Rundeck 4.0.0 - Remote node command execution using ssh

Question

I am having an issue with the most basic of Rundeck functions - namely, running a command over ssh on a remote node. I have generated a rsa key and added it via the Key Storage function. I have also created a yaml file for node definitions:

root@rundeck:/var/lib/rundeck# cat nodes.yml

mynode:
  nodename: mynode
  hostname: mynode
  description: 'Some description'
  ssh-authentication: privateKey            # added - unsure if really required
  ssh-keypath: /var/lib/rundeck/.ssh/id_rsa # added - unsure if really required
  username: rundeck
  osFamily: linux

The node is showing up correctly and command line ssh works just fine:

root@rundeck:/var/lib/rundeck/.ssh# ssh -i id_rsa rundeck@mynode date
Mon Apr  4 16:19:33 UTC 2022

The project settings are as below:

#Mon Apr 04 16:23:36 UTC 2022
#edit below
project.description=someproject
project.disable.executions=false
project.disable.schedule=false
project.execution.history.cleanup.batch=500
project.execution.history.cleanup.enabled=false
project.execution.history.cleanup.retention.days=60
project.execution.history.cleanup.retention.minimum=50
project.execution.history.cleanup.schedule=0 0 0 1/1 * ? *
project.jobs.gui.groupExpandLevel=1
project.label=somelabel
project.name=someproject
project.nodeCache.enabled=true
project.nodeCache.firstLoadSynch=true
project.output.allowUnsanitized=false
project.ssh-authentication=privateKey
project.ssh-command-timeout=0
project.ssh-connect-timeout=0
project.ssh-key-storage-path=keys/project/someproject/rundeck_id_rsa
resources.source.1.config.file=/var/lib/rundeck/nodes.yml
resources.source.1.config.format=resourceyaml
resources.source.1.config.requireFileExists=true
resources.source.1.config.writeable=true
resources.source.1.type=file
service.FileCopier.default.provider=jsch-scp
service.NodeExecutor.default.provider=jsch-ssh

Yet, when I try and run a Command from the UI, it fails:

Failed: SSHProtocolFailure: invalid privatekey: [B@7d7d0b2d

What am I doing incorrectly, and how do I successfully run a command over ssh on a remote node?

Answer 1

Your node definition needs the ssh-key-storage-path attribute pointing to the Rundeck user private key (created before on Rundeck Key Storage), also, the osFamily attribute must be set as unix (not linux , Rundeck only admits two values there: unix and windows ).

To add an SSH node follow these steps:

1. If you're using a WAR-based installation execute: ssh-keygen -t rsa -b 4096 . That generates two keys (private and public) on the user .ssh directory (the user that launches Rundeck). If you're using an RPM/DEB installation these keys are already created on the /var/lib/rundeck path.

2. Go to the remote SSH node (the account that you want to connect from Rundeck), then add the Rundeck server user public key to the authorized_keys file. Then you can test that connection with ssh user@xxx.xxx.xxx.xxx from the Rundeck server user account.

3. Launch Rundeck and then add to the Rundeck keys storage the rundeck user private key (remember to include the first and the last line " -----BEGIN RSA PRIVATE KEY----- " and " -----END RSA PRIVATE KEY----- ") in my case I use this path keys/rundeck .

4. Create a new Project and then create the resources.xml file with remote node information. To generate that file just go to Project Settings > Edit Nodes > Click on the "Configure Nodes" button > Click on "Add Sources +" > Select "+ File" option > in the "Format" field select resourcexml and fill the path in "File Path" field (put the file name at the end, usually "resources.xml", also, select "Generate", "Include Server Node" and "Writeable" checkboxes and click on the "Save" button.

5. Now you can edit that file including the remote node, which in my case is "node00" (a Vagrant test image), on the key-storage-path attribute I used the same path created in step 3:

<?xml version="1.0" encoding="UTF-8"?>
<project>
  <node name="hyperion" description="Rundeck server node" tags="" hostname="hyperion" osArch="amd64" osFamily="unix" osName="Linux" osVersion="4.15.0-66-generic" username="ruser"/>
  <node name="node00" description="Node 00" tags="" hostname="192.168.33.20" osArch="amd64" osFamily="unix" osName="Linux" osVersion="3.10.0-1062.4.1.el7.x86_64" username="vagrant" ssh-key-storage-path="keys/rundeck"/>
</project>

5. On Rundeck GUI go to the sidebar and check your nodes on the "Nodes" section. Check .

6. Go to "Commands" (sidebar) and put the SSH remote node name as a filter and launch any command like this .

You can follow an entire guide here .

Alternatively, you can re-generate the key pairs with the following command: ssh-keygen -p -f /var/lib/rundeck/.ssh/id_rsa -m pem .

Answer 2

The keystorage save the private-key with crlf and this was the issue I recognize with version 4.2.1 .

Do a dirty fix for ssh-exec.sh :

echo "$RD_CONFIG_SSH_KEY_STORAGE_PATH" > "$SSH_KEY_STORAGE_PATH"

insert these lines:

sed -i 's/\r$//' "$SSH_KEY_STORAGE_PATH"

SSHOPTS="$SSHOPTS -i $SSH_KEY_STORAGE_PATH"