metis: capture hecate sudo baseline for db and tethys recovery

2026-04-05 10:03:29 -03:00 · 2026-04-05 10:03:29 -03:00 · edb718a5f6
commit edb718a5f6
parent 10e94cf6f0
2 changed files with 23 additions and 1 deletions
--- a/inventory.titan-rpi4.yaml
+++ b/inventory.titan-rpi4.yaml
@ -28,6 +28,11 @@ classes:
    default_labels:
      hardware: rpi5
      node-role.kubernetes.io/worker: "true"
+  - name: rpi5-ubuntu-host
+    arch: arm64
+    os: ubuntu-24.04-raspi
+    image: ${METIS_IMAGE_RPI5_UBUNTU_WORKER}
+    checksum: ${METIS_IMAGE_RPI5_UBUNTU_WORKER_SHA256}
  - name: jetson-ubuntu-accelerator
    arch: arm64
    os: ubuntu-20.04-tegra
@ -278,6 +283,19 @@ nodes:
    ssh_user: atlas
    ssh_authorized_keys:
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOb8oMX6u0z3sH/p/WBGlvPXXdbGETCKzWYwR/dd6fZb titan-bastion
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBlmAXoeYVcX3zE+MSsvjB7gpAHRX0djiWYxoAuAFEQx brad.stein@bstein.dev
+  - name: titan-db
+    class: rpi5-ubuntu-host
+    hostname: titan-db
+    ip: 192.168.22.10
+    k3s_role: agent
+    k3s_url: https://192.168.22.7:6443
+    k3s_token: ${METIS_K3S_TOKEN}
+    ssh_user: atlas
+    ssh_authorized_keys:
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOb8oMX6u0z3sH/p/WBGlvPXXdbGETCKzWYwR/dd6fZb titan-bastion
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBlmAXoeYVcX3zE+MSsvjB7gpAHRX0djiWYxoAuAFEQx brad.stein@bstein.dev
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA48uzhL71cXeFDb+LGla1z0kFUYfWPWIgby7uaaGAaY hecate-tethys-forward
  - name: titan-24
    class: amd64-debian-worker
    hostname: titan-24
@ -288,6 +306,7 @@ nodes:
    ssh_user: atlas
    ssh_authorized_keys:
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOb8oMX6u0z3sH/p/WBGlvPXXdbGETCKzWYwR/dd6fZb titan-bastion
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBlmAXoeYVcX3zE+MSsvjB7gpAHRX0djiWYxoAuAFEQx brad.stein@bstein.dev
  - name: titan-0a
    class: rpi5-ubuntu-control-plane
    hostname: titan-0a
--- a/pkg/plan/inject.go
+++ b/pkg/plan/inject.go
@ -357,7 +357,10 @@ func fstabAppendContent(cfg *config.NodeConfig) string {
 }

 func hecateSudoersContent(user string) string {
-	return fmt.Sprintf("%s ALL=(ALL) NOPASSWD: /usr/bin/systemctl, /usr/sbin/poweroff, /sbin/poweroff, /usr/local/bin/hecate\n", user)
+	return fmt.Sprintf(
+		"%s ALL=(ALL) NOPASSWD: /usr/bin/systemctl, /usr/sbin/poweroff, /sbin/poweroff, /usr/local/bin/hecate, /usr/local/bin/k3s, /usr/bin/k3s\n",
+		user,
+	)
 }

 func shellQuote(value string) string {