Reputation: 95
Rundeck Static Token not loaded when Rundeck Service is started
I think my Rundeck does not load my tokens.properties file. I can't see it on my service.log being loaded. Here is a screenshot of the log
That's why when I restart the service or the server my scheduled jobs, that triggers Rundeck API, always get this error
{"error":true,"apiversion":35,"errorCode":"api.error.item.unauthorized","message":"Not authorized for action \"Run\" for Job ID 109fd435-765f-4b7a-a547-0c5906c4a1f5"}
For it to work properly again, I need to generate a new token each time I restart Rundeck or the server. I have already included this line in my framework.properties
rundeck.tokens.file=C:/rundeck/etc/tokens.properties
And in my tokens.properties, it has 1 line only which is
atrsdk-runner: token_string
How can I make my token permanent? Did I miss something here, how will I fix this issue? Thanks!
Upvotes: 0
Views: 1171
Answers (1)
Reputation: 4325
You need to add the role on tokens.properties file. I tested on a Windows machine and works in this way:
Stop the Rundeck service.
On
framework.propertiesfile add:
rundeck.tokens.file=C:/rundeck/tokens.properties
- On
realm.propertiesfile add (just an example user for testing):
bob:bob,admin
- Create a file named
tokens.propertiesatc:\rundeck\path with the following content (i added the role at the end of the line):
bob: 12345, admin
Start the Rundeck service.
With this API call you can run the job using the custom token (check the
rdeck_tokenvariable, tested on an external Linux host running cURL):
#!/bin/sh
# protocol
protocol="http"
# basic rundeck info
rdeck_host="10.0.1.81"
rdeck_port="4440"
rdeck_api="36"
rdeck_token="12345"
# specific api call info
rdeck_job="91c5b968-166f-4138-9345-580cd624adda"
# api call
curl -s --location --request POST "$protocol://$rdeck_host:$rdeck_port/api/$rdeck_api/job/$rdeck_job/run" \
--header "Accept: application/json" \
--header "X-Rundeck-Auth-Token: $rdeck_token" \
--header "Content-Type: application/json"
Now, without a role defined at tokens.properties file I obtain your error (the output was "beautified" with jq):
{
"error": true,
"apiversion": 36,
"errorCode": "api.error.item.unauthorized",
"message": "Not authorized for action \"Run\" for Job ID 91c5b968-166f-4138-9345-580cd624adda"
}
And with the role defined at tokens.properties file (successful):
{
"id": 3,
"href": "http://10.0.1.81:4440/api/36/execution/3",
"permalink": "http://10.0.1.81:4440/project/ProjectBOB/execution/show/3",
"status": "running",
"project": "ProjectBOB",
"executionType": "user",
"user": "bob",
"date-started": {
"unixtime": 1603801591299,
"date": "2020-10-27T12:26:31Z"
},
"job": {
"id": "91c5b968-166f-4138-9345-580cd624adda",
"averageDuration": 1727,
"name": "HelloWorld",
"group": "",
"project": "ProjectBOB",
"description": "",
"href": "http://10.0.1.81:4440/api/36/job/91c5b968-166f-4138-9345-580cd624adda",
"permalink": "http://10.0.1.81:4440/project/ProjectBOB/job/show/91c5b968-166f-4138-9345-580cd624adda"
},
"description": "echo \"hi\"",
"argstring": null,
"serverUUID": "2337f5f7-e951-47d2-ba62-f8c02a0bb8df"
}
And here the execution on Rundeck.
Upvotes: 2
Related Questions
- Rundeck 4.0.0 - Remote node command execution using ssh
- rundeck sudo: no tty present and no askpass program specified
- Force Rundeck "Secure Remote Authentication" option to pass to script
- Rundeck Windows job always successful
- Auto-create Rundeck jobs on startup (Rundeck in Docker container)
- Problem of running command from Rundeck (Linux)
- How to pass argumets to RunDeck Run API
- Trigger Rundeck Job via API
- Rundeck in bad state, restarting spawns multiple broken instances
- rundeckrun specify the host to run the a job