EC2: "Failed to read SSH Private key stored at path"

2,209 views
Skip to first unread message

Pinak Pani

unread,
Jul 7, 2014, 11:15:35 AM7/7/14
to rundeck...@googlegroups.com
I have setup a Rundeck server on one of the machines and created a project. Here is the detail:

Resource Model Source
File Reads a file containing node definitions in a supported format
Format: resourcexml File Path: /var/rundeck/projects/test/etc/resources.xml Generate: Yes Include Server Node: Yes 
 
Default Node Executor 
The Node Executor is responsible for executing commands and scripts on remote nodes.
SSH Executes a command on a remote node via SSH.
SSH Key File path: /var/lib/rundeck/.ssh/id_rsa SSH Key Storage Path: /keys/users/root/ SSH Authentication: privateKey 

Default File Copier
The File Copier is responsible for copying scripts as files to remote nodes before they are executed.
SCP Copies a script file to a remote node via SCP.
SSH Key File path: /var/lib/rundeck/.ssh/id_rsa SSH Key Storage Path: /keys/users/root/ SSH Authentication: privateKey

The default.pem is stored under /keys/users/root/ 

ls -lh  /keys/users/root/
total 8.0K
-rw------- 1 rundeck rundeck 1.7K Jul  3 18:39 default.pem

(I can SSH to admin01 server from Rundeck using this key)

I have added a node as:

# cat /var/rundeck/projects/test/etc/resources.xml 
<?xml version="1.0" encoding="UTF-8"?>
<project>
  <node name="localhost" description="Rundeck server node" tags="" hostname="localhost" osArch="amd64" osFamily="unix" osName="Linux" osVersion="3.10.42-52.145.amzn1.x86_64" username="rundeck"/>
  <node name="admin01" description="sync01.domainname node" tags="" hostname="sync01.domainname.com" osArch="amd64" osFamily="unix" osName="Linux" osVersion="3.10.42-52.145.amzn1.x86_64" username="root"/>
</project>

I rebooted the rundeck after adding this. And then tried a command on http://rundeck.domainname.com:4440/project/test/command/run :

Command: ls -l /tmp
Nodes: admin01

But it failed saying:

10:56:26 admin01 Failed to read SSH Private key stored at path: /keys/users/root/: org.rundeck.storage.api.StorageException: Path does not exist: keys/users/root
10:56:27 Failed: ConfigurationFailure: Failed to read SSH Private key stored at path: /keys/users/root/
10:56:27 localhost Execution failed: 12: [Workflow step failures: {1=Dispatch failed on 1 nodes: [admin01: ConfigurationFailure: Failed to read SSH Private key stored at path: /keys/users/root/]}, Node failures: {admin01=[ConfigurationFailure: Failed to read SSH Private key stored at path: /keys/users/root/]}] 

Can someone point out what is wrong with this?

Thanks for your time,
Pinak

Alex Honor

unread,
Jul 7, 2014, 11:37:02 AM7/7/14
to rundeck...@googlegroups.com
Hi Pinak, 
You need to use the "SSH Key File path" to reference the key file. Also, can you check that the directories are readable and executable for /keys/users/root  for the rundeck user?
The "SSH Key Storage Path" is a path that references the key data in the keystore (see http://rundeck.org/docs/api/index.html#key-storage). You can store key data here instead but read more about it here: http://rundeck.org/docs/administration/key-storage.html

Thanks


--
You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discu...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--

Alex Honor

[SimplifyOps, Inc | a...@simplifyops.com ]

Be sure to comment and vote on Rundeck Feature Development!

maname...@gmail.com

unread,
Sep 5, 2014, 2:35:38 PM9/5/14
to rundeck...@googlegroups.com
Hey Pani, did u get this working? I am basically getting the exact same exception as u did. Can u pls help me, if you know the answer. Thanks in advance.

Alex Honor

unread,
Sep 5, 2014, 2:38:49 PM9/5/14
to rundeck...@googlegroups.com
It looks like the rundeck server user can't read the keyfile. Can you try cat'ing that file as the rundeck user to confirm?

--
You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discu...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

manam eddaram

unread,
Sep 5, 2014, 4:53:21 PM9/5/14
to rundeck...@googlegroups.com
This is what I did for now...
 
1) chmod 755 to the keyfile
2) copied the publick key of the client(where rundeck is running) to the authorized_keys of the remote host
3) updated the framework.ssh.keypath: to use the keyfile listed in step 1
 
still no luck...


--
You received this message because you are subscribed to a topic in the Google Groups "rundeck-discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rundeck-discuss/geXJWAI7BhU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rundeck-discu...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages