Jira (BOLT-1298) Linux- Have to log in to serverA as a userA, then sudo to root. Then we need to run bolt. It tries to run as userA and not root

6 views
Skip to first unread message

Jackie Andrason (JIRA)

unread,
May 9, 2019, 10:20:04 AM5/9/19
to puppe...@googlegroups.com
Jackie Andrason created an issue
 
Puppet Task Runner / Bug BOLT-1298
Linux- Have to log in to serverA as a userA, then sudo to root. Then we need to run bolt. It tries to run as userA and not root
Issue Type: Bug Bug
Affects Versions: BOLT 1.18.0
Assignee: Unassigned
Components: bolt
Created: 2019/05/09 7:19 AM
Priority: Normal Normal
Reporter: Jackie Andrason

In our environment, we cannot log directly in to servers as root.  We have an 'admin' server that we log in as our userid, then have to sudo to root.  Root can ssh without password from this server to all other servers to run admin scripts.  When trying to run bolt after doing 'sudo su - ", it tries to run as the underlying (login) userid, and therefore fails.  Since most of our admins probably don't have ssh keys from this server, it wouldn't work to use --run-as root.  See my test:

 

[userA@serverA ~]$ whoami
userA
[userA@serverA ~]$ sudo su -
[root@serverA ~]# whoami
root
[root@serverA ~]# who am i
userA  pts/30       2019-05-09 10:12 (192.10.67.89)
[root@serverA ~]# bolt command run "uname" --nodes serverB
Started on serverB...
all authorization methods failed (tried none, publickey, password)
Failed on serverB:
  Authentication failed for user userA@serverB
Failed on 1 node: serverB
Ran on 1 node in 0.50 seconds
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)
Atlassian logo

Alex Dreyer (JIRA)

unread,
May 13, 2019, 12:18:03 PM5/13/19
to puppe...@googlegroups.com
Alex Dreyer commented on Bug BOLT-1298
 
Re: Linux- Have to log in to serverA as a userA, then sudo to root. Then we need to run bolt. It tries to run as userA and not root

As a workaround you should be apple to specify --user either on the commandline or under the ssh settings in bolt.yaml.

 

This appears to be the behavior for getlogin() which is how bolt determines the default user for ssh. We could possible switch to $USER when available to more closely mimic the behavior of ssh.

Alex Dreyer (JIRA)

unread,
May 13, 2019, 12:39:02 PM5/13/19
to puppe...@googlegroups.com
Alex Dreyer updated an issue
 
Change By: Alex Dreyer
Sprint: Bolt Ready for Grooming
Reply all
Reply to author
Forward
0 new messages