Code Studio

Using SSH during a Code Studio pipeline

You can use SSH during a specific job in your pipeline.

The following example demonstrates how you can connect to a Cloud Platform environment by using SSH, before the Build Code stage begins.

Prerequisites

Before you start using SSH to access an environment, you must:

  1. Understand configuration in Gitlab. For more information, see .gitlab-ci.yml.

  2. Generate a 4096 bit RSA SSH private/public key pair. For more information, see Generating an SSH public key.

  3. Add the public key to Cloud Platform for a user who has a role with SSH access. For more information, see Adding a public key to an Acquia profile.

Adding CI/CD variables

  1. Click Settings > CI/CD.

  2. Expand the Variables section and click Add variable.

  3. To add a variable for the SSH private key, do the following:

    1. In Key, specify the value as SSH_PRIVATE_KEY.

    2. In Value, paste your RSA private key.

    3. Click Add variable.

  4. To add a variable for SSH passphrase, click Add variable and do the following:

    1. In Key, specify the value as SSH_PASSPHRASE.

    2. In Value, paste the associated passphrase. If a passphrase does not exist, press the Enter key.

    3. Click Add variable.

    The Variables section displays both the variables.

Customizing .gitlab-ci.yml to use SSH

After adding the SSH private key and passphrase, you can customize your gitlab-ci.yml file to use the variables and connect by using SSH.

If you created the .gitlab-ci.yml file for the first time, set the CI/CD configuration file to .gitlab-ci.yml by clicking Settings > CI/CD > General pipelines > CI/CD configuration file.

The following is an example .gitlab-ci.yml file that sets the SSH configuration to connect to a Cloud Platform environment.

include:
  - project: 'acquia/standard-template'
    file:
      - '/gitlab-ci/Auto-DevOps.acquia.gitlab-ci.yml'

Build Code:
  before_script:
   ##
   ## Install ssh-agent if not already installed, it is required by Docker.
   ##
   - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client git -y )'


   ##
   ## Run ssh-agent (inside the build environment)
   ##
   - eval $(ssh-agent -s)


   ##
   ## Create a shell script that will echo the environment variable SSH_PASSPHRASE
   ##
   - echo 'echo $SSH_PASSPHRASE' > ~/.ssh/tmp && chmod 700 ~/.ssh/tmp


   ##
   ## If ssh-add needs a passphrase, it will read the passphrase from the current
   ## terminal if it was run from a terminal. If ssh-add does not have a terminal
   ## associated with it but DISPLAY and SSH_ASKPASS are set, it will execute the
   ## program specified by SSH_ASKPASS and open an X11 window to read the
   ## passphrase. This is particularly useful when calling ssh-add from a
   ## .xsession or related script. Setting DISPLAY=None drops the use of X11.
   ##
   - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | DISPLAY=None SSH_ASKPASS=~/.ssh/tmp ssh-add -


   ##
   ## Use ssh-keyscan to scan the keys of your private server. Replace gitlab.com
   ## with your own domain name. You can copy and repeat that command if you have
   ## more than one server to connect to.
   ##
   - ssh-keyscan <HOST> >> ~/.ssh/known_hosts
   - chmod 644 ~/.ssh/known_hosts


   ##
   ## You can optionally disable host key checking. Be aware that by adding that
   ## you are susceptible to man-in-the-middle attacks.
   ##
   - echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config


   ##
   ## Connect via ssh and do something.
   ##
   - ssh <USER>@<HOST>
   ## - <do something>

In this .gitlab-ci.yml file,

  • Replace <HOST> with your Cloud Platform host. For example, mysitedev.ssh.prod.acquia-sites.com.

  • Replace <USER>@<HOST> with your Cloud Platform user and host respectively. For example, [email protected].