ser8 ssh-exec baseline: probe as coilysiren (ser8 has no kai user), re-bless green #10

Closed
opened 2026-06-07 03:45:15 +00:00 by coilysiren · 0 comments
Owner

The ser8 ssh-exec probe (#9) used kai@, but ser8's account is coilysiren - so Tailscale SSH rejected with failed to look up local user "kai" (rc 255). That read as a benign config fact, but it left ser8's ssh-exec baseline RED when the path is actually green.

Re-captured through step.py as coilysiren@ser8: rc 0, true runs clean. Re-blessed current->baseline so ser8's ssh-exec baseline is the true-green path.

Design note for the fleet mesh (infrastructure#255): the ssh user is per-target data (kai on kai-server, coilysiren on ser8), so a mesh healthcheck can't hardcode one ssh user - it needs a per-target user map (SSM or inventory), same shape as the per-target address lookup.

The ser8 ssh-exec probe (#9) used `kai@`, but ser8's account is `coilysiren` - so Tailscale SSH rejected with `failed to look up local user "kai"` (rc 255). That read as a benign config fact, but it left ser8's ssh-exec baseline RED when the path is actually green. Re-captured through step.py as `coilysiren@ser8`: rc 0, `true` runs clean. Re-blessed current->baseline so ser8's ssh-exec baseline is the true-green path. Design note for the fleet mesh (infrastructure#255): the ssh user is per-target data (kai on kai-server, coilysiren on ser8), so a mesh healthcheck can't hardcode one ssh user - it needs a per-target user map (SSM or inventory), same shape as the per-target address lookup.
Commenting is not possible because the repository is archived.
No description provided.