Using inline script works, script file doesn't

[Tom De Blende]

Hi all,

I have a Rundeck server that is executing stuff on servers in a different network. Connection is done through a bastion host using the script plugin. Configuration looks like this:

plugin.script-exec.default.command=ssh -o "StrictHostKeyChecking no" -o "ProxyCommand ssh -o 'StrictHostKeyChecking no' -i ~/keys/key.pem ec2-...@x.x.x.x nc %h %p" ${node.username}@${node.hostname} ${exec.command}
plugin.script-exec.default.shell=bash -c

Now this all works fine. Running scripts on remote hosts as inline is no problem. I set my variable like this:

srvs=`echo @option.Servers@`

However if I want to use a script file and run that remotely like this:

srvs=$RD_OPTION_SERVERS

Then I see that nothing is in the $RD_OPTION_SERVERS variable.

So how come running an inline script works, and a script file does not?

Any ideas are welcome :)

[Alex Honor]

Hi Tom,

The tokens in the inline script are replaced server side. The RD_* env vars are passed through SSH but me be accepted by the remote server. Take a look here to configure that: http://rundeck.org/docs/plugins-user-guide/ssh-plugins.html#passing-environment-variables-through-remote-command

--
You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/de9561ab-499a-4869-bd1c-54ec87306aa1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Alex Honor

[SimplifyOps, Inc | a...@simplifyops.com ]

Be sure to comment and vote on Rundeck Feature Development!

[Tom De Blende]

Hi Alex,

Thanks for your input. I should have mentioned that I have added the line to the sshd_config on the target server, and to be sure also on the bastion host in between. Not sure if that is needed.

AcceptEnv RD_*

--
You received this message because you are subscribed to a topic in the Google Groups "rundeck-discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rundeck-discuss/BonmAd6G7zM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rundeck-discu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/CA%2BO9DbEVwObMXC8kQu7OJqRnrkrmEst7P5z_jgj2%3DXxMoZGdGg%40mail.gmail.com.

[Greg Schueler]

My guess is you would need to use the SendEnv option to send both to the bastion host and then through to the target host.

To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/CAGV-88F_mG2wTv6cfKO0f6LaauaBgvwXWzcr19XCeGu2v5EvEw%40mail.gmail.com.

[Tom De Blende]

But how does one achieve that? It is not enough to put the SendEnv on both the bastion and the target host. So what else is needed?

To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/02BEA4F5-716E-43FC-B762-3BBA2E65C81A%40simplifyops.com.

[Tom De Blende]

Did some more tests, no luck. I have the AcceptEnv RD_* set on both the target host and the bastion host. Running all remote scripts through inline scripts is not manageable. The lack of source control is one.

Here is what I get from a debug run:

15:18:17			[script-copy] executing: bash -c scp -o "StrictHostKeyChecking no" -o "ProxyCommand ssh -o 'StrictHostKeyChecking no' -i z.pem ec2-...@x.x.x.x nc %h %p" /var/lib/rundeck/scripts/maint/start_maintenance.sh rundeck@y.y.y.y:/tmp/2-180-mss-ansible-start_maintenance.sh
15:18:17			[script-exec] executing: bash -c ssh -o "StrictHostKeyChecking no" -o "ProxyCommand ssh -o 'StrictHostKeyChecking no' -i z.pem ec2-...@x.x.x.x nc %h %p" rundeck@y.y.y.y chmod +x /tmp/2-180-mss-ansible-start_maintenance.sh
15:18:17			[script-exec]: result code: 0, success: true
15:18:17			[script-exec] executing: bash -c ssh -o "StrictHostKeyChecking no" -o "ProxyCommand ssh -o 'StrictHostKeyChecking no' -i z.pem ec2-...@x.x.x.x nc %h %p" rundeck@y.y.y.y /tmp/2-180-mss-ansible-start_maintenance.sh

So from what I can tell, the script is copied over as 2-180-mss-ansible-start_maintenance.sh to /tmp. Are variables already substituted then in that script file? How does it work?

[Tom De Blende]

I have found a working solution for my problem. I haven't managed to get it to work with environment variables. Last try was to use -W instead of netcat in the Proxy Command. No luck.

I then switched to command line arguments. That did the trick. So instead of reading the option list from the RD_ variable, I read it from ${option.Servers}.

Just in case someone ends up in the same boat and finds this thread in the future.

[Greg Schueler]

did you try using -o SendEnv RD_* on the commandline?

AcceptEnv is required on the server side to receive env vars.

SendEnv is required on the client side to send the env vars

You probably need to since you are using ssh client directly instead of the builtin plugin.

--
You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discu...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/36c0a053-ed52-4142-b0f2-7bf4146419f4%40googlegroups.com.

[Tom De Blende]

You, good sir, win the internet. This was indeed the missing link.

I can add that it is not necessary to make changes to the bastion host's ssh config.

Thank you!