How to force an Rundeck Job to run with other Windows account

143 views
Skip to first unread message

Manuel Alves

unread,
Jan 22, 2021, 6:54:05 AM1/22/21
to rundeck-discuss

Hello everyone,

We have an ETL tool (KNIME) that need to use an external database plugin (bigquery DB) and we need to run this workflow with Rundeck. 

The problem is as the rundeck use an “internal windows user” (system I think) and we have the workflow and the Bigquery plugin in other Windows account, this job always fail with the error "plugin not found in path".

My question is, how can we force the Rundeck Job to run with other Windows server 2016 account?

In Linux seems easy… just use sudo  $ {scriptfile}, but in windows its different

rundeck_job.JPG

rac...@rundeck.com

unread,
Jan 22, 2021, 8:24:21 AM1/22/21
to rundeck-discuss

Hi Manuel,

You can reference a username option in your windows resource model file, in the pywinrm plugin case this option must be named “username” (referenced in your file as ${option.username}), more info here. This known as “job level authentication”, for example:

<?xml version="1.0" encoding="UTF-8"?>

<project>
    <node name="windows" description="Windows 10" tags="windows" hostname="192.168.0.122" osArch="amd64" osFamily="windows" osName="Windows 10 20.04" osVersion="6.3" username="${option.username}" winrm-authtype="basic"/>  
</project>

As you see this example doesn’t use a password attribute, that’s because the option “winrmpassword” (this option also need to be defined with that name, check this thread) works as an implicit parameter to the node definition, let me share the job definition example that works with the node definition above:

<joblist>
  <job>
    <context>
      <options preserveOrder='true'>
        <option name='username' value='Administrator' />
        <option name='winrmpassword' secure='true' valueExposed='true' />
      </options>
    </context>
    <defaultTab>nodes</defaultTab>
    <description></description>
    <dispatch>
      <excludePrecedence>true</excludePrecedence>
      <keepgoing>false</keepgoing>
      <rankOrder>ascending</rankOrder>
      <successOnEmptyNodeFilter>false</successOnEmptyNodeFilter>
      <threadcount>1</threadcount>
    </dispatch>
    <executionEnabled>true</executionEnabled>
    <id>ceeadd76-3c37-4b47-a9b5-e1a231ba3f9c</id>
    <loglevel>INFO</loglevel>
    <name>HelloWorld</name>
    <nodeFilterEditable>false</nodeFilterEditable>
    <nodefilters>
      <filter>name: windows</filter>
    </nodefilters>
    <nodesSelectedByDefault>true</nodesSelectedByDefault>
    <plugins />
    <scheduleEnabled>true</scheduleEnabled>
    <sequence keepgoing='false' strategy='node-first'>
      <command>
        <exec>dir</exec>
      </command>
    </sequence>
    <uuid>ceeadd76-3c37-4b47-a9b5-e1a231ba3f9c</uuid>
  </job>
</joblist>

In that way, you can use job level authentication on Windows machines.

Hope it helps!

Message has been deleted

Manuel Alves

unread,
Jan 22, 2021, 11:47:50 AM1/22/21
to rundeck-discuss
Thanks for your help, but after more deep investigation, in fact the problem was not in Rundeck.

If you get this error in KNIME from batch mode call via console:

"ERROR main Node Loading model settings failed: Could not find the [bigqueryID] database driver"

You need to add the "-preferences" tag in the batch command to load the preferences, or they will be ignored.

Reply all
Reply to author
Forward
0 new messages