Accessing Akamai NetStorage with Secure Means — SFTP, RSYNC with Azure DevOps

Akamai Netstorage https://www.akamai.com/us/en/products/media-delivery/netstorage.jsp

Background

The client solution I am working on is using Sitecore as their Web Content Management System with Akamai CDN in front of Content Deliveries. All the front end static assets are hosted in Akamai Netstorage, which is similar to Amazon S3 Storage or Azure Blob Storage.

I found it very difficult to follow the documentation and knowledge base from Akamai to set this up, especially from someone who soley works in Microsoft Windows environment 100% of the time. Transfer front end static assets as part of the Continuous Integration / Continuous Deployment process is another hurdle that I had to jump through.

I hit a lot of hurdles and had to engage in Akamai Customer Care / Support to get this fully working.

Generate SSH RSA v2 Key

I will highly recommend each developer who wants to access Akamai Netstorage using SFTP to generate their own SSH RSA key. A separate key should also be generated for the Hosted Linux Agent in Azure DevOps for Rsync.

1. Ensure OpenSSH is installed for Windows Powershell (https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse)
2. Open Windows Powershell
3. Type the following in the Powershell prompt
   ssh-keygen -v -t rsa -b 2048 -C “Descriptive comment about this SSH RSA Key” -f .\staticassets-netstorage-rsa-key
   A public key and a private key should be generated with filenames “staticassets-netstorage-rsa-key.pub” and “staticassets-netstorage-rsa-key”. The file without a file extension is the private key, and the file with the .pub file extension is the public key.
   The public key should look something as follows:
   ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAvLmfw5u9QTr5eBEiTiUPqkNsXGrAfV4yiNSOYAXx4xvfuq7rRW0w4J4bkXkb7zK6k1BJqOPPKhDO5Xz6/P7j5fz/BGCKrCGDibNM+qKlBUqjbnQ8ErFH8E0XNyL4Ssmk= Descriptive comment about this SSH RSA Key

Create Akamai Netstorage Group

Create a Netstorage Storage Group by logging into Akamai Luna Control Panel, then go to Configure -> Netstorage -> Configuration. In this blog post, we will use the example name “staticassets” as the Netstorage Domain Name. The upload domain name is “staticassets.upload.akamai.com”. Follow the rest of the steps to finish creating the Storage Group. A Content Provider Code (CPCode) is also generated, which is the default Upload Directory. Make a note of this number. We will use the number 987654 as an example.

Add Upload Account

1. Create an Upload Account by filling in all the contact information. Assign the newly created Storage Group is assigned. Make sure Read-Write access is assigned.
2. In the Access Methods step, add the SSH RSA key that was created in step 3. Open it in text editor, copy and paste the entire content.

Add SSH RSA Public Key

3. Click on Rsync, add a password.

Add RSYNC Password

Complete the rest of the setup. The upload account takes approximately 90 minutes to propagate. You should receive an email once it is propagated.

SFTP with Filezilla

Filezilla supports SFTP out of the box.

1. Open Site Manager, add a new site
2. Protocol: SFTP
3. Host: staticassets.upload.akamai.com
4. Logon Type: Key file
5. User: sshacs
6. Key File: browse to the location where the private key “staticassets-netstorage-rsa-key” is located

Filezilla Site Manager SFTP settings

RSYNC with Azure DevOps Release Pipeline

Using RSYNC to synchronise the files from a generated build artifact in Azure DevOps release pipeline to Akamai Netstorage is tricky to setup. Basic knowledge of artifacts, working directory and release pipeline setup are needed as I am not going into detail on how to deploy to any deployment targets in the following steps.

1. Generate another SSH RSA key and add it to the Upload Account. We will use the example filename “staticassets-azuredevops-netstorage-rsa”
2. In Windows Powershell, type the following to register the Netstorage Storage Group as a Known Host Entry:
   ssh -v -i .\staticassets-azuredevops-netstorage-rsa -oHostKeyAlgorithms=+ssh-dss sshacs@staticassets.upload.akamai.com cms
3. Browse to your user SSH Folder (eg. c:\users\vincent.lui\.ssh\), open the file “known_hosts” in text editor. Find the line that starts with staticassets.upload.akamai.com. Copy the entire line and paste it into another text editor window.
4. In Azure DevOps, create a release pipeline
5. Create the following variables to be used in the release pipeline.
   Akamai.Netstorage.Hostname = staticassets.upload.akamai.com
   Akamai.Netstorage.Username = sshacs
   Akamai.Netstorage.UploadDirectory = 987654
6. Create an agent job using Hosted Ubuntu Agent
7. Add step “Install SSH Key”. Fill in the fields as follow.
   Known Hosts Entry: <copy the host entry from Step 3>
   SSH Public Key: <copy the content of staticassets-azuredevops-netstorage-rsa.pub>
   SSH Passphrase: <type in the SSH Passphrase of staticassets-azuredevops-netstorage-rsa>
   SSH Private Key: <upload staticassets-azuredevops-netstorage-rsa private key as a Secure File>
8. Add step “Command Line”. Type the following command in the Script field:
   rsync -arv -e “ssh -v -o HostKeyAlgorithms=+ssh-dss” $(System.DefaultWorkingDirectory)/ $(Akamai.Netstorage.Username)@$(Akamai.Netstorage.Hostname):/$(Akamai.Netstorage.UploadDirectory)/
9. Test and make necessary adjustments.

Conclusion

I hope this blog post can help someone out there to get Akamai Netstorage configuration working on SFTP and RSYNC, and provides a really clear, simple and concise instructions on how to get this working with ease.

Photo by Mohamed Ajufaan on Unsplash