Refer to my installation under ubuntu
Administration
Project
For every project there is a directory in
/var/rundeck/projects/
Inside there is a file with the definition of all the nodes
/var/rundeck/projects/test/etc# less resources.xml
New project
when add a new project after the creation you need to replace the file /var/rundeck/projects/projectname/etc/resources.xml in the projects changes
Add a new role/group
you need to modify the /var/lib/rundeck/exp/webapp/WEB-INF/web.xml read here the details
https://github.com/rundeck/rundeck/wiki/FAQ
Windows
instruction to configure client and server
http://www.diegoluisi.eti.br/2015/06/linux/rundeck-how-to-add-windows-node/
the module on github
https://github.com/rundeck-plugins/rundeck-winrm-plugin
Using the cli
main page for command line
http://rundeck.org/docs/man1/index.html
you can do everything from command line the most useful command is
the run command
for node in $(cat list.txt); do
tools/bin/run -i 5f7f83-694-47-8ec4-83fe5935e7 -- -action download-the-node-write-AND-apply-ST -machine $node
done
before of that you need to configure the user for the login http://rundeck.org/docs/man1/cli-tool-authentication.html
Using the api
it is possible call the jobs using web api
First of all you need a token you can find the instruction to use here
http://rundeck.org/docs/api/#token-authentication
in my examples the token is XXXXX and the process is called puppetmaster
rundeck system info
http://jenkins.mycloud.net:8453/api/14/system/info?authtoken=XXXXXXX
list all the projects
http://jenkins.mycloud.net:8453/api/14/projects?authtoken=XXXXXXX
run a process, you need to know the id, you can find in the web part
http://jenkins.mycloud.net:8453/api/12/job/789654-5a82-4b0e-9c13-1e4a54ff/run?authtoken=XXXXXXX
list all the jobs of a project
http://jenkins.nycloud.net:8453/api/14/project/puppetmaster/jobs?authtoken=XXXXXXX
Authentication realm and ldap
doc page of rundeck http://rundeck.org/docs/jp/administration/09-authentication.html
to use ldap authentication by ssl you need to enable the keystore inside the java
here some links
https://docs.oracle.com/cd/E29585_01/PlatformServices.61x/security/src/csec_ssl_jsp_start_server.html
http://stackoverflow.com/questions/2343691/do-you-not-need-a-password-to-access-a-truststore-made-with-the-java-keytool
http://www.javacodegeeks.com/2014/07/java-keystore-tutorial.html
ldap and groups:
- https://groups.google.com/forum/#!topic/rundeck-discuss/-Lh1DMloAX4
- https://groups.google.com/forum/#!topic/rundeck-discuss/LfnxHjkUtb0
- https://groups.google.com/forum/#!topic/rundeck-discuss/pgJA3mhENw8
- https://groups.google.com/forum/#!topic/rundeck-discuss/rnuDDzLrMiU
- https://groups.google.com/forum/#!topic/rundeck-discuss/rmDa9eEdMwo
After a while I found the correct configuration for ldap
ldaps
the important steps to resolve the problem caused by a domain controller autosign certificate
- save the ldaps certificate
- setup in the system keytool of the jvm
- setup in another keytool to connect in rundeck
The connect configuration and role
~/rundeck # cat server/config/jaas-ldap.conf
activedirectory {
com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule sufficient
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
providerUrl="ldaps://hostname.mycompany.net:636"
bindDn="CN=sa-bcloud,OU=Service_Account,OU=AD_Security,OU=Administration,dc=intra,dc=corp,dc=mydomain,dc=com"
bindPassword="SecretPasswordblablabla123"
authenticationMethod="simple"
forceBindingLogin="true"
userBaseDn="dc=intra,dc=corp,dc=company,dc=com"
userRdnAttribute="sAMAccountName"
userIdAttribute="sAMAccountName"
userPasswordAttribute="unicodePwd"
userObjectClass="user"
roleBaseDn="dc=intra,dc=corp,dc=company,dc=com"
roleNameAttribute="cn"
roleMemberAttribute="member"
roleObjectClass="group"
cacheDurationMillis="300000"
supplementalRoles="user"
reportStatistics="true";
org.eclipse.jetty.plus.jaas.spi.PropertyFileLoginModule required
debug="true"
file="/products/software/rundeck/server/config/realm.properties";
};
the most important part is the supplementalRoles="user" , this role is applied to all the ldap users
~/rundeck # cat etc/admin.aclpolicy
description: Admin, all access.
context:
project: '.*' # all projects
for:
resource:
- allow: '*' # allow read/create all kinds
adhoc:
- allow: '*' # allow read/running/killing adhoc jobs
job:
- allow: '*' # allow read/write/delete/run/kill of all jobs
node:
- allow: '*' # allow read/run for all nodes
by:
group: [admin,GD-PAAS-Puppet-Users]
---
description: Admin, all access.
context:
application: 'rundeck'
for:
resource:
- allow: '*' # allow create of projects
project:
- allow: '*' # allow view/admin of all projects
project_acl:
- allow: '*' # allow admin of all project-level ACL policies
storage:
- allow: '*' # allow read/create/update/delete for all /keys/* storage content
by:
group: [admin,GD-PAAS-Puppet-Users]
you need to do the following steps
- click on your username on the top on the left
- select profile
- click on the "Edit Button"
- insert your email , first , name and last name
- after this you can see all the groups