I am getting this error when any user besides admin
runs the job:
Failed to read SSH Private key stored at path: keys/rundeck/id_rsa:
com.dtolabs.rundeck.core.storage.StorageAuthorizationException: Unauthorized access
Where should I be looking to solve this error?
TIA.
That's because you need to grant access to key storage to your user/roles, this ACL grant access to the Rundeck Key Storage:
description: project context.
context:
project: ProjectEXAMPLE
for:
resource:
- allow: [run,read]
job:
- allow: [read,view,update,run]
node:
- allow: [read,run]
by:
username: user
---
description: app context.
context:
application: 'rundeck'
for:
project:
- allow: read
match:
name: ProjectEXAMPLE
storage:
- allow: [read]
by:
username: user
Check the app context storage section.
But if you want to limit to an specific key you will use this approach. e.g:
description: project context.
context:
project: ProjectEXAMPLE
for:
resource:
- allow: [run,read]
job:
- allow: [read,view,update,run]
node:
- allow: [read,run]
by:
username: user
---
description: app context.
context:
application: 'rundeck'
for:
project:
- allow: read
match:
name: ProjectEXAMPLE
storage:
- match:
path: 'keys/rundeck'
allow: [read]
by:
username: user
In both cases if you want to focus your ACL to a specific role change "username" by "group".
Considering that you're using the key keys/rundeck
to access the remote node.
<?xml version="1.0" encoding="UTF-8"?>
<project>
<node name="node00" description="NODE 00" tags="canada" hostname="192.168.56.20" osArch="amd64" osFamily="unix" osName="Linux" osVersion="3.10.0-514.el7.x86_64" username="vagrant" ssh-key-storage-path="keys/rundeck"/>
</project>