Adding Windows Node to Rundeck

Posted: March 24, 2018 in RunDeck, Windows Server

In previous post we added linux node to Rundeck server.Now, we’ll add a Windows Server

Creating AD user

I’ll be adding Domain Controller to Rundeck, so i created Domain user and put it in Built-in Administrator group,username:rundeck@test.com

Capture.PNG

Installing OpenSSH server on Windows Server

In order to run inline scripts against Windows server we need password-less connection to Windows server (private/public key authentication), because Rundeck first copies script to remote node before executing it

Download OpenSSH server,unzip it and copy it to desired destination (i put it in C:\Program Files)

Capture.PNG

With powershell browse to unzipped folder and run ./install-sshd.ps1

Two services should be installed:sshd and ssh-agent,make sure both are running-set Startup type to Automatic

Capture.PNG

Open sshd_config_default file

Capture.PNG

edit is as following:

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:
RSAAuthentication yes
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
PermitRootLogin yes
StrictModes no
#MaxAuthTries 6
#MaxSessions 10
RhostsRSAAuthentication yes
PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile	.ssh/authorized_keys

#AuthorizedPrincipalsFile none

# For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem	sftp	sftp-server.exe

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	AllowTcpForwarding no
#	PermitTTY no
#	ForceCommand cvs server

In Rundeck user profile folder create folder .ssh

cd C:\Users\rundeck
mkdir .ssh

Create keypair on Rundeck server (if not created)

ssh-keygen

Copy  Rundeck public key (cat /root/.ssh/id_rsa.pub) to Windows machine to .ssh folder of rundeck user-authorized_keys file, if folder is not visible enable showing hidden folders and files

Capture.PNG

On Windows,make sure port 22 is opened, restart sshd,Restart-Service sshd

Try ssh connection to Windows server from Rundeck

ssh rundeck@192.168.0.13

You shouldn’t be asked for password

Capture.PNG

Creating project

Capture.PNG

Capture.PNG

Add node (resources.xml)

Linuxtopic/server.1key was created in previous post.

 

<node name=”dc” description=”My windows” tags=”node2″ hostname=”192.168.0.13″ osArch=”x86_64″ osFamily=”Windows” osName=”Windows Server 2016″ username=”rundeck” ssh-key-storage-path=”keys/Linuxtopic/server.1key” />

 

Password authentiation

If, for some reason Public key authentication doesn’t work (it happened to me with AWS EC2 Windows instance-Write Failed: broken pipe ) , we can try password authentication

 

0-1

 

Key Type: Password

 

0

Specify Password storage created in step above and password as SSH authentication

 

Capture

 

 

Untitled

 

resources.xml:

 

<node name=”windows” description=”My windows” tags=”node2″ hostname=”1.1.1.2″ osArch=”x86_64″ osFamily=”Windows” osName=”Windows Server 2016″ username=”rundeck” ssh-authentication=”password” ssh-password-storage-path=”keys/Windows” />

 

 

Creating Job

I added Powershell script to get AD user and to create OU

Capture.PNG

Capture.PNG

Capture.PNG

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s