enable sudo with password
2,497 views
Skip to first unread message
Andrew Smith
Oct 15, 2015, 6:51:14 AM10/15/15
to rundeck-discuss
I have a node that I can ssh into from the rundeck server using ssh keys but then I want to use a password for the sudo command which I think is possible.
For some reason it does not detect the sudo request, tried a number of different regex and tested them, they work outside of rundeck so thinking its somewhere else.
I added these commands to the node config sudo-command-enabled="true" sudo-password-option="option.sudoPassword2" sudo-prompt-pattern="\[sudo\] password for .*:"
Is there something else I am missing to add to the node config?
Also can I reference the password from the rundeck Key Storage rather than have a user enter it?
Andrew
Greg Schueler
Oct 15, 2015, 12:38:00 PM10/15/15
to rundeck...@googlegroups.com
There is also `sudo-command-pattern="^sudo$"` which detects the invocation of sudo (that is the default value). The default prompt pattern is `^\[sudo\] password for .+: .*`
what is the output when the command prompts you for the password?
try enabling Debug logging as well.
Yes, you can use the storage facility for the password, use an attribute named `sudo-password-storage-path`
--
You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/b0b053f9-5ed2-4abc-b9c5-ef38eb08e584%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Andrew Smith
Oct 16, 2015, 4:19:00 AM10/16/15
to rundeck...@googlegroups.com
The prompt for sudo password is this
But so far all I see is this.
[sudo] password for
I tried setting these on the node resource so I could test easier.
sudo-command-enabled="true" sudo-password-option="option.sudoPassword2" sudo-prompt-pattern="\[sudo\] password for .*:" sudo-command-pattern="^sudo$"
Remote command failed with exit status -1
Sudo execution password response failed: Failed waiting for input prompt: Expected input was not seen in 5000 milliseconds
Failed: NonZeroResultCode: Remote command failed with exit status -1
Tried various regex patterns that all test ok outside of rundeck, so not sure what I am getting wrong.
Sudo execution password response failed: Failed waiting for input prompt: Expected input was not seen in 5000 milliseconds
Failed: NonZeroResultCode: Remote command failed with exit status -1
Tried various regex patterns that all test ok outside of rundeck, so not sure what I am getting wrong.
With regards "sudo-password-storage-path", I did a quick search in the docs but did not see that listed as an option, is there a link to where I should look for that?
Andrew
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/8C428FEF-806F-4318-AC9C-A38F117BC58C%40simplifyops.com.
Greg Schueler
Oct 16, 2015, 12:18:20 PM10/16/15
to rundeck...@googlegroups.com
Does the output before "Remote command failed" include the "[sudo] password for" prompt?
If so, it means the pattern is not matching. Try changing it to have "^" at the beginning and ".*" at the end.
If not, it could mean that sudo is succeeding without prompting for the password.
When you run sudo and enter a password, it stores a timestamp and allows you to run sudo without entering a password for a certain period of time. This makes it a little hard to detect for Rundeck, but there are a couple more node attributes you can try. "sudo-fail-on-prompt-timeout" (default: true) causes the failure you see after waiting 5 seconds to see the prompt. You can try setting it to false which will ignore the lack of a prompt after 5 seconds and assume the command succeeded.
the "sudo-password-storage-path" is missing in the documentation, see this issue https://github.com/rundeck/rundeck/issues/1110
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/CAArFU%2B5M-5SJ9sniV%2Bqn2oieeVr1AkaDOm5TPfCc4NRfb__t2A%40mail.gmail.com.
Andrew Smith
Oct 18, 2015, 8:28:06 AM10/18/15
to rundeck...@googlegroups.com
Thank you Greg, the regex was not matching in rundeck but was matching when I tested outside, so adding the ^ at the start and the .* at the end cured it.
Thanks for the link as well, that also fixed the password having to be entered in the job as well, so now using the regex '^\[sudo\] password for .*' and the keystore it all works great.
Regards
Andrew
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/A04F3688-819C-42F0-9BDD-7149CF3E5EA8%40simplifyops.com.
Sunil Tantry
Sep 7, 2016, 10:57:15 PM9/7/16
to rundeck-discuss
Hi Andrew,
Can i request you to post the job as a sample for this in an xml format. i have the same problem and i am unable to resolved it.
Thanks,
Sunil
Kevin Bürgisser
Aug 30, 2017, 9:22:04 AM8/30/17
to rundeck-discuss
Please help. I've already lost 3 hours, searching for the solution. https://stackoverflow.com/questions/45961196/rundeck-secondary-sudo-password-authentication-not-working
Reply all
Reply to author
Forward
0 new messages