Versions Compared

Old Version 37

changes.mady.by.user Chandresh Patel

Saved on

compared with

New Version 38

changes.mady.by.user Chandresh Patel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

Field Name

Required

Description

Endpoint Name

Yes

The name of the Endpoint.

Description

No

An optional description for the Endpoint.

Active

Yes

Whether or not the endpoint is active in the system. Defaults to "Yes".

Connection Type

Yes

The connection type used for connection to the Endpoint. Currently SSH and localhost are supported.

OS Type

Yes

The operating system of the Endpoint. Unix and Windows are the supported types.

For Microsoft Windows, must have Cygwin installed, along with the openssh package. See the Cygwin Installation Guide for more information.

Endpoint Address

Yes

The DNS name or IP address of the Endpoint.

Port

Yes

The SSH port of the Endpoint (typically port 22).

User Name

Yes

The user account on the Endpoint to connect with. All executions via this endpoint will run as this user.

Password

No

The password for the User Name. Either password or Private Key File is required.

Private Key File

No

Fully-qualified path of the SSH private key file. Either Private Key File or Password is required. ~ is not supported here.

Passphrase

No

An optional passphrase used when the private key was generated. Only valid if a Private Key File is specified.

Run As (sudo)No

An optional user to run as (using sudo) after establishing connection to the endpoint.

  • This user must have same primary group as User Name.
  • Add sudoers rule, such that User Name can sudo to Run As user without prompting for a password.
  • Delete the Base Directory on the physical endpoint server, if it was created with different user. FlexDeploy will recreate it on next connection. (Do not skip this step)
  • Test by executing the following from FlexDeploy server terminal, connected as User Name: “sudo -u <run as user> bash -c whoami”.  Output should be the name of the Run As user without prompting for a password.
  • After completing endpoint configuration, click “Test Connection” on the Endpoint.

Base Directory

Yes

A working directory on the Endpoint used by FlexDeploy. ~ is not supported here.

For example, /app/flexdeploy.

If you have two FlexDeploy installations that may connect to same Endpoint, you must use unique folders for both FlexDeploy Servers. In most cases, separate FlexDeploy is installed to perform testing of FlexDeploy patches, which may connect to same Endpoint, in which case you can use different folder like /app/flexdeploytest and /app/flexdeploy.

Group

No

An optional group identifier which can be useful when searching for Endpoints.

Subgroup

No

An optional subgroup identifier which can be useful when searching for Endpoints.

Docker HostYesWhether or not the endpoint is capable of running Docker containers
K8s clusterNoWhether or not the endpoint can run Docker containers on a K8s cluster
K8s contextNoName of the configured K8s context

JDK Home

Yes

The JDK Home directory on the Endpoint. For example, /usr/java. FlexDeploy will look for /bin/java under specified JDK Home folder. Not required if the Endpoint is a Docker Host.

...

To inactivate an endpoint click the Active link on the desired Endpoint, and it will toggle to Inactive. This will hide that Endpoint after leaving the screen, until the Active checkbox is unchecked. To reactivate an Enpoint, click the Inactive link and it will toggle back to Active. This endpoint is now active in the system again and ready for use.

...

Unix ExampleWindows Example (using Cygwin)

Image RemovedImage Added

Image RemovedImage Added


Tip
titleMacOS

MacOS endpoints are supported using Unix Connection Type.

...

The second technique is to use a manually generated public-private key pair to perform the authentication, allowing the FlexDeploy server to connect to endpoints without having to specify a password.  In this scenario, a public and private key pair are generated on the FlexDeploy server.  The private key is kept secretly on the server by setting the permissions such that only the owner can read it (the userid which the FlexDeploy server is running as).  The public key is copied to all endpoint computers which must allow access to the owner (user running FlexDeploy server) of the matching private key. While authentication is based on the private key, the key itself is never transferred through the network during authentication.  SSH verifies whether the same person offering the public key also owns the matching private key.  In this case you must provide the User Name, the path to the Private Key File on the server, and an optional Passphrase (an optional password assigned to the private key when it was generated).

Image RemovedImage Added

Creating a Public-Private Key Pair

...

It is typical to use the default file name and location to store the private key (which is in the .ssh subfolder of the user's home directory). You can optionally secure the private key file with a passphrase. It is an SSH requirement that the private key be readable only by its owner (e.g. oracle in the example above). So you must change the permissions accordingly (e.g. chmod 600 /home/oracle/.ssh/id_rsa). You will receive an error at connection time similar to the following if you omit this step.

Permissions 0777 for '/home/oracle/.ssh/id_rsa' are too open.

It is recommended that your private key files are NOT accessible by others otherwise private key will be ignored.

Tip

The /home/oracle/.ssh folder on the endpoint must have drw------- permissions. For example,

  • chmod -R 700 $HOME/.ssh
  • chmod 700 $HOME

...