Use service users for continuous deployment

An infrastructure that uses continuous deployment automation often requires SSH to deploy software or to perform tasks. Generally, this kind of automation runs SSH using a local user account on a continuous integration/continuous deployment (CI/CD) server that's dedicated to this purpose. For example, automated Jenkins jobs might be run as the 'jenkins' user on a Linux server. With Advanced Server Access, you can create service users to automate deployment to your target servers.

• Before you begin
• Create a service user for continuous deployment
• Create a service for a project
• Add the service user to a group
• Enable service user authentication

Before you begin

• You must install the Advanced Server Access client on the host whose unmanaged user the service user is tied to.

  The server can be any Linux host, but can't be a Windows or FreeBSD host. See Install the Advanced Server Access client.

• Grant a group access to the host that contains the service user account.

Create a service user for continuous deployment

1. From the Advanced Server Access dashboard, click Users.
2. Select the Service Users tab.
3. Click Create Service User. The Create Service User page appears.
4. Enter a username for the service user. The system automatically creates corresponding Linux and Windows usernames. Click Create Service User to finish creating the service user.
5. Click Create API Key. The API Key Secret Rotated page appears.
6. Copy and store your API key ID and your API key secret from this page.
   Note: You cannot retrieve this information after closing the window. If you lose this information, you must generate a new API ID & key.

Create a service for a project

1. Click Projects on your team's Advanced Server Access dashboard. The Projects page appears.
2. Click the project that contains the server that runs the service to assign to the service user.
3. Select the Servers tab.
4. Choose the server on which to use the service user.
5. Select the Services tab. Click Add Service.
6. Select the service user that you created from the Service User dropdown. Enter the UID of an unmanaged user in the UID field.

   To find the UID of a user, use the ls /home command to list the users on the server, and then use the id <user> command to find the UID of a specific user.

Add the service user to a group

1. Click Groups on the Advanced Server Access dashboard.
2. Select a group that belongs to the project that contains the server that the service user will be deployed to.
3. Select the Users tab.
4. Enter the username of the service user that you created. Click Add User.

Enable service user authentication

Ensure that you install the Advanced Server Access client on the server that's tied to the service user that you create. By installing the client and enabling authentication for service users, you can use the service user's credentials to perform tasks. The Advanced Server Access server agent must be installed and running on the server.

1. Connect to the server for the service user:

   ssh <target-server>

2. Switch to the root user:

   sudo su -

3. Switch to the unmanaged user that's tied to the Advanced Server Access service user:

su - <unmanaged-user>

4. Enable service user authentication:

   sft config service_auth.enable true

5. Update your SSH configuration:

   sft ssh-config >> ~/.ssh/config

   Don't forget to change the command if your SSH configuration file is in a different directory.

Related topics

• Groups
• Service users
• Introduction to the Advanced Server Access API