...

examples/virt/hetzner/hetzner_example.vsh

@@ -58,5 +58,5 @@ mut cl := hetznermanager.get(name: 'main')!
 
 // n.shell("")!
 
-cl.ubuntu_install(name: 'kristof2', wait: true, hero_install: true, sshkey_name: 'kristof')!
+// cl.ubuntu_install(name: 'kristof2', wait: true, hero_install: true, sshkey_name: 'kristof')!
 cl.ubuntu_install(name: 'kristof20', wait: true, hero_install: true, sshkey_name: 'kristof')!

lib/clients/livekit/play.v

@@ -131,37 +131,37 @@ pub fn play(mut plbook PlayBook) ! {
 
 	// Handle access token generation
 	mut token_create_actions := plbook.find(filter: 'livekit.token_create')!
-	for mut action in token_create_actions {
-		mut p := action.params
+	// for mut action in token_create_actions {
+	// 	mut p := action.params
 
-		client_name := texttools.name_fix(p.get_default('client', 'default')!)
-		identity := p.get('identity')!
-		name := p.get_default('name', identity)!
-		room := p.get_default('room', '')!
-		ttl := p.get_int_default('ttl', 21600)!
-		can_publish := p.get_default_false('can_publish')
-		can_subscribe := p.get_default_true('can_subscribe')
-		can_publish_data := p.get_default_false('can_publish_data')
+	// 	client_name := texttools.name_fix(p.get_default('client', 'default')!)
+	// 	identity := p.get('identity')!
+	// 	name := p.get_default('name', identity)!
+	// 	room := p.get_default('room', '')!
+	// 	ttl := p.get_int_default('ttl', 21600)!
+	// 	can_publish := p.get_default_false('can_publish')
+	// 	can_subscribe := p.get_default_true('can_subscribe')
+	// 	can_publish_data := p.get_default_false('can_publish_data')
 
-		mut client := get(name: client_name)!
+	// 	mut client := get(name: client_name)!
 
-		mut token := client.new_access_token(
-			identity: identity
-			name:     name
-			ttl:      ttl
-		)!
+	// 	mut token := client.new_access_token(
+	// 		identity: identity
+	// 		name:     name
+	// 		ttl:      ttl
+	// 	)!
 
-		token.add_video_grant(VideoGrant{
-			room:             room
-			room_join:        true
-			can_publish:      can_publish
-			can_subscribe:    can_subscribe
-			can_publish_data: can_publish_data
-		})
+	// 	token.add_video_grant(VideoGrant{
+	// 		room:             room
+	// 		room_join:        true
+	// 		can_publish:      can_publish
+	// 		can_subscribe:    can_subscribe
+	// 		can_publish_data: can_publish_data
+	// 	})
 
-		jwt := token.to_jwt()!
-		console.print_header('Access token generated for "${identity}"')
-		console.print_debug('Token: ${jwt}')
-		action.done = true
-	}
+	// 	jwt := token.to_jwt()!
+	// 	console.print_header('Access token generated for "${identity}"')
+	// 	console.print_debug('Token: ${jwt}')
+	// 	action.done = true
+	// }
 }

lib/osal/core/net.v

@@ -26,10 +26,10 @@ pub fn ping(args PingArgs) !bool {
 	// if platform_ == .windows {
 	// 	cmd += ' -n 1 -w 1000'
 	if platform_ == .osx {
-		cmd += ' -c 1 -t 2'
+		cmd += ' -c1 -t2'
 	} else {
 		// linux
-		cmd += ' -c 1 -w 2'
+		cmd += ' -c1 -w2'
 	}
 	cmd += ' ${args.address}'
 	if args.nr_ok > args.nr_ping {
@@ -38,12 +38,11 @@ pub fn ping(args PingArgs) !bool {
 	for _ in 0 .. math.max(1, args.retry) {
 		mut nrerrors := 0
 		for _ in 0 .. args.nr_ping {
-			// console.print_debug(cmd)
 			res := os.execute(cmd)
 			if res.exit_code > 0 {
 				nrerrors += 1
 			}
-			// println(res)
+			console.print_debug("${cmd} ${res.exit_code} ${nrerrors}")
 		}
 		successes := args.nr_ping - nrerrors
 		if successes >= args.nr_ok {
@@ -197,7 +196,7 @@ pub fn ssh_wait(args TcpPortTestArgs) ! {
 		run_time = time.now().unix_milli()
 
 		errmsg, res := ssh_testrun_internal(args)!
-		console.print_debug(errmsg)
+		// console.print_debug(errmsg)
 
 		if run_time > start_time + args.timeout {
 			return error(errmsg)
@@ -211,7 +210,8 @@ pub fn ssh_wait(args TcpPortTestArgs) ! {
 
 fn ssh_testrun_internal(args TcpPortTestArgs) !(string, SSHResult) {
 	cmd := '
-	ssh -o BatchMode=yes -o ConnectTimeout=3 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -q "${args.address}" exit
+	set -ex
+	ssh -o BatchMode=yes -o ConnectTimeout=3 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -q root@${args.address} exit
 	if [ $? -eq 0 ]; then
 	echo "OK: SSH works"
 	exit 0
@@ -233,10 +233,11 @@ fn ssh_testrun_internal(args TcpPortTestArgs) !(string, SSHResult) {
 	fi
 	echo "ERROR: Host unreachable, over ping and ssh"
 	exit 3
-	' // console.print_debug('ssh test cmd: ${cmd}')
+	' 
 
 	res := exec(cmd: cmd, ignore_error: true, stdout: false, debug: false)!
-	// console.print_debug('ssh test result: ${res}')
+	// console.print_debug('ssh test ${res.exit_code}: ===== cmd:\n${cmd}\n=====\n${res.output}')
+
 	if res.exit_code == 0 {
 		return res.output, SSHResult.ok
 	} else if res.exit_code == 1 {

lib/virt/hetznermanager/hetznermanager_model.v

@@ -31,6 +31,7 @@ pub fn (mut h HetznerManager) connection() !&httpconnection.HTTPConnection {
 
 fn obj_init(mycfg_ HetznerManager) !HetznerManager {
 	mut mycfg := mycfg_
+	mycfg.whitelist = mycfg.whitelist.map(it.trim_space())
 	return mycfg
 }
 

lib/virt/hetznermanager/protection.v

@@ -0,0 +1,19 @@
+module hetznermanager
+
+import freeflowuniverse.herolib.core.texttools
+import time
+import freeflowuniverse.herolib.ui.console
+import freeflowuniverse.herolib.osal.core as osal
+import freeflowuniverse.herolib.builder
+
+
+pub fn (mut h HetznerManager) check_whitelist(name string)! {
+	
+	if whitelist.len == 0 {
+		return
+	}
+	if !whitelist.contains(name) {
+		return error('Server ${name} is not whitelisted')
+	}
+
+}

lib/virt/hetznermanager/rescue.v

@@ -38,6 +38,7 @@ pub fn (mut h HetznerManager) server_rescue(args_ ServerRescueArgs) !ServerInfoD
 		for _ in 0 .. args_.retry - 1 {
 			return h.server_rescue_internal(args_) or { continue }
 		}
+		console.print_header('server ${args_.name} failed to rescue we retry: now ${args_.retry} attempts')
 	}
 	return h.server_rescue_internal(args_)!
 }
@@ -46,6 +47,8 @@ fn (mut h HetznerManager) server_rescue_internal(args_ ServerRescueArgs) !Server
 	mut args := args_
 	mut serverinfo := h.server_info_get(id: args.id, name: args.name)!
 
+	os.execute_opt('ssh-keygen -R ${serverinfo.server_ip}')!
+
 	if serverinfo.rescue && !args.reset {
 		if osal.ssh_test(address: serverinfo.server_ip, port: 22)! == .ok {
 			console.print_debug('test server ${serverinfo.server_name} is in rescue mode?')
@@ -84,7 +87,7 @@ fn (mut h HetznerManager) server_rescue_internal(args_ ServerRescueArgs) !Server
 			dataformat: .urlencoded
 		)!
 
-		// console.print_debug('hetzner rescue\n${rescue}')
+		console.print_debug('Request for hetzner rescue done.\n${rescue}')
 
 		h.server_reset(
 			id:   args.id
@@ -149,8 +152,9 @@ pub fn (mut h HetznerManager) ubuntu_install(args ServerInstallArgs) !&builder.N
 	// n.file_write("/tmp/installconfig",installconfig)!
 	// n.exec_interactive("installimage -a -c /tmp/installconfig")!
 
-	mut rstr := ''
+	mut rstr := '-r no '
 	if args.raid {
+		panic("should not use RAID for now")
 		rstr = '-r yes -l 1 '
 	}
 
@@ -158,8 +162,20 @@ pub fn (mut h HetznerManager) ubuntu_install(args ServerInstallArgs) !&builder.N
 		cmd: '
 		set -ex
 		echo "go into install mode, try to install ubuntu 24.04"
-		/root/.oldroot/nfs/install/installimage -a -n kristof2 ${rstr} -i /root/.oldroot/nfs/images/Ubuntu-2404-noble-amd64-base.tar.gz -f yes -t yes -p swap:swap:4G,/boot:ext3:1024M,/:btrfs:all
-		reboot'
+
+		if [ -d /sys/firmware/efi ]; then
+			echo "UEFI system detected → need ESP"
+			PARTS="/boot/efi:esp:256M,swap:swap:4G,/boot:ext3:1024M,/:btrfs:all"
+		else
+			echo "BIOS/legacy system detected → no ESP"
+			PARTS="swap:swap:4G,/boot:ext3:1024M,/:btrfs:all"
+		fi
+
+		# installimage invocation
+		/root/.oldroot/nfs/install/installimage -a -n "${args.name}" ${rstr} -i /root/.oldroot/nfs/images/Ubuntu-2404-noble-amd64-base.tar.gz -f yes -t yes -p "\$PARTS"
+
+		reboot
+		'
 	)!
 
 	os.execute_opt('ssh-keygen -R ${serverinfo.server_ip}')!
@@ -172,6 +188,9 @@ pub fn (mut h HetznerManager) ubuntu_install(args ServerInstallArgs) !&builder.N
 		timeout_up:   60 * 5
 	)!
 
+	//wait 20 sec to make sure ssh is there
+	osal.ssh_wait(address: serverinfo.server_ip, timeout: 20)!
+
 	if args.hero_install {
 		n.exec_silent('apt update && apt install -y mc redis')!
 		n.hero_install(compile: args.hero_install_compile)!

lib/virt/hetznermanager/reset.v

@@ -50,7 +50,7 @@ pub fn (mut h HetznerManager) server_reset(args ServerRebootArgs) !ResetInfo {
 	// now need to wait till it goes off
 	if serveractive {
 		for {
-			console.print_debug('wait for server ${serverinfo.server_name} to go down.')
+			console.print_debug('wait for server ${serverinfo.server_name} on ${serverinfo.server_ip} to go down.')
 			pingresult := osal.ping(address: serverinfo.server_ip)!
 			if !pingresult {
 				console.print_debug('server ${serverinfo.server_name} is now down, now waitig for reboot.')
@@ -64,7 +64,7 @@ pub fn (mut h HetznerManager) server_reset(args ServerRebootArgs) !ResetInfo {
 	if args.wait {
 		for {
 			time.sleep(1000 * time.millisecond)
-			console.print_debug('wait for ${serverinfo.server_name} ${args.msg}')
+			console.print_debug('wait for ${serverinfo.server_name} on ${serverinfo.server_ip} ${args.msg}')
 			if osal.ssh_test(address: serverinfo.server_ip)! == .ok {
 				console.print_debug('ssh test ok')
 				console.print_header('server is rebooted: ${serverinfo.server_name}')