[英]Rundeck SSH Execution
We've setup Rundeck community but have some questions regarding SSH execution.我们已经建立了 Rundeck 社区,但对 SSH 执行有一些疑问。
From what I can see it looks like the user who executes the job is configured at the project level and there is no way to change that at a per job per level.从我所见,执行作业的用户似乎是在项目级别配置的,并且无法在每个级别的每个作业中更改它。
We want to be able to login to Rundeck using our AD credentials (currently working) and run jobs as our individual user id's, is this possible or not?我们希望能够使用我们的 AD 凭据(当前有效)登录 Rundeck 并以我们的个人用户 ID 运行作业,这可能吗?
Thanks谢谢
It's possible to use a job level authentication in Rundeck, and it's possible to use the user name as an SSH user (of course the SSH server must be configured with that user to access it).在 Rundeck 中可以使用作业级别的身份验证,并且可以使用用户名作为 SSH 用户(当然 SSH 服务器必须配置有该用户才能访问它)。
I made a XML entry node example:我做了一个 XML 入口节点示例:
<node name="node00"
description="Node 00"
tags="mytag"
hostname="192.168.33.20"
osArch="amd64"
osFamily="unix"
osName="Linux"
osVersion="3.10.0-1062.4.1.el7.x86_64"
username="${job.username}"
ssh-authentication="password"
ssh-password-option="option.sshPassword1"/>
If you check carefully, you can see the username
attribute is set with ${job.username}
, this is a context variable that gets the current username (from, LDAP, AD or realm.properties
file), you can see all Rundeck context variables here .如果仔细检查,您可以看到username
属性设置为${job.username}
,这是一个获取当前用户名的上下文变量(来自 LDAP、AD 或realm.properties
文件),您可以看到所有 Rundeck 上下文变量在这里。
This example uses a secure option to pass the password and achieve the SSH authentication, this option is called sshPassword1
(see the ssh-password-option
attribute).本示例使用安全选项来传递密码并实现 SSH 身份验证,此选项称为sshPassword1
(请参阅ssh-password-option
属性)。
Now the job definition example in YAML format:现在是 YAML 格式的作业定义示例:
- defaultTab: nodes
description: ''
executionEnabled: true
id: b188c66c-c057-4bb7-98bf-7c84632bc144
loglevel: INFO
name: Whoami
nodeFilterEditable: false
nodefilters:
dispatch:
excludePrecedence: true
keepgoing: false
rankOrder: ascending
successOnEmptyNodeFilter: false
threadcount: '1'
filter: 'name: node00'
nodesSelectedByDefault: true
options:
- name: sshPassword1
secure: true
plugins:
ExecutionLifecycle: null
scheduleEnabled: true
sequence:
commands:
- exec: whoami
keepgoing: false
strategy: node-first
uuid: b188c66c-c057-4bb7-98bf-7c84632bc144
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.