Execute a remote command after sudo - su anotheruser in Rundeck

StackOverflow https://stackoverflow.com/questions/13848245

  •  07-12-2021
  •  | 
  •  

Question

I'm new with Rundeck and completely amazed with it and I'm trying to execute a job and my scenario is detailed bellow:

  • Rundeck is configured with ssh password less authentication between node Server (rundeck server) and node Target (remote Solaris host) for user "master".

  • In node Target I want to execute a script /app/acme/stopApp.sh with user appmanager.

  • Normally when I need to run the script above I manually proceed with:

ssh master@server

sudo su - appmanager

or simply 

ssh -t master@server
sudo su - appmanager

works without password and finally run (as appmanager)

/app/acme/stopApp.sh

But I don't know how can I reproduce these steps using Rundeck. I read in some previous messages that for each job line rundeck uses a new ssh connection, so the workflow bellow always fails for me with the messages:

sudo: no tty present and no askpass program specified Remote command failed with exit status 1

Could someone please help me with this issue?

Without this functionality I wouldn't be able to introduce a little DevOps in my department. :-D

I read the user guide and admin guide but I couldn't find an easy example, neither in this forum, to follow.

I will appreciate your help.

Rundeck version is 1.4

Was it helpful?

Solution 2

Although your ssh login works without a password, you also need to configure sudo on your Target server so that it doesn't require a password.

Since you only need for the master user to be able to run commands as the appmanager user, you can handle this completely through sudo. In /etc/sudoers on Target, add:

master  ALL=(appmanager) NOPASSWD: ALL

Then your ssh command becomes:

ssh -t master@server 'sudo -u appmanager /app/acme/stopApp.sh'

If you need environment setup that is normally handled by the appmanager login shell, you'll need to source that setup explicitly. (And I would argue that the deployment environment setup should not be confined to a login shell anyway.)

More details on how to let one user run commands as another user are in a ServerFault answer and the much denser sudoers man page.

OTHER TIPS

sudo su - appmanager

Tries to open a login shell, and therefore wants a real terminal. Remove the "-" to avoid this behavior. In the end, your command is going to look like

sudo su -c /app/acme/stopApp.sh appmanager
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top