英文:
Failed to read SSH Private key stored at path
问题
当除了admin以外的任何用户运行该作业时,我遇到了这个错误:
Failed to read SSH Private key stored at path: keys/rundeck/id_rsa: com.dtolabs.rundeck.core.storage.StorageAuthorizationException: Unauthorized access
我应该在哪里查找解决这个错误的方法?
TIA.
英文:
I am getting this error when any user besides admin runs the job:
Failed to read SSH Private key stored at path: keys/rundeck/id_rsa: com.dtolabs.rundeck.core.storage.StorageAuthorizationException: Unauthorized access
Where should I be looking to solve this error?
TIA.
答案1
得分: 0
因为您需要为您的用户/角色授予密钥存储的访问权限,这个ACL授予对Rundeck密钥存储的访问权限:
description: 项目上下文。
context:
project: ProjectEXAMPLE
for:
resource:
- allow: [run,read]
job:
- allow: [read,view,update,run]
node:
- allow: [read,run]
by:
username: user
---
description: 应用上下文。
context:
application: 'rundeck'
for:
project:
- allow: read
match:
name: ProjectEXAMPLE
storage:
- allow: [read]
by:
username: user
请查看应用上下文的存储部分。
但是,如果您想要限制到特定的密钥,您可以使用这种方法。例如:
description: 项目上下文。
context:
project: ProjectEXAMPLE
for:
resource:
- allow: [run,read]
job:
- allow: [read,view,update,run]
node:
- allow: [read,run]
by:
username: user
---
description: 应用上下文。
context:
application: 'rundeck'
for:
project:
- allow: read
match:
name: ProjectEXAMPLE
storage:
- match:
path: 'keys/rundeck'
allow: [read]
by:
username: user
在这两种情况下,如果您想要将ACL集中在特定角色上,请将"username"更改为"group"。
考虑到您正在使用密钥keys/rundeck来访问远程节点。
<?xml version="1.0" encoding="UTF-8"?>
<project>
<node name="node00" description="NODE 00" tags="canada" hostname="192.168.56.20" osArch="amd64" osFamily="unix" osName="Linux" osVersion="3.10.0-514.el7.x86_64" username="vagrant" ssh-key-storage-path="keys/rundeck"/>
</project>
英文:
That's because you need to grant access to key storage to your user/roles, this ACL grant access to the Rundeck Key Storage:
description: project context.
context:
project: ProjectEXAMPLE
for:
resource:
- allow: [run,read]
job:
- allow: [read,view,update,run]
node:
- allow: [read,run]
by:
username: user
---
description: app context.
context:
application: 'rundeck'
for:
project:
- allow: read
match:
name: ProjectEXAMPLE
storage:
- allow: [read]
by:
username: user
Check the app context storage section.
But if you want to limit to an specific key you will use this approach. e.g:
description: project context.
context:
project: ProjectEXAMPLE
for:
resource:
- allow: [run,read]
job:
- allow: [read,view,update,run]
node:
- allow: [read,run]
by:
username: user
---
description: app context.
context:
application: 'rundeck'
for:
project:
- allow: read
match:
name: ProjectEXAMPLE
storage:
- match:
path: 'keys/rundeck'
allow: [read]
by:
username: user
In both cases if you want to focus your ACL to a specific role change "username" by "group".
Considering that you're using the key keys/rundeck to access the remote node.
<?xml version="1.0" encoding="UTF-8"?>
<project>
<node name="node00" description="NODE 00" tags="canada" hostname="192.168.56.20" osArch="amd64" osFamily="unix" osName="Linux" osVersion="3.10.0-514.el7.x86_64" username="vagrant" ssh-key-storage-path="keys/rundeck"/>
</project>
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论