feat: [#222] configure SSH port via cloud-init during VM provisioning

- Add ssh_port field to CloudInitContext with builder pattern
- Update cloud-init.yml.tera to configure SSH port via write_files
- Pass ssh_port from environment to TofuProjectGenerator
- Refactor CloudInitRenderer: remove unused provider field, move ssh_port to render method
- Update all tests to use new CloudInitRenderer API
- Update issue spec to document cloud-init approach and explain why Ansible was discarded

This implementation configures SSH port during VM initialization (provision phase)
rather than post-provisioning (configure phase), ensuring SSH service is listening
on the configured port before any Ansible connections are attempted.

Author: josecelano

docs/issues/222-configure-ssh-service-port.md

@@ -252,6 +252,7 @@ impl ProvisionCommandHandler {
             template_manager,
             environment.build_dir(),
             environment.ssh_credentials().clone(),
+            environment.ssh_port(),
             environment.instance_name().clone(),
             environment.provider_config().clone(),
         ));

src/application/command_handlers/provision/handler.rs

@@ -316,7 +316,7 @@ impl AnsibleProjectGenerator {
 
         tracing::debug!(
             "Successfully copied {} static template files",
-            13 // ansible.cfg + 12 playbooks
+            14 // ansible.cfg + 13 playbooks
         );
 
         Ok(())

src/infrastructure/templating/ansible/template/renderer/project_generator.rs

@@ -22,7 +22,6 @@
 //! # use std::path::Path;
 //! # use torrust_tracker_deployer_lib::infrastructure::templating::tofu::template::common::renderer::cloud_init::CloudInitRenderer;
 //! # use torrust_tracker_deployer_lib::domain::template::TemplateManager;
-//! # use torrust_tracker_deployer_lib::domain::provider::Provider;
 //! # use torrust_tracker_deployer_lib::shared::Username;
 //! use torrust_tracker_deployer_lib::adapters::ssh::SshCredentials;
 //! # use std::path::PathBuf;
@@ -35,7 +34,7 @@
 //!     PathBuf::from("fixtures/testing_rsa.pub"),
 //!     Username::new("username").unwrap()
 //! );
-//! let renderer = CloudInitRenderer::new(template_manager, Provider::Lxd);
+//! let renderer = CloudInitRenderer::new(template_manager);
 //!
 //! // Just demonstrate creating the renderer - actual rendering requires
 //! // a proper template manager setup with cloud-init templates
@@ -48,7 +47,6 @@ use std::sync::Arc;
 use thiserror::Error;
 
 use crate::adapters::ssh::credentials::SshCredentials;
-use crate::domain::provider::Provider;
 use crate::domain::template::file::File;
 use crate::domain::template::{TemplateManager, TemplateManagerError};
 
@@ -100,12 +98,10 @@ pub enum CloudInitRendererError {
 /// It follows the Single Responsibility Principle by focusing solely on cloud-init
 /// template operations, making the main `TofuProjectGenerator` simpler and more focused.
 ///
-/// Note: The provider field is kept for potential future provider-specific customization,
-/// but currently all providers use the same common cloud-init template.
+/// All providers (LXD, Hetzner) use the same common cloud-init template, so no
+/// provider-specific logic is needed.
 pub struct CloudInitRenderer {
     template_manager: Arc<TemplateManager>,
-    #[allow(dead_code)]
-    provider: Provider,
 }
 
 impl CloudInitRenderer {
@@ -125,17 +121,13 @@ impl CloudInitRenderer {
     /// # Arguments
     ///
     /// * `template_manager` - Arc reference to the template manager for file operations
-    /// * `provider` - The infrastructure provider (LXD, Hetzner) - kept for future customization
     ///
     /// # Returns
     ///
     /// * `CloudInitRenderer` - A new renderer instance
     #[must_use]
-    pub fn new(template_manager: Arc<TemplateManager>, provider: Provider) -> Self {
-        Self {
-            template_manager,
-            provider,
-        }
+    pub fn new(template_manager: Arc<TemplateManager>) -> Self {
+        Self { template_manager }
     }
 
     /// Renders the cloud-init.yml.tera template with SSH credentials
@@ -149,6 +141,7 @@ impl CloudInitRenderer {
     /// # Arguments
     ///
     /// * `ssh_credentials` - SSH credentials containing public key path for cloud-init injection
+    /// * `ssh_port` - The SSH service port to configure in cloud-init
     /// * `output_dir` - Directory where the rendered `cloud-init.yml` file will be written
     ///
     /// # Returns
@@ -169,10 +162,11 @@ impl CloudInitRenderer {
     pub async fn render(
         &self,
         ssh_credentials: &SshCredentials,
+        ssh_port: u16,
         output_dir: &Path,
     ) -> Result<(), CloudInitRendererError> {
         tracing::debug!(
-            provider = %self.provider,
+            ssh_port = ssh_port,
             "Rendering cloud-init template with SSH public key injection"
         );
 
@@ -193,14 +187,14 @@ impl CloudInitRenderer {
             .map_err(|_| CloudInitRendererError::FileCreationFailed)?;
 
         // Render cloud-init template (shared logic for all providers)
-        self.render_cloud_init(&template_file, ssh_credentials, output_dir)
+        Self::render_cloud_init(&template_file, ssh_credentials, ssh_port, output_dir)
     }
 
     /// Renders cloud-init template (shared logic for all providers)
     fn render_cloud_init(
-        &self,
         template_file: &File,
         ssh_credentials: &SshCredentials,
+        ssh_port: u16,
         output_dir: &Path,
     ) -> Result<(), CloudInitRendererError> {
         use crate::infrastructure::templating::tofu::template::common::wrappers::cloud_init::{
@@ -214,6 +208,7 @@ impl CloudInitRenderer {
             .map_err(|_| CloudInitRendererError::SshKeyReadError)?
             .with_username(ssh_credentials.ssh_username.as_str())
             .map_err(|_| CloudInitRendererError::ContextCreationFailed)?
+            .with_ssh_port(ssh_port)
             .build()
             .map_err(|_| CloudInitRendererError::ContextCreationFailed)?;
 
@@ -228,7 +223,6 @@ impl CloudInitRenderer {
             .map_err(|_| CloudInitRendererError::CloudInitTemplateRenderFailed)?;
 
         tracing::debug!(
-            provider = %self.provider,
             "Successfully rendered cloud-init template to {}",
             output_path.display()
         );
@@ -308,9 +302,9 @@ users:
     }
 
     #[test]
-    fn it_should_create_cloud_init_renderer_with_template_manager_and_provider() {
+    fn it_should_create_cloud_init_renderer_with_template_manager() {
         let template_manager = Arc::new(TemplateManager::new(std::env::temp_dir()));
-        let renderer = CloudInitRenderer::new(template_manager, Provider::Lxd);
+        let renderer = CloudInitRenderer::new(template_manager);
 
         // Verify the renderer was created successfully
         // Just check that it contains the expected template manager reference
@@ -328,13 +322,15 @@ users:
     #[tokio::test]
     async fn it_should_render_cloud_init_template_successfully() {
         let template_manager = create_mock_template_manager_with_cloud_init();
-        let renderer = CloudInitRenderer::new(template_manager, Provider::Lxd);
+        let renderer = CloudInitRenderer::new(template_manager);
 
         let temp_dir = TempDir::new().expect("Failed to create temp dir");
         let ssh_credentials = create_mock_ssh_credentials(temp_dir.path());
         let output_dir = TempDir::new().expect("Failed to create output dir");
 
-        let result = renderer.render(&ssh_credentials, output_dir.path()).await;
+        let result = renderer
+            .render(&ssh_credentials, 22, output_dir.path())
+            .await;
 
         assert!(
             result.is_ok(),
@@ -367,7 +363,7 @@ users:
     #[tokio::test]
     async fn it_should_fail_when_ssh_key_file_missing() {
         let template_manager = create_mock_template_manager_with_cloud_init();
-        let renderer = CloudInitRenderer::new(template_manager, Provider::Lxd);
+        let renderer = CloudInitRenderer::new(template_manager);
 
         // Create SSH credentials with non-existent key file
         let temp_dir = TempDir::new().expect("Failed to create temp dir");
@@ -380,7 +376,9 @@ users:
 
         let output_dir = TempDir::new().expect("Failed to create output dir");
 
-        let result = renderer.render(&ssh_credentials, output_dir.path()).await;
+        let result = renderer
+            .render(&ssh_credentials, 22, output_dir.path())
+            .await;
 
         assert!(result.is_err(), "Should fail when SSH key file is missing");
         match result.unwrap_err() {
@@ -394,7 +392,7 @@ users:
     #[tokio::test]
     async fn it_should_fail_when_output_directory_is_readonly() {
         let template_manager = create_mock_template_manager_with_cloud_init();
-        let renderer = CloudInitRenderer::new(template_manager, Provider::Lxd);
+        let renderer = CloudInitRenderer::new(template_manager);
 
         let temp_dir = TempDir::new().expect("Failed to create temp dir");
         let ssh_credentials = create_mock_ssh_credentials(temp_dir.path());
@@ -408,7 +406,9 @@ users:
         fs::set_permissions(output_dir.path(), permissions)
             .expect("Failed to set readonly permissions");
 
-        let result = renderer.render(&ssh_credentials, output_dir.path()).await;
+        let result = renderer
+            .render(&ssh_credentials, 22, output_dir.path())
+            .await;
 
         assert!(
             result.is_err(),

src/infrastructure/templating/tofu/template/common/renderer/cloud_init.rs

@@ -143,6 +143,7 @@ pub struct TofuProjectGenerator {
     template_manager: Arc<TemplateManager>,
     build_dir: PathBuf,
     ssh_credentials: SshCredentials,
+    ssh_port: u16,
     cloud_init_renderer: CloudInitRenderer,
     instance_name: InstanceName,
     provider: Provider,
@@ -157,6 +158,7 @@ impl TofuProjectGenerator {
     /// * `template_manager` - The template manager to source templates from
     /// * `build_dir` - The destination directory where templates will be rendered
     /// * `ssh_credentials` - The SSH credentials for injecting public key into cloud-init
+    /// * `ssh_port` - The SSH service port to configure in cloud-init
     /// * `instance_name` - The name of the instance to be created (for template rendering)
     /// * `provider_config` - The provider configuration containing provider type and settings
     ///
@@ -165,16 +167,18 @@ impl TofuProjectGenerator {
         template_manager: Arc<TemplateManager>,
         build_dir: P,
         ssh_credentials: SshCredentials,
+        ssh_port: u16,
         instance_name: InstanceName,
         provider_config: ProviderConfig,
     ) -> Self {
         let provider = provider_config.provider();
-        let cloud_init_renderer = CloudInitRenderer::new(template_manager.clone(), provider);
+        let cloud_init_renderer = CloudInitRenderer::new(template_manager.clone());
 
         Self {
             template_manager,
             build_dir: build_dir.as_ref().to_path_buf(),
             ssh_credentials,
+            ssh_port,
             cloud_init_renderer,
             instance_name,
             provider,
@@ -387,7 +391,7 @@ impl TofuProjectGenerator {
 
         // Use collaborator to render cloud-init.yml.tera template
         self.cloud_init_renderer
-            .render(&self.ssh_credentials, destination_dir)
+            .render(&self.ssh_credentials, self.ssh_port, destination_dir)
             .await
             .map_err(|source| TofuProjectGeneratorError::CloudInitRenderingFailed { source })?;
 
@@ -612,6 +616,7 @@ mod tests {
             template_manager,
             &build_path,
             ssh_credentials,
+            22, // Default SSH port for tests
             test_instance_name(),
             test_lxd_provider_config(),
         );
@@ -631,6 +636,7 @@ mod tests {
             template_manager,
             &build_path,
             ssh_credentials,
+            22, // Default SSH port for tests
             test_instance_name(),
             test_lxd_provider_config(),
         );
@@ -650,6 +656,7 @@ mod tests {
             template_manager,
             &build_path,
             ssh_credentials,
+            22,
             test_instance_name(),
             test_lxd_provider_config(),
         );
@@ -669,6 +676,7 @@ mod tests {
             template_manager,
             &build_path,
             ssh_credentials,
+            22,
             test_instance_name(),
             test_lxd_provider_config(),
         );
@@ -699,6 +707,7 @@ mod tests {
             template_manager,
             &build_path,
             ssh_credentials,
+            22,
             test_instance_name(),
             test_lxd_provider_config(),
         );
@@ -740,6 +749,7 @@ mod tests {
             template_manager,
             &build_path,
             ssh_credentials,
+            22,
             test_instance_name(),
             test_lxd_provider_config(),
         );
@@ -777,6 +787,7 @@ mod tests {
             template_manager,
             &build_path,
             ssh_credentials,
+            22,
             test_instance_name(),
             test_lxd_provider_config(),
         );
@@ -838,6 +849,7 @@ mod tests {
             template_manager,
             temp_dir.path(),
             ssh_credentials,
+            22,
             test_instance_name(),
             test_lxd_provider_config(),
         );
@@ -868,6 +880,7 @@ mod tests {
             template_manager,
             &build_path,
             ssh_credentials,
+            22,
             test_instance_name(),
             test_lxd_provider_config(),
         );
@@ -886,6 +899,7 @@ mod tests {
             template_manager,
             &build_path,
             ssh_credentials,
+            22,
             test_instance_name(),
             test_lxd_provider_config(),
         );
@@ -914,6 +928,7 @@ mod tests {
             template_manager,
             &build_path,
             ssh_credentials,
+            22,
             test_instance_name(),
             test_lxd_provider_config(),
         );
@@ -942,6 +957,7 @@ mod tests {
             template_manager,
             &build_path,
             ssh_credentials,
+            22,
             test_instance_name(),
             test_lxd_provider_config(),
         );
@@ -971,6 +987,7 @@ mod tests {
             template_manager,
             &build_path,
             ssh_credentials,
+            22,
             test_instance_name(),
             test_lxd_provider_config(),
         );
@@ -995,6 +1012,7 @@ mod tests {
             template_manager,
             &build_path,
             ssh_credentials,
+            22,
             test_instance_name(),
             test_lxd_provider_config(),
         );
@@ -1032,6 +1050,7 @@ mod tests {
             template_manager,
             temp_dir.path(),
             ssh_credentials,
+            22,
             test_instance_name(),
             test_lxd_provider_config(),
         );
@@ -1080,6 +1099,7 @@ mod tests {
             template_manager.clone(),
             &build_path1,
             ssh_credentials1,
+            22,
             test_instance_name(),
             test_lxd_provider_config(),
         );
@@ -1088,6 +1108,7 @@ mod tests {
             template_manager,
             &build_path2,
             ssh_credentials2,
+            22,
             test_instance_name(),
             test_lxd_provider_config(),
         );
@@ -1147,6 +1168,7 @@ mod tests {
             template_manager,
             temp_dir.path(),
             ssh_credentials,
+            22,
             test_instance_name(),
             test_lxd_provider_config(),
         );
@@ -1206,6 +1228,7 @@ mod tests {
             template_manager,
             temp_dir.path(),
             ssh_credentials,
+            22,
             test_instance_name(),
             test_lxd_provider_config(),
         );