Configuring rundeck is straight forward, you can install rundeck as a service in your linux host or use it as a docker image as well.
quick setup
$ vi /etc/yum.repos.d/rundeck.repo [rundeck] name=rundeck baseurl=https://packages.rundeck.com/pagerduty/rundeck/rpm_any/rpm_any/$basearch repo_gpgcheck=1 gpgcheck=1 enabled=1 gpgkey=https://packages.rundeck.com/pagerduty/rundeck/gpgkey,https://docs.rundeck.com/keys/BUILD-GPG-KEY-20230105.key sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt metadata_expire=300$ yum install rundeck java $ service rundeckd start$ service rundeckd status ● rundeckd.service - SYSV: rundeckd, providing rundeckd Loaded: loaded (/etc/rc.d/init.d/rundeckd; bad; vendor preset: disabled) Active: active (running) since Mon 2020-08-17 13:23:14 BST; 20h ago
$ tail -f /var/log/rundeck/service.log [2020-08-14T09:02:28,539] INFO rundeckapp.BootStrap - Rundeck is ACTIVE: executions can be run. [2020-08-14T09:02:28,635] WARN rundeckapp.BootStrap - [Development Mode] Usage of H2 database is recommended only for development and testing [2020-08-14T09:02:28,899] INFO rundeckapp.BootStrap - Rundeck startup finished in 646ms [2020-08-14T09:02:28,991] INFO rundeckapp.Application - Started Application in 25.616 seconds (JVM running for 28.068) Grails application running at http://localhost:4440 in environment: production
quick setup as a docker Image and config customization
$ docker pull rundeck/rundeck# Update the default port if it is blocked (4440) & localhost to DNS, in below three files$ vi /etc/rundeck/profile //only port$ vi /etc/rundeck/framework.properties // IP & PORT$ vi /etc/rundeck/rundeck-config.properties // IP & PORT# changing the default password of rundeck$ cd /etc/rundeck/edit realm.properties and change the admin values to something new# adding a new user$ cd /etc/rundeck/$ sudo vi realm.properties(add following lines next to admin:admin,user,admin line)user1: user1pass,user,admin,architect,deploy,buildwhere user,admin,architect,deploy,build are different roles we can assign to user1
now login to rundeck console with admin access and navigate to
settings > Access Control > + Create ACL Policy
add following two scopes in order to give read access as an example to user user1
# Project scopedescription: user1 with read access to projects.context:project: '.*'for:resource:- equals:kind: joballow: [read] # allow to read jobs- equals:kind: nodeallow: [read] # allow to read node sources- equals:kind: eventallow: [read]job:- allow: [read] # allow read of all jobsadhoc:- deny: [run] # don't allow adhoc executionnode:- allow: [run] # allow run on nodes with the tag 'mytag'by:group: admin---# Application scopedescription: application level ACL.context:application: 'rundeck'for:resource:- equals:kind: projectallow: [read]- equals:kind: systemallow: [read]- equals:kind: system_aclallow: [read]- equals:kind: userallow: [admin]project:- match:name: '.*'allow: [read]by:group: admin
happy rundecking!
No comments:
Post a Comment