statuspanel separate install

vsilent · vsilent · commit 4ad722456d83 · 2026-03-09T17:55:54.000+02:00
diff --git a/src/bin/stacker.rs b/src/bin/stacker.rs
@@ -564,6 +564,15 @@ enum AgentCommands {
         #[arg(long)]
         deployment: Option<String>,
     },
+    /// Install the Status Panel agent on an existing deployed server
+    Install {
+        /// Path to stacker.yml (default: ./stacker.yml)
+        #[arg(long, value_name = "FILE")]
+        file: Option<String>,
+        /// Output in JSON format
+        #[arg(long)]
+        json: bool,
+    },
 }
 
 /// Arguments for `stacker ai`.
@@ -883,6 +892,9 @@ fn get_command(
                 AgentCommands::Exec { command_type, params, timeout, json, deployment } => Box::new(
                     agent::AgentExecCommand::new(command_type, params, timeout, json, deployment),
                 ),
+                AgentCommands::Install { file, json } => Box::new(
+                    agent::AgentInstallCommand::new(file, json),
+                ),
             }
         },
         // Completion is handled in main() before this function is called.
diff --git a/src/cli/stacker_client.rs b/src/cli/stacker_client.rs
@@ -79,6 +79,7 @@ pub struct ServerInfo {
     pub ssh_port: Option<i32>,
     pub ssh_user: Option<String>,
     pub name: Option<String>,
+    pub vault_key_path: Option<String>,
     #[serde(default = "default_connection_mode")]
     pub connection_mode: String,
     #[serde(default = "default_key_status")]
diff --git a/src/connectors/install_service/client.rs b/src/connectors/install_service/client.rs
@@ -24,6 +24,7 @@ impl InstallServiceConnector for InstallServiceClient {
         fc: String,
         mq_manager: &MqManager,
         server_public_key: Option<String>,
+        server_private_key: Option<String>,
     ) -> Result<i32, String> {
         // Build payload for the install service
         let mut payload = crate::forms::project::Payload::try_from(project)
@@ -44,6 +45,11 @@ impl InstallServiceConnector for InstallServiceClient {
             if srv.public_key.is_none() {
                 srv.public_key = server_public_key;
             }
+            // Include the SSH private key so the Install Service can SSH into
+            // existing servers without relying on Redis-cached file paths.
+            if srv.ssh_private_key.is_none() {
+                srv.ssh_private_key = server_private_key;
+            }
         }
         payload.cloud = Some(cloud_creds.into());
         payload.stack = form_stack.clone().into();
diff --git a/src/connectors/install_service/mock.rs b/src/connectors/install_service/mock.rs
@@ -23,6 +23,7 @@ impl InstallServiceConnector for MockInstallServiceConnector {
         _fc: String,
         _mq_manager: &MqManager,
         _server_public_key: Option<String>,
+        _server_private_key: Option<String>,
     ) -> Result<i32, String> {
         Ok(project_id)
     }
diff --git a/src/connectors/install_service/mod.rs b/src/connectors/install_service/mod.rs
@@ -33,5 +33,6 @@ pub trait InstallServiceConnector: Send + Sync {
         fc: String,
         mq_manager: &MqManager,
         server_public_key: Option<String>,
+        server_private_key: Option<String>,
     ) -> Result<i32, String>;
 }
diff --git a/src/console/commands/cli/agent.rs b/src/console/commands/cli/agent.rs
@@ -722,6 +722,148 @@ impl CallableTrait for AgentHistoryCommand {
     }
 }
 
+// ── Install (deploy Status Panel to existing server) ─
+
+/// `stacker agent install [--file <path>] [--json]`
+///
+/// Deploys the Status Panel agent to an existing server that was previously
+/// deployed without it. Reads the project identity from stacker.yml, finds
+/// the corresponding project and server on the Stacker API, and triggers
+/// a deploy with only the statuspanel feature enabled.
+pub struct AgentInstallCommand {
+    pub file: Option<String>,
+    pub json: bool,
+}
+
+impl AgentInstallCommand {
+    pub fn new(file: Option<String>, json: bool) -> Self {
+        Self { file, json }
+    }
+}
+
+impl CallableTrait for AgentInstallCommand {
+    fn call(&self) -> Result<(), Box<dyn std::error::Error>> {
+        use crate::cli::stacker_client::{self, DEFAULT_VAULT_URL};
+
+        let project_dir = std::env::current_dir().map_err(CliError::Io)?;
+        let config_path = match &self.file {
+            Some(f) => project_dir.join(f),
+            None => project_dir.join("stacker.yml"),
+        };
+
+        let config = crate::cli::config_parser::StackerConfig::from_file(&config_path)?;
+
+        let project_name = config
+            .project
+            .identity
+            .clone()
+            .unwrap_or_else(|| config.name.clone());
+
+        let ctx = CliRuntime::new("agent install")?;
+        let pb = progress::spinner("Installing Status Panel agent");
+
+        let result: Result<stacker_client::DeployResponse, CliError> = ctx.block_on(async {
+            // 1. Find the project
+            progress::update_message(&pb, "Finding project...");
+            let project = ctx
+                .client
+                .find_project_by_name(&project_name)
+                .await?
+                .ok_or_else(|| CliError::ConfigValidation(format!(
+                    "Project '{}' not found on the Stacker server.\n\
+                     Deploy the project first with: stacker deploy --target cloud",
+                    project_name
+                )))?;
+
+            // 2. Find the server for this project
+            progress::update_message(&pb, "Finding server...");
+            let servers = ctx.client.list_servers().await?;
+            let server = servers
+                .into_iter()
+                .find(|s| s.project_id == project.id)
+                .ok_or_else(|| CliError::ConfigValidation(format!(
+                    "No server found for project '{}' (id={}).\n\
+                     Deploy the project first with: stacker deploy --target cloud",
+                    project_name, project.id
+                )))?;
+
+            let cloud_id = server.cloud_id.ok_or_else(|| CliError::ConfigValidation(
+                "Server has no associated cloud credentials.\n\
+                 Cannot install Status Panel without cloud credentials."
+                    .to_string(),
+            ))?;
+
+            // 3. Build a minimal deploy form with only the statuspanel feature
+            progress::update_message(&pb, "Preparing deploy payload...");
+            let vault_url = std::env::var("STACKER_VAULT_URL")
+                .unwrap_or_else(|_| DEFAULT_VAULT_URL.to_string());
+
+            let deploy_form = serde_json::json!({
+                "cloud": {
+                    "provider": server.cloud.clone().unwrap_or_else(|| "htz".to_string()),
+                    "save_token": true,
+                },
+                "server": {
+                    "server_id": server.id,
+                    "region": server.region,
+                    "server": server.server,
+                    "os": server.os,
+                    "name": server.name,
+                    "srv_ip": server.srv_ip,
+                    "ssh_user": server.ssh_user,
+                    "ssh_port": server.ssh_port,
+                    "vault_key_path": server.vault_key_path,
+                    "connection_mode": "status_panel",
+                },
+                "stack": {
+                    "stack_code": project_name,
+                    "vars": [
+                        { "key": "vault_url", "value": vault_url },
+                        { "key": "status_panel_port", "value": "5000" },
+                    ],
+                    "integrated_features": ["statuspanel"],
+                    "extended_features": [],
+                    "subscriptions": [],
+                },
+            });
+
+            // 4. Trigger the deploy
+            progress::update_message(&pb, "Deploying Status Panel...");
+            let resp = ctx.client.deploy(project.id, Some(cloud_id), deploy_form).await?;
+            Ok(resp)
+        });
+
+        match result {
+            Ok(resp) => {
+                progress::finish_success(&pb, "Status Panel agent installation triggered");
+
+                if self.json {
+                    println!("{}", serde_json::to_string_pretty(&resp).unwrap_or_default());
+                } else {
+                    println!("Status Panel deploy queued for project '{}'", project_name);
+                    if let Some(id) = resp.id {
+                        println!("Project ID: {}", id);
+                    }
+                    if let Some(meta) = &resp.meta {
+                        if let Some(dep_id) = meta.get("deployment_id") {
+                            println!("Deployment ID: {}", dep_id);
+                        }
+                    }
+                    println!();
+                    println!("The Status Panel agent will be installed on the server.");
+                    println!("Once ready, use `stacker agent status` to verify connectivity.");
+                }
+            }
+            Err(e) => {
+                progress::finish_error(&pb, &format!("Install failed: {}", e));
+                return Err(Box::new(e));
+            }
+        }
+
+        Ok(())
+    }
+}
+
 // ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 // Tests
 // ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
diff --git a/src/forms/server.rs b/src/forms/server.rs
@@ -30,6 +30,12 @@ pub struct ServerForm {
     /// Not persisted to the database.
     #[serde(skip_serializing_if = "Option::is_none")]
     pub public_key: Option<String>,
+    /// The actual SSH private key content (PEM).
+    /// Populated at deploy time for "own" flow re-deploys so the Install Service
+    /// can SSH into the server without relying on a cached file path in Redis.
+    /// Not persisted to the database.
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub ssh_private_key: Option<String>,
 }
 
 pub fn default_ssh_port() -> Option<i32> {
@@ -64,6 +70,7 @@ impl From<&ServerForm> for models::Server {
 impl Into<ServerForm> for models::Server {
     fn into(self) -> ServerForm {
         let mut form = ServerForm::default();
+        form.server_id = Some(self.id);
         form.cloud_id = self.cloud_id;
         form.disk_type = self.disk_type;
         form.region = self.region;
diff --git a/src/routes/project/deploy.rs b/src/routes/project/deploy.rs
@@ -266,6 +266,24 @@ pub async fn item(
         server
     };
 
+    // For "own" flow (existing server with IP), SSH access is required.
+    // If we couldn't set up the SSH key, fail early instead of letting the
+    // Install Service crash when it cannot find the key.
+    let has_existing_ip = server.srv_ip.as_ref().map_or(false, |ip| !ip.is_empty());
+    if has_existing_ip && new_public_key.is_none() && server.vault_key_path.is_none() {
+        tracing::error!(
+            "Cannot deploy to existing server {} (IP: {:?}): SSH key is not available. \
+             vault_key_path is None and key generation failed.",
+            server.id,
+            server.srv_ip,
+        );
+        return Err(JsonResponse::<models::Project>::build().bad_request(
+            "SSH key is not available for this server. \
+             Please generate an SSH key first with `stacker ssh-key generate` \
+             or re-add your server with SSH credentials.",
+        ));
+    }
+
     // Store deployment attempts into deployment table in db
     let json_request = dc.project.metadata.clone();
     let deployment_hash = format!("deployment_{}", Uuid::new_v4());
@@ -285,6 +303,30 @@ pub async fn item(
 
     let deployment_id = saved_deployment.id;
 
+    // For "own" flow, fetch the SSH private key from Vault so the Install Service
+    // can SSH into the server directly without relying on Redis-cached file paths.
+    let new_private_key = if has_existing_ip && server.vault_key_path.is_some() {
+        match vault_client
+            .get_ref()
+            .fetch_ssh_key(&user.id, server.id)
+            .await
+        {
+            Ok(pk) => {
+                tracing::info!("Fetched SSH private key from Vault for server {}", server.id);
+                Some(pk)
+            }
+            Err(e) => {
+                tracing::warn!(
+                    "Failed to fetch SSH private key from Vault for server {}: {}",
+                    server.id, e
+                );
+                None
+            }
+        }
+    } else {
+        None
+    };
+
     // Delegate to install service connector
     install_service
         .deploy(
@@ -301,6 +343,7 @@ pub async fn item(
             fc,
             mq_manager.get_ref(),
             new_public_key,
+            new_private_key,
         )
         .await
         .map(|project_id| {
@@ -571,6 +614,24 @@ pub async fn saved_item(
         server
     };
 
+    // For "own" flow (existing server with IP), SSH access is required.
+    // If we couldn't set up the SSH key, fail early instead of letting the
+    // Install Service crash when it cannot find the key.
+    let has_existing_ip = server.srv_ip.as_ref().map_or(false, |ip| !ip.is_empty());
+    if has_existing_ip && new_public_key.is_none() && server.vault_key_path.is_none() {
+        tracing::error!(
+            "Cannot deploy to existing server {} (IP: {:?}): SSH key is not available. \
+             vault_key_path is None and key generation failed.",
+            server.id,
+            server.srv_ip,
+        );
+        return Err(JsonResponse::<models::Project>::build().bad_request(
+            "SSH key is not available for this server. \
+             Please generate an SSH key first with `stacker ssh-key generate` \
+             or re-add your server with SSH credentials.",
+        ));
+    }
+
     // Store deployment attempts into deployment table in db
     let json_request = dc.project.metadata.clone();
     let deployment_hash = format!("deployment_{}", Uuid::new_v4());
@@ -592,6 +653,30 @@ pub async fn saved_item(
 
     tracing::debug!("Save deployment result: {:?}", result);
 
+    // For "own" flow, fetch the SSH private key from Vault so the Install Service
+    // can SSH into the server directly without relying on Redis-cached file paths.
+    let new_private_key = if has_existing_ip && server.vault_key_path.is_some() {
+        match vault_client
+            .get_ref()
+            .fetch_ssh_key(&user.id, server.id)
+            .await
+        {
+            Ok(pk) => {
+                tracing::info!("Fetched SSH private key from Vault for server {}", server.id);
+                Some(pk)
+            }
+            Err(e) => {
+                tracing::warn!(
+                    "Failed to fetch SSH private key from Vault for server {}: {}",
+                    server.id, e
+                );
+                None
+            }
+        }
+    } else {
+        None
+    };
+
     // Delegate to install service connector (determines own vs tfa routing)
     install_service
         .deploy(
@@ -608,6 +693,7 @@ pub async fn saved_item(
             fc,
             mq_manager.get_ref(),
             new_public_key,
+            new_private_key,
         )
         .await
         .map(|project_id| {

Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,7 @@ impl InstallServiceConnector for MockInstallServiceConnector {`
`23`	`23`	`_fc: String,`
`24`	`24`	`_mq_manager: &MqManager,`
`25`	`25`	`_server_public_key: Option<String>,`
	`26`	`+ _server_private_key: Option<String>,`
`26`	`27`	`) -> Result<i32, String> {`
`27`	`28`	`Ok(project_id)`
`28`	`29`	`}`
Original file line number	Diff line number	Diff line change
`@@ -33,5 +33,6 @@ pub trait InstallServiceConnector: Send + Sync {`
`33`	`33`	`fc: String,`
`34`	`34`	`mq_manager: &MqManager,`
`35`	`35`	`server_public_key: Option<String>,`
	`36`	`+ server_private_key: Option<String>,`
`36`	`37`	`) -> Result<i32, String>;`
`37`	`38`	`}`