fix(reboot): repair 110 ssh control path on startup
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 48s
CD Pipeline / post-deploy-checks (push) Has been cancelled
CD Pipeline / build-and-deploy (push) Has been cancelled

This commit is contained in:
Your Name
2026-07-02 10:53:16 +08:00
parent 37027382b9
commit d84be37e26
3 changed files with 57 additions and 0 deletions

View File

@@ -99,7 +99,26 @@ quarantine_corrupt_docker_container_metadata() {
log "Docker corrupt metadata quarantine dir=$qdir count=$count"
}
repair_ssh_control_path_metadata() {
local script="${AWOOOI_110_SSH_REPAIR_SCRIPT:-/usr/local/bin/repair-110-ssh-publickey-auth-local.sh}"
local target_user="${AWOOOI_110_SSH_REPAIR_USER:-wooo}"
local reload_ssh="${AWOOOI_110_SSH_RELOAD_AFTER_REPAIR:-0}"
log "[0/6] 修復 110 SSH control path metadata..."
if [ ! -x "$script" ]; then
log "⚠️ SSH control path metadata repair helper missing or not executable: $script"
return 0
fi
if TARGET_USER="$target_user" RELOAD_SSH="$reload_ssh" "$script" --apply; then
log "✅ 110 SSH control path metadata guard completed target_user=$target_user reload_ssh=$reload_ssh"
else
log "⚠️ 110 SSH control path metadata guard failed; continuing startup"
fi
}
log "=== 192.168.0.110 啟動序列開始 ==="
repair_ssh_control_path_metadata
# ──────────────────────────────────────────────
# STEP 1: Docker 修復(若 BoltDB 損壞)

View File

@@ -129,6 +129,25 @@ def test_startup_110_quarantines_corrupt_docker_container_metadata() -> None:
assert 'run_bounded "$DOCKER_START_TIMEOUT_SECONDS" systemctl start docker.socket docker.service' in text
def test_startup_110_repairs_ssh_control_path_metadata_before_docker() -> None:
text = STARTUP_110.read_text(encoding="utf-8")
repair_fn = text.index("repair_ssh_control_path_metadata()")
repair_call = text.index("repair_ssh_control_path_metadata", repair_fn + 1)
docker_step = text.index('log "[1/5] 檢查 Docker..."')
assert repair_fn < repair_call < docker_step
assert 'AWOOOI_110_SSH_REPAIR_SCRIPT:-/usr/local/bin/repair-110-ssh-publickey-auth-local.sh' in text
assert 'AWOOOI_110_SSH_REPAIR_USER:-wooo' in text
assert 'AWOOOI_110_SSH_RELOAD_AFTER_REPAIR:-0' in text
assert 'TARGET_USER="$target_user" RELOAD_SSH="$reload_ssh" "$script" --apply' in text
assert "SSH control path metadata guard completed" in text
assert "cat \"$home_dir/.ssh/authorized_keys\"" not in text
assert "cat ~/.ssh/authorized_keys" not in text
assert "ssh-keygen" not in text
assert "ssh-copy-id" not in text
def test_startup_110_opens_only_controlled_cd_lane_after_guardrails() -> None:
text = STARTUP_110.read_text(encoding="utf-8")