From a463554fc7258ef952417a35df18d19de689b0b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= <nmasse@redhat.com>
Date: Tue, 16 Sep 2025 11:09:50 -0400
Subject: [PATCH] wip

---
 bootc/{scenario3a => }/config.toml            |  0
 bootc/scenario2/Containerfile                 |  8 +++
 .../etc/default/migrate-vm-printserver.env    | 10 ++++
 .../check/required.d/30_printserver_check.sh  | 18 ++++++
 .../qemu/networks/autostart/default.xml       |  1 +
 .../etc/libvirt/qemu/networks/default.xml     | 19 +++++++
 .../etc/systemd/system/migrate-vm@.service    | 19 +++++++
 .../root/usr/local/bin/migrate-vm.sh          | 56 +++++++++++++++++++
 .../etc/default/bootstrap-vm-nextcloud.env    |  1 +
 .../etc/systemd/system/bootstrap-vm@.service  |  4 +-
 .../root/usr/local/bin/bootstrap-vm.sh        | 16 +++++-
 .../local/libvirt/images/nextcloud/.gitignore |  2 -
 bootc/scripts/build.sh                        | 40 ++++++++++++-
 flightctl/fleets.yaml                         |  6 +-
 14 files changed, 193 insertions(+), 7 deletions(-)
 rename bootc/{scenario3a => }/config.toml (100%)
 create mode 100644 bootc/scenario2/Containerfile
 create mode 100644 bootc/scenario2/root/etc/default/migrate-vm-printserver.env
 create mode 100755 bootc/scenario2/root/etc/greenboot/check/required.d/30_printserver_check.sh
 create mode 120000 bootc/scenario2/root/etc/libvirt/qemu/networks/autostart/default.xml
 create mode 100644 bootc/scenario2/root/etc/libvirt/qemu/networks/default.xml
 create mode 100644 bootc/scenario2/root/etc/systemd/system/migrate-vm@.service
 create mode 100755 bootc/scenario2/root/usr/local/bin/migrate-vm.sh
 delete mode 100644 bootc/scenario3a/root/usr/local/libvirt/images/nextcloud/.gitignore

diff --git a/bootc/scenario3a/config.toml b/bootc/config.toml
similarity index 100%
rename from bootc/scenario3a/config.toml
rename to bootc/config.toml
diff --git a/bootc/scenario2/Containerfile b/bootc/scenario2/Containerfile
new file mode 100644
index 0000000..0c06694
--- /dev/null
+++ b/bootc/scenario2/Containerfile
@@ -0,0 +1,8 @@
+FROM edge-registry.itix.fr/demo-edge-retail/base:latest
+
+ADD --chown=root:root root /
+
+RUN <<EOF
+set -Eeuo pipefail
+systemctl enable migrate-vm@printserver.service
+EOF
diff --git a/bootc/scenario2/root/etc/default/migrate-vm-printserver.env b/bootc/scenario2/root/etc/default/migrate-vm-printserver.env
new file mode 100644
index 0000000..43b93d9
--- /dev/null
+++ b/bootc/scenario2/root/etc/default/migrate-vm-printserver.env
@@ -0,0 +1,10 @@
+DOMAIN_VCPUS=4
+DOMAIN_RAM=8192
+DOMAIN_OS_VARIANT=win11
+DOMAIN_MAC_ADDRESS=04:00:00:00:00:02
+RCLONE_CONFIG_HYPERV_TYPE=smb
+RCLONE_CONFIG_HYPERV_HOST=192.168.2.72
+RCLONE_CONFIG_HYPERV_USER=Red Hat
+RCLONE_CONFIG_HYPERV_PASS=3EIvjq3rHcHYcfktOS6HpZyvxefr1A
+DOMAIN_HYPERV_DISK_LOCATION=hyperv:c$/ProgramData/Microsoft/Windows/Virtual Hard Disks/Print Server.vhdx
+DOMAIN_HYPERV_DISK_NAME=Print Server.vhdx
diff --git a/bootc/scenario2/root/etc/greenboot/check/required.d/30_printserver_check.sh b/bootc/scenario2/root/etc/greenboot/check/required.d/30_printserver_check.sh
new file mode 100755
index 0000000..85cd291
--- /dev/null
+++ b/bootc/scenario2/root/etc/greenboot/check/required.d/30_printserver_check.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+set -Eeuo pipefail
+MAX_ATTEMPTS=60
+
+for (( attempt=1; attempt<=MAX_ATTEMPTS; attempt++ )); do
+  echo "Checking VM ($attempt/$MAX_ATTEMPTS)..."
+  
+  if virsh domstate printserver | grep -q 'running'; then
+    echo "The printserver VM is running."
+    exit 0
+  fi
+
+  sleep 5
+done
+
+echo "printserver VM is not running correctly after $MAX_ATTEMPTS attempts!"
+exit 1
diff --git a/bootc/scenario2/root/etc/libvirt/qemu/networks/autostart/default.xml b/bootc/scenario2/root/etc/libvirt/qemu/networks/autostart/default.xml
new file mode 120000
index 0000000..8339868
--- /dev/null
+++ b/bootc/scenario2/root/etc/libvirt/qemu/networks/autostart/default.xml
@@ -0,0 +1 @@
+../default.xml
\ No newline at end of file
diff --git a/bootc/scenario2/root/etc/libvirt/qemu/networks/default.xml b/bootc/scenario2/root/etc/libvirt/qemu/networks/default.xml
new file mode 100644
index 0000000..d7805a3
--- /dev/null
+++ b/bootc/scenario2/root/etc/libvirt/qemu/networks/default.xml
@@ -0,0 +1,19 @@
+<network>
+  <name>default</name>
+  <bridge name="virbr0" stp="on" delay="5" />
+  <forward mode='nat' />
+  <domain name="libvirt.test" />
+  <dns>
+    <host ip='192.168.122.1'>
+      <hostname>host</hostname>
+    </host>
+  </dns>
+  <ip address="192.168.122.1" netmask="255.255.255.0" localPtr="yes">
+    <dhcp>
+      <range start="192.168.122.100" end="192.168.122.200">
+        <lease expiry='24' unit='hours'/>
+      </range>
+      <host mac="04:00:00:00:00:01" name="nextcloud" ip="192.168.122.2" />
+    </dhcp>
+  </ip>
+</network>
diff --git a/bootc/scenario2/root/etc/systemd/system/migrate-vm@.service b/bootc/scenario2/root/etc/systemd/system/migrate-vm@.service
new file mode 100644
index 0000000..c6f87f4
--- /dev/null
+++ b/bootc/scenario2/root/etc/systemd/system/migrate-vm@.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=RHDE VM Migration Service
+Documentation=man:systemd.service(5)
+After=network-online.target
+Wants=network-online.target
+
+# Only start if the VM root disk does not exist
+ConditionPathExists=!/var/lib/libvirt/images/%i/root.qcow2
+
+# Remain started to avoid race conditions
+Persistent=true
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/migrate-vm.sh %i
+EnvironmentFile=/etc/default/migrate-vm-%i.env
+
+[Install]
+WantedBy=multi-user.target
diff --git a/bootc/scenario2/root/usr/local/bin/migrate-vm.sh b/bootc/scenario2/root/usr/local/bin/migrate-vm.sh
new file mode 100755
index 0000000..d50b1d2
--- /dev/null
+++ b/bootc/scenario2/root/usr/local/bin/migrate-vm.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+
+set -Eeuo pipefail
+
+if [[ $# -ne 1 ]]; then
+  echo "Usage: $0 <vm-name>"
+  exit 1
+fi
+
+VM="${1}"
+if [ -d "/var/lib/libvirt/images/${VM}/" ]; then
+  echo "VM ${VM} already exists. Please remove it first."
+  exit 1
+fi
+
+temp_dir=$(mktemp -d)
+cleanup() {
+  local exit_code=$?
+  rm -rf "$temp_dir"
+  if [ $exit_code -ne 0 ]; then
+    echo "An error occurred. Cleaning up..."
+    virsh destroy "${VM}" || true
+    virsh undefine "${VM}" --nvram || true
+    rm -rf "/var/lib/libvirt/images/${VM}/"
+  fi
+}
+trap cleanup EXIT
+
+# Create a temporary directory to hold the VM image and copy the base image there
+install -m 0710 -o root -g qemu --context=system_u:object_r:virt_image_t:s0 -d "$temp_dir"
+install -m 0710 -o root -g qemu -Z -d "/var/lib/libvirt/images/${VM}"
+
+# Migrate the VM disk from Hyper-V to KVM
+echo "Copying the VM disk from Hyper-V..."
+rclone copy "$DOMAIN_HYPERV_DISK_LOCATION" "$temp_dir"
+echo "Converting the VM disk to qcow2 format..."
+qemu-img convert -O qcow2 "$temp_dir/$DOMAIN_HYPERV_DISK_NAME" "/var/lib/libvirt/images/${VM}/root.qcow2"
+restorecon -F "/var/lib/libvirt/images/${VM}/root.qcow2"
+
+# Create and start the VM using virt-install
+echo "Creating and starting the VM ${VM}..."
+virt-install --name "${VM}" \
+             --autostart \
+             --cpu=host-passthrough \
+             --vcpus=${DOMAIN_VCPUS} \
+             --ram=${DOMAIN_RAM} \
+             --os-variant=${DOMAIN_OS_VARIANT} \
+             --disk=path=/var/lib/libvirt/images/${VM}/root.qcow2,bus=sata,format=qcow2 \
+             --disk=path=/usr/share/virtio-win/virtio-win.iso,device=cdrom,bus=sata \
+             --boot uefi \
+             --import \
+             --network=network=default,mac=${DOMAIN_MAC_ADDRESS} \
+             --noautoconsole
+
+echo "VM ${VM} has been created and started."
+exit 0
diff --git a/bootc/scenario3a/root/etc/default/bootstrap-vm-nextcloud.env b/bootc/scenario3a/root/etc/default/bootstrap-vm-nextcloud.env
index 2df58d9..c17f9e5 100644
--- a/bootc/scenario3a/root/etc/default/bootstrap-vm-nextcloud.env
+++ b/bootc/scenario3a/root/etc/default/bootstrap-vm-nextcloud.env
@@ -4,3 +4,4 @@ DOMAIN_DISK_SIZE=100
 DOMAIN_OS_VARIANT=rhel9.6
 DOMAIN_MAC_ADDRESS=04:00:00:00:00:01
 FLIGHTCTL_LABELS_OVERRIDE={ "type": "virtualmachine", "vm.name": "nextcloud", "scenario": "scenario1" }
+DOMAIN_DISK_SOURCE=edge-registry.itix.fr/demo-edge-retail/scenario1:latest
diff --git a/bootc/scenario3a/root/etc/systemd/system/bootstrap-vm@.service b/bootc/scenario3a/root/etc/systemd/system/bootstrap-vm@.service
index 508b19e..6bd41e1 100644
--- a/bootc/scenario3a/root/etc/systemd/system/bootstrap-vm@.service
+++ b/bootc/scenario3a/root/etc/systemd/system/bootstrap-vm@.service
@@ -5,9 +5,11 @@ Documentation=man:systemd.service(5)
 # Only start if the VM root disk does not exist
 ConditionPathExists=!/var/lib/libvirt/images/%i/root.qcow2
 
+# Remain started to avoid race conditions
+Persistent=true
+
 [Service]
 Type=oneshot
-Persistent=true
 ExecStart=/usr/local/bin/bootstrap-vm.sh %i
 EnvironmentFile=/etc/default/bootstrap-vm-%i.env
 
diff --git a/bootc/scenario3a/root/usr/local/bin/bootstrap-vm.sh b/bootc/scenario3a/root/usr/local/bin/bootstrap-vm.sh
index 0512d18..b5b5467 100755
--- a/bootc/scenario3a/root/usr/local/bin/bootstrap-vm.sh
+++ b/bootc/scenario3a/root/usr/local/bin/bootstrap-vm.sh
@@ -28,7 +28,13 @@ trap cleanup EXIT
 
 # Create a temporary directory to hold the VM image and copy the base image there
 install -m 0710 -o root -g qemu --context=system_u:object_r:virt_image_t:s0 -d "$temp_dir"
-install -m 0770 -o root -g qemu --context=system_u:object_r:virt_image_t:s0 "/usr/local/libvirt/images/${VM}/qcow2/disk.qcow2" "$temp_dir/root.qcow2"
+
+# Pull the base image defined in the environment file
+podman artifact pull "${DOMAIN_DISK_SOURCE}"
+podman artifact extract "${DOMAIN_DISK_SOURCE}" "$temp_dir/root.qcow2"
+chown root:qemu "$temp_dir/root.qcow2"
+chmod 0660 "$temp_dir/root.qcow2"
+chcon system_u:object_r:virt_image_t:s0 "$temp_dir/root.qcow2"
 
 # Inject the Flightctl configuration file (w/ enrollment certificates) into the VM image
 # Note: The injected config file will be moved to the right place in the VM by a systemd override in the base image
@@ -39,6 +45,7 @@ if [ -f /etc/flightctl/config.yaml ]; then
   else
     cp /etc/flightctl/config.yaml "$temp_dir/config.yaml"
   fi
+  echo "Injecting Flightctl configuration into the VM image..."
   guestfish --add "$temp_dir/root.qcow2" -m /dev/sda4 <<EOF
 copy-in $temp_dir/config.yaml /ostree/deploy/default/var/lib/private/flightctl/
 EOF
@@ -47,16 +54,19 @@ fi
 # Inject the OSTree auth.json file into the VM image if it exists on the host
 # Note: The injected config file will be moved to the right place in the VM by a systemd override in the base image
 if [ -f /etc/ostree/auth.json ]; then
+  echo "Injecting OSTree auth.json into the VM image..."
   guestfish --add "$temp_dir/root.qcow2" -m /dev/sda4 <<'EOF'
 copy-in /etc/ostree/auth.json /ostree/deploy/default/var/lib/private/flightctl/
 EOF
 fi
 
 # Copy the VM image to the libvirt images directory
+echo "Copying the VM disk to the libvirt images directory..."
 install -m 0710 -o root -g qemu -Z -d "/var/lib/libvirt/images/${VM}"
 install -m 0660 -o root -g qemu -Z "$temp_dir/root.qcow2" "/var/lib/libvirt/images/${VM}/root.qcow2"
 
 # Create and start the VM using virt-install
+echo "Creating and starting the VM ${VM}..."
 virt-install --name "${VM}" \
              --autostart \
              --cpu=host-passthrough \
@@ -72,4 +82,8 @@ virt-install --name "${VM}" \
              --noautoconsole
 
 echo "VM ${VM} has been created and started."
+
+# Cleanup the pulled image
+podman artifact rm "${DOMAIN_DISK_SOURCE}" || true
+
 exit 0
diff --git a/bootc/scenario3a/root/usr/local/libvirt/images/nextcloud/.gitignore b/bootc/scenario3a/root/usr/local/libvirt/images/nextcloud/.gitignore
deleted file mode 100644
index a7c6a4c..0000000
--- a/bootc/scenario3a/root/usr/local/libvirt/images/nextcloud/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-qcow2
-manifest-qcow2.json
diff --git a/bootc/scripts/build.sh b/bootc/scripts/build.sh
index 283dca3..928b790 100755
--- a/bootc/scripts/build.sh
+++ b/bootc/scripts/build.sh
@@ -7,12 +7,30 @@ if [[ "$UID" -ne 0 ]]; then
   exit 1
 fi
 
-if [ "$#" -ne 1 ]; then
-  echo "Usage: $0 <target-image>"
+if [ "$#" -lt 1 ]; then
+  echo "Usage: $0 <bootc-target-image> [qcow2-target-image]"
   exit 1
 fi
 
 TARGET_IMAGE="$1"
+QCOW2_TARGET_IMAGE="${2:-}"
+
+# Parses the target image to get the tag and registry
+# Example: myregistry.com/myimage:tag -> (myregistry.com/myimage + tag)
+if [[ "$TARGET_IMAGE" == *":"* ]]; then
+  TARGET_IMAGE_NAME="${TARGET_IMAGE%%:*}"
+  TARGET_IMAGE_TAG="${TARGET_IMAGE##*:}"
+else
+  TARGET_IMAGE_NAME="$TARGET_IMAGE"
+  TARGET_IMAGE_TAG="latest"
+  TARGET_IMAGE="${IMAGE_NAME}:latest"
+fi
+
+# Compute the qcow2 target image if not provided
+if [ -z "$QCOW2_TARGET_IMAGE" ]; then
+  QCOW2_TARGET_IMAGE="${TARGET_IMAGE_NAME}-qcow2:${TARGET_IMAGE_TAG}"
+fi
+
 OCI_REGISTRY="${TARGET_IMAGE%%/*}"
 SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 PROJECT_DIR="$(dirname "$SCRIPT_DIR")"
@@ -48,5 +66,23 @@ if [ -x "$PWD/custom.sh" ]; then
   "$PWD/custom.sh"
 fi
 
+echo "Building and pushing image $TARGET_IMAGE..."
 podman build --no-cache -t "${TARGET_IMAGE}" .
 podman push --sign-by-sigstore-private-key "$PROJECT_DIR/signing-key.private" --sign-passphrase-file "$PROJECT_DIR/signing-key.pass" "${TARGET_IMAGE}"
+
+echo "Building and pushing image $QCOW2_TARGET_IMAGE..."
+temp_dir="$(mktemp -d)"
+trap 'rm -rf "$temp_dir"' EXIT
+
+function bootc_image_builder () {
+  local config="$1"
+  shift
+  podman run --rm -it --privileged --pull=newer --security-opt label=type:unconfined_t -v "$config:/$(basename $config):ro" \
+             -v $temp_dir:/output -v /var/lib/containers/storage:/var/lib/containers/storage \
+             registry.redhat.io/rhel10/bootc-image-builder:latest --config "/$(basename $config)" "$@"
+}
+
+bootc_image_builder "$PROJECT_DIR/config.toml" --type qcow2 "$TARGET_IMAGE"
+podman artifact add "$QCOW2_TARGET_IMAGE" "$temp_dir/qcow2/disk.qcow2"
+podman artifact push --sign-by-sigstore-private-key "$PROJECT_DIR/signing-key.private" --sign-passphrase-file "$PROJECT_DIR/signing-key.pass" "$QCOW2_TARGET_IMAGE"
+podman artifact rm "$QCOW2_TARGET_IMAGE"
diff --git a/flightctl/fleets.yaml b/flightctl/fleets.yaml
index 1b68377..1f340b2 100644
--- a/flightctl/fleets.yaml
+++ b/flightctl/fleets.yaml
@@ -19,7 +19,8 @@ spec:
       os:
         image: edge-registry.itix.fr/demo-edge-retail/base:latest
       systemd:
-        matchPatterns: []
+        matchPatterns:
+          - greenboot-healthcheck.service
 ---
 apiVersion: flightctl.io/v1alpha1
 kind: Fleet
@@ -53,6 +54,7 @@ spec:
           - nextcloud-db.service
           - nextcloud-nginx.service
           - nextcloud-redis.service
+          - greenboot-healthcheck.service
 ---
 apiVersion: flightctl.io/v1alpha1
 kind: Fleet
@@ -80,6 +82,7 @@ spec:
           - bootstrap-vm@nextcloud.service
           - libvirtd.service
           - nftables.service
+          - greenboot-healthcheck.service
 ---
 apiVersion: flightctl.io/v1alpha1
 kind: Fleet
@@ -112,3 +115,4 @@ spec:
           - odoo-app.service
           - odoo-db.service
           - odoo-init.service
+          - greenboot-healthcheck.service