Hi Satya, A possible workaround to the limitation is updating the server image and adding a symlink that points ~/.ssh/ to wherever you want to actually mount the data.
I have never experimented with using a symlink for the .ssh directory, though, so this may not work. Hope this helps, Jason On Sunday 28 April 2024 at 12:12:16 UTC-4 Sriram Narayanan wrote: > On Sat, Apr 27, 2024 at 7:10 PM Satya Elipe <satya...@gmail.com> wrote: > >> Thank you Sriram. >> >> So, ".ssh" folder mounting will be separate from the rest of the data >> (/godata, for plugins, pipelines, db etc)...so there would be two separate >> mount points into the container ? >> >> I'm using ECS at the moment and not kubernetes, so my task definition >> will have two mount points like below: >> >> ``` >> >> "mountPoints": [ >> { >> "sourceVolume": "efs_id:/godata", >> >> "containerPath": "/godata" >> }, >> { >> "sourceVolume": "efs_id:/godata/.ssh", >> >> "containerPath": "/home/go/.ssh" >> } >> ], >> >> ``` >> >> So mounting /godata and efs_id:/godata/.ssh from EFS into the container >> at /godata and /home/go/.ssh locations respectively (per above code) seems >> to work. >> >> In this case entry_point.sh from the base image is able to map/consider >> and execute them properly, hence the server is up and running and >> functioning properly. >> >> Is that the way it has to be, I think the github repo for gocd server >> says that I guess, but perhaps I feel that extra mount point just for .ssh >> is overkill and if .ssh can also be entertained by entry_point.sh from one >> single mount point /godata in my case, that would be great ? >> >> If I do not mount .ssh into /home/go/.ssh separately into the container - >> things seem to fail complaining that "key verification failed", I'm not >> sure whether I'm still missing something here. >> > > Hey, I had got caught by surprise earlier during the "elastic agent" > discussions and had assumed that you must be using EKS. Sorry, my bias had > clouded my judgement then. Thankfully Chad and you cleared that up. > > ssh by default checks ~/.ssh/ for the keys. Within the GoCD server and > agent containers, this home (~) is the /home/go directory, and hence we > mount the .ssh folder there. There are use cases where the keys are made > available via a different network share and not mixed with configurations > that regular GoCD admins would have access to, and hence being able to > mount from a separate place to ~/.ssh is helpful. You could always place > the .ssh directory along side other directories that would get to godata, > while also explicitly specifying a mount to /home/go. At present, GoCD does > not have a configuration option to point it to a private key at a path > other than ~/ssh > > https://docs.gocd.org/current/faq/docker_container_ssh_keys.html > > >> >> Many thanks >> Satya >> >> On Thu, Apr 25, 2024 at 3:31 PM Sriram Narayanan <srir...@gmail.com> >> wrote: >> >>> >>> >>> On Thu, Apr 25, 2024 at 10:16 PM Satya Elipe <satya...@gmail.com> wrote: >>> >>>> Hi all >>>> >>>> Wonder, what's the way around to mount .ssh from EFS into the gocd base >>>> container (from the image gocd/gocd-server:v22.3.0). >>>> >>>> >>>> We have saved all our content into EFS under /godata and maps that into >>>> the container as /godata. >>>> >>>> >>>> We are using gocd/gocd-server:v22.3.0. >>>> >>>> >>>> It all runs good, mapping was fine too but just one thing that’s not >>>> happening is “.ssh” folder. >>>> >>>> >>>> I have .ssh with all required keys in EFS under /godata and /godata >>>> within the container also has .ssh but not /go-working-dir. >>>> >>>> >>>> Is that supported, am I mis-configuring it, or do we need to handle >>>> that outside of the base image ? >>>> >>> >>> At a high level, the .ssh folder should be mounted into /home/go. >>> e.g. docker run -v /path/to/godata:/godata -v /path/to/home-dir:/home/go >>> gocd/gocd-server:v23.5.0 >>> IMPORTANT: You must set the user ID of the files within .ssh to 1000. >>> This is the user ID of the gocd process within the container. >>> >>> See: >>> https://github.com/gocd/docker-gocd-server?tab=readme-ov-file#mounting-volumes >>> >>> Given that you are using Kubernetes, please see the Helm chart >>> documentation here >>> https://github.com/gocd/helm-chart/blob/master/gocd/README.md >>> >>> It provides info on just about every configurable attribute for the GoCD >>> server and the agent. >>> >>> Of particular importance for you are these two attributes: >>> server.persistence.subpath.homego >>> agent.persistence.subpath.homego >>> >>> Please see that document and jot down your action plan since you will >>> need to provide the SSH keys to the server _and_ the agent containers. >>> >>> IMPORTANT: You must set the user ID of the files within .ssh to 1000. >>> This is the user ID of the gocd process within the container. >>> >>> >>> >>>> >>>> Many thanks in advance ! >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "go-cd" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to go-cd+un...@googlegroups.com. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/go-cd/CADKEDRrQOX11i951ZPiUYeOdMqThbCoZG7_WAqgBJFg1BxqxfQ%40mail.gmail.com >>>> >>>> <https://groups.google.com/d/msgid/go-cd/CADKEDRrQOX11i951ZPiUYeOdMqThbCoZG7_WAqgBJFg1BxqxfQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "go-cd" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to go-cd+un...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/go-cd/CANiY96aM47Ck0vc%3D1BnjnMd%2BT9eu4BKokLqLXMG0mNAezT2V_A%40mail.gmail.com >>> >>> <https://groups.google.com/d/msgid/go-cd/CANiY96aM47Ck0vc%3D1BnjnMd%2BT9eu4BKokLqLXMG0mNAezT2V_A%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "go-cd" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to go-cd+un...@googlegroups.com. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/go-cd/CADKEDRoj%2BrFqeT%2B3%2BF_TYnOn6C03kTJyzDzdtChoDOEc_BWxzg%40mail.gmail.com >> >> <https://groups.google.com/d/msgid/go-cd/CADKEDRoj%2BrFqeT%2B3%2BF_TYnOn6C03kTJyzDzdtChoDOEc_BWxzg%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/196247a2-32f4-473c-9fc5-9e709bc204a9n%40googlegroups.com.