Execute systemctl commands from nodered on remote system? Since I am not running NR under root context, trying to find ways to do this. For example via exec node:
$ sudo systemctl --host=nodered@192.168.1.251 restart bind9.service
Have tried:
-
SSH keys from nodered to remote system - system demands interactive password
-
Tried adding nodered to suders configuration on all applicable systems - system still demands interactive password
Any other ideas? If I use NR under root suspect this would work... But would like to avoid it.
So apparently the following variant works... via an exec node:
ssh nodered@192.168.1.251 'sudo systemctl restart bind9.service'
Of course you have to get the 'nodered' id explicit permission via sudo to execute the above command.
# visudo /etc/sudoers.d/010_nodered
// Add...
nodered ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart bind9.service
And of course you have to setup SSH key to allow ssh shell password avoidance not just sudoer password avoidance.
There are 2 possible things that could cause this as far as I can see.
The most probable is that it is sudo asking for the password. You are directly triggering sudo on the node-red server so you need to ensure that the command you are triggering is the one you have put into sudoers. However, I'm not sure if you also trigger sudo on the remote system as well? If so, perhaps you need to add the command into that sudoers config as well?
The less likely reason would be that the host request is trying to ask for the password for the nodered user on the remote?
Are you actually running Node-RED on the remote server? If so, it would be easier possibly to have a flow on that server itself that restarts bind9 and then trigger that flow either via a webhook or an MQTT message.
And my workaround seems to work... but does not work. I get no error, I get all the response prompts/text I expect to see... but the result is a type of 'no-op' in that the command appears to run, execute, but systemd still shows the service as dead, offline. Result code is 0, which denotes correct execution... well.
If I run the exact command locally works. If I run the exact command on a remote server, it works. It is only when I run it via NR it appears to work but does not... interesting. Somewhere some way, I think I missed something.
As for using MQTT... I could also have a small python script, i.e. a listener, work as well, which would let me avoid additional copy of NR. Done this before.
Nuts... it apparently is working consistently... I had a 'index' typo, so when I thought I was testing 'service 1' I as actually restarting 'service 0'... LOL. The test inject node was wrong.
1 Like
