18 August 2019

Rundeck - Runbook Automation tool

Rundeck is an opensource tool that helps you automate & schedule your operational jobs. It provides number of features like scheduling jobs, automating execution of ansible playbooks, notifying about the status of your job in form of sending emails in my favourite.
Configuring rundeck is straight forward, you can install rundeck as a service in your linux host or use it as a docker image as well.

quick setup
$ wget http://repo.rundeck.org/latest.rpm
$ rpm -Uvh latest.rpm $ yum install rundeck java $ service rundeckd start
$ service rundeckd status
 rundeckd.service - SYSV: rundeckd, providing rundeckd
   Loaded: loaded (/etc/rc.d/init.d/rundeckd; bad; vendor preset: disabled)
   Active: active (running) since Mon 2020-08-17 13:23:14 BST; 20h ago
$ tail -f /var/log/rundeck/service.log
[2020-08-14T09:02:28,539] INFO  rundeckapp.BootStrap - Rundeck is ACTIVE: executions can be run.
[2020-08-14T09:02:28,635] WARN  rundeckapp.BootStrap - [Development Mode] Usage of H2 database is recommended only for development and testing
[2020-08-14T09:02:28,899] INFO  rundeckapp.BootStrap - Rundeck startup finished in 646ms
[2020-08-14T09:02:28,991] INFO  rundeckapp.Application - Started Application in 25.616 seconds (JVM running for 28.068)
Grails application running at http://localhost:4440 in environment: production

quick setup as a docker Image and config customization
$ docker pull rundeck/rundeck

# editing default port if it is blocked (4440), modify below three files
$ vi /etc/rundeck/profile
$ vi /etc/rundeck/framework.properties
$ vi /etc/rundeck/rundeck-config.properties

# changing the default password of rundeck
$ cd /etc/rundeck/
edit realm.properties and change the admin values to something new

# adding a new user
$ cd /etc/rundeck/
$ sudo vi realm.properties
(add following lines next to admin:admin,user,admin line)
        user1: user1pass,user,admin,architect,deploy,build
   where user,admin,architect,deploy,build are different roles we can assign to user1

now login to rundeck console with admin access and navigate to 

settings > Access Control  > + Create ACL Policy

add following two scopes in order to give read access as an example to user user1

# Project scope
descriptionuser1 with read access to projects.
    - equals:
      allow: [read# allow to read jobs
    - equals:
      allow: [read# allow to read node sources
    - equals:
      allow: [read]
    - allow: [read# allow read of all jobs
    - deny: [run# don't allow adhoc execution
    - allow: [run# allow run on nodes with the tag 'mytag'

# Application scope
descriptionapplication level ACL.
    - equals:
      allow: [read]
    - equals:
      allow: [read]
    - equals:
      allow: [read]
    - equals:
      allow: [admin]
    - match:
      allow: [read]


happy rundecking!

No comments:

Post a comment