bstein/metis
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

metis: include reciprocal hecate db key for titan-24 recovery

Browse Source
This commit is contained in:
Brad Stein 2026-04-05 13:52:20 -03:00
parent b42cf9564f
commit b0dc2d855d
3 changed files with 23 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
inventory.titan-rpi4.yaml
View File

@ -307,6 +307,7 @@ nodes:
ssh_authorized_keys: ssh_authorized_keys:
- ${METIS_SSH_KEY_BASTION} - ${METIS_SSH_KEY_BASTION}
- ${METIS_SSH_KEY_BRAD} - ${METIS_SSH_KEY_BRAD}
- ${METIS_SSH_KEY_HECATE_DB}
- name: titan-0a - name: titan-0a
class: rpi5-ubuntu-control-plane class: rpi5-ubuntu-control-plane
hostname: titan-0a hostname: titan-0a
@ -336,4 +337,4 @@ nodes:
k3s_token: ${METIS_K3S_TOKEN} k3s_token: ${METIS_K3S_TOKEN}
ssh_user: atlas ssh_user: atlas
ssh_authorized_keys: ssh_authorized_keys:
- ${METIS_SSH_KEY_BASTION} - ${METIS_SSH_KEY_BASTION}

1
pkg/service/remote.go
View File

@ -604,6 +604,7 @@ export METIS_HARBOR_PASSWORD="{{ .Data.data.harbor_admin_password }}"
export METIS_SSH_KEY_BASTION="{{ .Data.data.bastion_pub }}" export METIS_SSH_KEY_BASTION="{{ .Data.data.bastion_pub }}"
export METIS_SSH_KEY_BRAD="{{ .Data.data.brad_pub }}" export METIS_SSH_KEY_BRAD="{{ .Data.data.brad_pub }}"
export METIS_SSH_KEY_HECATE_TETHYS="{{ .Data.data.hecate_tethys_pub }}" export METIS_SSH_KEY_HECATE_TETHYS="{{ .Data.data.hecate_tethys_pub }}"
export METIS_SSH_KEY_HECATE_DB="{{ .Data.data.hecate_db_pub }}"
{{ end }}` {{ end }}`
} }
return annotations return annotations

21
pkg/service/remote_test.go
View File

@ -1,6 +1,9 @@
package service package service
import "testing" import (
"strings"
"testing"
)
func TestMountedHostTmpDirMapsConfiguredTmpPathIntoMount(t *testing.T) { func TestMountedHostTmpDirMapsConfiguredTmpPathIntoMount(t *testing.T) {
if got := mountedHostTmpDir("/tmp/metis-flash-test"); got != "/host-tmp/metis-flash-test" { if got := mountedHostTmpDir("/tmp/metis-flash-test"); got != "/host-tmp/metis-flash-test" {
@ -10,3 +13,19 @@ func TestMountedHostTmpDirMapsConfiguredTmpPathIntoMount(t *testing.T) {
t.Fatalf("expected /host-tmp, got %q", got) t.Fatalf("expected /host-tmp, got %q", got)
} }
} }
func TestVaultRuntimeAnnotationsIncludeReciprocalHecateKeys(t *testing.T) {
withKeys := vaultRuntimeAnnotations(true)
template := withKeys["vault.hashicorp.com/agent-inject-template-metis-ssh-env.sh"]
if !strings.Contains(template, "METIS_SSH_KEY_HECATE_TETHYS") {
t.Fatalf("expected tethys hecate key export in vault template: %q", template)
}
if !strings.Contains(template, "METIS_SSH_KEY_HECATE_DB") {
t.Fatalf("expected db hecate key export in vault template: %q", template)
}
withoutKeys := vaultRuntimeAnnotations(false)
if _, ok := withoutKeys["vault.hashicorp.com/agent-inject-template-metis-ssh-env.sh"]; ok {
t.Fatalf("did not expect ssh key template when includeSSHKeys=false")
}
}