1

I'm new with Rundeck and completely amazed with it and I'm trying to execute a job and my scenario is detailed bellow:

  • Rundeck is configured with ssh password less authentication between node Server (rundeck server) and node Target (remote Solaris host) for user "master".

  • In node Target I want to execute a script /app/acme/stopApp.sh with user appmanager.

  • Normally when I need to run the script above I manually proceed with:

ssh master@server

sudo su - appmanager

or simply 

ssh -t master@server
sudo su - appmanager

works without password and finally run (as appmanager)

/app/acme/stopApp.sh

But I don't know how can I reproduce these steps using Rundeck. I read in some previous messages that for each job line rundeck uses a new ssh connection, so the workflow bellow always fails for me with the messages:

sudo: no tty present and no askpass program specified Remote command failed with exit status 1

Could someone please help me with this issue?

Without this functionality I wouldn't be able to introduce a little DevOps in my department. :-D

I read the user guide and admin guide but I couldn't find an easy example, neither in this forum, to follow.

I will appreciate your help.

Rundeck version is 1.4

burnttoast11
  • 1,164
  • 16
  • 33
Bera
  • 1,272
  • 4
  • 23
  • 49

2 Answers2

4
sudo su - appmanager

Tries to open a login shell, and therefore wants a real terminal. Remove the "-" to avoid this behavior. In the end, your command is going to look like

sudo su -c /app/acme/stopApp.sh appmanager
Scout
  • 550
  • 2
  • 5
  • Doesn't work for me after that the message bellow is showed: We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. Password: – Bera Dec 13 '12 at 12:17
  • `echo MyFancyPassword | sudo -S su - MyFancyUser any_shell_command` – TWiStErRob Jul 16 '13 at 16:04
2

Although your ssh login works without a password, you also need to configure sudo on your Target server so that it doesn't require a password.

Since you only need for the master user to be able to run commands as the appmanager user, you can handle this completely through sudo. In /etc/sudoers on Target, add:

master  ALL=(appmanager) NOPASSWD: ALL

Then your ssh command becomes:

ssh -t master@server 'sudo -u appmanager /app/acme/stopApp.sh'

If you need environment setup that is normally handled by the appmanager login shell, you'll need to source that setup explicitly. (And I would argue that the deployment environment setup should not be confined to a login shell anyway.)

More details on how to let one user run commands as another user are in a ServerFault answer and the much denser sudoers man page.

Community
  • 1
  • 1
Dave Bacher
  • 15,652
  • 3
  • 63
  • 86