fix(recovery): classify ssh key accept timeout
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 42s
CD Pipeline / build-and-deploy (push) Failing after 2m37s
CD Pipeline / post-deploy-checks (push) Has been skipped

This commit is contained in:
Your Name
2026-06-30 23:39:53 +08:00
parent bbe051ae2d
commit b09b103a59
4 changed files with 59 additions and 9 deletions

View File

@@ -145,6 +145,9 @@ def validate_harbor_registry_controlled_recovery_receipt(
"ssh_publickey_offer_timeout_seen": ssh_diagnosis[
"publickey_offer_timeout_seen"
],
"ssh_publickey_server_accepts_key_then_timeout_seen": (
ssh_diagnosis["server_accepts_key_then_timeout_seen"]
),
"ssh_publickey_node_exporter_ok": ssh_diagnosis["node_exporter_ok"],
"ssh_publickey_port_tcp_open": ssh_diagnosis["ssh_port_tcp_open"],
"ssh_local_repair_receipt_seen": ssh_local["receipt_seen"],
@@ -307,6 +310,8 @@ def _ssh_metadata_phase_status(
return "blocked_ssh_metadata_repair_receipt_not_ready"
if ssh_diagnosis["publickey_offer_timeout_seen"]:
return "blocked_waiting_ssh_metadata_repair_receipt_after_publickey_timeout"
if ssh_diagnosis["server_accepts_key_then_timeout_seen"]:
return "blocked_waiting_110_local_session_path_diagnosis_after_key_accept_timeout"
if watchdog_check["receipt_seen"]:
return "skipped_not_required"
return "blocked_waiting_ssh_metadata_or_harbor_preflight_receipt"
@@ -342,6 +347,11 @@ def _parse_ssh_publickey_diagnosis_output(output: str) -> dict[str, Any]:
and item["classification"] == "publickey_offer_timeout"
for item in auth_attempts
)
server_accepts_key_then_timeout_seen = any(
item["mode"] == "publickey"
and item["classification"] == "server_accepts_key_then_timeout"
for item in auth_attempts
)
preauth_timeout_count = sum(
1 for item in auth_attempts if item["classification"] == "preauth_timeout"
)
@@ -362,6 +372,9 @@ def _parse_ssh_publickey_diagnosis_output(output: str) -> dict[str, Any]:
"auth_classifications": auth_attempts,
"wooo_publickey_classification": wooo_publickey,
"publickey_offer_timeout_seen": publickey_offer_timeout_seen,
"server_accepts_key_then_timeout_seen": (
server_accepts_key_then_timeout_seen
),
"preauth_timeout_count": preauth_timeout_count,
"permission_denied_count": permission_denied_count,
"diagnosis_ready": bool(marker_seen and ssh_port_tcp_open and auth_attempts),
@@ -774,6 +787,11 @@ def _active_blockers(
and not ssh_local["control_channel_metadata_ready"]
):
blockers.append("ssh_publickey_offer_timeout_on_wooo")
if (
ssh_diagnosis["server_accepts_key_then_timeout_seen"]
and not ssh_local["control_channel_metadata_ready"]
):
blockers.append("ssh_publickey_server_accepts_key_then_timeout_on_wooo")
if ssh_local["receipt_seen"] and not ssh_local["control_channel_metadata_ready"]:
blockers.append("ssh_local_repair_receipt_metadata_not_ready")
if not watchdog_check["receipt_seen"]: