this repo has no description
ci: use injected ssh key for hosted e2e
+30
-12
+12
-2
.github/workflows/test-e2e.yml
+12
-2
.github/workflows/test-e2e.yml
···
49
49
ls -l /dev/kvm || true
50
50
grep -E 'vmx|svm' /proc/cpuinfo | head || true
51
51
52
+
- name: Remove incompatible host SSH options
53
+
run: |
54
+
sudo find /etc/ssh -maxdepth 2 -type f \( -name 'ssh_config' -o -name '*.conf' \) \
55
+
-exec sed -i '/^[[:space:]]*GSSAPIAuthentication[[:space:]]/Id' {} +
56
+
grep -Rni 'GSSAPIAuthentication' /etc/ssh || true
57
+
52
58
- name: Run end-to-end test
53
59
run: |
54
60
mkdir -p "$NIXIE_E2E_WORKDIR"
55
-
timeout --signal=TERM 30m \
61
+
timeout --signal=TERM 60m \
56
62
sudo env PATH="$PATH" NIXIE_E2E_WORKDIR="$NIXIE_E2E_WORKDIR" "$(command -v nix)" run --print-build-logs ./examples#e2e
57
63
58
64
- name: Show harness logs on failure
59
65
if: failure()
60
66
run: |
61
-
for file in "$NIXIE_E2E_WORKDIR"/nixie.log "$NIXIE_E2E_WORKDIR"/dnsmasq.log; do
67
+
for file in \
68
+
"$NIXIE_E2E_WORKDIR"/nixie.log \
69
+
"$NIXIE_E2E_WORKDIR"/dnsmasq.log \
70
+
"$NIXIE_E2E_WORKDIR"/machine1.serial.log \
71
+
"$NIXIE_E2E_WORKDIR"/machine2.serial.log; do
62
72
if [ -f "$file" ]; then
63
73
echo "::group::$(basename "$file")"
64
74
sed -n '1,240p' "$file"
+1
-1
cmd/nixie/main.go
+1
-1
cmd/nixie/main.go
···
74
74
75
75
doneCh := make(chan struct{}, 1)
76
76
go func() {
77
-
if err := api.StartAPIServer(ctx, hostsConfig, flags.Flake, flags.Debug, doneCh); err != nil {
77
+
if err := api.StartAPIServer(ctx, hostsConfig, flags.Flake, flags.SSHKey, flags.Debug, doneCh); err != nil {
78
78
log.Fatal("failed to start API server", "error", err)
79
79
}
80
80
}()
+4
-3
internal/api/api.go
+4
-3
internal/api/api.go
···
17
17
ctx context.Context
18
18
hostsConfig hosts.HostsConfig
19
19
flake string
20
+
sshKey string
20
21
debug bool
21
22
doneCh chan struct{}
22
23
}
···
59
60
60
61
log.Info("installing NixOS", "host", ip, "flake", flake)
61
62
go func() {
62
-
// TODO IMPORTANT support SSH key
63
-
if err := nixos.Install(api.ctx, flake, "root", ip, "nixos-installer", api.debug); err != nil {
63
+
if err := nixos.Install(api.ctx, flake, "root", ip, "nixos-installer", api.sshKey, api.debug); err != nil {
64
64
log.Error("failed to install NixOS", "ip", ip, "flake", flake, "error", err)
65
65
host.SetState(hosts.StateFailed)
66
66
} else {
···
91
91
return mux
92
92
}
93
93
94
-
func StartAPIServer(ctx context.Context, hostsConfig hosts.HostsConfig, flake string, debug bool, doneCh chan struct{}) error {
94
+
func StartAPIServer(ctx context.Context, hostsConfig hosts.HostsConfig, flake string, sshKey string, debug bool, doneCh chan struct{}) error {
95
95
api := &API{
96
96
ctx: ctx,
97
97
hostsConfig: hostsConfig,
98
98
flake: flake,
99
+
sshKey: sshKey,
99
100
debug: debug,
100
101
doneCh: doneCh,
101
102
}
+11
-6
internal/nixos/anywhere.go
+11
-6
internal/nixos/anywhere.go
···
7
7
"os/exec"
8
8
)
9
9
10
-
func Install(ctx context.Context, flakeRef, user, host, password string, debug bool) error {
11
-
cmd := exec.CommandContext(
12
-
ctx,
13
-
"nixos-anywhere",
10
+
func Install(ctx context.Context, flakeRef, user, host, password, sshKey string, debug bool) error {
11
+
args := []string{
14
12
"--flake", flakeRef,
15
13
"--target-host", fmt.Sprintf("%s@%s", user, host),
16
-
"--env-password",
17
14
// In the case of PXE boot, where target machines are usually on the same LAN as the one running Nixie,
18
15
// pushing from the Nix store where Nixie is running is usually faster than pulling from a remote cache over the internet.
19
16
// Additionally, it's air-gapped.
20
17
"--no-substitute-on-destination",
21
-
)
18
+
}
19
+
20
+
if sshKey != "" {
21
+
args = append(args, "-i", sshKey)
22
+
} else {
23
+
args = append(args, "--env-password")
24
+
}
25
+
26
+
cmd := exec.CommandContext(ctx, "nixos-anywhere", args...)
22
27
23
28
cmd.Env = append(os.Environ(), fmt.Sprintf("SSHPASS=%s", password))
24
29