verbose wait

Signed-off-by: Kiara Grouwstra <kiara@procolix.eu>

deployment/check/common/data-model.nix

@@ -209,6 +209,11 @@ let
                 security.sudo.wheelNeedsPassword = false;
                 nix.settings.trusted-users = [ "@wheel" ];
 
+                services.cloud-init = {
+                  enable = true;
+                  network.enable = true;
+                };
+
                 users.mutableUsers = false;
                 users.users =
                   {

deployment/check/data-model-tf-proxmox/nixosTest.nix

@@ -94,6 +94,7 @@ in
         deployment.run
         pkgs.pve-manager
         pkgs.openssl
+        pkgs.jq
         (pkgs.callPackage ../../run/tf-proxmox/tf.nix { inherit sources; })
       ];
 
@@ -132,15 +133,37 @@ in
     pve.succeed("mkdir -p /run/pve")
     assert "Proxmox" in pve.succeed("curl -s -i -k https://localhost:8006")
 
-    # pve.succeed("pvesh set /access/password --userid root@pam --password mypwdlol --confirmation-password mytestpw 1>&2")
-    # pve.succeed("curl -s -i -k -d '{\"userid\":\"root@pam\",\"password\":\"mypwdhaha\",\"confirmation-password\":\"mypwdlol\"}' -X PUT https://localhost:8006/api2/json/access/password 1>&2")
     cert = pve.succeed("cat /etc/pve/pve-root-ca.pem").strip()
 
+    # set up proxmox
+    pm_token = pve.succeed("""
+      set -e
+      pvesh create /pools --poolid Fediversity
+      pvesh set /storage/local --content "vztmpl,rootdir,backup,snippets,import,iso,images" 1>/dev/null
+      pvesh create /access/groups --groupid "roots"
+      pvesh set /access/users/root@pam --enable 1 --groups "roots"
+      pvesh set /access/acl --path "/" --roles "Administrator" --groups "roots"
+      pvesh create /access/users/root@pam/token/mytoken --privsep 0 --output-format json | jq -r .value
+    """).strip()
+    # FIXME pass separate privileges rather than disabling privsep
+
     # skip indent for EOF
     deployer.succeed(f"""
     cat > /etc/ssl/certs/pve-root-ca.pem <<EOF
     {cert}
     EOF
+
+    mkdir -p /root/.ssh
+    cat > /root/.ssh/id_ed25519 <<EOF
+    -----BEGIN OPENSSH PRIVATE KEY-----
+    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+    QyNTUxOQAAACBWbJXVjBLGo2MrI2LBKTbzDozuA/C9taU630EtU/h38gAAAJDAOy8uwDsv
+    LgAAAAtzc2gtZWQyNTUxOQAAACBWbJXVjBLGo2MrI2LBKTbzDozuA/C9taU630EtU/h38g
+    AAAECcF8xjLavgWePoVx45Euewsh6Kw07L6QDDy3WXFCn4bFZsldWMEsajYysjYsEpNvMO
+    jO4D8L21pTrfQS1T+HfyAAAAC2tpYXJhQG5peG9zAQI=
+    -----END OPENSSH PRIVATE KEY-----
+    EOF
+    chmod 600 /root/.ssh/id_ed25519
     """)
 
     deployer.succeed("""
@@ -157,10 +180,19 @@ in
     """)
 
     with subtest("Run the deployment"):
-      deployer.succeed(f"""
+
+      ip = deployer.succeed(f"""
         export SSL_CERT_FILE=/tmp/pve-ca-bundle.crt
-        ${lib.getExe deployment.run} >&2
+        export PROXMOX_VE_API_TOKEN="root@pam!mytoken={pm_token}"
+        ${lib.getExe deployment.run} | jq -r '.ipv4.value[0]'
+        # ${lib.getExe deployment.run} >&2
+      """).strip()
+
+      deployer.succeed(f"""
+        ssh -i "/root/.ssh/id_ed25519" \
+        -o StrictHostKeyChecking=no \
+        -o BatchMode=yes \
+        root@{ip} hello >&2
       """)
-      # target.succeed("su - operator -c hello 1>&2")
   '';
 }

deployment/data-model.nix

@@ -509,8 +509,8 @@ let
                   # .qcow2 is around half the size of .raw, on top of supporting backups - be it apparently at the cost of performance
                   qemu-img convert -f raw -O qcow2 -C "${raw}" /tmp/${name}.qcow2
 
-                  ls -l ${raw}
-                  ls -l /tmp/${name}.qcow2
+                  # ls -l ${raw}
+                  # ls -l /tmp/${name}.qcow2
 
                   env ${toString (lib.mapAttrsToList (k: v: "TF_VAR_${k}=\"${toBash v}\"") environment)} \
                   ${toString (lib.mapAttrsToList (k: v: "${k}=\"${toBash v}\"") httpBackend)} \

deployment/run/tf-proxmox/main.tf

@@ -182,8 +182,8 @@ resource "null_resource" "wait_for_ssh" {
   ]
   provisioner "local-exec" {
     command = <<-EOT
-      for i in $(seq 1 10); do
-        if ssh \
+      for i in $(seq 1 30); do
+        if ssh -vvv \
         -i "${var.key_file}" \
         -o BatchMode=yes \
         -o StrictHostKeyChecking=no \

deployment/run/tf-proxmox/run.sh

@@ -2,11 +2,10 @@
 set -euo pipefail
 declare tf_env
 
-export TF_LOG=info
 # # on upload explodes RAM use + logs file content, causing timeout
 # export TF_LOG=debug
 
 cd "${tf_env}/deployment/run/tf-proxmox"
 # parallelism=1: limit OOM risk
-tofu apply --auto-approve -input=false -parallelism=1
-tofu output -json
+TF_LOG=info tofu apply --auto-approve -input=false -parallelism=1 >&2
+TF_LOG=error tofu output -json