You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The installation is Rundeck 4.3.0-20220602 and RD cli 2.0.0 on Ubuntu 18.04 LTS. Without any customization, rd cli tool works if RD_URL points to http://localhost:4440/api/41 to get job forecast information. Web UI works as expected too.
However, after a customization to the server URL for sitting behind an https reverse proxy, this approach stopped working.
The highlight of the customization includes: grails.serverURL=https://servername/rundeck framework.server.url = https://servername/rundeck
By putting an Apache web server in the front, users can access the server with https://servername/rundeck. This part works as expected.
$ rd projects list -v java.lang.IllegalStateException: Password Authentication failed, expected a successful response. at org.rundeck.client.util.FormAuthInterceptor.authenticate(FormAuthInterceptor.java:82) at org.rundeck.client.util.FormAuthInterceptor.intercept(FormAuthInterceptor.java:59) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201) at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154) at retrofit2.OkHttpCall.execute(OkHttpCall.java:204) at org.rundeck.client.util.Client.checkErrorDowngradable(Client.java:166) at org.rundeck.client.util.Client.apiCallDowngradable(Client.java:606) at org.rundeck.client.tool.commands.RdToolImpl.apiCallDowngradable(RdToolImpl.java:107) at org.rundeck.client.tool.commands.RdToolImpl.apiCall(RdToolImpl.java:78) at org.rundeck.client.tool.extension.BaseCommand.apiCall(BaseCommand.java:24) at org.rundeck.client.tool.commands.Projects.list(Projects.java:58) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at picocli.CommandLine.executeUserObject(CommandLine.java:1972) at picocli.CommandLine.access$1300(CommandLine.java:145) at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2358) at picocli.CommandLine$RunLast.handle(CommandLine.java:2352) at picocli.CommandLine$RunLast.handle(CommandLine.java:2314) at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2179) at picocli.CommandLine$RunLast.execute(CommandLine.java:2316) at picocli.CommandLine.execute(CommandLine.java:2078) at org.rundeck.client.tool.Main.main(Main.java:154)
Apache is configured as: ProxyPass /rundeck http://localhost:4440/rundeck ProxyPassReverse /rundeck http://localhost:4440/rundeck
The installation is Rundeck 4.3.0-20220602 and RD cli 2.0.0 on Ubuntu 18.04 LTS. Without any customization, rd cli tool works if RD_URL points to http://localhost:4440/api/41 to get job forecast information. Web UI works as expected too.
However, after a customization to the server URL for sitting behind an https reverse proxy, this approach stopped working.
The highlight of the customization includes:
grails.serverURL=https://servername/rundeck framework.server.url = https://servername/rundeck
By putting an Apache web server in the front, users can access the server with https://servername/rundeck. This part works as expected.
But, rd does not seem to like it. With RD_URL=https://servername/rundeck/api/41, it complains:
$ rd projects list -v java.lang.IllegalStateException: Password Authentication failed, expected a successful response. at org.rundeck.client.util.FormAuthInterceptor.authenticate(FormAuthInterceptor.java:82) at org.rundeck.client.util.FormAuthInterceptor.intercept(FormAuthInterceptor.java:59) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201) at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154) at retrofit2.OkHttpCall.execute(OkHttpCall.java:204) at org.rundeck.client.util.Client.checkErrorDowngradable(Client.java:166) at org.rundeck.client.util.Client.apiCallDowngradable(Client.java:606) at org.rundeck.client.tool.commands.RdToolImpl.apiCallDowngradable(RdToolImpl.java:107) at org.rundeck.client.tool.commands.RdToolImpl.apiCall(RdToolImpl.java:78) at org.rundeck.client.tool.extension.BaseCommand.apiCall(BaseCommand.java:24) at org.rundeck.client.tool.commands.Projects.list(Projects.java:58) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at picocli.CommandLine.executeUserObject(CommandLine.java:1972) at picocli.CommandLine.access$1300(CommandLine.java:145) at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2358) at picocli.CommandLine$RunLast.handle(CommandLine.java:2352) at picocli.CommandLine$RunLast.handle(CommandLine.java:2314) at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2179) at picocli.CommandLine$RunLast.execute(CommandLine.java:2316) at picocli.CommandLine.execute(CommandLine.java:2078) at org.rundeck.client.tool.Main.main(Main.java:154)
Apache is configured as:
ProxyPass /rundeck http://localhost:4440/rundeck ProxyPassReverse /rundeck http://localhost:4440/rundeck
Apache log shows a 403 error
"POST /rundeck/api/41/j_security_check HTTP/1.1" 403 534 "-" "rd-cli-tool/2.0.0 (rundeck-cli/2.0.0)"
Rundeck log shows:
ERROR interceptors.AuthorizationInterceptor - (unauthenticated) UNAUTHORIZED for api/invalid
It works if use RD_TOKEN instead of RD_USERNAME/RD_PASSWORD.
Other details in https://groups.google.com/g/rundeck-discuss/c/T56Ccghczjk/m/-ScroauADAAJ?utm_medium=email&utm_source=footer
The text was updated successfully, but these errors were encountered: