Hello everyone,
I am currently struggeling with a use-case of one of our Bamboo users.
There is a deployment-project that is logically shared between two groups. One group (A) provides the code/artifacts to be deployed, the other group (B) provides the access to the targets where the deployment shall be executed at.
Access is via a SSH-Key. Due to how the SCP and SSH Tasks handle the key (retrieving the key once, using it, but never showing it again). Therefore group A can easily use the deployment and deployment environments, make changes to the tasks and even deploy. Group B can be quite sure that the SSH Key can not be read and is only handled by Bamboo and its Agents.
But: The deployment needs to be done to two identical servers that are behind some kind of round-robin load-balancing. The SSH and SCP Tasks dont support multiple hosts though. Therefore I currently only see the solution to have every SSH- and SCP-Task twice, completly identical, just with another hostname as target.
I cant use script-tasks, as then I would need to either place the ssh-key as a file somewhere or create it as a file via a bamboo variable during runtime. With each of those ways it would be possible to e.g. redirect the key to somewhere else to read it. I also thought about using specs to at least make it less tideous to create every task twice. But then again, I have to store the ssh-key somewhere for the spec execution to pick it up, right? And as group A maintains the deployment tasks they can again add a way to obtain the key.
I found https://jira.atlassian.com/browse/BAM-17089 as a feature request. But that seems to be quite dead.
Any other suggestions?
