MettleCI and its associated systems make use of SSH (a form of public key cryptography) to provide secure communications channels between software components running on different hosts. This page provides an outline of the MettleCI-related components which use SSH, and a high-level view of how those components should be configured.
Files relevant to MettleCI
...
| Gliffy | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
MettleCI CLI
MettleCI CLI commands most commonly execute on the MettleCI Agent Host (described here) and communicate with the DataStage Engine to perform build and deployment tasks. Those commands which communicate over SSH (most notably those from the Remote Namespace with the privateKey option) are dependent upon correct configuration of the SSH between these two hosts.
In the diagram above the MettleCI Agent Host (described here) stores a private key file (named client.key in the diagram above) for which the public key equivalent (e.g. client.key.pub) is stored inside the ~/.ssh/authorized_keys file of the user account you are using to execute the MettleCI Workbench - typically mciworkb. This permits SSH connection between the MettleCI Agent Host and your DataStage Engine upon which the MettleCI Workbench is running. This connection is, most notably, required when using MettleCI commands from the Remote Namespace with the privateKey option. Similarly, your DataStage Engine will store a private key file (an example of which is created during MettleCI installation - workbench.key) in the MettleCI installation directory - typically /opt/dm/mci. The the public key equivalent (e.g. workbench.key.pub) is shared with third party systems with which your DataStage engine needs to communicate - most commonly your Git and Work Item Management platforms.
MettleCI CLI
Some MettleCI CLI commands which communicate with the DataStage Engine tier are dependent upon the correct configuration of the mciworkb user's .ssh folder and its contents.
Directory /mciworkb/.ssh
The directory /home/mciworkb/.sshshould have the following properties:
...
SSH may also be involved in MettleCI Workbench’s communication with Work Item Management and Git platforms. In these cases you will use a SSH key pair crated created on the DataStage Engine to form this connection. Your DataStage Engine will store a private key file, an example of which (workbench.key) is created in the MettleCI directory (typically /opt/dm/mci) during MettleCI installation. The the public key will be key equivalent (e.g. workbench.key.pub) is supplied to the third party system which will use this when communicating with your DataStage Engine tiersystems with which your DataStage engine needs to communicate - most commonly your Git and Work Item Management platforms. You can either use the key pair created for you by the MettleCI installation process (workbench.key / workbench.key.pub, which is a 521-bit ECDSA key) or create your own if your organisation or third party system have specified SSH key requirements. The process varies from tool to tool, so please see the relevant MettleCI documentation for tools relevant to you.
...