4

I want to be able to execute shell commands on remote nodes using Rundeck and I found this video that explains how to do that but I don't understand the private-key part and how to configure it. I keep getting the following error:

Authentication failure connecting to node: "test-001". Make sure your resource definitions and credentials are up to date. Failed: AuthenticationFailure: Authentication failure connecting to node: "test-001". Make sure your resource definitions and credentials are up to date.

I have a remote server set up and I configured the resource.xml file like the following:

<node name="test-001" description="demo for test" tags="demo" hostname="10.10.10.10:22"  osFamily="unix" osName="Linux" osVersion="2.6.32" username="demo"  />

Do I need to add the ssh-key value to the xml file? If so, do I have to copy the public or private keys from the Rundeck server to the host server?
Also, the username demo has a password too, so how can I define it?

dr_
  • 2,400
  • 1
  • 25
  • 39
tkyass
  • 2,968
  • 8
  • 38
  • 57

3 Answers3

16

Rundeck host server connects to the node by means of private key authentication which is exactly similar to SSH private key authentication. Follow these steps to add a node to your server rundeck.

Open up the resources.xml file and add the following.

<node name="rundeck node2" description="Rundeck node2" tags="node2" hostname="10.1.0.1" osArch="amd64" osFamily="unix" osName="Linux" osVersion="3.11.10-03111015-generic" username="leo" ssh-keypath="/var/lib/rundeck/node2.key"/>

You can change the SSH user name in node and private key file name. In addition to that, you can change all the other naming parameters too like node name and tags etc.

Now get into your node server.

  1. Create a ssh user, here its leo
  2. switch to user leo. Generate a SSH key
  3. ssh-keygen
  4. Append the public key to authorized_keys
  5. leo@c1a5f48a6c4c:~/.ssh$ pwd /home/leo/.ssh leo@c1a5f48a6c4c:~/.ssh$ cat id_rsa.pub >> authorized_keys leo@c1a5f48a6c4c:~/.ssh$ chmod g-w authorized_keys
  6. Copy the private key
  7. leo@c1a5f48a6c4c:~/.ssh$ cat id_rsa

Save the private key to the file "/var/lib/rundeck/node2.key" on rundeck host. Now the authentication is okay and ready to execute adhoc commands from rundeck dashboard

Paul
  • 1,176
  • 3
  • 12
  • 27
Leo Prince
  • 2,019
  • 26
  • 29
  • Thanks Leo it worked! I have another question, do you know if I can run jobs in parallel and sequence in rundeck? for e.g. I have 4 jobs A,B,C and D .. B is runs after A while D runs after C but D and A are independent on each other and we have another job E that only runs after D and B completes. so I need to build a workflow that can mimic this scenario by triggering A and C and if A finish then we can start with B and we wont start E until D finishes. – tkyass Mar 28 '16 at 15:55
  • 2
    Hi leo, I tried above steps, but I am getting below error : Failed: SSHProtocolFailure: invalid privatekey: [B@417d5eca Can you please help me out? – Manish Mane May 25 '17 at 09:50
  • Make sure you are running on latest rundeck, the public key appended on authorized_keys are just the pair of private key you have .. Apart from rundeck, it's basics in ssh key based authentication. – Leo Prince May 29 '17 at 07:27
1

Documentation is fairly all over the place with different versions having different keywords and there being no warnings in case you are using the wrong one.

The relevant documentation is here: https://docs.rundeck.com/2.11.3/plugins-user-guide/ssh-plugins.html

You need to specify:

ssh-authentication: privateKey

...and:

ssh-keypath: /path/directly/to/.ssh/id_rsa

(Assuming you are using filesystem key storage.)

Remove passphrase from your keys with:

ssh-keygen -p -m PEM -f /path/to/your/.ssh/id_rsa

...and do not forget to mke sure the id_rsa file is owned by rundeck and has suitably restricted permissions.

DustWolf
  • 516
  • 7
  • 10
0

In my case I had a passpharse in my private key. Make sure your private key passpharse is empty.

Janith
  • 2,730
  • 16
  • 26