From b0dc2d855dedeac3ed46619a3ba987da3710a523 Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Sun, 5 Apr 2026 13:52:20 -0300 Subject: [PATCH] metis: include reciprocal hecate db key for titan-24 recovery --- inventory.titan-rpi4.yaml | 3 ++- pkg/service/remote.go | 1 + pkg/service/remote_test.go | 21 ++++++++++++++++++++- 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/inventory.titan-rpi4.yaml b/inventory.titan-rpi4.yaml index dd14fde..f6d7c5b 100644 --- a/inventory.titan-rpi4.yaml +++ b/inventory.titan-rpi4.yaml @@ -307,6 +307,7 @@ nodes: ssh_authorized_keys: - ${METIS_SSH_KEY_BASTION} - ${METIS_SSH_KEY_BRAD} + - ${METIS_SSH_KEY_HECATE_DB} - name: titan-0a class: rpi5-ubuntu-control-plane hostname: titan-0a @@ -336,4 +337,4 @@ nodes: k3s_token: ${METIS_K3S_TOKEN} ssh_user: atlas ssh_authorized_keys: - - ${METIS_SSH_KEY_BASTION} \ No newline at end of file + - ${METIS_SSH_KEY_BASTION} diff --git a/pkg/service/remote.go b/pkg/service/remote.go index e6fa34f..11e9cbc 100644 --- a/pkg/service/remote.go +++ b/pkg/service/remote.go @@ -604,6 +604,7 @@ export METIS_HARBOR_PASSWORD="{{ .Data.data.harbor_admin_password }}" export METIS_SSH_KEY_BASTION="{{ .Data.data.bastion_pub }}" export METIS_SSH_KEY_BRAD="{{ .Data.data.brad_pub }}" export METIS_SSH_KEY_HECATE_TETHYS="{{ .Data.data.hecate_tethys_pub }}" +export METIS_SSH_KEY_HECATE_DB="{{ .Data.data.hecate_db_pub }}" {{ end }}` } return annotations diff --git a/pkg/service/remote_test.go b/pkg/service/remote_test.go index 3c61b0f..0139545 100644 --- a/pkg/service/remote_test.go +++ b/pkg/service/remote_test.go @@ -1,6 +1,9 @@ package service -import "testing" +import ( + "strings" + "testing" +) func TestMountedHostTmpDirMapsConfiguredTmpPathIntoMount(t *testing.T) { if got := mountedHostTmpDir("/tmp/metis-flash-test"); got != "/host-tmp/metis-flash-test" { @@ -10,3 +13,19 @@ func TestMountedHostTmpDirMapsConfiguredTmpPathIntoMount(t *testing.T) { t.Fatalf("expected /host-tmp, got %q", got) } } + +func TestVaultRuntimeAnnotationsIncludeReciprocalHecateKeys(t *testing.T) { + withKeys := vaultRuntimeAnnotations(true) + template := withKeys["vault.hashicorp.com/agent-inject-template-metis-ssh-env.sh"] + if !strings.Contains(template, "METIS_SSH_KEY_HECATE_TETHYS") { + t.Fatalf("expected tethys hecate key export in vault template: %q", template) + } + if !strings.Contains(template, "METIS_SSH_KEY_HECATE_DB") { + t.Fatalf("expected db hecate key export in vault template: %q", template) + } + + withoutKeys := vaultRuntimeAnnotations(false) + if _, ok := withoutKeys["vault.hashicorp.com/agent-inject-template-metis-ssh-env.sh"]; ok { + t.Fatalf("did not expect ssh key template when includeSSHKeys=false") + } +}