From b902cad81d7a6eb1be79f9e8d1f8926d974bfccb Mon Sep 17 00:00:00 2001
From: Ian Kelling <iank@fsf.org>
Date: Mon, 19 Jan 2026 01:38:23 -0500
Subject: [PATCH] fix some cleanup errors, add t12 support on ceph

---
 .../files/simple/usr/local/bin/create-vm      | 102 +++++++++++-------
 1 file changed, 64 insertions(+), 38 deletions(-)

diff --git a/roles/kvmhost/files/simple/usr/local/bin/create-vm b/roles/kvmhost/files/simple/usr/local/bin/create-vm
index 6511a55..b9ec76e 100755
--- a/roles/kvmhost/files/simple/usr/local/bin/create-vm
+++ b/roles/kvmhost/files/simple/usr/local/bin/create-vm
@@ -43,6 +43,8 @@ set -xe
 EOF
 
 err-cleanup() {
+  echo "in err-cleanup"
+  set -x
   if (( ${#cleanup_cmds[@]} == 0 )); then
     return 0
   fi
@@ -86,8 +88,8 @@ $0 [OPTONS] -d DISK_SIZE(MB) [DISK_NAME]/MOUNT_POINT FQDN
 or
 $0 -l
 
-DISTRO_RELEASE_CODENAME: Supported codenames are aramo (recommended),
-nabia, etiona, flidas, belenos and stretch. Codenames older than the
+DISTRO_RELEASE_CODENAME: Supported codenames are ecne (recommended),
+aramo, nabia, etiona, flidas, belenos and stretch. Codenames older than the
 recommended are more likely to expose a bug in this script.
 
 On vm hosts with local storage, disks are grouped into sets of 3 disks, in which a
@@ -137,6 +139,9 @@ to undo what it has done. Be sure to read the output!
                            in screen or tmux. TODO: figure this out for
                            savannah-virsh.
 
+-n NBD_DEVICE :  When the host has a broken first available nbd device,
+                  e.g. cryptsetup luksFormat fails with "device in use",
+                  then override the default with this.
 
 Example: $0 www.gnu.org 5000 512 2 flidas
 
@@ -189,10 +194,24 @@ cli-arg-check() {
   ## from here, checks for when we are actually creating a vm
 
   # TODO Remove this once we upgrade the kvmhosts to t9+
-  if [[ $release == aramo && $HOSTNAME == kvmhost[234] && \
+  if [[ ( $release == ecne || $release == aramo && $HOSTNAME == kvmhost[234] ) && \
           ! -d /srv/debootstrap-cache/$release/etc ]] ; then
-    err "error: this os is too old to debootstrap aramo. rsync it first to
-/srv/debootstrap-cache/aramo"
+    err "error: this os is too old to debootstrap $release. rsync it first to
+/srv/debootstrap-cache/$release"
+
+  err 'For ecne, I initially generated it into kvmhost3 with:
+
+#!/bin/bash
+set -xe
+excludes=resolvconf
+excludes+=,systemd-resolved
+archive=http://us.archive.trisquel.info/trisquel
+linux_pkg=linux-image-virtual
+debootstrap --exclude=$excludes ecne $PWD $archive
+for p in netplan.io networkd-dispatcher python3 python3.12 netplan-generator; do
+m chroot . apt-get purge $p --auto-remove || break
+done
+'
     exit 1
   fi
   if virsh list --all --name | grep -Fx $host &>/dev/null; then
@@ -245,17 +264,13 @@ set-initial-vars() {
       ip6=
       ;;
   esac
-  case $HOSTNAME in
-    # once we have other networks, add condition here.
-    *)
-      gateway=209.51.188.1
-      gateway6=2001:470:142::1
-      ;;
-  esac
+    # once we have other networks, we can add a condition on HOSTNAME
+  gateway=209.51.188.1
+  gateway6=2001:470:142::1
 
 
   case $release in
-    aramo|nabia|etiona|flidas|belenos)
+    ecne|aramo|nabia|etiona|flidas|belenos)
       archive=http://us.archive.trisquel.info/trisquel
       linux_pkg=linux-image-virtual
       ;;
@@ -400,10 +415,17 @@ EOF
 }
 
 mkfs-and-mount-ceph-disk() {
-  nbd_dev=$(rbd-nbd map $dname)
+  sleep 2 # just paranoid about getting the nbd dev to work
+  if [[ $nbd_dev_arg ]]; then
+    rbd-nbd map --device $nbd_dev_arg --exclusive $dname
+    nbd_dev="$nbd_dev_arg"
+  else
+    nbd_dev=$(rbd-nbd map --exclusive $dname)
+  fi
+  sleep 2 # paranoid
   push-cleanup "rbd-nbd unmap $nbd_dev"
 
-  echo YES | m cryptsetup luksFormat -y --cipher aes-xts-plain64 --hash sha256 --use-urandom --key-size 256  $nbd_dev --key-file=$keyfile
+  cryptsetup luksFormat --cipher aes-xts-plain64 --hash sha256 --use-urandom --key-size 256  $nbd_dev --key-file=- <$keyfile
   luks_dev=/dev/mapper/$dname-crypt0
   m cryptsetup luksOpen $nbd_dev $dname-crypt0 --key-file=$keyfile
   push-cleanup "cryptsetup luksClose $luks_dev"
@@ -516,7 +538,7 @@ close-disk() {
     m umount $target
     pop-cleanup
   fi
-  if [[ -s $luks_dev ]]; then
+  if [[ -e $luks_dev ]]; then
     m cryptsetup luksClose $luks_dev
     pop-cleanup
   fi
@@ -960,6 +982,9 @@ EOF
 os-bootstrap() {
   excludes=resolvconf
   case $release in
+    ecne)
+      excludes+=,netplan.io,systemd-resolved
+      ;;
     aramo)
       # These dont exist in jammy, they only cause problems.
       # <quidam> this happens when ubuntu removes packages at release time, they stay in our repos by default
@@ -1040,15 +1065,13 @@ EOF
 exit 101
 EOF
 
-  case $release in
-    etiona|flidas|belenos) : ;;
-    *)
-      # systemd-resolved takes over /etc/resolv.conf, and I do not see any
-      # benefit to using it. Also, it tries to do DNSSEC then fails queries
-      # when the server has not implemented it fully and perfectly.
-      m chroot $target systemctl disable systemd-resolved
-      rm -f $target/etc/resolv.conf
-  esac
+  if [[ $release == aramo ]]; then
+    # systemd-resolved takes over /etc/resolv.conf, and I do not see any
+    # benefit to using it. Also, it tries to do DNSSEC then fails queries
+    # when the server has not implemented it fully and perfectly.
+    m chroot $target systemctl disable systemd-resolved
+    rm -f $target/etc/resolv.conf
+  fi
 
   m tee $target/etc/resolv.conf <<EOF
 domain fsf.org
@@ -1105,17 +1128,17 @@ EOF
   m $chroot_apt dist-upgrade --force-yes -y -o Dpkg::Options::="--force-confnew"
   extra_pkgs=()
 
-  case $release in
-    stretch) extra_pkgs+=(busybox-static) ;;
-  esac
+  if [[ $release == stretch ]]; then
+    extra_pkgs+=(busybox-static)
+  fi
 
-  case $release in
+  extra_pkgs+=(cryptsetup-initramfs)
+  if [[ $release == etiona || $release == flidas || $release == belenos ]]; then
     # iank: 2022: python gives us python2. it doesnt exist in aramo and I do
     # not think we need it in nabia. I assume the older distros needed it for
     # ansible, but ansible has moved to python3 now.
-    etiona|flidas|belenos) extra_pkgs+=(python) ;;
-    *) extra_pkgs+=(cryptsetup-initramfs) ;;
-  esac
+    extra_pkgs+=(python)
+  fi
 
   m $chroot_apt install --force-yes -y --no-install-recommends \
     $linux_pkg initramfs-tools ssh acpid btrfs-progs cryptsetup \
@@ -1128,8 +1151,7 @@ EOF
   echo root:$rootpw | chroot $target chpasswd
 
   # This doesnt seem to be needed on etiona+
-  case $release in
-    flidas|belenos)
+  if [[ $release == flidas || $release == belenos ]]; then
       m tee $target/etc/init/ttykvm.conf <<EOF
 # ttykvm - getty
 #
@@ -1143,8 +1165,7 @@ stop on runlevel [!2345]
 respawn
 exec /sbin/getty -8 115200 ttyS0 xterm
 EOF
-      ;;
-  esac
+  fi
 
 
   m mkdir -p $target/etc/network/
@@ -1209,6 +1230,7 @@ create-vm() {
 
   max_var=$(osinfo-query -f short-id os | sed -rn 's/.*ubuntu([0-9][0-9])\.04.*/\1/p' | sort -V | tail -n1)
   case $release in
+    ecne) var=24 ;;
     aramo) var=22 ;;
     nabia) var=20 ;;
     etiona|stretch) var=18 ;;
@@ -1371,14 +1393,14 @@ mdraid=false
 import=false
 add_disk=false
 dolist=false
-temp=$(getopt -l help,disk,vol-group:,import,mdraid hdg:ilm "$@") || usage 1
+temp=$(getopt -l help,disk,vol-group:,import,mdraid hdg:ilmn: "$@") || usage 1
 eval set -- "$temp"
 while true; do
   case $1 in
     -d|--disk)
       add_disk=true
       # hack to bypass logic
-      release=aramo
+      release=ecne
       ;;
     -g|--vol-group)
       vg_opt="$2"
@@ -1389,6 +1411,10 @@ while true; do
       dolist=true
       ;;
     -m|--mdraid) mdraid=true ;;
+    -n)
+      nbd_dev_arg="$2"
+      shift
+      ;;
     -h|--help) usage ;;
     --) shift; break ;;
     *) e "unexpected args: $*" >&2 ; usage 1 ;;
-- 
2.25.1