@meshxdata/fops 0.1.51 → 0.1.53

package/src/plugins/bundled/fops-plugin-azure/lib/azure-provision-init.js

@@ -44,19 +44,26 @@ export async function provisionVm(execa, ip, adminUser, { githubToken, branch =
     "apt-get install -y -qq apt-transport-https ca-certificates curl gnupg lsb-release jq git make unzip zsh software-properties-common python3-venv python3-pip",
   ].join("\n"), 300000);
 
-  await runScript("Installing Docker", [
+  const dockerExit = await runScript("Installing Docker", [
     waitAptLock,
     "export DEBIAN_FRONTEND=noninteractive",
     "install -m 0755 -d /etc/apt/keyrings",
-    "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg",
+    "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --batch --yes --dearmor -o /etc/apt/keyrings/docker.gpg",
     "chmod a+r /etc/apt/keyrings/docker.gpg",
     `echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list`,
-    "apt-get update -qq",
-    "apt-get install -y -qq docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin",
+    "set +e",
+    "for _ in 1 2 3 4 5; do if apt-get update -qq && apt-get install -y -qq docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin; then break; fi; echo 'Retrying Docker install in 10s…'; sleep 10; done",
+    "set -e",
+    "command -v docker >/dev/null 2>&1 || (echo 'Docker not found after install attempts' && exit 1)",
     "systemctl enable docker && systemctl start docker",
     `usermod -aG docker ${adminUser}`,
   ].join("\n"), 300000);
 
+  if (dockerExit !== 0) {
+    console.log(WARN("  ✗ Docker installation failed — cannot continue provisioning"));
+    throw new Error("Docker installation failed");
+  }
+
   await runScript("Configuring br_netfilter for k3s DNS", [
     "modprobe br_netfilter",
     "echo br_netfilter > /etc/modules-load.d/br_netfilter.conf",
@@ -178,6 +185,8 @@ export async function provisionVm(execa, ip, adminUser, { githubToken, branch =
   Project dir:   /opt/foundation-compose
 
 MOTD`,
+    `grep -q 'cd /opt/foundation-compose' /home/${adminUser}/.bashrc 2>/dev/null || echo 'cd /opt/foundation-compose' >> /home/${adminUser}/.bashrc`,
+    `grep -q 'cd /opt/foundation-compose' /home/${adminUser}/.zshrc 2>/dev/null || echo 'cd /opt/foundation-compose' >> /home/${adminUser}/.zshrc`,
   ].join("\n"));
 
   await ssh("sudo apt-get clean && sudo rm -rf /var/lib/apt/lists/*", 30000);

package/src/plugins/bundled/fops-plugin-azure/lib/azure-provision.js

@@ -44,7 +44,7 @@ async function ensureGhcrOnVm(ssh, user, githubToken, { timeout = 60000 } = {})
 // ── Configure a fresh or restarted VM ───────────────────────────────────────
 
 export async function configureVm(execa, ip, user, publicUrl, { githubToken, k3s, traefik, dai, deferStartToReconcile, quiet } = {}) {
-  const ssh = (cmd) => sshCmd(execa, ip, user, cmd);
+  const ssh = (cmd, timeout) => sshCmd(execa, ip, user, cmd, timeout);
 
   if (!quiet) console.log(chalk.dim("  Configuring VM..."));
 
@@ -72,6 +72,68 @@ export async function configureVm(execa, ip, user, publicUrl, { githubToken, k3s
   ].join("\n");
   await ssh(setupBatch);
 
+  // Verify Docker is installed — if missing, install it before anything else
+  const { exitCode: dockerCheck } = await ssh("sudo docker info >/dev/null 2>&1");
+  if (dockerCheck !== 0) {
+    if (!quiet) console.log(chalk.yellow("  ⚠ Docker not found — installing..."));
+    // Repo setup is idempotent (tolerates partial prior attempts); install+start uses &&
+    const repoSetup = [
+      "export DEBIAN_FRONTEND=noninteractive",
+      "while fuser /var/lib/dpkg/lock-frontend /var/lib/apt/lists/lock /var/cache/apt/archives/lock >/dev/null 2>&1; do sleep 3; done",
+      "sudo install -m 0755 -d /etc/apt/keyrings",
+      "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --batch --yes --dearmor -o /etc/apt/keyrings/docker.gpg",
+      "sudo chmod a+r /etc/apt/keyrings/docker.gpg",
+      `echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null`,
+    ].join("; ");
+    const installAndStart = [
+      "sudo apt-get update -qq",
+      "sudo apt-get install -y -qq docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin",
+      "sudo systemctl enable docker && sudo systemctl start docker",
+      `sudo usermod -aG docker ${user}`,
+    ].join(" && ");
+    const { exitCode: installExit } = await ssh(`${repoSetup}; ${installAndStart}`, 300000);
+    if (installExit === 0) {
+      if (!quiet) console.log(chalk.green("  ✓ Docker installed"));
+    } else {
+      console.log(chalk.red("  ✗ Docker installation failed — container operations will not work"));
+      console.log(chalk.dim(`    SSH in and check: ssh ${user}@${ip} "sudo apt-get install -y docker-ce"`));
+    }
+  }
+
+  // Verify Node.js + fops CLI are installed — if missing, install them
+  const { stdout: fopsWhich } = await ssh("command -v fops 2>/dev/null || echo MISSING");
+  if (!fopsWhich?.trim() || fopsWhich.includes("MISSING")) {
+    if (!quiet) console.log(chalk.yellow("  ⚠ fops CLI not found — installing Node.js + fops..."));
+    const installNode = [
+      "export DEBIAN_FRONTEND=noninteractive",
+      "if ! command -v node >/dev/null 2>&1; then curl -fsSL https://deb.nodesource.com/setup_20.x | sudo bash - && sudo apt-get install -y -qq nodejs; fi",
+    ].join("; ");
+    await ssh(installNode, 120000);
+    // Install fops globally, retry with sudo if needed
+    let fopsInstalled = false;
+    const { exitCode: userInstall } = await ssh("npm install -g @meshxdata/fops@latest 2>&1", 300000);
+    if (userInstall === 0) {
+      fopsInstalled = true;
+    } else {
+      const { exitCode: sudoInstall } = await ssh(
+        "sudo bash -c 'D=\"$(npm root -g)/@meshxdata\"; rm -rf \"$D\" 2>/dev/null; npm install -g @meshxdata/fops@latest' 2>&1",
+        300000,
+      );
+      fopsInstalled = sudoInstall === 0;
+    }
+    // Ensure fops is on PATH
+    await ssh(
+      'MJS="$(npm root -g 2>/dev/null)/@meshxdata/fops/fops.mjs"; [ -f "$MJS" ] || MJS="$(sudo npm root -g 2>/dev/null)/@meshxdata/fops/fops.mjs"; [ -f "$MJS" ] && sudo ln -sf "$MJS" /usr/local/bin/fops; true',
+      15000,
+    );
+    if (fopsInstalled) {
+      if (!quiet) console.log(chalk.green("  ✓ fops CLI installed"));
+    } else {
+      console.log(chalk.red("  ✗ fops CLI installation failed"));
+      console.log(chalk.dim(`    SSH in and check: ssh ${user}@${ip} "sudo npm install -g @meshxdata/fops@latest"`));
+    }
+  }
+
   let ghcrOk = false;
   if (githubToken) {
     if (!quiet) console.log(chalk.dim("  Configuring GitHub/GHCR credentials..."));
@@ -458,9 +520,12 @@ async function vmReconcileNetworking(ctx) {
       console.log(chalk.yellow("  ⚠ No NSG attached to NIC"));
     }
 
+    // Accelerated networking — only supported on D/E/F/M series (2+ vCPU), not B-series
+    const vmSize = (iv.hardwareProfile?.vmSize || "").toLowerCase();
+    const supportsAccelNet = !vmSize.startsWith("standard_b") && !vmSize.startsWith("standard_a");
     if (nic.enableAcceleratedNetworking) {
       reconcileOk("Accelerated networking", "enabled");
-    } else {
+    } else if (supportsAccelNet) {
       console.log(chalk.yellow("  ↻ Accelerated networking not enabled — enabling…"));
       const { exitCode: anCode } = await execa("az", [
         "network", "nic", "update", "-g", rg, "-n", ctx.nicName,
@@ -469,8 +534,9 @@ async function vmReconcileNetworking(ctx) {
       ], { reject: false, timeout: 30000 });
       console.log(anCode === 0
         ? chalk.green(`  ✓ ${"Accelerated networking".padEnd(RECONCILE_LABEL_WIDTH)} — enabled`)
-        : chalk.yellow("  ⚠ Could not enable accelerated networking (VM size may not support it)"));
+        : chalk.yellow("  ⚠ Could not enable accelerated networking"));
     }
+    // B-series and A-series VMs don't support accelerated networking — skip silently
   }
 
   if (!ctx.ip) ctx.ip = await resolvePublicIp(execa, rg, vmName);
@@ -832,10 +898,16 @@ async function vmReconcileSecurity(ctx) {
     reconcileOk("Boot diagnostics", "enabled");
   } else {
     console.log(chalk.yellow("  ↻ Boot diagnostics not enabled — enabling..."));
-    const { exitCode: bdCode } = await execa("az", [
-      "vm", "boot-diagnostics", "enable", "-g", rg, "-n", vmName, "--output", "none",
-      ...subArgs(sub),
-    ], { reject: false, timeout: 30000 });
+    let bdCode = 1;
+    for (let attempt = 0; attempt < 3; attempt++) {
+      const res = await execa("az", [
+        "vm", "boot-diagnostics", "enable", "-g", rg, "-n", vmName, "--output", "none",
+        ...subArgs(sub),
+      ], { reject: false, timeout: 30000 });
+      bdCode = res.exitCode;
+      if (bdCode === 0) break;
+      if (attempt < 2) await new Promise((r) => setTimeout(r, 5000));
+    }
     if (bdCode === 0) {
       await new Promise((r) => setTimeout(r, 2000));
       const { stdout: bdJson } = await execa("az", [
@@ -880,20 +952,25 @@ async function vmReconcileSecurity(ctx) {
     console.log(amCode === 0
       ? chalk.green(`  ✓ ${"Antimalware extension".padEnd(RECONCILE_LABEL_WIDTH)} — installed`)
       : chalk.yellow("  ⚠ Could not install antimalware extension"));
-  } else {
-    console.log(chalk.dim(`  Antimalware extension — Windows only (skipped on Linux)`));
   }
+  // Linux VMs don't need antimalware — skip silently
 
   if (isTrustedLaunch) {
     if (hasGuestAttestation) {
       reconcileOk("Guest Attestation extension", "installed");
     } else {
       console.log(chalk.yellow("  ↻ Guest Attestation missing — installing…"));
-      const { exitCode: gaCode } = await execa("az", [
-        "vm", "extension", "set", "-g", rg, "--vm-name", vmName,
-        "-n", "GuestAttestation", "--publisher", "Microsoft.Azure.Security.LinuxAttestation",
-        "--output", "none", ...subArgs(sub),
-      ], { reject: false, timeout: 120000 });
+      let gaCode = 1;
+      for (let attempt = 0; attempt < 3; attempt++) {
+        const res = await execa("az", [
+          "vm", "extension", "set", "-g", rg, "--vm-name", vmName,
+          "-n", "GuestAttestation", "--publisher", "Microsoft.Azure.Security.LinuxAttestation",
+          "--output", "none", ...subArgs(sub),
+        ], { reject: false, timeout: 120000 });
+        gaCode = res.exitCode;
+        if (gaCode === 0) break;
+        if (attempt < 2) await new Promise((r) => setTimeout(r, 10000));
+      }
       console.log(gaCode === 0
         ? chalk.green(`  ✓ ${"Guest Attestation extension".padEnd(RECONCILE_LABEL_WIDTH)} — installed`)
         : chalk.yellow("  ⚠ Could not install Guest Attestation extension"));