-
Notifications
You must be signed in to change notification settings - Fork 4
plug:goss
Keith edited this page Jan 25, 2020
·
25 revisions
Goss provides a simple and efficient healthcheck. This installation adds the goss binary directly as /usr/local/bin/goss
#Add ssh key here (will attempt to envsubst users public key)
GOSS_SSH_KEY=${USER_id_ed25519}storage.files[+]:
path: /usr/local/bin/goss
mode: 0555
contents:
source: https://github.com/aelsabbahy/goss/releases/download/v0.3.9/goss-linux-386
verification:
hash: sha512-de38857f9440ea82f9e29f9a7199bfbb71104763b166413b5d9d0fdb8b3e21d6990aafa9aee4e6c3831b35aa3ce6c6674406a166823fbca89b87283180e61e2e
storage.files[+]:
path: /etc/ssh/sshd_config.d/extra_keys.conf
mode: 0600
contents:
inline: |
# Added from ignition
Match User goss
AuthorizedKeysFile /etc/ssh/sshd_config.d/authorized-keys_%u
storage.files[+]:
path: /etc/ssh/sshd_config.d/authorized-keys_goss
mode: 0644
user:
id: 111
contents:
inline: |
command="sudo /usr/local/bin/goss -g /etc/goss/goss.yaml validate $SSH_ORIGINAL_COMMAND" ${GOSS_SSH_KEY}
# Healthz Check User
passwd.users[+]:
name: goss # health check
uid: 111
system: true
home_dir: /
no_create_home: true
no_user_group: true
groups:
- sudo