Rundeck community,
I am looking to use job forecase feature and experiencing an issue described as below.
The installation is Rundeck 4.3.0-20220602 and RD cli 2.0.0 on Ubuntu 18.04 LTS. Without any customization, rd cli tool works if RD_URL points to
http://localhost:4440/api/41 to get job forecast information. Web UI works as expected too.
However, after a customization to the server URL for sitting behind an https reverse proxy, this approach stopped working.
The highlight of the customization includes:
By putting an Apache web server in the front, users can access the server with
httpS://SERVERNAME/rundeck. This part works as expected.
$ rd projects list -v
java.lang.IllegalStateException: Password Authentication failed, expected a successful response.
at org.rundeck.client.util.FormAuthInterceptor.authenticate(FormAuthInterceptor.java:82)
at org.rundeck.client.util.FormAuthInterceptor.intercept(FormAuthInterceptor.java:59)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
at retrofit2.OkHttpCall.execute(OkHttpCall.java:204)
at org.rundeck.client.util.Client.checkErrorDowngradable(Client.java:166)
at org.rundeck.client.util.Client.apiCallDowngradable(Client.java:606)
at org.rundeck.client.tool.commands.RdToolImpl.apiCallDowngradable(RdToolImpl.java:107)
at org.rundeck.client.tool.commands.RdToolImpl.apiCall(RdToolImpl.java:78)
at org.rundeck.client.tool.extension.BaseCommand.apiCall(BaseCommand.java:24)
at org.rundeck.client.tool.commands.Projects.list(Projects.java:58)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at picocli.CommandLine.executeUserObject(CommandLine.java:1972)
at picocli.CommandLine.access$1300(CommandLine.java:145)
at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2358)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2352)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2314)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2179)
at picocli.CommandLine$RunLast.execute(CommandLine.java:2316)
at picocli.CommandLine.execute(CommandLine.java:2078)
at org.rundeck.client.tool.Main.main(Main.java:154)
Apache log shows a 403 error
"POST /rundeck/api/41/j_security_check HTTP/1.1" 403 534 "-" "rd-cli-tool/2.0.0 (rundeck-cli/2.0.0)"
Rundeck log shows:
ERROR interceptors.AuthorizationInterceptor - (unauthenticated) UNAUTHORIZED for api/invalid
Does anyone have experience with this?
Thank you.