SSH Targets

Last updated

For Linux and Unix systems you can configure Octopus to communicate with your deployment target through SSH. The Octopus server will then connect to the SSH deployment target and execute bash scripts to invoke Calamari, which is installed on the SSH target and in turn performs the deployment steps and passes the task progress, logs, and artifacts back to the Octopus server.

Before you configure an SSH deployment target, review the requirements and ensure your SSH deployment targets have the required packages installed.

Create an SSH Account

The SSH connection you configure will use an account with either an SSH Key Pair or a Username and Password that has access to the remote host.

See accounts for instructions to configure the account.

Add an SSH Connection

  1. In the Octopus Web Portal, navigate to the Infrastructure tab, select Deployment Targets and click ADD DEPLOYMENT TARGET ➜ SSH CONNECTION.
  2. Click ADD on the SSH Connection card.
  3. Enter the DNS or IP address of the deployment target, i.e., example.com or 10.0.1.23.
  4. Enter the port (port 22 by default) and click NEXT.

Make sure the target server is accessible by the port you specify.

The Octopus server will attempt to perform the required protocol handshakes and obtain the remote endpoint's public key fingerprint automatically rather than have you enter it manually. This fingerprint is stored and verified by the server on all subsequent connections.

If this discovery process is not successful, you will need to click ENTER DETAILS MANUALLY.

  1. Give the target a name.
  2. Select which environment the deployment target will be assigned to.
  3. Choose or create at least one target role for the deployment target and click Save. Learn about target roles.
  4. Select the account that will be used for the Octopus server and the SSH target to communicate.
  5. If entering the details manually, enter the Host, Port and the host's fingerprint.

You can retrieve the fingerprint of the default key configured in your sshd_config file from the target server with the following command:

ssh-keygen -E md5 -lf /etc/ssh/ssh_host_rsa_key.pub | cut -d' ' -f2 | awk '{ print $1}' | cut -d':' -f2-
  1. Specify whether Mono is installed on the SSH target or not to determine which version of Calamari will be installed.
  1. Click Save.

Health Check

Once the target is configured, Octopus will perform an initial health check. Health checks are done periodically or on demand and ensure the endpoint is reachable, configured correctly and the required dependencies are are available (e.g. tar, for more details see requirements), and ready to perform deployment tasks.

If Calamari is not present or is out-of-date, a warning will be displayed, however, Calamari will be updated when it is next required by a task.

If the SSH target is healthy, the version that is displayed is the version of the Octopus server instance.

If the fingerprint changes after initial configuration, the next health check will update the fingerprint. If the fingerprint returned during the handshake is different to the value stored in the database, the new fingerprint will show up in the logs. If you aren't expecting a change and you see this error it could mean you have been compromised!

Learn more about health checks and machine policies

Running Scripts on SSH Endpoints

You can use raw scripting to run scripts on SSH endpoints without any additional Octopus dependencies. You can set machine policies to configure health checks that only test for SSH connectivity for the target to be considered healthy.

In This Section

The following topics are explained further in this section: