In this post we will see how we can add an SSH task in VMware Cloud Services CodeStream and connect to the SSH host with a non-root user.
The full lab logical design can be seen HERE.
Issue and the Solution
Recently as part of the Livefire classes we delivery to Partners at VMware I had to build a pipeline in thew new VMware Cloud Services CodeStream and one of the tasks in that pipeline was to add a SSH task. In this case the ssh task was connecting to a docker host and running some docker commands to build images and spawn containers. I didn’t want to expose the root user credentials in the ssh task. Therefore, I created a non-root user called view-only that was member of the docker user group and had permission only to run docker commands.
I’ve added an SSH task to my pipeline
And in that task I’ve added my ssh/docker host and I’ve selected my non-root view-only account.
I’ve executed my pipeline and this failed with
Execution failed on task ‘Stage0.Task0’. Failed script execution: Write permission denied at script path on host <hostname>. Please check the host for proper write permissions.
What CodeStream does when it connects with SSH is it tries to download the script that needs to be executed on the SSH host. The folder in which it does so is /var/tmp/codestream/ssh_script and the user I had created didn’t have permissions over that folder. After granting the user permissions I was able to successfully execute the pipeline.
If all went well, go grab a beer.
DISCLAIMER; This is a personal blog. Any views or opinions represented in this blog are personal and belong solely to the blog owner and do not represent those of people, institutions or organizations that the owner may or may not be associated with in professional or personal capacity, unless explicitly stated. Any views or opinions are not intended to malign any religion, ethnic group, club, organization, company, or individual.
All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.
Unless stated, all photos are the work of the blog owner and are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. If used with watermark, no need to credit to the blog owner. For any edit to photos, including cropping, please contact me first.
Unless stated, all recipes are the work of the blog owner and are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. Please credit all recipes to the blog owner and link back to the original blog post.
Any downloadable file, including but not limited to pdfs, docs, jpegs, pngs, is provided at the user’s own risk. The owner will not be liable for any losses, injuries, or damages resulting from a corrupted or damaged file.
Comments are welcome. However, the blog owner reserves the right to edit or delete any comments submitted to this blog without notice due to
– Comments deemed to be spam or questionable spam
– Comments including profanity
– Comments containing language or concepts that could be deemed offensive
– Comments containing hate speech, credible threats, or direct attacks on an individual or group
The blog owner is not responsible for the content in comments.
This policy is subject to change at anytime.