Files relevant to MettleCI
The misconfiguration of SSH-related files on the DataStage Engine on which you have MettleCI Workbench installed can give rise to various symptoms, most of which are characterised by the failure of one system to form a trusted connection with another. This page describes the SSH components relevant to MettleCI, and how those components should be configured for successful operation.
This page assumes you are running MettleCI Workbench on a Unix-based host under a user called mciworkb (link).
MettleCI CLI
Some MettleCI CLI commands which communicate with the DataStage Engine tier are dependent upon the correct configuration of the mciworkb user's .ssh folder and its contents.
Directory /mciworkb/.ssh
The directory /home/mciworkb/.sshshould have the following properties:
user ownership of
mciworkbgroup ownership of
dstagepermissions of
700(drwx------)
For example:
$> ls -ld /home/mciworkb/.ssh drwx------ 2 root root 144 Feb 16 14:31 .ssh
These properties can be established with the following commands:
$> chown mciworkb:dstage /home/mciworkb/.ssh # Ownership $> chmod 700 /home/mciworkb/.ssh # Permissions
Files within /mciworkb/.ssh
The directory /home/mciworkb/.sshshould contain the file authorized_keys which effectively controls inbound connections from other hosts. It contains the SSH public keys of hosts that are permitted to connect to your DataStage Engine using key-based authentication. This directory may also contain other files such as known_hosts or config which are not required for successful MettleCI operations.
The authorized_keys file should have the following properties:
user ownership of
mciworkbgroup ownership of
dstage.permissions of
600(drw-------)
This can be established with…
$> chown mciworkb:dstage /home/mciworkb/.ssh/authorized_keys # Ownership $> chmod 600 /home/mciworkb/.ssh/authorized_keys # Permissions
For example:
$> ls -ld /home/mciworkb/.ssh/authorized_keys -rw------- 1 mciworkb dstage 1167 Feb 16 14:26 .ssh/authorized_keys