Fleet Manager for SSH Keys Gen

Options
TheMLEngineer
TheMLEngineer Registered Posts: 25

I'm want to generate SSH public keys to integrate Bitbucket with dataiku. I would prefer to generate the key using fleet manager. This will allow users to be able to still access bitbucket whenever fleet manager is re-ran. Is there a way to do that?

Answers

  • Turribeach
    Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023 Posts: 1,744 Neuron
    Options
  • TheMLEngineer
    TheMLEngineer Registered Posts: 25
    Options

    Hello @Turribeach
    ,

    Thank you for quick response.

    Yes, we used this documentation in past to generate the keys. The admin want to know if there is a way to generate with fleet manager. The assumption is if the key is generated out of fleet manager, it will have to be regenerated anytime the instance is regenerated with fleet manager.

  • Turribeach
    Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023 Posts: 1,744 Neuron
    Options

    I have not used Fleet Manager but I do know how it works. Whether it keeps SSH keys after a rebuild or not I do not know but it will trivial for you to test, just regenerate a new instance and check. I expect that it does NOT keep them becauses it doesn't know about them. However I think the way your admin wants to go about it is not the best way. When you generate a pair of SSH keys to access a remote Git repo you need to store the private key in DSS and set the public key in the remote repo to be able to access it using the private key from DSS. Generating the SSH keys from Fleet Manager will require Fleet Manager to have full admin access to the git instance to be able place the public keys as they are generated. It will also require that every DSS instance to use different SSH keys and that every Fleet Manager rebuild will change SSH keys. That's probably not how you want this to work. Instead generate the SSH keys manually as per the Dataiku documentation, put the the private key in DSS and set the public key in the remote repo as required. Finally add a custom step in Fleet Manager to redeploy the private keys to all DSS instances as they get rebuild so that you don't loose access to your git repos.

  • Alexandru
    Alexandru Dataiker, Dataiku DSS Core Designer, Dataiku DSS ML Practitioner, Dataiku DSS Adv Designer, Registered Posts: 1,209 Dataiker
    Options

    If you are Fleet Manager version is > 11.2, you can add setup action instead to add a generated ssh key.

    This still requires generating an SSH key either outside of DSS or via SSH on a DSS instance . Once generated add it to the instance template and reprovision/re-run setup actions. note the known hosts section where you should add e.g github.com etc Screenshot 2024-02-12 at 10.07.06 PM.png

  • Turribeach
    Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023 Posts: 1,744 Neuron
    Options

    Thanks Alex, that's exactly how this capability needed to be supported in Fleet Manager.

  • TheMLEngineer
    TheMLEngineer Registered Posts: 25
    Options

    Thanks @AlexT
    and @Turribeach
    . This is helpful information.

Setup Info
    Tags
      Help me…