Using dynamic username openssh plugin

[Reynald Lemaitre]

Hello

Version Rundeck 3.2.1-20200113

Replacing the user dynamic variable does not work. After creating an option.username value, the replacement is empty.

The replacement works perfectly with the ssh classic plugin.

Create option username in job :

node username contains ${option.username)

execution result :

[ssh-exec] sshpass -f /tmp/.ssh-exec/ssh-passfile.@lingrh1.ac-lille.fr.tJQjW ssh -p 22 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o LogLevel=quiet @lingrh1.ac-lille.fr ls -l

Username Empty

Thank

LEMAITRE Reynald

[Reiner Acuña]

Hi Reynald,

Can you share your job definition to take a look? Please hide any potential sensitive information.

Thanks!

[Reynald Lemaitre]

Hello

job definition :

- defaultTab: nodes
  description: ''
  executionEnabled: true
  id: 8b7b4feb-2bfe-45ee-9841-c7ef0a2f167c
  loglevel: INFO
  name: test3
  nodeFilterEditable: false
  nodefilters:
    dispatch:
      excludePrecedence: true
      keepgoing: false
      rankOrder: ascending
      successOnEmptyNodeFilter: false
      threadcount: '1'
    filter: 'name: lingrh1.ac-lille.fr'
  nodesSelectedByDefault: true
  options:
  - label: username
    name: username
    required: true
    value: toto
  scheduleEnabled: true
  sequence:
    commands:
    - exec: ls -l
    keepgoing: false
    strategy: node-first
  uuid: 8b7b4feb-2bfe-45ee-9841-c7ef0a2f167c

Thank

LEMAITRE Reynald

[Reiner Acuña]

Hi Reynald,

I tried to replicate your issue with sshpass command (more closer to your first job exit) and works using SSH and OpenSSH node executor on this way:

<joblist>
  <job>
    <context>
      <options preserveOrder='true'>
        <option name='username' required='true' value='pi'>
          <label>username</label>
        </option>
      </options>
    </context>
    <defaultTab>nodes</defaultTab>
    <description></description>
    <dispatch>
      <excludePrecedence>true</excludePrecedence>
      <keepgoing>false</keepgoing>
      <rankOrder>ascending</rankOrder>
      <successOnEmptyNodeFilter>false</successOnEmptyNodeFilter>
      <threadcount>1</threadcount>
    </dispatch>
    <executionEnabled>true</executionEnabled>
    <id>8b7b4feb-2bfe-45ee-9841-c7ef0a2f167c</id>
    <loglevel>INFO</loglevel>
    <name>test3</name>
    <nodeFilterEditable>false</nodeFilterEditable>
    <nodefilters>
      <filter>name: node00</filter>
    </nodefilters>
    <nodesSelectedByDefault>true</nodesSelectedByDefault>
    <scheduleEnabled>true</scheduleEnabled>
    <sequence keepgoing='false' strategy='node-first'>
      <command>
        <exec>sshpass -f passwordfile.txt ssh -p 22 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o LogLevel=quiet ${option.username}@10.0.1.28 ls -a</exec>
      </command>
    </sequence>
    <uuid>8b7b4feb-2bfe-45ee-9841-c7ef0a2f167c</uuid>
  </job>
</joblist>

Use this Job definition and modify it based on your environment. Does that work in your case?

Hope it helps!

[Reynald Lemaitre]

Hello

The sshpass is not used in the job workflow but through the project configuration.

If we take the first classic ssh case the username variable is well replaced but if we take the second openssh / executor option the variable is then empty.
I need openssh because on old servers in classic ssh you can't add connection options like ciphers.

The ssh connection should not be used in the job but via the project configuration.
Thank you

[Reiner Acuña]

You're right Reynard!

I see the same behavior with this configuration:

1) adding this to project.properties (to get the username via option):

project.ssh-authentication=password
project.ssh-password-storage-path=keys/passwd
project.ssh.user=${option.myusr}

2) With this node source entry:

<node name="raspberry" description="Raspberry Pi node" tags="" hostname="10.0.1.28" osArch="armv71" osFamily="unix" osName="Linux" osVersion="4.19.75-v7+" ssh-authentication="password"/>

3) With this job definition:

<joblist>
  <job>
    <context>
      <options preserveOrder='true'>

        <option name='myusr' value='pi' />

      </options>
    </context>
    <defaultTab>nodes</defaultTab>
    <description></description>
    <dispatch>
      <excludePrecedence>true</excludePrecedence>
      <keepgoing>false</keepgoing>
      <rankOrder>ascending</rankOrder>
      <successOnEmptyNodeFilter>false</successOnEmptyNodeFilter>
      <threadcount>1</threadcount>
    </dispatch>
    <executionEnabled>true</executionEnabled>

    <id>46bedaa7-f9dc-4acb-b942-fc191be3bffe</id>
    <loglevel>INFO</loglevel>
    <name>HelloWorld</name>
    <nodeFilterEditable>false</nodeFilterEditable>
    <nodefilters>
      <filter>name: raspberry</filter>

    </nodefilters>
    <nodesSelectedByDefault>true</nodesSelectedByDefault>
    <scheduleEnabled>true</scheduleEnabled>
    <sequence keepgoing='false' strategy='node-first'>
      <command>

        <exec>echo "hello world"</exec>
      </command>
    </sequence>
    <uuid>46bedaa7-f9dc-4acb-b942-fc191be3bffe</uuid>
  </job>
</joblist>

Using SSH node executor (jsch):

Using OpenSSH node executor (with "dry run" to see the command output, if unmark "dry run" the job fails):

Please, open a new issue explain this here:

https://github.com/rundeck/rundeck/issues

Thanks for the clarification!

[Reynald Lemaitre]

Ok Merci Thank you

Cordially

LEMAITRE Reynald

[Reiner Acuña]

Hi Reynard,

Also, I get the same result using this node definition entry:

<node name="raspberry" description="Raspberry Pi node" tags=""  hostname="10.0.1.28" osArch="arm64" sFamily="unix" osName="Linux" osVersion="4.19.75-v7+" username="${option.myusr}" node-executor="ssh-exec" file-copier="ssh-copier" ssh-authentication="password" ssh-password-storage-path ="keys/passwd" ssh-options="-o ConnectTimeout=5000"/>

Greetings.

[Reiner Acuña]

We will continue this issue/bug here:

https://github.com/rundeck/rundeck/issues/5715

Thanks!