From 244887e9c2345b1f7443975210cada819f57b49d Mon Sep 17 00:00:00 2001 From: MichaelFisher1997 Date: Sat, 28 Feb 2026 19:25:48 +0000 Subject: [PATCH 1/2] fix: auto-detect SSH login user for node operations --- .../kubeadm/scripts/rebuild-and-bootstrap.sh | 23 +++++++++++++++++-- nixos/kubeadm/scripts/reset-cluster-nodes.sh | 23 ++++++++++++++++++- 2 files changed, 43 insertions(+), 3 deletions(-) diff --git a/nixos/kubeadm/scripts/rebuild-and-bootstrap.sh b/nixos/kubeadm/scripts/rebuild-and-bootstrap.sh index 5653918..1840634 100755 --- a/nixos/kubeadm/scripts/rebuild-and-bootstrap.sh +++ b/nixos/kubeadm/scripts/rebuild-and-bootstrap.sh @@ -17,6 +17,7 @@ source "$INVENTORY_FILE" SSH_USER="${SSH_USER:-micqdf}" SSH_KEY_PATH="${SSH_KEY_PATH:-$HOME/.ssh/id_ed25519}" SSH_OPTS="${SSH_OPTS:--o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -i $SSH_KEY_PATH}" +SSH_USER_CANDIDATES="${SSH_USER_CANDIDATES:-$SSH_USER root}" declare -A NODE_IPS=() declare -a CP_NAMES=() @@ -78,7 +79,23 @@ populate_nodes() { remote() { local host_ip="$1" local cmd="$2" - ssh $SSH_OPTS "$SSH_USER@$host_ip" "$cmd" + ssh $SSH_OPTS "$ACTIVE_SSH_USER@$host_ip" "$cmd" +} + +detect_ssh_user() { + local probe_ip="$1" + local candidate + + for candidate in $SSH_USER_CANDIDATES; do + if ssh $SSH_OPTS "$candidate@$probe_ip" "true" >/dev/null 2>&1; then + ACTIVE_SSH_USER="$candidate" + echo "==> Using SSH user '$ACTIVE_SSH_USER'" + return 0 + fi + done + + echo "Unable to authenticate to $probe_ip with candidates: $SSH_USER_CANDIDATES" + return 1 } prepare_known_hosts() { @@ -109,7 +126,7 @@ rebuild_node() { echo "==> Rebuilding $node_name on $node_ip" nixos-rebuild switch \ --flake "$FLAKE_DIR#$node_name" \ - --target-host "$SSH_USER@$node_ip" \ + --target-host "$ACTIVE_SSH_USER@$node_ip" \ --use-remote-sudo } @@ -122,6 +139,8 @@ if [ -z "${NODE_IPS[$PRIMARY_CONTROL_PLANE]:-}" ]; then PRIMARY_CONTROL_PLANE="${CP_NAMES[0]}" fi PRIMARY_CP_IP="${NODE_IPS[$PRIMARY_CONTROL_PLANE]}" +ACTIVE_SSH_USER="$SSH_USER" +detect_ssh_user "$PRIMARY_CP_IP" for node in "${CP_NAMES[@]}"; do rebuild_node "$node" "${NODE_IPS[$node]}" diff --git a/nixos/kubeadm/scripts/reset-cluster-nodes.sh b/nixos/kubeadm/scripts/reset-cluster-nodes.sh index 40d5d6a..d3015aa 100755 --- a/nixos/kubeadm/scripts/reset-cluster-nodes.sh +++ b/nixos/kubeadm/scripts/reset-cluster-nodes.sh @@ -16,6 +16,7 @@ source "$INVENTORY_FILE" SSH_USER="${SSH_USER:-micqdf}" SSH_KEY_PATH="${SSH_KEY_PATH:-$HOME/.ssh/id_ed25519}" SSH_OPTS="${SSH_OPTS:--o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -i $SSH_KEY_PATH}" +SSH_USER_CANDIDATES="${SSH_USER_CANDIDATES:-$SSH_USER root}" declare -A NODE_IPS=() @@ -59,6 +60,22 @@ if [ "${#NODE_IPS[@]}" -eq 0 ]; then exit 1 fi +detect_ssh_user() { + local probe_ip="$1" + local candidate + + for candidate in $SSH_USER_CANDIDATES; do + if ssh $SSH_OPTS "$candidate@$probe_ip" "true" >/dev/null 2>&1; then + ACTIVE_SSH_USER="$candidate" + echo "==> Using SSH user '$ACTIVE_SSH_USER'" + return 0 + fi + done + + echo "Unable to authenticate to $probe_ip with candidates: $SSH_USER_CANDIDATES" + return 1 +} + mkdir -p "$HOME/.ssh" chmod 700 "$HOME/.ssh" touch "$HOME/.ssh/known_hosts" @@ -72,9 +89,13 @@ reset_node() { local node_name="$1" local node_ip="$2" echo "==> Resetting $node_name ($node_ip)" - ssh $SSH_OPTS "$SSH_USER@$node_ip" "sudo kubeadm reset -f && sudo systemctl stop kubelet && sudo rm -rf /etc/kubernetes /var/lib/etcd /var/lib/cni /etc/cni/net.d" + ssh $SSH_OPTS "$ACTIVE_SSH_USER@$node_ip" "sudo kubeadm reset -f && sudo systemctl stop kubelet && sudo rm -rf /etc/kubernetes /var/lib/etcd /var/lib/cni /etc/cni/net.d" } +FIRST_NODE_IP="${NODE_IPS[$(printf '%s\n' "${!NODE_IPS[@]}" | sort -V | head -n1)]}" +ACTIVE_SSH_USER="$SSH_USER" +detect_ssh_user "$FIRST_NODE_IP" + while IFS= read -r node_name; do reset_node "$node_name" "${NODE_IPS[$node_name]}" done < <(printf '%s\n' "${!NODE_IPS[@]}" | sort -V) From 5c037d9a99f5dc5bca2040b01de6d3af17b9a0f4 Mon Sep 17 00:00:00 2001 From: MichaelFisher1997 Date: Sat, 28 Feb 2026 20:03:26 +0000 Subject: [PATCH 2/2] fix: prefer root SSH for deploy and trust micqdf in nix --- nixos/kubeadm/modules/k8s-common.nix | 2 ++ nixos/kubeadm/scripts/rebuild-and-bootstrap.sh | 2 +- nixos/kubeadm/scripts/reset-cluster-nodes.sh | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/nixos/kubeadm/modules/k8s-common.nix b/nixos/kubeadm/modules/k8s-common.nix index 57fea49..449ee98 100644 --- a/nixos/kubeadm/modules/k8s-common.nix +++ b/nixos/kubeadm/modules/k8s-common.nix @@ -59,6 +59,8 @@ in KbdInteractiveAuthentication = false; }; + nix.settings.trusted-users = [ "root" "micqdf" ]; + environment.variables = { KUBECONFIG = "/etc/kubernetes/admin.conf"; KUBE_VIP_IMAGE = kubeVipImage; diff --git a/nixos/kubeadm/scripts/rebuild-and-bootstrap.sh b/nixos/kubeadm/scripts/rebuild-and-bootstrap.sh index 1840634..573df19 100755 --- a/nixos/kubeadm/scripts/rebuild-and-bootstrap.sh +++ b/nixos/kubeadm/scripts/rebuild-and-bootstrap.sh @@ -17,7 +17,7 @@ source "$INVENTORY_FILE" SSH_USER="${SSH_USER:-micqdf}" SSH_KEY_PATH="${SSH_KEY_PATH:-$HOME/.ssh/id_ed25519}" SSH_OPTS="${SSH_OPTS:--o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -i $SSH_KEY_PATH}" -SSH_USER_CANDIDATES="${SSH_USER_CANDIDATES:-$SSH_USER root}" +SSH_USER_CANDIDATES="${SSH_USER_CANDIDATES:-root $SSH_USER}" declare -A NODE_IPS=() declare -a CP_NAMES=() diff --git a/nixos/kubeadm/scripts/reset-cluster-nodes.sh b/nixos/kubeadm/scripts/reset-cluster-nodes.sh index d3015aa..b137f7e 100755 --- a/nixos/kubeadm/scripts/reset-cluster-nodes.sh +++ b/nixos/kubeadm/scripts/reset-cluster-nodes.sh @@ -16,7 +16,7 @@ source "$INVENTORY_FILE" SSH_USER="${SSH_USER:-micqdf}" SSH_KEY_PATH="${SSH_KEY_PATH:-$HOME/.ssh/id_ed25519}" SSH_OPTS="${SSH_OPTS:--o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -i $SSH_KEY_PATH}" -SSH_USER_CANDIDATES="${SSH_USER_CANDIDATES:-$SSH_USER root}" +SSH_USER_CANDIDATES="${SSH_USER_CANDIDATES:-root $SSH_USER}" declare -A NODE_IPS=()