#!/usr/bin/env bash # ----------------------------------------------------------------------------- # checks/ssh.sh — OPTIONAL / GATED: SSH reachability to the configured VM host. # Depends on Pulumi config (foundation:vm.host / foundation:vm.user) that may # not exist at scaffold time. If the stack/config is absent we SKIP with a # WARNING (never a failure). Only when a host IS configured do we attempt a # non-interactive SSH probe; a failed probe is a WARNING too, because the VM # may legitimately not exist yet during early bootstrap (PLAN-002 Phase 0/1). # This check therefore never causes preflight to exit non-zero on its own. # ----------------------------------------------------------------------------- set -euo pipefail PF_DIR=$(cd "$(dirname "$0")/.." && pwd) # shellcheck source=../lib/common.sh . "$PF_DIR/lib/common.sh" BOOTSTRAP_DIR=$(cd "$PF_DIR/.." && pwd)/bootstrap echo "[ssh] (gated) SSH reachability to configured VM host" # pf_pulumi_config : echo a stack config value, or "" if unavailable. # Tolerates: pulumi not installed, no stack selected, key absent, no project. pf_pulumi_config() { pf_have pulumi || { printf ''; return; } [ -d "$BOOTSTRAP_DIR" ] || { printf ''; return; } ( cd "$BOOTSTRAP_DIR" 2>/dev/null && pulumi config get "$1" 2>/dev/null ) || printf '' } if ! pf_have pulumi; then pf_warn "pulumi not installed -> cannot read vm.host; SKIPPING ssh reachability" pf_summary "ssh"; exit $? fi if [ ! -d "$BOOTSTRAP_DIR" ]; then pf_warn "bootstrap/ not present yet -> no stack config; SKIPPING ssh reachability" pf_summary "ssh"; exit $? fi vm_host=$(pf_pulumi_config "foundation:vm.host") vm_user=$(pf_pulumi_config "foundation:vm.user") [ -n "$vm_user" ] || vm_user="root" if [ -z "$vm_host" ]; then pf_warn "foundation:vm.host not configured yet -> SKIPPING ssh reachability (expected pre-Phase-0)" pf_summary "ssh"; exit $? fi ssh_key="${SSH_PRIVATE_KEY_PATH:-$HOME/.ssh/id_rsa}" case "$ssh_key" in "~/"*) ssh_key="$HOME/${ssh_key#~/}" ;; esac pf_info "configured target: ${vm_user}@${vm_host} (key: $ssh_key)" if ! pf_have ssh; then pf_warn "ssh client missing (see tools check) -> SKIPPING reachability probe" pf_summary "ssh"; exit $? fi # Non-interactive, fast-failing probe. BatchMode avoids password prompts; # a 'true' command that succeeds proves auth + reachability. if ssh -o BatchMode=yes -o ConnectTimeout=8 -o StrictHostKeyChecking=accept-new \ -i "$ssh_key" "${vm_user}@${vm_host}" true >/dev/null 2>&1; then pf_pass "SSH to ${vm_user}@${vm_host} succeeded" else pf_warn "SSH to ${vm_user}@${vm_host} did not succeed (VM may not exist yet / key not trusted) — not failing" fi pf_summary "ssh"