constellation/.github/actions/e2e_emergency_ssh/action.yml

name: Emergency ssh
description: "Verify that an emergency ssh connection can be established."

inputs:
  workspace:
    description: "The constellation workspace directory."
    required: true
  kubeconfig:
    description: "The kubeconfig file for the cluster."
    required: true
  
runs:
  using: "composite"
  steps:
    - name: Test emergency ssh
      shell: bash
      env:
        KUBECONFIG: ${{ inputs.kubeconfig }}
      run: |
        # Activate emergency ssh access to the cluster
        pushd ./constellation-terraform
        echo "emergency_ssh = true" >> terraform.tfvars
        terraform apply -auto-approve
        lb="$(terraform output -raw loadbalancer_address)"
        popd

        # write ssh config
        cat > ssh_config <<EOF
        Host $lb
          ProxyJump none

        Host *
          StrictHostKeyChecking no
          UserKnownHostsFile=/dev/null
          IdentityFile ./access-key
          PreferredAuthentications publickey
          CertificateFile=constellation_cert.pub
          User root
          ProxyJump $lb
        EOF

        cat ssh_config

        # generate and try keypair
        ssh-keygen -t ecdsa -q -N "" -f ./access-key
        constellation ssh --debug --key ./access-key.pub
        internalIPs="$(kubectl get nodes -o=jsonpath='{.items[*].status.addresses}' | jq -r '.[] | select(.type == "InternalIP") | .address')"
        for ip in $internalIPs; do
          echo "Trying connection to $ip over $lb"
          ssh -F ssh_config -o BatchMode=yes $ip true
        done
Wrote `e2e_emergency_ssh` action 2025-02-13 13:55:41 +01:00			`name: Emergency ssh`
			`description: "Verify that an emergency ssh connection can be established."`

			`inputs:`
			`workspace:`
			`description: "The constellation workspace directory."`
			`required: true`
			`kubeconfig:`
			`description: "The kubeconfig file for the cluster."`
			`required: true`

			`runs:`
			`using: "composite"`
			`steps:`
			`- name: Test emergency ssh`
			`shell: bash`
			`env:`
			`KUBECONFIG: ${{ inputs.kubeconfig }}`
			`run: \|`
			`# Activate emergency ssh access to the cluster`
do terraform stuff in terraform dir 2025-02-18 15:30:51 +01:00			`pushd ./constellation-terraform`
Wrote `e2e_emergency_ssh` action 2025-02-13 13:55:41 +01:00			`echo "emergency_ssh = true" >> terraform.tfvars`
			`terraform apply -auto-approve`
			`lb="$(terraform output -raw loadbalancer_address)"`
do terraform stuff in terraform dir 2025-02-18 15:30:51 +01:00			`popd`
Wrote `e2e_emergency_ssh` action 2025-02-13 13:55:41 +01:00
			`# write ssh config`
			`cat > ssh_config <<EOF`
			`Host $lb`
			`ProxyJump none`

fix indentation again :) 2025-02-13 16:44:01 +01:00			`Host *`
dont check host keys 2025-02-20 15:55:26 +01:00			`StrictHostKeyChecking no`
			`UserKnownHostsFile=/dev/null`
fix indentation again :) 2025-02-13 16:44:01 +01:00			`IdentityFile ./access-key`
			`PreferredAuthentications publickey`
			`CertificateFile=constellation_cert.pub`
			`User root`
			`ProxyJump $lb`
Wrote `e2e_emergency_ssh` action 2025-02-13 13:55:41 +01:00			`EOF`

[no ci] debug prints 2025-02-18 16:23:35 +01:00			`cat ssh_config`

Wrote `e2e_emergency_ssh` action 2025-02-13 13:55:41 +01:00			`# generate and try keypair`
			`ssh-keygen -t ecdsa -q -N "" -f ./access-key`
			`constellation ssh --debug --key ./access-key.pub`
			`internalIPs="$(kubectl get nodes -o=jsonpath='{.items[*].status.addresses}' \| jq -r '.[] \| select(.type == "InternalIP") \| .address')"`
[no ci] fix typo in variable 2025-02-20 14:14:08 +01:00			`for ip in $internalIPs; do`
[no ci] debug prints 2025-02-18 16:23:35 +01:00			`echo "Trying connection to $ip over $lb"`
use ssh command more appropriate for scripting 2025-02-18 11:50:15 +01:00			`ssh -F ssh_config -o BatchMode=yes $ip true`
Wrote `e2e_emergency_ssh` action 2025-02-13 13:55:41 +01:00			`done`