diff options
| author | Craig Jennings <c@cjennings.net> | 2026-06-25 23:12:51 -0400 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-06-25 23:12:51 -0400 |
| commit | 771b92ef7061f230a04f26cc26b5d72a18c3060c (patch) | |
| tree | 5c9912bfc332d8c809d17bbe7945c2861e7cccf5 /scripts/cmail-setup-finish.sh | |
| parent | 75d3e2907bf7d68fbeb6850b71491d829b4bf882 (diff) | |
| download | archsetup-771b92ef7061f230a04f26cc26b5d72a18c3060c.tar.gz archsetup-771b92ef7061f230a04f26cc26b5d72a18c3060c.zip | |
test(archsetup): migrate bare-metal runner to key auth + Testinfra
run-test-baremetal.sh SSHed to the target as root by password throughout, which archsetup's sshd hardening (PermitRootLogin prohibit-password) kills mid-install, the same break the VM runner already fixed. It also still called the validation.sh shell sweep (run_all_validations, validate_all_services, validate_zfs_services), the last caller keeping those functions alive.
It now mirrors the VM runner. After the first SSH, and after any genesis rollback so the key survives it, inject_root_key authorizes a throwaway root key, and every later ssh_cmd plus the raw scp transfers and log-copies thread SSH_KEY_OPT to survive the hardening. The shell sweep is replaced with run_testinfra_validation, now the authoritative validator on both runners. A --port option, threaded through every SSH and scp, lets the runner target a test VM on 2222 instead of only real hardware on 22.
inject_root_key now authorizes root@$VM_IP instead of root@localhost, so one helper serves both runners (the VM runner sets VM_IP=localhost).
Validated against the ZFS VM (--validate-only, localhost:2222): connectivity, the ZFS check, key authorization, and the Testinfra sweep all connect and run over the key-based ssh-config. A green bare-metal install still needs real ZFS hardware.
Diffstat (limited to 'scripts/cmail-setup-finish.sh')
0 files changed, 0 insertions, 0 deletions