Using Key Storage Variables in Node Source Scripts
158 views
Skip to first unread message
Loth
Jan 31, 2023, 3:34:30 AM1/31/23
to rundeck-discuss
Hey All,
Is there a way to use passwords in key storage for node generator scripts? I'd really like it to be dynamic to the project and just have the login details to get the node list in the key storage.
Is there a way to use passwords in key storage for node generator scripts? I'd really like it to be dynamic to the project and just have the login details to get the node list in the key storage.
Thanks!
rac...@rundeck.com
Jan 31, 2023, 4:41:57 AM1/31/23
to rundeck-discuss
Hi!
If I understand your question. You can use the Key Storage path using the `ssh-key-storage-path` or `ssh-password-storage-path attributes` in any XML/YAML node entry. Take a look at this.
Regards!
Loth
Jan 31, 2023, 9:46:45 AM1/31/23
to rundeck...@googlegroups.com
Hi, thanks for the reply!
I'm actually looking to use password variables for the node sources,
stored in the key storage. I get my node source via an API call for
this use case, and actually don't SSH into any nodes. Is it possible
to use the key storage similar to how its used in jobs, where you can
specify keys as variables with $option.key?
Thanks again!
> --
> You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discu...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/7b043fa2-5c74-4f1e-b67e-a00a0f452f55n%40googlegroups.com.
I'm actually looking to use password variables for the node sources,
stored in the key storage. I get my node source via an API call for
this use case, and actually don't SSH into any nodes. Is it possible
to use the key storage similar to how its used in jobs, where you can
specify keys as variables with $option.key?
Thanks again!
> You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discu...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/7b043fa2-5c74-4f1e-b67e-a00a0f452f55n%40googlegroups.com.
rac...@rundeck.com
Feb 1, 2023, 6:46:45 AM2/1/23
to rundeck-discuss
Hi,
I see, currently, the only way to use key paths is directly on the node source (on attributes like ssh-password-storage-path) or referencing it on a secure option and then use that option in your workflow (by design and for security reasons it works only with passwords).
This doc entry should help you if you like to create a password-based rundeck workflow (also, take a look at this).
Greetings.
​
Loth
Feb 1, 2023, 4:55:07 PM2/1/23
to rundeck-discuss
Hello,
Thanks for the reply. I am a bit lost I apologize. From reading your linked docs it seems that calling fields in the Key Storage only works in job workflows correct? While my case is using the Script json node source ( https://docs.rundeck.com/docs/manual/projects/resource-model-sources/builtin.html#script-source ) with arguments calling things in Key Storage. So if this is the case I would need to develop my own plugin or look for an alternative source?
Thanks for the reply. I am a bit lost I apologize. From reading your linked docs it seems that calling fields in the Key Storage only works in job workflows correct? While my case is using the Script json node source ( https://docs.rundeck.com/docs/manual/projects/resource-model-sources/builtin.html#script-source ) with arguments calling things in Key Storage. So if this is the case I would need to develop my own plugin or look for an alternative source?
Loth
Feb 2, 2023, 7:05:34 PM2/2/23
to rundeck...@googlegroups.com
Thanks for the links, I got my node source working !
However it is a bit tedious to create ACL's for every project to allow
access to the project keys, is it possible to make a generic ACL? I
used this as an example:
https://user-images.githubusercontent.com/6034968/111511968-fe9e5700-872d-11eb-9498-6f09f4337265.png
However its tied to the project ACL
> To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/1b6bc74d-c362-41bc-8491-1445cdc1b851n%40googlegroups.com.
However it is a bit tedious to create ACL's for every project to allow
access to the project keys, is it possible to make a generic ACL? I
used this as an example:
https://user-images.githubusercontent.com/6034968/111511968-fe9e5700-872d-11eb-9498-6f09f4337265.png
However its tied to the project ACL
rac...@rundeck.com
Feb 3, 2023, 7:19:34 AM2/3/23
to rundeck-discuss
Yes, you can create an ACL for multiple projects using a regular expression, check this example.
Reply all
Reply to author
Forward
0 new messages