power broker (like sudo) in Rundeck

vinod kumar

unread,

Jul 26, 2016, 10:02:46 AM7/26/16

to rundeck-discuss

Hi,

I am new to Rundeck, on my windows 7 i am trying to login to linux host remotely and then running the following power broker authentication which is same as sudo su -

this i need to execute from rundeck, can someone help me on this.

i have stored the keys for 1-1 (keys/sr) and sshPassword (pbswd)

$ pbrun cit-sa -u root <<== command

Please enter the request number you are working on: 1-1 <<== input given 1-1

You entered: 1-1

Successful login using -u option. If you want to allow X traffic please use -x option.

Usage: /usr/local/bin/pbrun [policy] -x [target user]

Password: <<== here i have to input password.

configuration file content:

#Tue Jul 26 17:23:40 IST 2016

#edit below

project.description=

project.name=Test01

project.nodeCache.delay=30

project.nodeCache.enabled=true

project.ssh-authentication=password

project.ssh-password-storage-path=keys/pbswd

project.sudo-command-enabled=true

project.sudo-password-storage-path=keys/sr

project.sudo-prompt-pattern=^Please enter .+\: .*

project.sudo-response-max-timeout=20000

resources.source.1.config.file=D\:\\rundek\\projects\\Test01\\etc\\resources.xml

resources.source.1.config.format=resourcexml

resources.source.1.config.generateFileAutomatically=true

resources.source.1.config.includeServerNode=true

resources.source.1.config.requireFileExists=false

resources.source.1.type=file

service.FileCopier.default.provider=jsch-scp

service.NodeExecutor.default.provider=jsch-ssh

Regards, Vinod

Alex Honor

unread,

Jul 26, 2016, 10:20:26 AM7/26/16

to rundeck...@googlegroups.com

Hi Vinod,

Does all execution occur using power broker? That is, is pbrun used for both the remote execution and switching user? If just the latter, then I assume you want to ssh to the remote box first and then run pbrun.

I'm only slightly familiar with powerbroker but do you have a reference page I can see online?

--
You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/bd53ee0b-8545-42e6-baea-1142ccfaac6d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Alex Honor

[SimplifyOps, Inc | a...@simplifyops.com ]

Be sure to comment and vote on Rundeck Feature Development!

vinod kumar

unread,

Jul 26, 2016, 11:26:49 AM7/26/16

to rundeck-discuss

Hi Alex,

Yep, i would like to do remote ssh with my unix account and then switch to root via pbrun (command: pbrun cit-sa -u root) and then from there run OS commands.

let me find update reference article for powerbroker.

i usually execute manually to switch to root account like below:

=========================

$ pbrun cit-sa -u root

Please enter the request number you are working on: 1-1 <<== here i have to input 1-1 which is stored in keys/sr

You entered: 1-1

Successful login using -u option. If you want to allow X traffic please use -x option.

Usage: /usr/local/bin/pbrun [policy] -x [target user]

Password: <<=== here i have to input user password which is stored in keys/pbswd

=========================

DEBUG Log output:

testvm 1. pb [workflow] beginExecuteNodeStep(testvm): NodeDispatch: com.dtolabs.rundeck.execution.ExecutionItemFactory$4@624d59c0

Using ssh password storage path: keys/pbswd

Starting SSH Connection: vburamdo@testvm (testvm)

Set timeout to 0

Connecting to testvm:22

Connecting to testvm port 22

Connection established

Remote version string: SSH-2.0-OpenSSH_5.3p1-hpn13v7

Local version string: SSH-2.0-JSCH-0.1.53

CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256

aes256-ctr is not available.

aes192-ctr is not available.

aes256-cbc is not available.

aes192-cbc is not available.

CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521

CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521

SSH_MSG_KEXINIT sent

SSH_MSG_KEXINIT received

kex: server: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

kex: server: ssh-rsa,ssh-dss

kex: server: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijnda...@lysator.liu.se

kex: server: hmac-md5,hmac-sha1,uma...@openssh.com,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96

kex: server: none,zl...@openssh.com

kex: server:

kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521

kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc

kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96

kex: client: none

kex: client:

kex: server->client aes128-ctr hmac-md5 none

kex: client->server aes128-ctr hmac-md5 none

SSH_MSG_KEXDH_INIT sent

expecting SSH_MSG_KEXDH_REPLY

ssh_rsa_verify: signature true

Permanently added 'testvm' (RSA) to the list of known hosts.

SSH_MSG_NEWKEYS sent

SSH_MSG_NEWKEYS received

SSH_MSG_SERVICE_REQUEST sent

SSH_MSG_SERVICE_ACCEPT received

Authentications that can continue: publickey,password,keyboard-interactive

Next authentication method: publickey

Authentications that can continue: password,keyboard-interactive

Next authentication method: password

Authentication succeeded (password).

Disconnecting from testvm port 22

java.lang.InterruptedException

Caught an exception, leaving main loop due to Socket closed

Failed: Unknown: java.lang.InterruptedException

Please enter the request number you are working on: <<<==== it stuck here, then i killed the job >>>>

WINDOWS-LAP 1. pb [workflow] finishExecuteNodeStep(testvm): NodeDispatch: Unknown: java.lang.InterruptedException

1: Workflow step finished, result: Dispatch failed on 1 nodes: [testvm: Unknown: java.lang.InterruptedException]

[workflow] Finish step: 1,NodeDispatch

[workflow] Finish execution: rundeck-workflow-node-first: [Workflow result: , step failures: {1=Dispatch failed on 1 nodes: [testvm: Unknown: java.lang.InterruptedException]}, Node failures: {testvm=[Unknown: java.lang.InterruptedException]}, status: failed]

[Workflow result: , step failures: {1=Dispatch failed on 1 nodes: [testvm: Unknown: java.lang.InterruptedException]}, Node failures: {testvm=[Unknown: java.lang.InterruptedException]}, status: failed]

Execution failed: 20: [Workflow result: , step failures: {1=Dispatch failed on 1 nodes: [testvm: Unknown: java.lang.InterruptedException]}, Node failures: {testvm=[Unknown: java.lang.InterruptedException]}, status: failed]

Regards, Vinod

Alex Honor
[SimplifyOps, Inc | a....@simplifyops.com ]

vinod kumar

unread,

Jul 26, 2016, 11:26:49 AM7/26/16

to rundeck-discuss

Hi Alex,

I wanted to do remote ssh with my account and then run pbrun (pbrun cit-sa -u root) to switch to root account.

& then from there i wanted to execute OS commands.

Let me check and update if any online reference for power broker

From Linux host, i used to manually switch to root account like below.

=================================

$ pbrun cit-sa -u root

Please enter the request number you are working on: 1-1 <<== here i have to input 1-1 which is stored in keys/sr

You entered: 1-1

Successful login using -u option. If you want to allow X traffic please use -x option.

Usage: /usr/local/bin/pbrun [policy] -x [target user]

Password: <<=== here i have to input user password which is stored in keys/pbswd

========================================

Regards, Vinod

On Tuesday, 26 July 2016 19:50:26 UTC+5:30, Alex Honor wrote:

Alex Honor
[SimplifyOps, Inc | a....@simplifyops.com ]

Reply all

Reply to author

Forward