Possible to authenticate rundeck nodes using password?
1,467 views
Skip to first unread message
Bryan Berry
Feb 10, 2011, 4:17:06 AM2/10/11
to rundeck...@googlegroups.com
I need to add a node to rundeck using password authentication. If it were up to me, we would use ssh keys to authenticate, but alas, it is not up to me.
There doesn't appear to be a password attribute for a Node. Is there a way to do this?
thanks
Bryan Berry
Feb 10, 2011, 9:05:26 AM2/10/11
to rundeck...@googlegroups.com
looking thru the docs closer it appears that I am out of luck.
now I have tried adding a node manually to the resources.xml file for my current project . However, it doesn't apear in the gui and I don't get an error. Is there a way I can tell if there is an ssh connection error for this node?
Alex-SF
Feb 10, 2011, 10:44:22 AM2/10/11
to rundeck-discuss
Hi Bryan,
We could add a password attribute to Node to support that style
authentication. We'd have to decide how to secure the password so it
is not plain text though. On the #rundeck IRC channel, we have also
been discussing different approaches to managing authentication that
does not involve the resource model. In this alternative scheme, a
user could choose a credential and execute commands across a set of
nodes with that chosen identity.
Maybe you have some ideas about this topic.
Thanks
We could add a password attribute to Node to support that style
authentication. We'd have to decide how to secure the password so it
is not plain text though. On the #rundeck IRC channel, we have also
been discussing different approaches to managing authentication that
does not involve the resource model. In this alternative scheme, a
user could choose a credential and execute commands across a set of
nodes with that chosen identity.
Maybe you have some ideas about this topic.
Thanks
Alex-SF
Feb 10, 2011, 10:49:51 AM2/10/11
to rundeck-discuss
Hi Bryan,
The default filter only shows the server node. Take a look at the
filter control http://rundeck.org/docs/RunDeck-Guide.html#filtering-nodes-graphically.
By command line try running the "dispatch" command to list nodes. Try
a command like this:
dispatch -I '.*' --noqueue -- uptime
If you get an "Auth cancel" error, there is an SSH config issue.
Normally the issue is an incorrect public key file configuration. See
what key file is configured like so:
$ awk '/framework.ssh.keypath/ {print $3}'
framework.properties
The default filter only shows the server node. Take a look at the
filter control http://rundeck.org/docs/RunDeck-Guide.html#filtering-nodes-graphically.
By command line try running the "dispatch" command to list nodes. Try
a command like this:
dispatch -I '.*' --noqueue -- uptime
If you get an "Auth cancel" error, there is an SSH config issue.
Normally the issue is an incorrect public key file configuration. See
what key file is configured like so:
$ awk '/framework.ssh.keypath/ {print $3}'
framework.properties
Bryan Berry
Feb 12, 2011, 10:04:53 AM2/12/11
to rundeck...@googlegroups.com
On Thu, Feb 10, 2011 at 4:49 PM, Alex-SF <aho...@users.sourceforge.net> wrote:
Hi Bryan,
The default filter only shows the server node. Take a look at the
filter control http://rundeck.org/docs/RunDeck-Guide.html#filtering-nodes-graphically.
hmm, this isn't so intuitive and perhaps the only part of rundeck so far that i have encountered that is i not intuitive ;) . I certainly intend to tie this into my cmdb but just for starters it would be nice to plugin a few ips into the gui to get started. perhaps I will find some time some day to add it myself ;)
looking in framework.properties, there is only one value by default, yet you can specify different usernames in the <Node /> element. Is the same SSH key used regardless of which username is specified?
framework.ssh.user = root
Bryan Berry
Feb 12, 2011, 12:22:07 PM2/12/11
to rundeck...@googlegroups.com
sweet! got it working.
When u get a chance pls explain how rundeck correlates node usernames to ssh keys. Perhaps it uses the key specified in framework.ssh.keypath for all usernames?
also, the user manual says that RSA keys are the default
however the src code seems to specify a dsa key
Alex-SF
Feb 14, 2011, 12:44:03 PM2/14/11
to rundeck-discuss
Bryan,
I think there is a bug in the filter, too. If all the filter fields
are cleared, and the Filter button pressed, the local rundeck server.
I think the expected result would be to see all the nodes for the
project. Curious if you ran into this behavior?
I think there is a bug in the filter, too. If all the filter fields
are cleared, and the Filter button pressed, the local rundeck server.
I think the expected result would be to see all the nodes for the
project. Curious if you ran into this behavior?
Alex-SF
Feb 14, 2011, 12:47:30 PM2/14/11
to rundeck-discuss
The source code should be updated to use RSA. Would you mind logging a
request? http://rundeck.lighthouseapp.com/projects/59277-development/overview
Here's a short explanation that is going into an upcoming 1.2 tutorial
doc that might shed some light on your question:
---
The Rundeck server configuration file, framework.properties contains
the identity used to connect to the remote hosts. This public key must
be added to the desired user's authorized_keys file on the remote
hosts.
Check the value of the framework.ssh.keypath setting. This file will
be used as the identity when connecting to remote hosts:
$ awk '/framework.ssh.keypath/ {print $3}' framework.properties
/Users/alexh/.ssh/id_dsa
Add the public key to the authorized_keys file on the remote hosts.
Test a connection using this identity:
ssh -i $(awk '/framework.ssh.keypath/ {print $3}'
framework.properties) demo@ubuntu pwd
The command should execute successfully.
Thanks
On Feb 12, 9:22 am, Bryan Berry <bryan.be...@gmail.com> wrote:
> sweet! got it working.
>
> When u get a chance pls explain how rundeck correlates node usernames to ssh
> keys. Perhaps it uses the key specified in framework.ssh.keypath for all
> usernames?
>
> also, the user manual says that RSA keys are the defaulthttp://rundeck.org/docs/RunDeck-Guide.html#ssh-key-generation
>
> however the src code seems to specify a dsa keyhttps://github.com/dtolabs/rundeck/blob/master/core/src/resources/com...
request? http://rundeck.lighthouseapp.com/projects/59277-development/overview
Here's a short explanation that is going into an upcoming 1.2 tutorial
doc that might shed some light on your question:
---
The Rundeck server configuration file, framework.properties contains
the identity used to connect to the remote hosts. This public key must
be added to the desired user's authorized_keys file on the remote
hosts.
Check the value of the framework.ssh.keypath setting. This file will
be used as the identity when connecting to remote hosts:
$ awk '/framework.ssh.keypath/ {print $3}' framework.properties
Add the public key to the authorized_keys file on the remote hosts.
Test a connection using this identity:
ssh -i $(awk '/framework.ssh.keypath/ {print $3}'
framework.properties) demo@ubuntu pwd
The command should execute successfully.
Thanks
On Feb 12, 9:22 am, Bryan Berry <bryan.be...@gmail.com> wrote:
> sweet! got it working.
>
> When u get a chance pls explain how rundeck correlates node usernames to ssh
> keys. Perhaps it uses the key specified in framework.ssh.keypath for all
> usernames?
>
>
> however the src code seems to specify a dsa keyhttps://github.com/dtolabs/rundeck/blob/master/core/src/resources/com...
Reply all
Reply to author
Forward
0 new messages