You can use SSH during a specific job in your pipeline.
The following example demonstrates how you can connect to a Cloud Platform environment by using SSH, before the Build Code stage begins.
Prerequisites
Before you start using SSH to access an environment, you must:
- Understand configuration in GitLab. For more information, see .gitlab-ci.yml.
- Generate a 4096 bit RSA SSH private/public key pair. For more information, see Generating an SSH public key.
- Add the public key to Cloud Platform for a user who has a role with SSH access. For more information, see Adding a public key to an Acquia profile.
Adding CI/CD variables
Click Settings > CI/CD.
Expand the Variables section and click Add variable.
To add a variable for the SSH private key, do the following:
- In Key, specify the value as
SSH_PRIVATE_KEY. - In Value, paste your RSA private key.
- Click Add variable.
- In Key, specify the value as
To add a variable for SSH passphrase, click Add variable and do the following:
- In Key, specify the value as
SSH_PASSPHRASE. - In Value, paste the associated passphrase. If a passphrase does not exist, press the Enter key.
- Click Add variable.
The Variables section displays both the variables.
- In Key, specify the value as
Customizing .gitlab-ci.yml to use SSH
After adding the SSH private key and passphrase, you can customize your gitlab-ci.yml file to use the variables and connect by using SSH.
If you created the .gitlab-ci.yml file for the first time, set the CI/CD configuration file to .gitlab-ci.yml by clicking Settings > CI/CD > General pipelines > CI/CD configuration file.
The following is an example .gitlab-ci.yml file that sets the SSH configuration to connect to a Cloud Platform environment.
include:
- project: 'acquia/standard-template'
file:
- '/gitlab-ci/Auto-DevOps.acquia.gitlab-ci.yml'
Build Code:
before_script:
##
## Install ssh-agent if not already installed, it is required by Docker.
##
- 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client git -y )'
##
## Run ssh-agent (inside the build environment)
##
- eval $(ssh-agent -s)
##
## Create a shell script that will echo the environment variable SSH_PASSPHRASE
##
- echo 'echo $SSH_PASSPHRASE' > ~/.ssh/tmp && chmod 700 ~/.ssh/tmp
##
## If ssh-add needs a passphrase, it will read the passphrase from the current
## terminal if it was run from a terminal. If ssh-add does not have a terminal
## associated with it but DISPLAY and SSH_ASKPASS are set, it will execute the
## program specified by SSH_ASKPASS and open an X11 window to read the
## passphrase. This is particularly useful when calling ssh-add from a
## .xsession or related script. Setting DISPLAY=None drops the use of X11.
##
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | DISPLAY=None SSH_ASKPASS=~/.ssh/tmp ssh-add -
##
## Use ssh-keyscan to scan the keys of your private server. Replace gitlab.com
## with your own domain name. You can copy and repeat that command if you have
## more than one server to connect to.
##
- ssh-keyscan <HOST> >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
##
## You can optionally disable host key checking. Be aware that by adding that
## you are susceptible to man-in-the-middle attacks.
##
- echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
##
## Connect via ssh and do something.
##
- ssh <USER>@<HOST>
## - <do something>
In this .gitlab-ci.yml file,
- Replace
<HOST>with your Cloud Platform host. For example,mysitedev.ssh.prod.acquia-sites.com. - Replace
<USER>@<HOST>with your Cloud Platform user and host respectively. For example,[email protected].