+  push-cleanup "umount $target"
+} # End nonceph-disk
 
 
 
@@ -725,15 +841,15 @@ EOF
 
 
   m mount -t proc none $target/proc
-  cleanup_cmds+=("umount $target/proc")
+  push-cleanup "umount $target/proc"
   m mount -o bind /dev $target/dev
-  cleanup_cmds+=("umount $target/dev")
+  push-cleanup "umount $target/dev"
   # This is not needed afaik, just makes output nicer.
   m mount -o bind /dev/pts $target/dev/pts
-  cleanup_cmds+=("umount $target/dev/pts")
+  push-cleanup "umount $target/dev/pts"
   # This is not needed afaik, but silences some complaints.
   m mount -o bind /sys $target/sys
-  cleanup_cmds+=("umount $target/sys")
+  push-cleanup "umount $target/sys"
 
   case $release in
     stretch)
@@ -905,13 +1021,13 @@ EOF
   rm -f $target/usr/lib/x86_64-linux-gnu/libeatmydata.so
 
   m umount $target/sys
-  unset "cleanup_cmds[-1]"
+  pop-cleanup
   m umount $target/dev/pts
-  unset "cleanup_cmds[-1]"
+  pop-cleanup
   m umount $target/dev
-  unset "cleanup_cmds[-1]"
+  pop-cleanup
   m umount $target/proc
-  unset "cleanup_cmds[-1]"
+  pop-cleanup
 
 } # End os-prep
 
@@ -958,11 +1074,11 @@ create-vm() {
     vopts+=(
       --boot kernel=/var/lib/libvirt/images/grub-$host.bin
     )
-  elif $mdraid || $dovg; then
+  elif $mdraid; then
     vopts+=(
       --boot $boot_prefix-bootsym.bin
     )
-  else
+  else # vg_opt
     vopts+=(
       --boot $boot_prefix-btrfs-bootsym.bin
     )
@@ -997,9 +1113,15 @@ create-vm() {
   #### End network args ####
 
 
-  if $gnuhope; then
+  if $doceph; then
     vopts+=( --memory=$ram,hugepages=true )
   else
+    # Our newer trisquel OSes cant handle hugepages. I assume they could if I spent some time trying to configure it right. Example error:
+    #
+    #create-vm: virt-install --name inspect0d.fsf.org ... --memory=3000,hugepages=true
+    # Starting install...
+    # ERROR    internal error: qemu unexpectedly closed the monitor: 2025-03-05T06:50:59.389686Z qemu-system-x86_64: unable to map backing store for guest RAM: Cannot allocate memory
+
     vopts+=( --memory=$ram )
   fi
 
@@ -1011,7 +1133,6 @@ create-vm() {
   # virt-install, so just add them here.
   if $doceph; then
     m virsh destroy $host
-    ceph-add-disk
     virsh dumpxml $host > /tmp/tmp.xml
     #sed "1s#># xmlns:qemu=\'http://libvirt.org/schemas/domain/qemu/1.0'>#; s#</domain>#<qemu:commandline><qemu:arg value='-set'/><qemu:arg value='device.scsi0-0-0-0.min_io_size=4194304'/><qemu:arg value='-set'/><qemu:arg value='device.scsi0-0-0-0.opt_io_size=4194304'/></qemu:commandline></domain>#" /tmp/tmp.xml -i
 
@@ -1022,7 +1143,7 @@ create-vm() {
     # or maybe this will work:
     # --controller type=scsi,model=virtio-scsi,driver.queues=1
     sed -i "/virtio-scsi/a <driver queues='$cpus'/>" /tmp/tmp.xml
-    unset "cleanup_cmds[-1]"
+    pop-cleanup
     virsh create /tmp/tmp.xml
     rm -f /tmp/tmp.xml
   fi
@@ -1053,24 +1174,6 @@ EOF
 
 } # End create-vm
 
-ceph-add-disk() {
-  m tee /tmp/disk.xml <<EOF
-<disk type='network' device='disk'>
-  <driver name='qemu' cache='writeback' discard='unmap' type='raw'  />
-  <auth username='libvirt'>
-    <secret type='ceph' uuid='dc8e8240-15b4-47ae-896b-6632aec8103e'/>
-  </auth>
-  <source protocol='rbd' name='$pool/$dname'>
-    <host name='cephmon1' port='6789'/>
-    <host name='cephmon2' port='6789'/>
-    <host name='cephmon3' port='6789'/>
-  </source>
-  <target dev='sd$letter' bus='scsi'/>
-</disk>
-EOF
-  m virsh attach-device $host /tmp/disk.xml --persistent
-
-}
 #### End function definitions ####
 
 trap 'err-cleanup; trap - INT; kill -s INT "$$"' INT
@@ -1080,6 +1183,12 @@ export LC_ALL=C
 
 pre="${0##*/}:"
 
+for pkg in jq nmon; do
+  if ! type -p $pkg &>/dev/null; then
+    echo "installing missing dependency: jq"
+    apt-get -y install $pkg
+  fi
+done
 
 ##### Begin command line parsing ########
 
@@ -1090,59 +1199,40 @@ ret=0; getopt -T || ret=$?
 # Defaults
 mdraid=false
 # Says whether we passed a vg name.
-dovg=false
 import=false
 add_disk=false
 dolist=false
-dosize=false
-temp=$(getopt -l help,disk:,vol-group:,import,mdraid,vg_size: hd:g:ilms: "$@") || usage 1
+temp=$(getopt -l help,disk,vol-group:,import,mdraid hdg:ilm "$@") || usage 1
 eval set -- "$temp"
 while true; do
   case $1 in
     -d|--disk)
-      tmp=$2
-      disk_name_suf=-${tmp%,*}
-      disk_mountpoint=${tmp#*,}
       add_disk=true
-      shift
+      # hack to bypass logic
+      release=aramo
       ;;
     -g|--vol-group)
       vg_opt="$2"
-      dovg=true
       shift
       ;;
-    # todo: add option to pick which disk array for kvmhost5
     -i|--import) import=true ;;
     -l)
       dolist=true
       ;;
     -m|--mdraid) mdraid=true ;;
-    -s|--size)
-      size_opt="$2"
-      size_regex="^[1-9][0-9]*[tg]$"
-      if [[ ! $size_opt =~ $size_regex ]]; then
-        err "size option: $size_opt does not match expected size_regex: $size_regex"
-        exit 1
-      fi
-      if [[ $size_opt == *g ]]; then
-        size_opt=${size_opt%g}
-      elif [[ $size_opt == *t ]]; then
-        size_opt=$(( ${size_opt%t} * 1000 ))
-      else
-        err "something went wrong in size_opt condition. read the source code"
-      fi
-
-      dosize=true
-      shift
-      ;;
     -h|--help) usage ;;
     --) shift; break ;;
     *) e "unexpected args: $*" >&2 ; usage 1 ;;
   esac
   shift
 done
-read -r host new_disk_mb ram cpus _ <<<"$@"
-release=${5:-aramo}
+if $add_disk; then
+  read -r new_disk_mb disk_arg host <<<"$@"
+  disk_name_suf=-${disk_arg%%/*}
+  disk_mountpoint=${disk_arg#*/}
+else
+  read -r new_disk_mb ram cpus release host <<<"$@"
+fi
 
 if $dolist; then
   if (( $# != 0 )); then
@@ -1150,12 +1240,12 @@ if $dolist; then
     usage 1
   fi
 elif $add_disk; then
-  if (( $# != 2 )); then
+  if (( $# != 3 )); then
     err "error: expected 2 args with -d, got $#. exiting"
     usage 1
   fi
-elif (( $# < 4 || $# > 5 )); then
-  err "error: expected 4-5 args, got $# exiting"
+elif (( $# != 5 )); then
+  err "error: expected 5 args, got $# exiting"
   usage 1
 fi
 
@@ -1168,7 +1258,14 @@ set-initial-vars
 ##### Start actually doing things, this goes on till the end of the script ####
 
 if $dolist; then
-  nongnuhope-disk
+  free-memory
+  if $doceph; then
+    ceph-df
+  else
+    nonceph-disk
+  fi
+  read -r -t 300 -n1 -p "Press any key to start nmon. Tip: press 'l' for a useful cpu graph. (autostarts in 300 seconds)" ||:
+  nmon
   exit 0
 fi
 
@@ -1177,7 +1274,7 @@ fi
 pkgs=(libvirt-dev virtinst pwgen libosinfo-bin)
 for p in ${pkgs[@]}; do
   if ! dpkg -s -- $p |& grep -Fx "Status: install ok installed" &> /dev/null; then
-    m apt install -y --no-install-recommends ${pkgs[@]}
+    m apt-get install -y --no-install-recommends ${pkgs[@]}
     break
   fi
 done
@@ -1199,22 +1296,24 @@ bootsym-image
 ###### End make common grub images if they dont exist ######
 
 
-
 letter=a
 if $add_disk; then
-  # In some distro newer than t8, we can do:
-  # xmllint --xpath "count(/domain/devices/disk)"
-  disk_num=$(virsh dumpxml $host | grep -cF '</disk>')
+  xpath=/domain/devices/disk/source/@dev
+  if $doceph; then
+    xpath="/domain/devices/disk/source[@protocol='rbd']/@name"
+  fi
+  tmpf=$(mktemp)
+  virsh dumpxml $host >$tmpf
+  disk_num=$( xmllint --xpath "count($xpath)" $tmpf)
   disk_letters=( {a..z} )
   letter=${disk_letters[disk_num]}
 fi
 
-if $dovg && $gnuhope; then
-  vg-disk
-elif $doceph; then
+if $doceph; then
+  ceph-df
   ceph-disk
 else
-  nongnuhope-disk
+  nonceph-disk
 fi
 
 if ! $doceph && $add_disk; then
@@ -1229,11 +1328,11 @@ EOF
 
   else
     m mount-vm --first-disk $host
-    cleanup_cmds+=("umount-vm $host")
+    push-cleanup "umount-vm $host"
     m mkdir -p /mnt/$host/$disk_mountpoint /mnt/$host/etc
     echo "/dev/vd$letter $disk_mountpoint $fs_type $fs_opts 0 $fs_passno" >>/mnt/$host/etc/fstab
     m umount-vm $host
-    unset "cleanup_cmds[-1]"
+    pop-cleanup
   fi
 fi
 
@@ -1243,21 +1342,21 @@ if ! $import && ! $add_disk; then
 fi
 
 m umount $target
-unset "cleanup_cmds[-1]"
+pop-cleanup
 
 
 # For ceph, decryption is done inside the VM.
 if $doceph; then
   m cryptsetup luksClose $luks_dev
-  unset "cleanup_cmds[-1]"
+  pop-cleanup
   m rbd-nbd unmap $nbd_dev
-  unset "cleanup_cmds[-1]"
+  pop-cleanup
 fi
 
 
 if $add_disk; then
   if $doceph; then
-    ceph-add-disk
+    ceph-add-disk $pool/$dname $host
   else
     # Note: On a vg disk in kvmhost2, we had this:
     #  <driver name='qemu' type='raw' cache='writethrough'/>
@@ -1273,14 +1372,7 @@ if $add_disk; then
       disk=${vm_disks[i]}
       letter=${disk_letters[disk_num+i]}
       # TODO After we upgrade all our kvmhosts, check out virsh attach-disk.
-      m tee /tmp/disk.xml <<EOF
-<disk type='block' device='disk'>
-  <driver name='qemu' type='raw' cache='none' io='native' discard='unmap'/>
-  <source dev='$disk'/>
-  <target dev='vd$letter' bus='virtio'/>
-</disk>
-EOF
-      m virsh attach-device $host /tmp/disk.xml --persistent
+      add-local-disk $disk $host
     done
   fi
 else
diff --git a/roles/kvmhost/files/simple/usr/local/bin/savannah-virsh b/roles/kvmhost/files/simple/usr/local/bin/savannah-virsh
index 3e9a6c0..3022a43 100755
--- a/roles/kvmhost/files/simple/usr/local/bin/savannah-virsh
+++ b/roles/kvmhost/files/simple/usr/local/bin/savannah-virsh
@@ -24,45 +24,176 @@
 
 ## Managed by Ansible, changes will be overwritten ##
 
+usage() {
+  cat <<EOF
+## Usage: detach-disk VM VIRTUAL_DEVICE_NAME
 
+runs: virsh detach-disk VM VIRTUAL_DEVICE_NAME --persistent
+
+## Usage: list
+
+runs: virsh list --name
+
+## Usage: list-verbose
+
+runs: virsh list --all
+
+## Usage: VIRSH_COMMAND VM
+
+VIRSH_COMMAND:  console|reboot|reset|start|destroy|dumpxml
+
+runs: virsh VIRSH_COMMAND VM
+
+
+### Complex FSF scripts with separate docs:
+
+attach-vm-disk --help
+
+unsafe-remove-vm --help
+
+create-vm --help
+
+EOF
+  exit 0
+}
+
+check-host-arg() {
+  valid_host=false
+
+  host_patterns=(
+    --help
+    -h
+    '*.savannah.gnu.org'
+    'debbugs[2-4]p.gnu.org'
+    debbugs.gnu.org
+    emacsconfmedia0p.gnu.org
+    'jitsi[0-9][dp].fsf.org'
+    verandah.gnu.org
+    inspect0d.fsf.org
+  )
+
+  for host_pattern in "${host_patterns[@]}"; do
+    # shellcheck disable=SC2053 # intended
+    if [[ $host_arg == $host_pattern ]]; then
+      valid_host=true
+      break
+    fi
+  done
+
+  if ! $valid_host; then
+    echo "error: bad argument"; exit 1
+  fi
+}
+
+arg-die() {
+  echo "error: bad argument $*"; exit 1
+}
+
+pre="sv-virsh: +"
+m() { printf "$pre %s\n"  "$*"; "$@"; }
+
+set -x
 set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
 
-regex='^[a-z0-9. ]*$'
+initial_input_regex='^[[:alnum:]/. _-]+$'
+general_arg_regex='^[[:alnum:]._-]+$'
+path_regex='^[[:alnum:]/_-]+$'
 
 # restricted ssh does not allow arguments, but they exist in this env variable.
 # The var comes with a leading space, remove it.
 args="${SSH_ORIGINAL_COMMAND# }"
 
-if [[ ! $args =~ $regex ]]; then
-  echo "error: bad argument. args=$args" >&2; exit 1
+if [[ ! $args =~ $initial_input_regex ]]; then
+  arg-die initial regex
 fi
 
+
 IFS=" " read -r -a arg_array <<<"$args"
 
+args_len="${#args}"
+if (( args_len > 1000 )); then
+  arg-die args_len 1000
+fi
 
-arg1="${arg_array[0]}"
 
-case "$arg1" in
-  list)
-    virsh list --name
-    exit 0
+arg0="${arg_array[0]}"
+declare -i argc="${#arg_array[@]}"
+last_arg_i=$((argc - 1))
+host_arg="${arg_array[$last_arg_i]}" # default, overriden for one command
+
+case "$arg0" in
+  -h|--help)
+    usage
+    ;;
+  create-vm)
+    if (( argc > 10 )); then
+      echo "error: bad argument arc 10"; exit 1
+    fi
+    case "${arg_array[1]}" in
+      -l|-h|--help)
+        "${arg_array[@]}"
+        exit 0
+        ;;
+    esac
+    check-host-arg
+    path_arg_i=$((  argc - 2 ))
+    path_option_i=$((  argc - 4 ))
+    for (( i=0; i < argc; i+=1 )); do
+      if [[ ${arg_array[$path_option_i]} == -d && $i == "$path_arg_i" ]]; then
+        # Having / in user input is more prone to bugs and security problems,
+        # so don't allow it in variables where it
+        [[ ${arg_array[$i]} =~ $path_regex ]] || arg-die path_regex
+      else
+        [[ ${arg_array[$i]} =~ $general_arg_regex ]] || arg-die arg_regex
+      fi
+    done
+    m "${arg_array[@]}"
+    ;;
+  attach-vm-disk)
+    if (( argc >= 4 )); then
+      echo "error: bad argument arc 10"; exit 1
+    fi
+    if [[ ! $arg =~ $path_arg_regex ]]; then arg-die path_arg_regex in attach-vm-disk; fi
+    m "${arg_array[@]}"
     ;;
-  console|reboot|reset|start|destroy|create-vm|unsafe-remove-vm) true ;;
   *)
-    echo "error: bad argument" >&2; exit 1
+    for arg in "${arg_array[@]}"; do
+      if [[ ! $arg =~ $general_arg_regex ]]; then arg-die general_arg_regex loop; fi
+    done
+
+    ;;&
+
+  detach-disk)
+    if (( argc > 3 )); then
+      echo "error: bad argument count: $argc, wanted 3"; exit 1
+    fi
+    host_arg="${arg_array[argc - 2]}"
+    check-host-arg
+    m virsh "${arg_array[@]}"
+    ;;
+  list)
+    m virsh list --name
+    ;;
+  list-verbose)
+    m virsh list --all
+    ;;
+  unsafe-remove-vm)
+    if (( argc != 2 )); then
+      echo "error: bad argument count: $argc, wanted 2"; exit 1
+    fi
+    check-host-arg
+    m "${arg_array[@]}"
+    ;;
+  console|reboot|reset|start|destroy|dumpxml)
+    if (( argc != 2 )); then
+      echo "error: bad argument count: $argc, wanted 2"; exit 1
+    fi
+    check-host-arg
+    m virsh "${arg_array[@]}"
     ;;
-esac
-
-arg2="${arg_array[1]}"
-
-
-case "$arg2" in
-  *.savannah.gnu.org|debbugs2p.gnu.org|debbugs.gnu.org|emacsconfmedia0p.gnu.org|jitsi*.fsf.org|verandah.gnu.org)
-    true ;;
   *)
-    echo "error: bad argument" >&2; exit 1
+    arg-die
     ;;
 esac
 
-virsh "$arg1" "$arg2"
diff --git a/roles/kvmhost/files/simple/usr/local/bin/unsafe-remove-vm b/roles/kvmhost/files/simple/usr/local/bin/unsafe-remove-vm
index dabbe88..5577bce 100755
--- a/roles/kvmhost/files/simple/usr/local/bin/unsafe-remove-vm
+++ b/roles/kvmhost/files/simple/usr/local/bin/unsafe-remove-vm
@@ -6,17 +6,29 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
 
-source /usr/local/lib/err
+set -e; . /usr/local/lib/bash-bear; set +e
 
 ##### begin command line parsing ########
-if (( $# != 1 )); then
+
+usage() {
   cat <<EOF
-$0 will remove a VM from the kvmhost and delete its disks"
-Usage: $0 hostname.foo.bar
+Usage: $0 VM_NAME
+
+Totally delete a VM and its disks from a VM host.
 EOF
-  exit 1
+  exit $1
+}
+
+if (( $# != 1 )); then
+  usage 1
 fi
 
+case $1 in
+  -h|--help)
+    usage 0
+    ;;
+esac
+
 host=$1
 
 ##### end command line parsing ########
@@ -25,7 +37,7 @@ script_gen=/root/unsafe-remove-vm-generated
 cat >$script_gen <<EOF
 #!/bin/bash
 set -xe
-# generated by unsave-remove-vm on $(date -R)
+# generated by unsafe-remove-vm on $(date -R)
 EOF
 chmod +x $script_gen
 
diff --git a/roles/kvmhost/files/simple/usr/local/lib/fsf-virsh-bash-lib b/roles/kvmhost/files/simple/usr/local/lib/fsf-virsh-bash-lib
new file mode 100644
index 0000000..bf762bc
--- /dev/null
+++ b/roles/kvmhost/files/simple/usr/local/lib/fsf-virsh-bash-lib
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+# Input var: $letter , as in /dev/sd$letter . I could make it an arg, but meh.
+add-ceph-disk() {
+  local tmpf rbd_path="$1" target_vm="$2"
+  tmpf=$(mktemp)
+  tee $tmpf <<EOF
+<disk type='network' device='disk'>
+  <driver name='qemu' cache='writeback' discard='unmap' type='raw'  />
+  <auth username='libvirt'>
+    <secret type='ceph' uuid='dc8e8240-15b4-47ae-896b-6632aec8103e'/>
+  </auth>
+  <source protocol='rbd' name='$rbd_path'>
+    <host name='cephmon1' port='6789'/>
+    <host name='cephmon2' port='6789'/>
+    <host name='cephmon3' port='6789'/>
+  </source>
+  <target dev='sd$letter' bus='scsi'/>
+</disk>
+EOF
+  virsh attach-device $target_vm $tmpf --persistent
+}
+
+# Input var: $letter , as in /dev/sd$letter
+add-local-disk() {
+  local tmpf disk_path="$1" target_vm="$2"
+  tmpf=$(mktemp)
+  tee $tmpf <<EOF
+<disk type='block' device='disk'>
+  <driver name='qemu' type='raw' cache='none' io='native' discard='unmap'/>
+  <source dev='$disk_path'/>
+  <target dev='vd$letter' bus='virtio'/>
+</disk>
+EOF
+  virsh attach-device $target_vm $tmpf --persistent
+  rm $tmpf
+}
-- 
2.25.1