Common Delegate Profile Scripts

Updated 2 months ago by Michael Cretzman

A Delegate Profile enables you to run a startup script on the host/container/pod for a Harness Delegate when the Delegate is installed, or apply the script to a running Delegate. You can create a single Delegate Profile and apply it to multiple Delegates.

For information on Delegate Profiles, see Run Scripts on Delegates using Profiles.

This topic provides information on script availability and some common Delegate Profile scripts:

For information on using encrypted text or files in a Delegate Profile script, for usernames, passwords, etc, see Use Secrets in a Delegate Profile.

Profile Execution

It might take a couple of minutes for a Delegate Profile to be applied to a Delegate. Ensure that a timestamp appears next to the profile before deploying anything that depends on the profile script.

For example, in the following Delegate, a script using printenv is applied:

Once the script is run, a timestamp appears next to it. You can click the timestamp to view the output:

For extensive information on installing and running the Harness Delegate, see Delegate Installation and Management.


# Install TF
curl -O -L
yes | mv ./terraform /usr/bin/
# Check TF install
terraform --version

Upgrade to Terraform_0.13.3

##terraform update
set +x
apt-get update
apt-get install wget
apt-get -y install git
wget apt-get install unzip
cp terraform /usr/bin/
terraform --version

Install Terraform_0.13.3 and Terragrunt

curl -O -L
yes | mv ./terraform /usr/bin/
# Check TF install
terraform --version

yes | mv terragrunt_linux_amd64 terragrunt
chmod u+x terragrunt
yes | mv terragrunt /usr/local/bin/terragrunt
terragrunt --version

Helm 2

Installing Helm and Tiller in the Delegate's cluster:

If you are using remote Helm charts in your Harness Kubernetes Service, you can use the helm init --client-only option, as Tiller is not needed. See Helm charts for more information.
# Add the Helm version that you want to install
# v2.13.0
# v2.12.0
# v2.11.0


echo "Installing Helm $DESIRED_VERSION ..."

curl | bash

# If Tiller is already installed in the cluster
helm init --client-only

# If Tiller is not installed in the cluster
# helm init
DESIRED_VERSION is used by a function in the Helm install script.

If Helm is being installed in a cluster outside of the Delegate's cluster ensure that the kubeconfig in the Delegate cluster is pointing to the correct cluster using:

kubectl config current-context cluster_name
If you are using TLS for communication between Helm and Tiller, ensure that you use the --tls parameter with your commands. For more information, see Command Flags in Helm Deploy step in the Helm Deployment guide, and see  Using SSL Between Helm and Tiller from Helm, and the section Securing your Helm Installation in that document.

Here is an example of how to add a Helm chart from a private repo using secrets repoUsername and repoPassword from Harness Secrets Management.

# Other installation method
# curl >
# chmod 700
# ./

curl | bash

helm init --client-only

helm repo add --username ${secrets.getValue("repoUsername")} --password ${secrets.getValue("repoPassword")} nginx

helm repo update
For information on using encrypted text or files in a Delegate Profile script, for usernames, passwords, etc, see Using Secrets in a Profile.

Helm 3

You do not need to add a Delegate Profile for Helm 3. Harness includes Helm 3 support in any Delegate that can connect to the target Kubernetes cluster.

For more information, see Upgrade to Helm 3 Charts in Kubernetes Services and Upgrade Native Helm 2 Deployments to Helm 3.


Ensure that you run apt-get update before running any apt-get commands.
apt-get update
# Install pip
apt-get -y install python-pip
# Check pip install
pip -v


Ensure that you run apt-get update before running any apt-get commands.
apt-get update
# Install Unzip
apt-get install unzip


The following Profile script installs the AWS CLI version 2 on the Delegate host.

# Install AWS CLI
curl "" -o ""
./awscli-bundle/install -b ~/bin/aws
# install
sudo ./aws/install
# Check AWS CLI install
aws --version

AWS Describe Instance

The following Profile describes the EC2 instance based on its private DNS hostname, which is also the name in the Delegate's Hostname field:

aws ec2 describe-instances --filters "Name=network-interface.private-dns-name,Values=ip-10-0-0-205.ec2.internal" --region "us-east-1"

The value for the Values parameter is simply the Hostname of the Delegate.

AWS List All Instances in a Region

The following Profile will list all of the EC2 instances in the region you supply:

aws ec2 describe-instances --query 'Reservations[*].Instances[*].[InstanceId,State.Name,InstanceType,PrivateIpAddress,PublicIpAddress,Tags[?Key==`Name`].Value[]]' --region "us-east-1" --output json | tr -d '\n[] "' | perl -pe 's/i-/\ni-/g' | tr ',' '\t' | sed -e 's/null/None/g' | grep '^i-' | column -t


Ensure that you run apt-get update before running any apt-get commands.
apt-get update
# Install Git with auto approval
yes | apt-get install git
# Check git install
git --version

Cloud Foundry CLI

Harness supports Cloud Foundry CLI version 6 only. Support for version 7 is pending.

The CF CLI installation options are described in Installing the cf CLI from PCF. Below is one example, but the version of the CF CLI you install on the Delegate should always match the PCF features you are using in your Harness PCF deployment.

For example, if you are using buildpacks in your manifest.yml in your Harness Service, the CLI you install on the Delegate should be version 3.6 or later.

Here is an example script to install the Cloud Foundry CLI on a Delegate:

sudo wget -O /etc/yum.repos.d/cloudfoundry-cli.repo

sudo yum -y install cf-cli

The -y parameter is needed for a prompt.

When the script has been applied and you click the timestamp for the Delegate the output will be similar to this:

Running transaction
Installing : cf-cli-6.46.1-1.x86_64 1/1
Verifying : cf-cli-6.46.1-1.x86_64 1/1

cf-cli.x86_64 0:6.46.1-1


For information on installing the CLI on different distributions, see Installing the cf CLI from PCF.

Docker Installation

To install Docker on the Delegate, use the following script:

apt-get update
apt-get install -y apt-utils dnsutils docker
Ensure that you run apt-get update before running any apt-get commands.


You can run PowerShell scripts on a Harness Delegate, even though the Delegate must be run on Linux. Linux supports PowerShell using PowerShell core.

For steps on creating your Profile, see Installing PowerShell on Linux from Microsoft.

Whatever scripts you run must be supported by the version of PowerShell you install.

Here is an example for Ubuntu 16.04:

# Download the Microsoft repository GPG keys
wget -q

# Register the Microsoft repository GPG keys
sudo dpkg -i packages-microsoft-prod.deb

# Update the list of products
sudo apt-get update

# Install PowerShell
sudo apt-get install -y powershell

# Start PowerShell

If apt-get is not installed on your Delegate host, you can use snap (snap install powershell --classic). See Install PowerShell Easily via Snap in Ubuntu 18.04.

Stop Shell Script Delegate

To stop a Shell Script Delegate, apply the following Delegate Profile:


To start the Delegate, you will need to SSH into the Delegate host and run:


Import a Self-Signed Certificate

See Add Self-Signed Certificates for Delegate Connections.

Review: Use Config Files in Delegate Profiles

The Service Config file expressions ${configFile.getAsString("fileName")} and ${configFile.getAsBase64("fileName")} are not supported in Delegate Profiles.

Instead, encode the file in base64 and then add the file to Harness as an Encrypted File Secret.

Next, in the Delegate Profile script, reference the secret, pipe it to base64 and output it to the path where you need it:

echo ${secrets.getValue("secret_name")} | base64 -d > /path/to/file

How did we do?