I'm new with Rundeck and completely amazed with it and I'm trying to execute a job and my scenario is detailed bellow:
Rundeck is configured with ssh password less authentication between node Server (rundeck server) and node Target (remote Solaris host) for user "master".
In node Target I want to execute a script /app/acme/stopApp.sh with user appmanager.
Normally when I need to run the script above I manually proceed with:
ssh master@server
sudo su - appmanager
or simply
ssh -t master@server
sudo su - appmanager
works without password and finally run (as appmanager)
/app/acme/stopApp.sh
But I don't know how can I reproduce these steps using Rundeck. I read in some previous messages that for each job line rundeck uses a new ssh connection, so the workflow bellow always fails for me with the messages:
sudo: no tty present and no askpass program specified Remote command failed with exit status 1
Could someone please help me with this issue?
Without this functionality I wouldn't be able to introduce a little DevOps in my department. :-D
I read the user guide and admin guide but I couldn't find an easy example, neither in this forum, to follow.
I will appreciate your help.
Rundeck version is 1.4
Although your ssh login works without a password, you also need to configure sudo on your Target server so that it doesn't require a password.
Since you only need for the master user to be able to run commands as the appmanager user, you can handle this completely through sudo. In /etc/sudoers on Target, add:
master ALL=(appmanager) NOPASSWD: ALL
Then your ssh command becomes:
ssh -t master@server 'sudo -u appmanager /app/acme/stopApp.sh'
If you need environment setup that is normally handled by the appmanager login shell, you'll need to source that setup explicitly. (And I would argue that the deployment environment setup should not be confined to a login shell anyway.)
More details on how to let one user run commands as another user are in a ServerFault answer and the much denser sudoers man page.