CODEWITHSUNDEEP
rundeck
Dan Fletcher
Dan Fletcher

Reputation: 1

Rundeck SSH Execution

We've setup Rundeck community but have some questions regarding SSH execution.

From what I can see it looks like the user who executes the job is configured at the project level and there is no way to change that at a per job per level.

We want to be able to login to Rundeck using our AD credentials (currently working) and run jobs as our individual user id's, is this possible or not?

Thanks

Upvotes: 0

Views: 1133

Answers (1)

MegaDrive68k
MegaDrive68k

Reputation: 4325

It's possible to use a job level authentication in Rundeck, and it's possible to use the user name as an SSH user (of course the SSH server must be configured with that user to access it).

I made a XML entry node example:

  <node name="node00" 
        description="Node 00" 
        tags="mytag" 
        hostname="192.168.33.20" 
        osArch="amd64" 
        osFamily="unix" 
        osName="Linux" 
        osVersion="3.10.0-1062.4.1.el7.x86_64"   
        username="${job.username}" 
        ssh-authentication="password" 
        ssh-password-option="option.sshPassword1"/>

If you check carefully, you can see the username attribute is set with ${job.username}, this is a context variable that gets the current username (from, LDAP, AD or realm.properties file), you can see all Rundeck context variables here.

This example uses a secure option to pass the password and achieve the SSH authentication, this option is called sshPassword1 (see the ssh-password-option attribute).

Now the job definition example in YAML format:

- defaultTab: nodes
  description: ''
  executionEnabled: true
  id: b188c66c-c057-4bb7-98bf-7c84632bc144
  loglevel: INFO
  name: Whoami
  nodeFilterEditable: false
  nodefilters:
    dispatch:
      excludePrecedence: true
      keepgoing: false
      rankOrder: ascending
      successOnEmptyNodeFilter: false
      threadcount: '1'
    filter: 'name: node00'
  nodesSelectedByDefault: true
  options:
  - name: sshPassword1
    secure: true
  plugins:
    ExecutionLifecycle: null
  scheduleEnabled: true
  sequence:
    commands:
    - exec: whoami
    keepgoing: false
    strategy: node-first
  uuid: b188c66c-c057-4bb7-98bf-7c84632bc144

Upvotes: 0

Related Questions