Rally - On-premises: How to generate a PEM file for SFTP backups

Products

Rally On-Premise

Issue/Introduction

Version 2.0 of Rally on-premises introduces a new method for using remote SFTP backups. Instead of storing username and passwords, the appliance now stores a PEM file generated from the appliance that is stored on the SFTP server.

This article discusses the steps on generating that key pair, uploading it and configuring the backup settings in the appliance.

Environment

Release: 2.0+
Component: ACPREM

Resolution

This article assumes you have an account already created on your SFTP server that will be used for the backups. If you do not yet have this account created, please create this account before proceeding.

SSH into the on-premises services appliance

Run this command to generate a 2048 bit RSA key

$ ssh-keygen -t rsa -b 2048 -v

This will prompt you for a filename. Enter something simple and unique like "rally". There is no need to enter a password.

Sample Output:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/ops/.ssh/id_rsa): rally
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in rally.
Your public key has been saved in rally.pub.
The key fingerprint is:
SHA256:<Finger Print> <User>@<example.com>
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|                 | 
|                 |
|      EXAMPLE    |
|                 |
|                 |
+----[SHA256]-----+

This will create two files; rally and rally.pub. The "rally" file is your private key and "rally.pub" is the public key.

Next, we need to copy the public key to the SFTP server. In this example, the SFTP server is 192.168.0.1, however, yours will likely be different.

$ ssh-copy-id -i rally.pub <User>@<YOUR_HOST_NAME_OR_IP>

Sample Output:

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "rally.pub"
The authenticity of host '192.0.2.1 (192.0.2.1)' can't be established.
ECDSA key fingerprint is SHA256:<Finger Print>.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with the following command:

$ ssh -i rally <User>@<YOUR_HOST_NAME_OR_IP>

Next you'll want to test the accessibility with an SFTP command:

$ sftp -i rally <User>@<YOUR_HOST_NAME_OR_IP>

Sample Output:

Connected to <YOUR_HOST_NAME_OR_IP>.
sftp>

Run a pwd to ensure that the files are being uploaded where you expect. For example, in this configuration it is expected to see files being sent to the /upload directory.

sftp> pwd

Output:

Remote working directory: /upload

The next step is to take the contents of the "rally" file and paste them into the Private Key PEM section in the Snapshot & Restore settings. This process will vary depending on the version of on-premises.

For versions 2.0 and 2.01 you will paste the private key into the Private PEM key field.

For 2.1, you can simply upload the file directly to the interface.

Additional Information

keywords: agile central