npm - underpost - Versions diffs - 2.99.4 → 2.99.6 - Mend

underpost 2.99.4 → 2.99.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

package/.env.development +0 -3
package/.env.production +1 -3
package/.env.test +0 -3
package/README.md +3 -3
package/baremetal/commission-workflows.json +93 -4
package/bin/deploy.js +56 -45
package/cli.md +45 -28
package/examples/static-page/README.md +101 -357
package/examples/static-page/ssr-components/CustomPage.js +1 -13
package/manifests/cronjobs/dd-cron/dd-cron-backup.yaml +40 -0
package/manifests/cronjobs/dd-cron/dd-cron-dns.yaml +40 -0
package/manifests/deployment/dd-default-development/deployment.yaml +2 -2
package/manifests/deployment/dd-test-development/deployment.yaml +2 -2
package/package.json +3 -4
package/scripts/disk-devices.sh +13 -0
package/scripts/maas-setup.sh +13 -9
package/scripts/rocky-kickstart.sh +294 -0
package/src/cli/baremetal.js +657 -263
package/src/cli/cloud-init.js +120 -120
package/src/cli/env.js +4 -1
package/src/cli/image.js +4 -37
package/src/cli/index.js +56 -11
package/src/cli/kickstart.js +149 -0
package/src/cli/repository.js +3 -1
package/src/cli/run.js +56 -10
package/src/cli/secrets.js +0 -34
package/src/cli/static.js +23 -23
package/src/client/components/core/Docs.js +22 -3
package/src/index.js +30 -5
package/src/server/backup.js +11 -4
package/src/server/client-build-docs.js +1 -1
package/src/server/conf.js +0 -22
package/src/server/cron.js +339 -130
package/src/server/dns.js +10 -0
package/src/server/logger.js +22 -27
package/src/server/tls.js +14 -14
package/examples/static-page/QUICK-REFERENCE.md +0 -481
package/examples/static-page/STATIC-GENERATOR-GUIDE.md +0 -757

package/scripts/disk-devices.sh ADDED Viewed

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+# disk-devices.sh
+# List block devices with detailed info, including by-id names
+# Usage: sudo ./disk-devices.sh
+set -euo pipefail
+sudo bash -c 'printf "NODE\tTYPE\tSIZE\tFSTYPE\tLABEL\tUUID\tMOUNTPOINT\tBY-ID\n"; \
+lsblk -pnl -o NAME,TYPE,SIZE,FSTYPE,LABEL,UUID,MOUNTPOINT | while read -r DEV TYPE SIZE FS LBL UUID MNT; do \
+    node=$(readlink -f "$DEV"); \
+    byid=$(find /dev/disk/by-id/ -maxdepth 1 -lname "*${node##*/}" ! -name "nvme-eui*" ! -name "dm-uuid*" 2>/dev/null | head -n 1); \
+    [ -z "$byid" ] && byid=$(find /dev/disk/by-id/ -maxdepth 1 -lname "*${node##*/}" 2>/dev/null | head -n 1); \
+    printf "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\n" "$node" "$TYPE" "$SIZE" "$FS" "$LBL" "$UUID" "$MNT" "$(basename "$byid" 2>/dev/null)"; \
+done' | column -s $'\t' -t

package/scripts/maas-setup.sh CHANGED Viewed

@@ -93,12 +93,16 @@ echo "MAAS setup script completed with new configurations."
-echo "Configuring DHCP for fabric-1 (untagged VLAN)..."
+echo "Configuring DHCP for the subnet's fabric (untagged VLAN)..."
-# Get the FABRIC_ID for "fabric-1"
+# Derive FABRIC_ID and VLAN_VID from the subnet that matches our CIDR
 SUBNET_CIDR="192.168.1.0/24"
-SUBNET_ID=$(maas "$MAAS_ADMIN_USERNAME" subnets read | jq -r '.[] | select(.cidr == "'"$SUBNET_CIDR"'") | .id')
-FABRIC_ID=$(maas "$MAAS_ADMIN_USERNAME" fabrics read | jq -r '.[] | select(.name == "fabric-1") | .id')
+SUBNET_JSON=$(maas "$MAAS_ADMIN_USERNAME" subnets read | jq -r '.[] | select(.cidr == "'"$SUBNET_CIDR"'")')
+SUBNET_ID=$(echo "$SUBNET_JSON" | jq -r '.id')
+FABRIC_ID=$(echo "$SUBNET_JSON" | jq -r '.vlan.fabric_id')
+VLAN_VID=$(echo "$SUBNET_JSON" | jq -r '.vlan.vid')
+FABRIC_NAME=$(echo "$SUBNET_JSON" | jq -r '.vlan.fabric')
+echo "Detected subnet $SUBNET_CIDR on $FABRIC_NAME (fabric ID: $FABRIC_ID, VLAN VID: $VLAN_VID)"
 RACK_CONTROLLER_ID=$(maas "$MAAS_ADMIN_USERNAME" rack-controllers read | jq -r '[.[] | select(.ip_addresses[] == "'"$IP_ADDRESS"'") | .system_id] | .[0]')
 if [ -z "$RACK_CONTROLLER_ID" ] || [ "$RACK_CONTROLLER_ID" == "null" ]; then
@@ -114,8 +118,8 @@ fi
 START_IP="192.168.1.191"
 END_IP="192.168.1.254"
-if [ -z "$FABRIC_ID" ]; then
-    echo "Error: Could not find FABRIC_ID for 'fabric-1'. Please ensure 'fabric-1' exists in MAAS."
+if [ -z "$FABRIC_ID" ] || [ "$FABRIC_ID" == "null" ]; then
+    echo "Error: Could not find FABRIC_ID for subnet '$SUBNET_CIDR'. Please ensure the subnet exists in MAAS."
     exit 1
 fi
@@ -123,9 +127,9 @@ fi
 echo "Creating dynamic IP range from $START_IP to $END_IP..."
 maas "$MAAS_ADMIN_USERNAME" ipranges create type=dynamic start_ip="$START_IP" end_ip="$END_IP" || echo "Dynamic IP range likely already exists or conflicts. Proceeding..."
-# Enable DHCP on the untagged VLAN (VLAN tag 0)
-echo "Enabling DHCP on VLAN 0 for fabric-1 (ID: $FABRIC_ID)..."
-maas "$MAAS_ADMIN_USERNAME" vlan update "$FABRIC_ID" 0 dhcp_on=true primary_rack="$RACK_CONTROLLER_ID"
+# Enable DHCP on the VLAN associated with the subnet
+echo "Enabling DHCP on VLAN $VLAN_VID for $FABRIC_NAME (fabric ID: $FABRIC_ID)..."
+maas "$MAAS_ADMIN_USERNAME" vlan update "$FABRIC_ID" "$VLAN_VID" dhcp_on=true primary_rack="$RACK_CONTROLLER_ID"
 echo "Setting gateway IP for subnet $SUBNET_CIDR (ID: $SUBNET_ID) to $IP_ADDRESS..."
 maas "$MAAS_ADMIN_USERNAME" subnet update $SUBNET_ID gateway_ip=$IP_ADDRESS

package/scripts/rocky-kickstart.sh ADDED Viewed

@@ -0,0 +1,294 @@
+#!/bin/bash
+# Rocky Linux 9 - Anaconda %pre Ephemeral Commissioning Script
+# Variables ROOT_PASS, AUTHORIZED_KEYS, ADMIN_USER must be set before this script runs.
+set +e
+# 1. Set root password
+if [ -n "$ROOT_PASS" ]; then
+  echo "root:$ROOT_PASS" | chpasswd 2>/dev/null || \
+    echo "$ROOT_PASS" | passwd --stdin root 2>/dev/null || {
+      HASH=$(python3 -c "import crypt; print(crypt.crypt('$ROOT_PASS', crypt.mksalt(crypt.METHOD_SHA512)))" 2>/dev/null || \
+             openssl passwd -6 "$ROOT_PASS" 2>/dev/null)
+      [ -n "$HASH" ] && sed -i "s|^root:[^:]*:|root:$HASH:|" /etc/shadow 2>/dev/null
+    }
+fi
+# 2. SSH authorized_keys for root
+if [ -n "$AUTHORIZED_KEYS" ]; then
+  mkdir -p /root/.ssh && chmod 700 /root/.ssh
+  echo "$AUTHORIZED_KEYS" > /root/.ssh/authorized_keys
+  chmod 600 /root/.ssh/authorized_keys
+fi
+# 3. Create admin user
+if command -v useradd >/dev/null 2>&1; then
+  useradd -m -G wheel "$ADMIN_USER" 2>/dev/null || true
+else
+  NEXT_UID=$(awk -F: 'BEGIN{max=999} $3>max && $3<60000{max=$3} END{print max+1}' /etc/passwd 2>/dev/null || echo 1001)
+  if ! grep -q "^$ADMIN_USER:" /etc/passwd 2>/dev/null; then
+    echo "$ADMIN_USER:x:$NEXT_UID:$NEXT_UID:$ADMIN_USER:/home/$ADMIN_USER:/bin/bash" >> /etc/passwd
+    echo "$ADMIN_USER:x:$NEXT_UID:" >> /etc/group 2>/dev/null
+    echo "$ADMIN_USER:!:19000:0:99999:7:::" >> /etc/shadow 2>/dev/null
+    mkdir -p /home/$ADMIN_USER
+  fi
+fi
+if [ -n "$ROOT_PASS" ]; then
+  echo "$ADMIN_USER:$ROOT_PASS" | chpasswd 2>/dev/null || \
+    echo "$ROOT_PASS" | passwd --stdin "$ADMIN_USER" 2>/dev/null || {
+      HASH=$(python3 -c "import crypt; print(crypt.crypt('$ROOT_PASS', crypt.mksalt(crypt.METHOD_SHA512)))" 2>/dev/null || \
+             openssl passwd -6 "$ROOT_PASS" 2>/dev/null)
+      [ -n "$HASH" ] && sed -i "s|^$ADMIN_USER:[^:]*:|$ADMIN_USER:$HASH:|" /etc/shadow 2>/dev/null
+    }
+fi
+if [ -n "$AUTHORIZED_KEYS" ]; then
+  mkdir -p /home/$ADMIN_USER/.ssh && chmod 700 /home/$ADMIN_USER/.ssh
+  echo "$AUTHORIZED_KEYS" > /home/$ADMIN_USER/.ssh/authorized_keys
+  chmod 600 /home/$ADMIN_USER/.ssh/authorized_keys
+  chown -R $ADMIN_USER:$ADMIN_USER /home/$ADMIN_USER/.ssh 2>/dev/null || true
+fi
+if [ -d /etc/sudoers.d ]; then
+  echo "$ADMIN_USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$ADMIN_USER
+  chmod 0440 /etc/sudoers.d/$ADMIN_USER
+elif [ -f /etc/sudoers ]; then
+  echo "$ADMIN_USER ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+fi
+# 4. Configure sshd
+if [ -f /etc/ssh/sshd_config ]; then
+  sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
+  sed -i 's/^#*PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
+  sed -i 's/^#*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
+  sed -i 's/^#*ChallengeResponseAuthentication.*/ChallengeResponseAuthentication yes/' /etc/ssh/sshd_config
+  sed -i 's/^#*UsePAM.*/UsePAM yes/' /etc/ssh/sshd_config
+  sed -i 's/^#*KbdInteractiveAuthentication.*/KbdInteractiveAuthentication yes/' /etc/ssh/sshd_config
+  grep -q "^PasswordAuthentication" /etc/ssh/sshd_config || echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
+  grep -q "^PermitRootLogin" /etc/ssh/sshd_config || echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
+  grep -q "^PubkeyAuthentication" /etc/ssh/sshd_config || echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config
+else
+  mkdir -p /etc/ssh
+  cat > /etc/ssh/sshd_config << 'SSHEOF'
+Port 22
+PermitRootLogin yes
+PubkeyAuthentication yes
+AuthorizedKeysFile .ssh/authorized_keys
+PasswordAuthentication yes
+ChallengeResponseAuthentication yes
+KbdInteractiveAuthentication yes
+UsePAM yes
+Subsystem sftp /usr/libexec/openssh/sftp-server
+SSHEOF
+fi
+if [ -d /etc/ssh/sshd_config.d ]; then
+  cat > /etc/ssh/sshd_config.d/00-underpost.conf << 'SSHCONF'
+PermitRootLogin yes
+PasswordAuthentication yes
+PubkeyAuthentication yes
+KbdInteractiveAuthentication yes
+SSHCONF
+fi
+if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
+  ssh-keygen -A 2>/dev/null || {
+    ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N "" 2>/dev/null
+    ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N "" 2>/dev/null
+    ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N "" 2>/dev/null
+  }
+fi
+# 5. Initialize rpmdb and dnf repos
+mkdir -p /var/lib/rpm /var/cache/dnf /var/log/dnf /etc/yum.repos.d /etc/pki/rpm-gpg /etc/dnf/vars
+echo "9" > /etc/dnf/vars/releasever
+if ! grep -q "^VERSION_ID=" /etc/os-release 2>/dev/null; then
+  cat > /etc/os-release << 'OSREL'
+NAME="Rocky Linux"
+VERSION="9"
+ID="rocky"
+ID_LIKE="rhel centos fedora"
+VERSION_ID="9"
+PLATFORM_ID="platform:el9"
+PRETTY_NAME="Rocky Linux 9 (Ephemeral Anaconda)"
+ANSI_COLOR="0;32"
+HOME_URL="https://rockylinux.org/"
+OSREL
+fi
+[ ! -f /etc/system-release ] && echo "Rocky Linux release 9 (Ephemeral)" > /etc/system-release
+rpm --initdb 2>/dev/null || rpmdb --initdb 2>/dev/null || {
+  if command -v python3 >/dev/null 2>&1; then
+    python3 -c "
+import sqlite3, os
+db_path = '/var/lib/rpm/rpmdb.sqlite'
+if not os.path.exists(db_path):
+    conn = sqlite3.connect(db_path)
+    conn.execute('CREATE TABLE IF NOT EXISTS Packages (key BLOB NOT NULL, data BLOB NOT NULL)')
+    conn.execute('CREATE TABLE IF NOT EXISTS Name (key BLOB NOT NULL, data BLOB NOT NULL)')
+    conn.execute('CREATE TABLE IF NOT EXISTS Basenames (key BLOB NOT NULL, data BLOB NOT NULL)')
+    conn.execute('CREATE TABLE IF NOT EXISTS Installtid (key BLOB NOT NULL, data BLOB NOT NULL)')
+    conn.execute('CREATE TABLE IF NOT EXISTS Providename (key BLOB NOT NULL, data BLOB NOT NULL)')
+    conn.execute('CREATE TABLE IF NOT EXISTS Requirename (key BLOB NOT NULL, data BLOB NOT NULL)')
+    conn.execute('CREATE TABLE IF NOT EXISTS Dirnames (key BLOB NOT NULL, data BLOB NOT NULL)')
+    conn.execute('CREATE TABLE IF NOT EXISTS Sha1header (key BLOB NOT NULL, data BLOB NOT NULL)')
+    conn.execute('CREATE TABLE IF NOT EXISTS Sigmd5 (key BLOB NOT NULL, data BLOB NOT NULL)')
+    conn.commit()
+    conn.close()
+" 2>/dev/null
+  fi
+}
+chmod -R 755 /var/lib/rpm 2>/dev/null
+REPO_ARCH=$(uname -m)
+rpm --import https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-9 2>/dev/null || \
+  curl -fsSL https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-9 -o /etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 2>/dev/null || true
+cat > /etc/dnf/dnf.conf << 'DNFCONF'
+[main]
+gpgcheck=1
+installonly_limit=3
+clean_requirements_on_remove=True
+best=True
+skip_if_unavailable=True
+install_weak_deps=False
+tsflags=nodocs
+DNFCONF
+cat > /etc/yum.repos.d/rocky-baseos.repo << REPOEOF
+[baseos]
+name=Rocky Linux 9 - BaseOS
+baseurl=http://dl.rockylinux.org/pub/rocky/9/BaseOS/$REPO_ARCH/os/
+gpgcheck=1
+enabled=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
+       https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-9
+skip_if_unavailable=1
+REPOEOF
+cat > /etc/yum.repos.d/rocky-appstream.repo << REPOEOF2
+[appstream]
+name=Rocky Linux 9 - AppStream
+baseurl=http://dl.rockylinux.org/pub/rocky/9/AppStream/$REPO_ARCH/os/
+gpgcheck=1
+enabled=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
+       https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-9
+skip_if_unavailable=1
+REPOEOF2
+cat > /etc/yum.repos.d/rocky-extras.repo << REPOEOF3
+[extras]
+name=Rocky Linux 9 - Extras
+baseurl=http://dl.rockylinux.org/pub/rocky/9/extras/$REPO_ARCH/os/
+gpgcheck=1
+enabled=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
+       https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-9
+skip_if_unavailable=1
+REPOEOF3
+cat > /etc/yum.repos.d/rocky-crb.repo << REPOEOF4
+[crb]
+name=Rocky Linux 9 - CRB
+baseurl=http://dl.rockylinux.org/pub/rocky/9/CRB/$REPO_ARCH/os/
+gpgcheck=1
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
+       https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-9
+skip_if_unavailable=1
+REPOEOF4
+cat > /etc/yum.repos.d/epel.repo << REPOEOF5
+[epel]
+name=Extra Packages for Enterprise Linux 9
+metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-9&arch=$REPO_ARCH
+gpgcheck=1
+enabled=1
+gpgkey=https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9
+skip_if_unavailable=1
+REPOEOF5
+rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9 2>/dev/null || \
+  curl -fsSL https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9 -o /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9 2>/dev/null || true
+dnf makecache --releasever=9 --quiet 2>/dev/null || dnf makecache --releasever=9 2>/dev/null || true
+# Install sudo
+if ! command -v sudo >/dev/null 2>&1; then
+  dnf install -y --releasever=9 --nogpgcheck sudo 2>/dev/null || \
+    dnf install -y --releasever=9 --nogpgcheck --disableplugin='*' sudo 2>/dev/null || true
+fi
+if command -v sudo >/dev/null 2>&1; then
+  mkdir -p /etc/sudoers.d
+  echo "$ADMIN_USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$ADMIN_USER
+  chmod 0440 /etc/sudoers.d/$ADMIN_USER
+fi
+cat > /home/$ADMIN_USER/.bash_profile 2>/dev/null << PROFILEEOF
+if ! command -v sudo >/dev/null 2>&1; then
+  echo ""
+  echo "NOTE: sudo is not available. Use 'su -' to switch to root."
+  echo ""
+fi
+PROFILEEOF
+chown $ADMIN_USER:$ADMIN_USER /home/$ADMIN_USER/.bash_profile 2>/dev/null || true
+# Restart sshd
+if command -v systemctl >/dev/null 2>&1; then
+  systemctl restart sshd 2>/dev/null || systemctl restart sshd.service 2>/dev/null
+fi
+SSHD_PID=$(cat /var/run/sshd.pid 2>/dev/null || pidof sshd 2>/dev/null | awk '{print $1}')
+[ -n "$SSHD_PID" ] && kill -HUP "$SSHD_PID" 2>/dev/null
+if ! pidof sshd >/dev/null 2>&1; then
+  /usr/sbin/sshd 2>/dev/null || sshd 2>/dev/null
+fi
+# 6. Status report
+DETECTED_IP=$(ip -4 addr show | grep 'inet ' | grep -v '127.0.0.1' | awk '{print $2}' | cut -d/ -f1 | head -1)
+echo ""
+echo "=============================================="
+echo "Underpost: Ephemeral SSHD Setup Complete"
+echo "=============================================="
+echo "Root login:  root / (password set: $([ -n "$ROOT_PASS" ] && echo 'yes' || echo 'no'))"
+echo "Admin user:  $ADMIN_USER / (password set: $([ -n "$ROOT_PASS" ] && echo 'yes' || echo 'no'))"
+echo "SSH keys:    $([ -n "$AUTHORIZED_KEYS" ] && echo 'configured' || echo 'NOT configured')"
+echo "sshd status: $(pidof sshd >/dev/null 2>&1 && echo "running (pid $(pidof sshd))" || echo 'NOT running')"
+echo "sudo:        $(command -v sudo >/dev/null 2>&1 && echo 'installed' || echo 'NOT available (use su -)')"
+echo "IP address:  $DETECTED_IP"
+echo "=============================================="
+# Physical console display (printf with \r\n for proper line breaks on serial/physical consoles)
+{
+  printf "\r\n"
+  printf "██╗░░░██╗███╗░░██╗██████╗░███████╗██████╗░██████╗░░█████╗░░██████╗████████╗\r\n"
+  printf "██║░░░██║████╗░██║██╔══██╗██╔════╝██╔══██╗██╔══██╗██╔══██╗██╔════╝╚══██╔══╝\r\n"
+  printf "██║░░░██║██╔██╗██║██║░░██║█████╗░░██████╔╝██████╔╝██║░░██║╚█████╗░░░░██║░░░\r\n"
+  printf "██║░░░██║██║╚████║██║░░██║██╔══╝░░██╔══██╗██╔═══╝░██║░░██║░╚═══██╗░░░██║░░░\r\n"
+  printf "╚██████╔╝██║░╚███║██████╔╝███████╗██║░░██║██║░░░░░╚█████╔╝██████╔╝░░░██║░░░\r\n"
+  printf "░╚═════╝░╚═╝░░╚══╝╚═════╝░╚══════╝╚═╝░░╚═╝╚═╝░░░░░░╚════╝░╚═════╝░░░░╚═╝░░░\r\n"
+  printf "==============================================\r\n"
+  printf " Underpost Ephemeral Commissioning Active\r\n"
+  printf "==============================================\r\n"
+  printf " SSH as: root@%s\r\n" "$DETECTED_IP"
+  printf "     or: %s@%s\r\n" "$ADMIN_USER" "$DETECTED_IP"
+  printf " Key:    %s\r\n" "$([ -n "$AUTHORIZED_KEYS" ] && echo 'pubkey auth enabled' || echo 'password only')"
+  printf " dnf:    ready (BaseOS, AppStream, Extras, EPEL)\r\n"
+  printf "==============================================\r\n"
+  printf "\r\n"
+} > /dev/console 2>/dev/null || true
+# 7. Infinite wait loop - keep Anaconda live environment active
+while true; do
+  sleep 60
+  if ! pidof sshd >/dev/null 2>&1; then
+    echo "$(date): sshd not running, restarting..." >> /tmp/ks-pre.log
+    /usr/sbin/sshd 2>/dev/null || sshd 2>/dev/null
+  fi
+done