fix(reboot): repair 110 ssh control path on startup
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 48s
CD Pipeline / post-deploy-checks (push) Has been cancelled
CD Pipeline / build-and-deploy (push) Has been cancelled
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 48s
CD Pipeline / post-deploy-checks (push) Has been cancelled
CD Pipeline / build-and-deploy (push) Has been cancelled
This commit is contained in:
@@ -99,7 +99,26 @@ quarantine_corrupt_docker_container_metadata() {
|
||||
log "Docker corrupt metadata quarantine dir=$qdir count=$count"
|
||||
}
|
||||
|
||||
repair_ssh_control_path_metadata() {
|
||||
local script="${AWOOOI_110_SSH_REPAIR_SCRIPT:-/usr/local/bin/repair-110-ssh-publickey-auth-local.sh}"
|
||||
local target_user="${AWOOOI_110_SSH_REPAIR_USER:-wooo}"
|
||||
local reload_ssh="${AWOOOI_110_SSH_RELOAD_AFTER_REPAIR:-0}"
|
||||
|
||||
log "[0/6] 修復 110 SSH control path metadata..."
|
||||
if [ ! -x "$script" ]; then
|
||||
log "⚠️ SSH control path metadata repair helper missing or not executable: $script"
|
||||
return 0
|
||||
fi
|
||||
|
||||
if TARGET_USER="$target_user" RELOAD_SSH="$reload_ssh" "$script" --apply; then
|
||||
log "✅ 110 SSH control path metadata guard completed target_user=$target_user reload_ssh=$reload_ssh"
|
||||
else
|
||||
log "⚠️ 110 SSH control path metadata guard failed; continuing startup"
|
||||
fi
|
||||
}
|
||||
|
||||
log "=== 192.168.0.110 啟動序列開始 ==="
|
||||
repair_ssh_control_path_metadata
|
||||
|
||||
# ──────────────────────────────────────────────
|
||||
# STEP 1: Docker 修復(若 BoltDB 損壞)
|
||||
|
||||
@@ -129,6 +129,25 @@ def test_startup_110_quarantines_corrupt_docker_container_metadata() -> None:
|
||||
assert 'run_bounded "$DOCKER_START_TIMEOUT_SECONDS" systemctl start docker.socket docker.service' in text
|
||||
|
||||
|
||||
def test_startup_110_repairs_ssh_control_path_metadata_before_docker() -> None:
|
||||
text = STARTUP_110.read_text(encoding="utf-8")
|
||||
|
||||
repair_fn = text.index("repair_ssh_control_path_metadata()")
|
||||
repair_call = text.index("repair_ssh_control_path_metadata", repair_fn + 1)
|
||||
docker_step = text.index('log "[1/5] 檢查 Docker..."')
|
||||
|
||||
assert repair_fn < repair_call < docker_step
|
||||
assert 'AWOOOI_110_SSH_REPAIR_SCRIPT:-/usr/local/bin/repair-110-ssh-publickey-auth-local.sh' in text
|
||||
assert 'AWOOOI_110_SSH_REPAIR_USER:-wooo' in text
|
||||
assert 'AWOOOI_110_SSH_RELOAD_AFTER_REPAIR:-0' in text
|
||||
assert 'TARGET_USER="$target_user" RELOAD_SSH="$reload_ssh" "$script" --apply' in text
|
||||
assert "SSH control path metadata guard completed" in text
|
||||
assert "cat \"$home_dir/.ssh/authorized_keys\"" not in text
|
||||
assert "cat ~/.ssh/authorized_keys" not in text
|
||||
assert "ssh-keygen" not in text
|
||||
assert "ssh-copy-id" not in text
|
||||
|
||||
|
||||
def test_startup_110_opens_only_controlled_cd_lane_after_guardrails() -> None:
|
||||
text = STARTUP_110.read_text(encoding="utf-8")
|
||||
|
||||
|
||||
Reference in New Issue
Block a user