After DHCP/byMAC/ignition are published, OKDAddNodeScore now offers to
reboot the newly-discovered node over SSH using the cluster SshKeyPair
(the same secret Harmony already baked into the discovery image's
/root/.ssh/authorized_keys via inventory.kickstart.j2). The operator
still gets a confirm prompt; declining falls back to the old
"power-cycle manually" path with the IP printed.
New plumbing:
- harmony_types::ssh::SshCredentials — plain enum (SshKey with PEM +
passphrase | Password). No derives; not a Harmony Secret. Built
on-the-fly from existing secrets the caller already holds.
- harmony::infra::ssh::run_command(host, port, creds, cmd) — single
russh round-trip, fresh connection per call, no trait or state.
Returns stdout or SshError; caller tolerates NonZeroExit when the
command is expected to sever the session (reboot).
Harmony's Cargo.toml now uses russh/russh-keys via workspace instead of
a pinned 0.45.0 literal to match opnsense-config.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sylvain Tremblay
bd8f0c405b