65 lines
2.7 KiB
Bash
65 lines
2.7 KiB
Bash
|
|
#!/usr/bin/env bash
|
||
|
|
# -----------------------------------------------------------------------------
|
||
|
|
# checks/ssh.sh — OPTIONAL / GATED: SSH reachability to the configured VM host.
|
||
|
|
# Depends on Pulumi config (foundation:vm.host / foundation:vm.user) that may
|
||
|
|
# not exist at scaffold time. If the stack/config is absent we SKIP with a
|
||
|
|
# WARNING (never a failure). Only when a host IS configured do we attempt a
|
||
|
|
# non-interactive SSH probe; a failed probe is a WARNING too, because the VM
|
||
|
|
# may legitimately not exist yet during early bootstrap (PLAN-002 Phase 0/1).
|
||
|
|
# This check therefore never causes preflight to exit non-zero on its own.
|
||
|
|
# -----------------------------------------------------------------------------
|
||
|
|
set -euo pipefail
|
||
|
|
PF_DIR=$(cd "$(dirname "$0")/.." && pwd)
|
||
|
|
# shellcheck source=../lib/common.sh
|
||
|
|
. "$PF_DIR/lib/common.sh"
|
||
|
|
BOOTSTRAP_DIR=$(cd "$PF_DIR/.." && pwd)/bootstrap
|
||
|
|
|
||
|
|
echo "[ssh] (gated) SSH reachability to configured VM host"
|
||
|
|
|
||
|
|
# pf_pulumi_config <key> : echo a stack config value, or "" if unavailable.
|
||
|
|
# Tolerates: pulumi not installed, no stack selected, key absent, no project.
|
||
|
|
pf_pulumi_config() {
|
||
|
|
pf_have pulumi || { printf ''; return; }
|
||
|
|
[ -d "$BOOTSTRAP_DIR" ] || { printf ''; return; }
|
||
|
|
( cd "$BOOTSTRAP_DIR" 2>/dev/null && pulumi config get "$1" 2>/dev/null ) || printf ''
|
||
|
|
}
|
||
|
|
|
||
|
|
if ! pf_have pulumi; then
|
||
|
|
pf_warn "pulumi not installed -> cannot read vm.host; SKIPPING ssh reachability"
|
||
|
|
pf_summary "ssh"; exit $?
|
||
|
|
fi
|
||
|
|
if [ ! -d "$BOOTSTRAP_DIR" ]; then
|
||
|
|
pf_warn "bootstrap/ not present yet -> no stack config; SKIPPING ssh reachability"
|
||
|
|
pf_summary "ssh"; exit $?
|
||
|
|
fi
|
||
|
|
|
||
|
|
vm_host=$(pf_pulumi_config "foundation:vm.host")
|
||
|
|
vm_user=$(pf_pulumi_config "foundation:vm.user")
|
||
|
|
[ -n "$vm_user" ] || vm_user="root"
|
||
|
|
|
||
|
|
if [ -z "$vm_host" ]; then
|
||
|
|
pf_warn "foundation:vm.host not configured yet -> SKIPPING ssh reachability (expected pre-Phase-0)"
|
||
|
|
pf_summary "ssh"; exit $?
|
||
|
|
fi
|
||
|
|
|
||
|
|
ssh_key="${SSH_PRIVATE_KEY_PATH:-$HOME/.ssh/id_rsa}"
|
||
|
|
case "$ssh_key" in "~/"*) ssh_key="$HOME/${ssh_key#~/}" ;; esac
|
||
|
|
|
||
|
|
pf_info "configured target: ${vm_user}@${vm_host} (key: $ssh_key)"
|
||
|
|
|
||
|
|
if ! pf_have ssh; then
|
||
|
|
pf_warn "ssh client missing (see tools check) -> SKIPPING reachability probe"
|
||
|
|
pf_summary "ssh"; exit $?
|
||
|
|
fi
|
||
|
|
|
||
|
|
# Non-interactive, fast-failing probe. BatchMode avoids password prompts;
|
||
|
|
# a 'true' command that succeeds proves auth + reachability.
|
||
|
|
if ssh -o BatchMode=yes -o ConnectTimeout=8 -o StrictHostKeyChecking=accept-new \
|
||
|
|
-i "$ssh_key" "${vm_user}@${vm_host}" true >/dev/null 2>&1; then
|
||
|
|
pf_pass "SSH to ${vm_user}@${vm_host} succeeded"
|
||
|
|
else
|
||
|
|
pf_warn "SSH to ${vm_user}@${vm_host} did not succeed (VM may not exist yet / key not trusted) — not failing"
|
||
|
|
fi
|
||
|
|
|
||
|
|
pf_summary "ssh"
|