I have been looking at the documentation most of the documentation explains.
Here are my requirements
1. java project
2. pipeline uses custom image (with ssh installed)
3. create artifact jar, ear or whatever
4. Deploy that artifact to a remote servers (QA, TST and PROD) via ssh.
step 4 is where I am struggling with. Followed this document but I am struck at Step 2: Update the known hosts while I get an error as "unable to fetch fingerprints ....."
I am unsure of step 3 should I be adding known hosts file to the remote server or my custom docker image. I believe its remote server but then how does my custom docker image talk to the remote host?
Is there any documentation on of easy way to deploy the artifact to a remote server.
Hi @Srikanth Mamidala ,
Regarding the error "unable to fetch fingerprints", is the server you want to deploy to behind a firewall? If so, you may need to whitelist the IP addresses listed on the following page, for the server to be able to communicate with Bitbucket:
Your network administrator may need to make specific network configuration changes to permit SSH connectivity from your server to Bitbucket.
I am unsure of step 3 should I be adding known hosts file to the remote server or my custom docker image. I believe its remote server but then how does my custom docker image talk to the remote host?
The public key should be added to your remote server (not your custom image). If you have generated an SSH key pair from this repo's Repository settings > SSH keys (or if you have added one there yourself), the private SSH key will be available in your Pipelines builds and the public key will exist on your remote server, so you'll be able to ssh from the Pipelines build to your server.
We have certain pipes that deploy to a remote server using SSH. If you set up SSH keys as per the documentation you mentioned, you can use one of these pipes in your bitbucket-pipelines.yml file to deploy to your server:
If your remote server has FTP, another option would be to use the following pipe to deploy via FTP (instead of SSH):
Please feel free to let me know if you have any questions.
Kind regards,
Theodora
Hello @Theodora Boudale thank you for detailed answers. I was able to setup the connection using SCP but using a public IP only. Is there a way to enable pipelines connections for the private Ips?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you for the update, it's good to hear that you managed to set it up with SCP.
I don't believe that it is possible to use a private IP address, as private IP addresses are used within a local network. Bitbucket Pipelines needs to be able to reach your server over the internet and this can be done with a public IP address.
Kind regards,
Theodora
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Got it thank you. But there may be use cases similar to mine for others as well, whats the ideal Atlassian suggested workaround for these situations? Use a jump box or something? if use a jumpbox which pipe would support that
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Srikanth Mamidala, please allow me to check with my team regarding your last question and I'll get back to you on that.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for your patience as we've been looking into this.
It should actually be possible to deploy to one of your local machines that doesn't have access to the internet with the scp-deploy pipe, using a jumpbox.
The pipe should then be configured as follows:
pipelines:
default:
- step:
script:
- pipe: atlassian/scp-deploy:1.1.0
variables:
USER: <USER>
SERVER: <PRIVATE_IP>
REMOTE_PATH: <REMOTE_PATH>
LOCAL_PATH: '*'
DEBUG: 'true'
EXTRA_ARGS: ['-o', 'ProxyJump <JUMP_SERVER_ADDRESS>:<SSH_PORT>', '-o', 'StrictHostKeyChecking=no', '-o UserKnownHostsFile=/dev/null']
So this is possible by using the ProxyJump argument of the scp command, and also by using the options 'StrictHostKeyChecking=no' and '-o UserKnownHostsFile=/dev/null'. You need to also make sure that the jump server can communicate with the local machine you want to deploy to.
Some other suggestions we can make apart from the above setup:
- You can use a proxy server, deploy there with the pipe, and configure the proxy server to redirect the traffic to one of the machines in your local network
- You can also explore using Bitbucket Pipelines Runners, which can be run in your own network infrastructure and run your deployment there:
Kind regards,
Theodora
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
 
 
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.