From 5a24bbde0a47c07519a7bd143d7c38bf5c623c6e Mon Sep 17 00:00:00 2001 From: saridsa2 Date: Sun, 12 Apr 2026 16:50:58 +0530 Subject: [PATCH] =?UTF-8?q?docs:=20update=20runbook=20=E2=80=94=20sshpass?= =?UTF-8?q?=20for=20EC2=20SSH,=20no=20key=20decryption=20needed?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace openssl pkey decryption with direct sshpass passphrase handling. Use original key file directly. Added VPN note. Co-Authored-By: Claude Opus 4.6 (1M context) --- docs/developer-operations-runbook.md | 44 +++++++++++++++------------- 1 file changed, 23 insertions(+), 21 deletions(-) diff --git a/docs/developer-operations-runbook.md b/docs/developer-operations-runbook.md index 25b0287..81b7e90 100644 --- a/docs/developer-operations-runbook.md +++ b/docs/developer-operations-runbook.md @@ -36,38 +36,35 @@ Docker Compose stack (EC2 — 13.234.31.194): ## EC2 Access ```bash -# SSH into EC2 -ssh -i /tmp/ramaiah-ec2-key -o StrictHostKeyChecking=no ubuntu@13.234.31.194 +# SSH into EC2 (key passphrase handled by sshpass) +SSHPASS='SasiSuman@2007' sshpass -P "Enter passphrase" -e \ + ssh -i ~/Downloads/fortytwoai_hostinger -o StrictHostKeyChecking=no ubuntu@13.234.31.194 ``` | Detail | Value | |---|---| | Host | `13.234.31.194` | | User | `ubuntu` | -| SSH key | `/tmp/ramaiah-ec2-key` (decrypted from `~/Downloads/fortytwoai_hostinger`) | +| SSH key | `~/Downloads/fortytwoai_hostinger` (passphrase-protected) | +| Passphrase | `SasiSuman@2007` | | Docker compose dir | `/opt/fortytwo` | | Frontend static files | `/opt/fortytwo/helix-engage-frontend` | | Caddyfile | `/opt/fortytwo/Caddyfile` | -### SSH Key Setup +### SSH Helper -The key at `~/Downloads/fortytwoai_hostinger` is passphrase-protected (`SasiSuman@2007`). -Create a decrypted copy for non-interactive use: +The key is passphrase-protected. Use `sshpass` to supply the passphrase non-interactively. +No need to decrypt or copy the key — use the original file directly. ```bash -# One-time setup -openssl pkey -in ~/Downloads/fortytwoai_hostinger -out /tmp/ramaiah-ec2-key -chmod 600 /tmp/ramaiah-ec2-key +# SSH shorthand +EC2_SSH="SSHPASS='SasiSuman@2007' sshpass -P 'Enter passphrase' -e ssh -i ~/Downloads/fortytwoai_hostinger -o StrictHostKeyChecking=no ubuntu@13.234.31.194" # Verify -ssh -i /tmp/ramaiah-ec2-key ubuntu@13.234.31.194 hostname +eval $EC2_SSH hostname ``` -### Handy alias - -```bash -alias ec2="ssh -i /tmp/ramaiah-ec2-key -o StrictHostKeyChecking=no ubuntu@13.234.31.194" -``` +> **Note:** VPN may block port 22 to AWS. Disconnect VPN before SSH. --- @@ -155,29 +152,34 @@ REDIS_URL=redis://localhost:6379 ### Frontend ```bash +# Helper — reuse in all commands below +EC2="SSHPASS='SasiSuman@2007' sshpass -P 'Enter passphrase' -e ssh -i ~/Downloads/fortytwoai_hostinger -o StrictHostKeyChecking=no ubuntu@13.234.31.194" +EC2_RSYNC="SSHPASS='SasiSuman@2007' sshpass -P 'Enter passphrase' -e ssh -i ~/Downloads/fortytwoai_hostinger -o StrictHostKeyChecking=no" + cd helix-engage && npm run build -rsync -avz -e "ssh -i /tmp/ramaiah-ec2-key -o StrictHostKeyChecking=no" \ +rsync -avz -e "$EC2_RSYNC" \ dist/ ubuntu@13.234.31.194:/opt/fortytwo/helix-engage-frontend/ -ssh -i /tmp/ramaiah-ec2-key ubuntu@13.234.31.194 \ - "cd /opt/fortytwo && sudo docker compose restart caddy" +eval $EC2 "cd /opt/fortytwo && sudo docker compose restart caddy" ``` -### Sidecar (quick — code only, no new dependencies) +### Sidecar ```bash cd helix-engage-server +# 1. Login to ECR aws ecr get-login-password --region ap-south-1 | \ docker login --username AWS --password-stdin 043728036361.dkr.ecr.ap-south-1.amazonaws.com +# 2. Build and push Docker image docker buildx build --platform linux/amd64 \ -t 043728036361.dkr.ecr.ap-south-1.amazonaws.com/fortytwo-eap/helix-engage-sidecar:alpha \ --push . -ssh -i /tmp/ramaiah-ec2-key ubuntu@13.234.31.194 \ - "cd /opt/fortytwo && sudo docker compose pull sidecar-ramaiah sidecar-global && sudo docker compose up -d sidecar-ramaiah sidecar-global" +# 3. Pull and restart on EC2 +eval $EC2 "cd /opt/fortytwo && sudo docker compose pull sidecar-ramaiah sidecar-global && sudo docker compose up -d sidecar-ramaiah sidecar-global" ``` ### How to decide