Adding an SSH task in CodeStream with a non-root user (SKKB1044)

In this post we will see how we can add an SSH task in VMware Cloud Services CodeStream and connect to the SSH host with a non-root user.

 

Update Log:

Lab Environment

The full lab logical design can be seen HERE.

Issue and the Solution

Recently as part of the Livefire classes we delivery to Partners at VMware I had to build a pipeline in thew new VMware Cloud Services CodeStream and one of the tasks in that pipeline was to add a SSH task. In this case the ssh task was connecting to a docker host and running some docker commands to build images and spawn containers. I didn’t want to expose the root user credentials in the ssh task. Therefore, I created a non-root user called view-only that was member of the docker user group and had permission only to run docker commands.

I’ve added an SSH task to my pipeline

 

And in that task I’ve added my ssh/docker host and I’ve selected my non-root view-only account.

I’ve executed my pipeline and this failed with

Execution failed on task ‘Stage0.Task0’. Failed script execution: Write permission denied at script path on host <hostname>. Please check the host for proper write permissions.

What CodeStream does when it connects with SSH is it tries to download the script that needs to be executed on the SSH host. The folder in which it does so is /var/tmp/codestream/ssh_script and the user I had created didn’t have permissions over that folder. After granting the user permissions I was able to successfully execute the pipeline.

Final Step

If all went well, go grab a beer.

Leave a Reply

Your email address will not be published. Required fields are marked *