Hi Satya,
A possible workaround to the limitation is updating the server image and
adding a symlink that points ~/.ssh/ to wherever you want to actually mount
the data.
I have never experimented with using a symlink for the .ssh directory,
though, so this may not work.
Hope this helps,
Jason
On Sunday 28 April 2024 at 12:12:16 UTC-4 Sriram Narayanan wrote:
> On Sat, Apr 27, 2024 at 7:10 PM Satya Elipe <satya...@gmail.com> wrote:
>
>> Thank you Sriram.
>>
>> So, ".ssh" folder mounting will be separate from the rest of the data
>> (/godata, for plugins, pipelines, db etc)...so there would be two separate
>> mount points into the container ?
>>
>> I'm using ECS at the moment and not kubernetes, so my task definition
>> will have two mount points like below:
>>
>> ```
>>
>> "mountPoints": [
>> {
>> "sourceVolume": "efs_id:/godata",
>>
>> "containerPath": "/godata"
>> },
>> {
>> "sourceVolume": "efs_id:/godata/.ssh",
>>
>> "containerPath": "/home/go/.ssh"
>> }
>> ],
>>
>> ```
>>
>> So mounting /godata and efs_id:/godata/.ssh from EFS into the container
>> at /godata and /home/go/.ssh locations respectively (per above code) seems
>> to work.
>>
>> In this case entry_point.sh from the base image is able to map/consider
>> and execute them properly, hence the server is up and running and
>> functioning properly.
>>
>> Is that the way it has to be, I think the github repo for gocd server
>> says that I guess, but perhaps I feel that extra mount point just for .ssh
>> is overkill and if .ssh can also be entertained by entry_point.sh from one
>> single mount point /godata in my case, that would be great ?
>>
>> If I do not mount .ssh into /home/go/.ssh separately into the container -
>> things seem to fail complaining that "key verification failed", I'm not
>> sure whether I'm still missing something here.
>>
>
> Hey, I had got caught by surprise earlier during the "elastic agent"
> discussions and had assumed that you must be using EKS. Sorry, my bias had
> clouded my judgement then. Thankfully Chad and you cleared that up.
>
> ssh by default checks ~/.ssh/ for the keys. Within the GoCD server and
> agent containers, this home (~) is the /home/go directory, and hence we
> mount the .ssh folder there. There are use cases where the keys are made
> available via a different network share and not mixed with configurations
> that regular GoCD admins would have access to, and hence being able to
> mount from a separate place to ~/.ssh is helpful. You could always place
> the .ssh directory along side other directories that would get to godata,
> while also explicitly specifying a mount to /home/go. At present, GoCD does
> not have a configuration option to point it to a private key at a path
> other than ~/ssh
>
> https://docs.gocd.org/current/faq/docker_container_ssh_keys.html
>
>
>>
>> Many thanks
>> Satya
>>
>> On Thu, Apr 25, 2024 at 3:31 PM Sriram Narayanan <srir...@gmail.com>
>> wrote:
>>
>>>
>>>
>>> On Thu, Apr 25, 2024 at 10:16 PM Satya Elipe <satya...@gmail.com> wrote:
>>>
>>>> Hi all
>>>>
>>>> Wonder, what's the way around to mount .ssh from EFS into the gocd base
>>>> container (from the image gocd/gocd-server:v22.3.0).
>>>>
>>>>
>>>> We have saved all our content into EFS under /godata and maps that into
>>>> the container as /godata.
>>>>
>>>>
>>>> We are using gocd/gocd-server:v22.3.0.
>>>>
>>>>
>>>> It all runs good, mapping was fine too but just one thing that’s not
>>>> happening is “.ssh” folder.
>>>>
>>>>
>>>> I have .ssh with all required keys in EFS under /godata and /godata
>>>> within the container also has .ssh but not /go-working-dir.
>>>>
>>>>
>>>> Is that supported, am I mis-configuring it, or do we need to handle
>>>> that outside of the base image ?
>>>>
>>>
>>> At a high level, the .ssh folder should be mounted into /home/go.
>>> e.g. docker run -v /path/to/godata:/godata -v /path/to/home-dir:/home/go
>>> gocd/gocd-server:v23.5.0
>>> IMPORTANT: You must set the user ID of the files within .ssh to 1000.
>>> This is the user ID of the gocd process within the container.
>>>
>>> See:
>>> https://github.com/gocd/docker-gocd-server?tab=readme-ov-file#mounting-volumes
>>>
>>> Given that you are using Kubernetes, please see the Helm chart
>>> documentation here
>>> https://github.com/gocd/helm-chart/blob/master/gocd/README.md
>>>
>>> It provides info on just about every configurable attribute for the GoCD
>>> server and the agent.
>>>
>>> Of particular importance for you are these two attributes:
>>> server.persistence.subpath.homego
>>> agent.persistence.subpath.homego
>>>
>>> Please see that document and jot down your action plan since you will
>>> need to provide the SSH keys to the server _and_ the agent containers.
>>>
>>> IMPORTANT: You must set the user ID of the files within .ssh to 1000.
>>> This is the user ID of the gocd process within the container.
>>>
>>>
>>>
>>>>
>>>> Many thanks in advance !
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "go-cd" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to go-cd+un...@googlegroups.com.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/go-cd/CADKEDRrQOX11i951ZPiUYeOdMqThbCoZG7_WAqgBJFg1BxqxfQ%40mail.gmail.com
>>>>
>>>> <https://groups.google.com/d/msgid/go-cd/CADKEDRrQOX11i951ZPiUYeOdMqThbCoZG7_WAqgBJFg1BxqxfQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "go-cd" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to go-cd+un...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/go-cd/CANiY96aM47Ck0vc%3D1BnjnMd%2BT9eu4BKokLqLXMG0mNAezT2V_A%40mail.gmail.com
>>>
>>> <https://groups.google.com/d/msgid/go-cd/CANiY96aM47Ck0vc%3D1BnjnMd%2BT9eu4BKokLqLXMG0mNAezT2V_A%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "go-cd" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to go-cd+un...@googlegroups.com.
>>
> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/go-cd/CADKEDRoj%2BrFqeT%2B3%2BF_TYnOn6C03kTJyzDzdtChoDOEc_BWxzg%40mail.gmail.com
>>
>> <https://groups.google.com/d/msgid/go-cd/CADKEDRoj%2BrFqeT%2B3%2BF_TYnOn6C03kTJyzDzdtChoDOEc_BWxzg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>
--
You received this message because you are subscribed to the Google Groups
"go-cd" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to go-cd+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/go-cd/196247a2-32f4-473c-9fc5-9e709bc204a9n%40googlegroups.com.
