Sylvain Tremblay
9670b5474f
Two intertwined updates to the sttest example:
Modernize the OPNsense construction to match affilium2:
- drop the local OPNSenseFirewallConfig that reused one username/password
for both API and SSH
- use the canonical OPNSenseFirewallCredentials + OPNSenseApiCredentials
from harmony::config::secret (each prompted / stored separately)
- extract get_opnsense() -> Arc<OPNSenseFirewall> as a reusable helper
- call OPNSenseFirewall::with_api_port(..., 9443, ...) so the client
hits the OPNsense web GUI on 9443 (HAProxy owns 443)
- trim Cargo.toml to the deps the crate actually imports
Exercise the new Day-2 add-node flow end to end:
- init harmony_cli::cli_logger so the run is debuggable
- replace the lone HarmonyDiscoveryStrategy::MDNS with a SUBNET scan
over 192.168.40.0/24:25000, defined once and threaded through both
OKDInstallationPipeline::get_all_scores(...) and the appended
AddOkdNodeScore { role: ControlPlane, ... }
- env.sh now documents the two OPNsense secrets and reminds the
operator to point KUBECONFIG at
./data/okd/installation_files_sttest0/auth/kubeconfig after the
installer finishes (AddOkdNodeScore needs a reachable k8s API)
The add-node tail only publishes cp3's ignition + byMAC + DHCP; etcd
membership, serving certs, and CSR approval remain manual per the
score's own footer.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
16 lines
390 B
TOML
16 lines
390 B
TOML
[package]
|
|
name = "sttest"
|
|
edition = "2024"
|
|
version.workspace = true
|
|
readme.workspace = true
|
|
license.workspace = true
|
|
publish = false
|
|
|
|
[dependencies]
|
|
harmony = { path = "../../harmony" }
|
|
harmony_cli = { path = "../../harmony_cli" }
|
|
harmony_macros = { path = "../../harmony_macros" }
|
|
harmony_secret = { path = "../../harmony_secret" }
|
|
cidr = { workspace = true }
|
|
tokio = { workspace = true }
|