diff options
| author | Craig Jennings <c@cjennings.net> | 2026-06-25 23:12:51 -0400 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-06-25 23:12:51 -0400 |
| commit | 771b92ef7061f230a04f26cc26b5d72a18c3060c (patch) | |
| tree | 5c9912bfc332d8c809d17bbe7945c2861e7cccf5 /scripts/testing/lib/vm-utils.sh | |
| parent | 75d3e2907bf7d68fbeb6850b71491d829b4bf882 (diff) | |
| download | archsetup-771b92ef7061f230a04f26cc26b5d72a18c3060c.tar.gz archsetup-771b92ef7061f230a04f26cc26b5d72a18c3060c.zip | |
test(archsetup): migrate bare-metal runner to key auth + Testinfra
run-test-baremetal.sh SSHed to the target as root by password throughout, which archsetup's sshd hardening (PermitRootLogin prohibit-password) kills mid-install, the same break the VM runner already fixed. It also still called the validation.sh shell sweep (run_all_validations, validate_all_services, validate_zfs_services), the last caller keeping those functions alive.
It now mirrors the VM runner. After the first SSH, and after any genesis rollback so the key survives it, inject_root_key authorizes a throwaway root key, and every later ssh_cmd plus the raw scp transfers and log-copies thread SSH_KEY_OPT to survive the hardening. The shell sweep is replaced with run_testinfra_validation, now the authoritative validator on both runners. A --port option, threaded through every SSH and scp, lets the runner target a test VM on 2222 instead of only real hardware on 22.
inject_root_key now authorizes root@$VM_IP instead of root@localhost, so one helper serves both runners (the VM runner sets VM_IP=localhost).
Validated against the ZFS VM (--validate-only, localhost:2222): connectivity, the ZFS check, key authorization, and the Testinfra sweep all connect and run over the key-based ssh-config. A green bare-metal install still needs real ZFS hardware.
Diffstat (limited to 'scripts/testing/lib/vm-utils.sh')
| -rwxr-xr-x | scripts/testing/lib/vm-utils.sh | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/scripts/testing/lib/vm-utils.sh b/scripts/testing/lib/vm-utils.sh index 6d9f6f6..10c0ca5 100755 --- a/scripts/testing/lib/vm-utils.sh +++ b/scripts/testing/lib/vm-utils.sh @@ -433,6 +433,8 @@ copy_from_vm() { # PermitRootLogin prohibit-password and reloads sshd partway through, which kills # root *password* login. Without a key in place first, every SSH after that step # fails and the run aborts before any validation. Key auth survives the hardening. +# Targets root@$VM_IP on $SSH_PORT so it works for both the local VM runner +# (VM_IP=localhost, port 2222) and the bare-metal runner (VM_IP=host, port 22). inject_root_key() { local key="$1" rm -f "$key" "$key.pub" @@ -440,7 +442,7 @@ inject_root_key() { warn "Root key generation failed - run may break at sshd hardening" return 1 fi - if sshpass -p "$ROOT_PASSWORD" ssh $SSH_OPTS -p "$SSH_PORT" root@localhost \ + if sshpass -p "$ROOT_PASSWORD" ssh $SSH_OPTS -p "$SSH_PORT" "root@${VM_IP:-localhost}" \ "mkdir -p /root/.ssh && chmod 700 /root/.ssh && cat >> /root/.ssh/authorized_keys && chmod 600 /root/.ssh/authorized_keys" \ < "$key.pub" >> "$LOGFILE" 2>&1; then SSH_KEY_OPT="-i $key" |