- Overview
- Module Description - What the module does and why it is useful
- Setup - The basics of getting started with rundeck
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
The rundeck puppet module for installing and managing Rundeck
Rundeck Version | Rundeck Puppet module versions |
---|---|
2.x - 3.0.X | v5.4.0 and older |
3.1 - up | v6.0.0 and newer |
Since Rundeck v3.1,
it is not required the installtion of rundeck-config
package for RHEL based distributions anymore.
Rundeck Team decided to mark this package obsolete, making it difficult to maintain backwards compatibility with releases older than 3.1.
Trying to install any version prior to 3.1.0 will throw the following error message:
Resolving Dependencies
--> Running transaction check
---> Package rundeck.noarch 0:2.11.5-1.56.GA will be installed
--> Processing Dependency: rundeck-config for package: rundeck-2.11.5-1.56.GA.noarch
Package rundeck-config is obsoleted by rundeck, but obsoleting package does not provide for requirements
...
If you need to downgrade and/or install a specific version of Rundeck older than 3.1.0, you can still use this module to do it (v5.4.0 and prior), although you would need to manually install the packages disabling yum's obsoletes processing logic when performing updates.
Ex:
yum reinstall --setopt=obsoletes=0 rundeck-config-3.0.24.20190719-1.201907192053 rundeck-3.0.24.20190719-1.201907192053
The latest version of this puppet module only supports Rundeck 3.1 and up.
This module provides a way to manage the installation and configuration of rundeck, its projects, jobs and plugins.
You need a compatible version of Java installed; you can use the puppetlabs/java module if there isn't already a suitable version.
On systems that use apt, there's a soft dependency on the puppetlabs/apt module.
The rundeck module primary class, guides the basic installation and management of rundeck on your system
Parameters within rundeck
:
Ensure the state of the rundeck package, either present, absent or a specific version
The method used to authenticate to Rundeck. Options: file, ldap, active_directory, ldap_shared, active_directory_shared. Default is file.
The template used for admin acl policy. Default is rundeck/aclpolicy.erb.
The template used for apitoken acl policy. Default is rundeck/aclpolicy.erb.
The path to the configuration directory where the properties file are stored.
The path to the directory to store logs.
The user that Rundeck is installed as.
The group that the Rundeck user is a member of.
The installation directory for Rundeck.
Web context path to use, such as "/rundeck". http://host.domain:port/server_web_context
Enable ssl for the Rundeck web application.
If ssl_enabled is True, you must supply this parameter. It is recommended that you provide the .crt and .key files separately via other means, such as a role or profile manifest.
How to: eg: environments/role/manifests/rundeck.pp
class role::rundeck (
...
$ssl_keyfile = hiera('rundeck::config::ssl_keyfile', "/etc/rundeck/ssl/${facts['fqdn']}.key"),
$ssl_certfile = hiera('rundeck::config::ssl_certfile', "/etc/rundeck/ssl/${facts['fqdn']}.crt"),
..
){
...
validate_string($ssl_keyfile)
validate_string($ssl_certfile)
...
class { 'rundeck':
...
ssl_keyfile => $ssl_keyfile,
ssl_certfile => $ssl_certfile,
...
}
...
}
Am End please add the module below to your environments/Puppetfile to use java_ks:
mod 'java_ks',
:git => 'https://github.com/puppetlabs/puppetlabs-java_ks.git',
:tag => '1.4.1'
Time limit (in minutes) for a logged in Rundeck web application user which as been inactive for a period of time.
The hash of projects in your instance.
The organization value that will be set by default for any projects.
The description that will be set by default for any projects.
The maximum number of threads used by Rundeck for concurrent jobs by default is set to 10.
The log4j logging level to be set for the Rundeck application.
Allows you to use your own profile template instead of the default from the package maintainer
Key ID for the GPG key for the Debian package
Keysever for the GPG key for the Debian package
Baseurl for the apt repo
URL or path for the GPG key for the rpm
Baseurl for the yum repo
Boolean value if set to true enables RSS feeds that are public (non-authenticated)
Boolean value if set to true enables cluster mode
The url used in sending email notifications.
A hash of the data base configuration. See Configure a MySQL database for an example.
If set, allows setting the execution mode to 'active' or 'passive'. Defaults to undef.
Full path to the java keystore to be used by Rundeck.
The password for the given keystore.
The default key password.
The full path to the java truststore to be used by Rundeck.
The password for the given truststore.
The name of the rundeck service.
A hash of the notification email configuraton.
A hash of the rundeck security configuration.
The name of the role that is required for all users to be allowed access.
Boolean value if set to true enables security_roles_array.
Array value if you want to have more role in web.xml
Whether to manage the bintray YUM/APT repository containing the Rundeck rpm/deb. Defaults to true.
Whether to manage group
(and enforce group_id
if set). Defaults to false.
Whether to manage user
(and enforce user_id
if set). Defaults to false.
Whether to create the rundeck_home
directory. Defaults to true.
Which keystorage type should be used:
- file - Default file based keystorage
- db - Use DB as keystorage
- vault - Use Hashicorp Vault
- An additional Rundeck Vault plugin is required.
The location of stored data like public keys, private keys.
The prefix for the Hashicorp Vault keys. See here for more information.
The URL for the Hashicorp Vault service
The AppRole ID for the Hashicorp Vault access
The Secret ID for the Hashicorp Vault access. Please note, that the Vault plugin isn't able to refresh the SecretID while running. You have to add a Cron job, to restart Rundeck. See here for more information.
The AppRole Authmount for the Hashicorp Vault access
The AuthBackend for the Hashicorp Vault, which should used
A definition for creating custom acl policy files
An array containing ACL policies. See rundeck::params::acl_policies / rundeck::params::api_policies as an example.
The user that rundeck is installed as.
The group permission that rundeck is installed as.
The rundeck configuration directory.
A definition for installing rundeck plugins
Parameters within rundeck::config::plugin
:
The http source or local path from which to get the jar plugin.
Default set to 'present' and can be set to 'absent' to remove the plugin for the system.
Timeout in seconds. Default is set to 300 seconds which is the default for the Exec type.
A definition for managing rundeck projects
Parameters within rundeck::project
:
The type of proivder that will be used for copying files to each of the nodes
The type of provider that will be used to gather node resources
A hash of rundeck::config::resource_source that will be used to specifiy the node resources for this project
The path the the ssh key that will be used by the ssh/scp providers
The directory where rundeck is configured to store project information
The user that rundeck is installed as.
The group permission that rundeck is installed as.
A definition for managing the resource sources for a given project
Parameters within rundeck::resource_source
:
The name of the project for which this resource in intended to be a part.
The sequential number of the resource within the project.
The source type where resources will come from: file, directory, url or script.
Boolean value to decide whether or not to include the server node in your list of avaliable nodes.
The format of the resource that will procesed, either resourcexml or resourceyaml.
When the url source_type is specified this is the path to that url.
An integer value in seconds that rundeck will wait for resources from the url before timing out.
Boolean value. Keep a local cache of the resources pulled from the url.
When the directory source_type is specified this is the path to that directory.
When the script source_type is specified this is the path that that script.
A string of the full arguments to pass the the specified script.
Boolean value. Quote the arguments of the script.
The interpreter to use in executing the script. Defaults to: '/bin/bash'
(Optional) Template for rundeckd.conf
(Optional) Template to use for rundeckd init script.
The directory where rundeck is configured to store project information.
The user that rundeck is installed as.
The group permission that rundeck is installed as.
To perform LDAP authentication and file authorization see example examples/ldap_shared.pp
To use an external MySQL database, the database_config
hash must be set to
override the default values which result in a local file based storage. To
enable key
and project
storage in the database, you must also set the two
associated parameters.
class { 'rundeck':
key_storage_type => 'db',
projects_storage_type => 'db',
database_config => {
'type' => 'mysql',
'url' => $db_url,
'username' => 'rundeck',
'password' => $db_pass,
'driverClassName' => 'com.mysql.jdbc.Driver',
}
}
rundeck
: Guides the basic installation of rundeck
rundeck::install
: Manages the installation of the rundeck packagesrundeck::service
: Manages the rundeck servicerundeck::config
: Manages all the global configuration of the rundeck applicationrundeck::config::global::framework
: Manage the configuration of shell tools and core rundeck servicesrundeck::config::global::project
: Managed the rundeck project configurationrundeck::config::global::rundeck_config
: Manages the rundeck webapp configuration filerundeck::config::global::ssl
: Manages the ssl configuration for the rundeck webapp
rundeck::config::aclpolicyfile
: Manages a acl policy filerundeck::config::plugin
: Manages the installation of rundeck pluginsrundeck::config::project
: Manages the configuration of rundeck projectsrundeck::config::resource_source
: Manages resource sources for each project
This module is tested on the following platforms:
- CentOS 6
- CentOS 7
- Ubuntu 14.04
- Ubuntu 16.04
It is tested with the OSS version of Puppet only.
This module is maintained by Vox Pupuli. Vox Pupuli welcomes new contributions to this module, especially those that include documentation and rspec tests. We are happy to provide guidance if necessary.
Please see CONTRIBUTING for more details.