From 2dd18a364ac0ffd9ff6a58a9fe47b83d67ba4ac1 Mon Sep 17 00:00:00 2001
From: Coiby Xu <coiby.xu@gmail.com>
Date: Mon, 24 Mar 2025 16:06:06 +0800
Subject: [PATCH] testcloud: enable PermitRootLogin for RHCOS

Currently, tmt fails to provision RHCOS because RHCOS e.g. RHCOS-4.17.2
don't have "PermitRootLogin no" in /etc/ssh/sshd_config but disable
PermitRootLogin 40-rhcos-defaults.conf. As a result, tmt can't connect
to the guest machine.

Follow [1] to permit root to login by SSH pubkey.

Note FCOS e.g. fedora-coreos-41.20250130.3.0 doesn't have
"PermitRootLogin no" so it actually permits root to have ssh login. So
ssh_root_login.service is unneeded.

[1] https://docs.fedoraproject.org/en-US/fedora-coreos/authentication/#_enabling_ssh_password_authentication

Signed-off-by: Coiby Xu <coiby.xu@gmail.com>
---
 tmt/steps/provision/testcloud.py | 24 ++++++++++--------------
 1 file changed, 10 insertions(+), 14 deletions(-)

diff --git a/tmt/steps/provision/testcloud.py b/tmt/steps/provision/testcloud.py
index 0a4446c17c..5e4d0c8dd4 100644
--- a/tmt/steps/provision/testcloud.py
+++ b/tmt/steps/provision/testcloud.py
@@ -137,20 +137,16 @@ def import_testcloud(logger: tmt.log.Logger) -> None:
     - name: ${user_name}
       ssh_authorized_keys:
         - ${public_key}
-systemd:
-  units:
-    - name: ssh_root_login.service
-      enabled: true
-      contents: |
-        [Unit]
-        Before=sshd.service
-        [Service]
-        Type=oneshot
-        ExecStart=/usr/bin/sed -i \
-                  "s|^PermitRootLogin no$|PermitRootLogin yes|g" \
-                  /etc/ssh/sshd_config
-        [Install]
-        WantedBy=multi-user.target
+storage:
+  files:
+    - path: /etc/ssh/sshd_config.d/20-enable-root-login.conf
+      mode: 0644
+      contents:
+        inline: |
+          # CoreOS disables root SSH login by default.
+          # Enable it.
+          # This file must sort before 40-rhcos-defaults.conf.
+          PermitRootLogin yes
 """
 
 # VM defaults