Reputation: 77
Rundeck 4.0.0 - Remote node command execution using ssh
I am having an issue with the most basic of Rundeck functions - namely, running a command over ssh on a remote node. I have generated a rsa key and added it via the Key Storage function. I have also created a yaml file for node definitions:
root@rundeck:/var/lib/rundeck# cat nodes.yml
mynode:
nodename: mynode
hostname: mynode
description: 'Some description'
ssh-authentication: privateKey # added - unsure if really required
ssh-keypath: /var/lib/rundeck/.ssh/id_rsa # added - unsure if really required
username: rundeck
osFamily: linux
The node is showing up correctly and command line ssh works just fine:
root@rundeck:/var/lib/rundeck/.ssh# ssh -i id_rsa rundeck@mynode date
Mon Apr 4 16:19:33 UTC 2022
The project settings are as below:
#Mon Apr 04 16:23:36 UTC 2022
#edit below
project.description=someproject
project.disable.executions=false
project.disable.schedule=false
project.execution.history.cleanup.batch=500
project.execution.history.cleanup.enabled=false
project.execution.history.cleanup.retention.days=60
project.execution.history.cleanup.retention.minimum=50
project.execution.history.cleanup.schedule=0 0 0 1/1 * ? *
project.jobs.gui.groupExpandLevel=1
project.label=somelabel
project.name=someproject
project.nodeCache.enabled=true
project.nodeCache.firstLoadSynch=true
project.output.allowUnsanitized=false
project.ssh-authentication=privateKey
project.ssh-command-timeout=0
project.ssh-connect-timeout=0
project.ssh-key-storage-path=keys/project/someproject/rundeck_id_rsa
resources.source.1.config.file=/var/lib/rundeck/nodes.yml
resources.source.1.config.format=resourceyaml
resources.source.1.config.requireFileExists=true
resources.source.1.config.writeable=true
resources.source.1.type=file
service.FileCopier.default.provider=jsch-scp
service.NodeExecutor.default.provider=jsch-ssh
Yet, when I try and run a Command from the UI, it fails:
Failed: SSHProtocolFailure: invalid privatekey: [B@7d7d0b2d
What am I doing incorrectly, and how do I successfully run a command over ssh on a remote node?
Upvotes: 1
Views: 3694
Answers (2)
Reputation: 1
The keystorage save the private-key with crlf and this was the issue I recognize with version 4.2.1.
Do a dirty fix for ssh-exec.sh:
echo "$RD_CONFIG_SSH_KEY_STORAGE_PATH" > "$SSH_KEY_STORAGE_PATH"
insert these lines:
sed -i 's/\r$//' "$SSH_KEY_STORAGE_PATH"
SSHOPTS="$SSHOPTS -i $SSH_KEY_STORAGE_PATH"
Upvotes: 0
Reputation: 4325
Your node definition needs the ssh-key-storage-path attribute pointing to the Rundeck user private key (created before on Rundeck Key Storage), also, the osFamily attribute must be set as unix (not linux, Rundeck only admits two values there: unix and windows).
To add an SSH node follow these steps:
If you're using a WAR-based installation execute:
ssh-keygen -t rsa -b 4096. That generates two keys (private and public) on the user.sshdirectory (the user that launches Rundeck). If you're using an RPM/DEB installation these keys are already created on the/var/lib/rundeckpath.Go to the remote SSH node (the account that you want to connect from Rundeck), then add the Rundeck server user public key to the
authorized_keysfile. Then you can test that connection withssh [email protected]from the Rundeck server user account.Launch Rundeck and then add to the Rundeck keys storage the
rundeckuser private key (remember to include the first and the last line "-----BEGIN RSA PRIVATE KEY-----" and "-----END RSA PRIVATE KEY-----") in my case I use this pathkeys/rundeck.Create a new Project and then create the
resources.xmlfile with remote node information. To generate that file just go to Project Settings > Edit Nodes > Click on the "Configure Nodes" button > Click on "Add Sources +" > Select "+ File" option > in the "Format" field selectresourcexmland fill the path in "File Path" field (put the file name at the end, usually "resources.xml", also, select "Generate", "Include Server Node" and "Writeable" checkboxes and click on the "Save" button.Now you can edit that file including the remote node, which in my case is "node00" (a Vagrant test image), on the
key-storage-pathattribute I used the same path created in step 3:
<?xml version="1.0" encoding="UTF-8"?>
<project>
<node name="hyperion" description="Rundeck server node" tags="" hostname="hyperion" osArch="amd64" osFamily="unix" osName="Linux" osVersion="4.15.0-66-generic" username="ruser"/>
<node name="node00" description="Node 00" tags="" hostname="192.168.33.20" osArch="amd64" osFamily="unix" osName="Linux" osVersion="3.10.0-1062.4.1.el7.x86_64" username="vagrant" ssh-key-storage-path="keys/rundeck"/>
</project>
On Rundeck GUI go to the sidebar and check your nodes on the "Nodes" section. Check.
Go to "Commands" (sidebar) and put the SSH remote node name as a filter and launch any command like this.
You can follow an entire guide here.
Alternatively, you can re-generate the key pairs with the following command: ssh-keygen -p -f /var/lib/rundeck/.ssh/id_rsa -m pem.
Upvotes: 3
Related Questions
- Add a remote node in rundeck
- Rundeck Authentication failure on new remote node
- Rundeck permission denied issue while executing a job in remote host machine
- Can Rundeck have a job that executes a part as "dispatch to node" and a part as "execute locally"
- Problem of running command from Rundeck (Linux)
- Adding a remote node in Rundeck 3
- Rundeck: running command in remote server using ssh
- Permission denied on remote node
- Can I make Rundeck read a log file on the remote node as job output?
- Execute a remote command after sudo - su anotheruser in Rundeck