diff --git a/ceph-dashboard-cephadm-e2e/build/cleanup b/ceph-dashboard-cephadm-e2e/build/cleanup index b3e7285a7..e511c5d6f 100755 --- a/ceph-dashboard-cephadm-e2e/build/cleanup +++ b/ceph-dashboard-cephadm-e2e/build/cleanup @@ -3,6 +3,8 @@ set +x echo "Starting cleanup..." with_libvirt() { + # Ensure socket is accessible in case permissions were reset + sudo chmod 0666 /var/run/libvirt/libvirt-sock 2>/dev/null || true sg libvirt -c "$1" } diff --git a/scripts/dashboard/install-cephadm-e2e-deps.sh b/scripts/dashboard/install-cephadm-e2e-deps.sh index a05354a11..314d69fa0 100644 --- a/scripts/dashboard/install-cephadm-e2e-deps.sh +++ b/scripts/dashboard/install-cephadm-e2e-deps.sh @@ -39,16 +39,21 @@ nvm install nvm use popd -sudo apt install -y libvirt-daemon-system libvirt-daemon-driver-qemu qemu-kvm libvirt-clients +sudo apt install -y libvirt-daemon-system libvirt-daemon-driver-qemu qemu-kvm libvirt-clients crun sudo usermod -aG libvirt $(id -un) -newgrp libvirt # Avoid having to log out and log in for group addition to take effect. sudo systemctl enable --now libvirtd +# Rootless podman creates a user namespace that drops supplementary groups. +# --group-add keep-groups (crun) preserves them, but only if crun is the +# OCI runtime. As a robust fallback, also widen socket permissions so the +# mapped UID can connect regardless of group membership. +sudo chmod 0666 /var/run/libvirt/libvirt-sock + KCLI_CONFIG_DIR="${HOME}/.kcli" mkdir -p ${KCLI_CONFIG_DIR} if [[ ! -f "${KCLI_CONFIG_DIR}/id_rsa" ]]; then - sudo ssh-keygen -t rsa -q -f "${KCLI_CONFIG_DIR}/id_rsa" -N "" <<< y + ssh-keygen -t rsa -q -f "${KCLI_CONFIG_DIR}/id_rsa" -N "" <<< y fi : ${KCLI_CONTAINER_IMAGE:='quay.io/karmab/kcli:2543a61'} @@ -70,6 +75,7 @@ sudo chmod +x /usr/local/bin/kcli # KCLI cleanup function can be found here: https://github.com/ceph/ceph/blob/main/src/pybind/mgr/dashboard/ci/cephadm/start-cluster.sh sudo mkdir -p /var/lib/libvirt/images/ceph-dashboard +sudo chown "$(id -u):$(id -g)" /var/lib/libvirt/images/ceph-dashboard with_libvirt() { sg libvirt -c "$1"