Hello everyone,
We have an ETL tool (KNIME) that need to use an external database plugin (bigquery DB) and we need to run this workflow with Rundeck.
The problem is as the rundeck use an “internal windows user” (system I think) and we have the workflow and the Bigquery plugin in other Windows account, this job always fail with the error "plugin not found in path".
My question is, how can we force the Rundeck Job to run with other Windows server 2016 account?
In Linux seems easy… just use sudo $ {scriptfile}, but in windows its different
Hi Manuel,
You can reference a username option in your windows resource model file, in the pywinrm plugin case this option must be named “username” (referenced in your file as ${option.username}
), more info here. This known as “job level authentication”, for example:
<?xml version="1.0" encoding="UTF-8"?>
<project>
<node name="windows" description="Windows 10" tags="windows" hostname="192.168.0.122" osArch="amd64" osFamily="windows" osName="Windows 10 20.04" osVersion="6.3" username="${option.username}" winrm-authtype="basic"/>
</project>
As you see this example doesn’t use a password attribute, that’s because the option “winrmpassword” (this option also need to be defined with that name, check this thread) works as an implicit parameter to the node definition, let me share the job definition example that works with the node definition above:
<joblist>
<job>
<context>
<options preserveOrder='true'>
<option name='username' value='Administrator' />
<option name='winrmpassword' secure='true' valueExposed='true' />
</options>
</context>
<defaultTab>nodes</defaultTab>
<description></description>
<dispatch>
<excludePrecedence>true</excludePrecedence>
<keepgoing>false</keepgoing>
<rankOrder>ascending</rankOrder>
<successOnEmptyNodeFilter>false</successOnEmptyNodeFilter>
<threadcount>1</threadcount>
</dispatch>
<executionEnabled>true</executionEnabled>
<id>ceeadd76-3c37-4b47-a9b5-e1a231ba3f9c</id>
<loglevel>INFO</loglevel>
<name>HelloWorld</name>
<nodeFilterEditable>false</nodeFilterEditable>
<nodefilters>
<filter>name: windows</filter>
</nodefilters>
<nodesSelectedByDefault>true</nodesSelectedByDefault>
<plugins />
<scheduleEnabled>true</scheduleEnabled>
<sequence keepgoing='false' strategy='node-first'>
<command>
<exec>dir</exec>
</command>
</sequence>
<uuid>ceeadd76-3c37-4b47-a9b5-e1a231ba3f9c</uuid>
</job>
</joblist>
In that way, you can use job level authentication on Windows machines.
Hope it helps!