cookbook 'rundeck', '= 4.0.1'
rundeck
(56) Versions
4.0.1
-
-
8.1.6
-
8.1.5
-
8.1.4
-
8.1.3
-
8.1.2
-
8.1.1
-
8.1.0
-
8.0.10
-
8.0.9
-
8.0.8
-
8.0.7
-
8.0.6
-
8.0.5
-
8.0.4
-
8.0.3
-
8.0.2
-
8.0.1
-
8.0.0
-
7.2.5
-
7.2.4
-
7.2.3
-
7.2.2
-
7.2.1
-
7.2.0
-
7.1.0
-
7.0.0
-
6.0.0
-
5.2.2
-
5.2.1
-
5.2.0
-
5.1.1
-
5.1.0
-
5.0.3
-
5.0.2
-
5.0.1
-
4.2.0
-
4.1.1
-
4.1.0
-
4.0.5
-
4.0.4
-
4.0.3
-
4.0.2
-
4.0.1
-
4.0.0
-
3.2.1
-
3.0.1
-
3.0.0
-
2.0.12
-
2.0.11
-
2.0.10
-
2.0.7
-
2.0.5
-
2.0.4
-
2.0.3
-
2.0.2
-
2.0.0
Follow24
- 8.1.6
- 8.1.5
- 8.1.4
- 8.1.3
- 8.1.2
- 8.1.1
- 8.1.0
- 8.0.10
- 8.0.9
- 8.0.8
- 8.0.7
- 8.0.6
- 8.0.5
- 8.0.4
- 8.0.3
- 8.0.2
- 8.0.1
- 8.0.0
- 7.2.5
- 7.2.4
- 7.2.3
- 7.2.2
- 7.2.1
- 7.2.0
- 7.1.0
- 7.0.0
- 6.0.0
- 5.2.2
- 5.2.1
- 5.2.0
- 5.1.1
- 5.1.0
- 5.0.3
- 5.0.2
- 5.0.1
- 4.2.0
- 4.1.1
- 4.1.0
- 4.0.5
- 4.0.4
- 4.0.3
- 4.0.2
- 4.0.1
- 4.0.0
- 3.2.1
- 3.0.1
- 3.0.0
- 2.0.12
- 2.0.11
- 2.0.10
- 2.0.7
- 2.0.5
- 2.0.4
- 2.0.3
- 2.0.2
- 2.0.0
Installs and configures Rundeck 2.x
cookbook 'rundeck', '= 4.0.1', :supermarket
knife supermarket install rundeck
knife supermarket download rundeck
Rundeck Cookbook
Installs and configures a Rundeck 2.0 server with Chef integration via the chef-rundeck.gem. Projects in rundeck can be dynamically configured via data bag items using search. Linux and Windows client nodes are supported. The cookbook has optional support for Active Directory and LDAP.
Requirements
Chef
- Chef 11+
Because of the heavy use of search, this recipe will not work with Chef Solo, as it cannot do any searches without a server.
This cookbook relies on multiple data bags. See Data Bag below.
Platforms
- Debian 7+
- Ubuntu 12.04+
- RHEL 5+
- Windows 7 Enterprise (managed node)
- Windows 2008 R2 (managed node)
- Mac OS X (managed node)
Notes: This cookbook has been tested on the listed platforms. It may work on other platforms with or without modification.
In RHEL / CentOS, SELinux is enabled by default. Because it blocks apache mod_proxy , disable, or add an exception to, selinux.
Cookbooks
- Java
- Apache2
- Sudo
- Runit
Attributes
default
Linux default attributes for all rundeck managed nodes and server
-
node['rundeck']['user']
- Rundeck username (linux), default 'rundeck' node['rundeck']['user_home']
- Rundeck user home directory (linux), default '/home/rundeck'node['rundeck']['framework']['properties']
- Use to set additional config in theframework.properties
templatenode['rundeck']['rundeck_databag_secure']
- Rundeck secure data bag item for all keys and passwords, default 'secure'node['rundeck']['rundeck_databag']
- Rundeck configuration data bag for secure data, default 'rundeck'node['rundeck']['rundeck_projects_databag']
- Rundeck project configuration data bag. Used for project creating and chef-rundeck. default 'rundeck_projects'node['rundeck']['rundeck_databag_aclpolicies']
- Aclpolicies databag. Default is 'nil'. Example aclpolicy databag can be found intest/integration/default/data_bags/rundeck/aclpolicies.json
node['rundeck']['session_timeout']
- Number of minutes a rundeck session will last, before having to login again, default '30'node['rundeck']['use_ssl']
- Whether or not to use SSL for the apache vhost, default false-
node['rundeck']['use_inbuilt_ssl']
- Whether or not to use the inbuilt SSL for rundeck server. Default falseNote: If using this option the ssl.properties file needs to be generated by a wrapper cookbook. A sample template ssl.properties.erb can be found in this repo. Check rundeck documentation for more details.
node['rundeck']['ssl']['port']
- Use while using inbuilt SSL. Default 4443node['rundeck']['cert']['name']
- SSL certificate name. Certificate files should be named this .key and .crt, default node['rundeck']['hostname']node['rundeck']['cert']['ca_name']
- SSL CA certificate name. If this and use_ssl are set, a certificate authority file is used in the apache vhost. CA certificate files should be named this .crt, default 'nil'node['rundeck']['cert']['cookbook']
- The cookbook to copy the SSL certificates from, default 'rundeck'node['rundeck']['webcontext']
- The URI portion of the rundeck server, default '/', you can set it to '/rundeck' if your webserver is handling other tasks besides rundeck.node['rundeck']['grails_server_url']
- The URL of the rundeck server, default 'http://#{node['rundeck']['hostname']}#{node['rundeck']['webcontext']}', or 'https://#{node['rundeck']['hostname']}#{node['rundeck']['webcontext']}' if use_ssl is set.node['rundeck']['grails_port']
- The port to be used as part of the rundeck url in grails.
Windows default attributes for all rundeck managed nodes
-
node['rundeck']['windows']['user']
- Windows user to create, default 'rundeck' -
node['rundeck']['windows']['group']
- Windows user group to add the 'rundeck' user to, default 'Administrators' -
node['rundeck']['server_url']
- Due to a bug in some cases on rundeck, if this is filled out a bad login may occur. Some instances this may need to be set to other values or even nil. This will control the serverUrl in the config. -
node['rundeck']['log_level']
- Debug level for rundeck (ERR,WARN,INFO,VERBOSE,DEBUG), default INFO -
node['rundeck']['rss_enabled']
- true/false for RSS support
chef-rundeck
Chef rundeck integration service attributes
node['rundeck']['chef_config']
- Chef-Rundeck client configuration, default '/etc/chef/rundeck.rb'node['rundeck']['chef_rundeck_url']
- Chef-Rundeck URL, default 'http://chef.hostdomain:9980'node['rundeck']['chef_rundeck_port']
- Chef-Rundeck binds to port, default '9980'node['rundeck']['chef_rundeck_host']
- Chef-Rundeck binds to address, default '0.0.0.0'node['rundeck']['chef_rundeck_cachetime']
- Number of seconds for Chef-Rundeck to cache the answer from the Chef server, default '30'node['rundeck']['chef_rundeck_partial_search']
- Chef-Rundeck enabled to use partial search (Chef 11 only), default 'false'node['rundeck']['chef_webui_url']
- Chef Server Web UI URL, default 'https://chef.hostdomain.com'node['rundeck']['chef_url']
- Chef Server API URL, default 'https://chef.hostdomain.com'node['rundeck']['project_config']
- Generated project configuration from data bags, default '/etc/chef/chef-rundeck.json'node['rundeck']['chef_rundeck_gem']
- Use a custom version of the chef-rundeck gem (eg. local version), default 'nil' uses the gem repo by default
server
Attributes that configure and manage the installation of the Rundeck server
-
node['rundeck']['configdir']
- Configuration directory, default '/etc/rundeck' -
node['rundeck']['basedir']
- Rundeck installation directory, default '/var/lib/rundeck' -
node['rundeck']['exec_logdir']
- Directory where rundeck stores execution logs. Deafult is "#{node['rundeck']['basedir']}/logs" -
node['rundeck']['datadir']
- Rundeck project directory, default '/var/rundeck' -
node['rundeck']['tokens_file']
- File containing user API tokens (e.g. '/etc/rundeck/tokens.properties'), default is nil (not set) -
node['rundeck']['deb']['package']
- Package file name to install, used in the building of the URL -
node['rundeck']['deb']['options']
- dpkg install options, default false -
node['rundeck']['url']
- URL for the deb file to download and install, default "http://download.rundeck.org/deb/#{node['rundeck']['deb']['package']}" -
node['rundeck']['checksum']
- Checksum for the deb -
node['rundeck']['rpm']['repo']['url']
- URL for the yum repo location, default "http://dl.bintray.com/rundeck/rundeck-rpm" -
node['rundeck']['rpm']['repo']['gpgkey']
- URL for gpg key for yum repo authentication, default "http://rundeck.org/keys/BUILD-GPG-KEY-Rundeck.org.key" -
node['rundeck']['rpm']['repo']['gpgcheck']
- Whether to perform gpg check on package, default True -
node['rundeck']['rpm']['version']
= RPM download name, from http://dl.bintray.com/rundeck/rundeck-rpm -
node['rundeck']['jaas']
- Use built in internal realms.properties file, or a different one (options 'activedirectory', default 'internal') -
node['rundeck']['default_role']
- Require users to be a member of this role for Rundeck access, default 'user' -
node['rundeck']['security_roles']
- Array containing additional security roles for which Rundeck will attempt to validate membership. For an explanation of this, see the Rundeck documentation. -
node['rundeck']['hostname']
- VIP or server address for the service, default 'rundeck.hostdomain.com' -
node['rundeck']['port']
- Internal server port for the service, default '4440' -
node['rundeck']['email']
- Email address, default 'rundeck@hostdomain.com' -
node['rundeck']['restart_on_config_change']
- When true, rundeck will restart on any configuration file change. (even if a job is running) default 'false' -
node['rundeck']['jvm_mem']
- JVM memory arguments, default '-XX:MaxPermSize=256m -Xmx1024m -Xms256m'
Attributes that configure SMTP settings for email notifications
-
node['rundeck']['mail']['host']
- SMTP server hostname or IP address -
node['rundeck']['mail']['port']
- SMTP server port (default 25) -
node['rundeck']['mail']['username']
- SMTP User name (not required) -
node['rundeck']['mail']['password']
- SMTP User password (not required)
If you want to use encrypted databags for your windows password and/or public/private key pairs generate a secret using:
bash
$ openssl rand -base64 512 | tr -d '\r\n' > rundeck_secret
Distribute to all systems that will work with rundeck via a recipe and set the path to that file in the following attribute
node['rundeck']['secret_file']
- default 'nil'node['rundeck']['rdbms']['enable']
- enable RDBMS support, default falsenode['rundeck']['rdbms']['type']
- database type, default 'mysql'
Common RDBMS Configuration
-
node['rundeck']['rdbms']['location']
- RDBMS server name -
node['rundeck']['rdbms']['dbname']
- database name, default 'rundeckdb' -
node['rundeck']['rdbms']['dbuser']
- database username, default 'rundeckdb' -
node['rundeck']['rdbms']['dbpassword']
- database password -
node['rundeck']['rdbms']['port']
- database port number, default '3306'
Oracle RDBMS Configuration
-
node['rundeck']['rdbms']['dialect']
- hibernate database dialect, default 'Oracle10gDialect'
Windows Attributes
-
node['rundeck']['windows']['winrm_auth_type']
- winrm authentication type (options 'basic' or 'kerberos', default: 'basic') -
node['rundeck']['windows']['winrm_cert_trust']
- winrm SSL security (options 'all', 'self-signed', 'default' (trusted certs only), default: 'all') -
node['rundeck']['windows']['winrm_hostname_trust']
- winrm hostname security (options 'all', 'strict', 'browser-compatible', default: 'all') -
node['rundeck']['windows']['winrm_protocol']
- winrm protocol to use, either 'http' or 'https'. default: 'https'
Active Directory/LDAP Attributes
-
node['rundeck']['ldap']['provider']
- LDAP server for connection -
node['rundeck']['ldap']['binddn']
- LDAP root bind DN. It will be ignored ifnode['rundeck']['ldap']['forcebindinglogin']
is true -
node['rundeck']['ldap']['bindpwd']
- LDAP root bind password. It will be ignored ifnode['rundeck']['ldap']['forcebindinglogin']
is true -
node['rundeck']['ldap']['authenticationmethod']
- LDAP authentication method -
node['rundeck']['ldap']['forcebindinglogin']
- If true, bind as the user is authenticating, if not it bind using the root DN and perform a search to verify the user password -
node['rundeck']['ldap']['userbasedn']
- LDAP base user DN search -
node['rundeck']['ldap']['userrdnattribute']
- LDAP attribute name for user name -
node['rundeck']['ldap']['useridattribute']
- LDAP attribute name to identify user -
node['rundeck']['ldap']['userpasswordattribute']
- LDAP attribute name for user password -
node['rundeck']['ldap']['userobjectclass']
- LDAP object class for user -
node['rundeck']['ldap']['rolebasedn']
- LDAP base role DN search -
node['rundeck']['ldap']['rolenameattribute']
- LDAP attribute name for role name -
node['rundeck']['ldap']['rolememberattribute']
- LDAP attribute name that would contain the users DN -
node['rundeck']['ldap']['['roleusernamememberattribute']
- LDAP attribute name that would contain the users' user name. If set,node['rundeck']['ldap']['rolememberattribute']
will be not used -
node['rundeck']['ldap']['roleobjectclass']
- LDAP object class for group -
node['rundeck']['ldap']['roleprefix']
- Prefix string to remove from role names before returning to the application -
node['rundeck']['ldap']['cachedurationmillis']
- Duration in milliseconds of the cache of an authorization -
node['rundeck']['ldap']['reportstatistics']
- If true, output cache statistics to the log -
node['rundeck]['ldap]['debug']
- If true, output debug logs related to ldap to rundeck service.log. Default is true.
Quartz Configuration
-
node['rundeck']['quartz']['threadPoolCount']
- Quartz job threadCount. The maximum number of threads used by Rundeck for concurrent jobs by default is set to 10.
Custom Configuration
- Custom framework configuration (framework.properties) can be specified using
node['rundeck']['custom_framework_config']['<custom _configuration>']
- Custom rundeck configuration (rundeck-config.properties) can be specified using
node['rundeck']['custom_rundeck_config']['<custom _configuration>']
- Custom JVM properties (profile) can be specfied using
node['rundeck']['custom_jvm_properties']
Note: Using custom configuration is for advanced users.
Recipes
default
Includes the rundeck::node_unix
or rundeck::node_windows
(depending on platform) recipe to configure rundeck access on the node.
node_unix
Configures node the for rundeck access. Creates the user specified in node['rundeck']['user']
and manages all SSH keys (see Data Bag below) in the home directory node['rundeck']['user_home']
. Default for Debian / Ubuntu systems.
node_windows
Configures node the for rundeck access. Creates the user specified in node['rundeck']['windows']['user']
and manage the correct group memberships (node['rundeck']['windows']['group']
) and passwords (see Data Bag below). Default for Microsoft Windows sytems.
chef-rundeck
Installs the chef-rundeck sinatra application which allows integration with a Chef server. This recipe can be used on any node including the chef server itself.
server
Includes rundeck::default
The server recipe sets up Apache as the web front end by default.
The recipe does the following:
- Determines if encrypted data bags are in use
- Installs rundeck, and dependent packages, required for the server
- Sets up configuration directories
- Creates SSH keys from data bag
- Configures winRM (if needed)
- Ensures 'rundeck' user owns the project directory
- Configures and enables the Rundeck web UI via Apache
- Starts the Rundeck server service
- Configures and registers Rundeck projects based on the data bag entries
Data Bags
Rundeck
Create a rundeck
data bag that will contain the secrets that will be used to log into the rundeck managed nodes. The data bag can be encyrpted via a secret. If using a encrypted data bag, the secret file must be avaiable on each of the managed nodes. Example rundeck data bag item:
{ "id": "secure", "description": "Rundeck requires credentials to execute on remote nodes", "private_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAt3iZzG ..... -----END RSA PRIVATE KEY-----", "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAA ......... f3OC9Jxe/VcFmtelcmQ== rundeck keys", "windows_password": "<plain text password>", "chef_rundeck_pem": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAx5t2uL0kAD2 ..... qTzvcb1u87qWh7rnRlHUeDQ+nI7ZBFgJK\n-----END RSA PRIVATE KEY-----" }
Generate a public and private key for rundeck to manage nodes via SSH.
bash
$ ssh-keygen -N '' -q -f /tmp/rundeck_rsa
$ cat /tmp/rundeck_rsa | awk '{ printf "%s\\n", $0 }'
-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAoVVcdyhqZYFfUP/E4hFeRotgE0LBolyWPeDifbOMEK9zRCUx\niwTLAiZlmGRCUMytaslIQ17
9zU7WM2fIidWbAxyy8L7N/fadLcL2B6HtKMOCcHW/\nXntMplPA8SKM1bjZ81CG1cd+JGP7knHZ07anvIUBlgT3DbwzDEwuAnmyvuqC7RBp\nE1XCmGqNUANQt
e36+f7SL7GSv8V1H+xeANWM6Y83MEI8hvN0nsWLvEjVZifsyI/v\njtPDV0VRetr+GpyK4ir1naNIG4aRHPnteqzuLX2mmFOFbvRalLE3Gq30qj4/B5Qz\n0wR
28i7rJZ4Z1K0CO7SDrQeh0TO3pUB2qlmNvwIDAQABAoIBAG2zkHtJ1QcOcFSw\nhhy+eJ95WCvgobAYSuTqjLeypdQWqUc2DzkbWjstBroXumwcsPLCyUteRTA
colQ0\nBs2KnKwCEL7Yz1MYJQqf3hGUjqHAR2rW9fh12Mnke3a76o3M8w6avASTcPensMGE\nfvyR3/61Zj2vRJpnVULQbhyqyds8oMRNzpvxKM+ogixseJvu3
5G+Rt4/U2QyBBlr\nkompgPxphKqiilp4J3bCTEVtGbgWYgVn/tleorvA+KqYeAm9thOqItMwKrqtbBon\ndVmJadeqjIHVTx+kiXfKqb9h/685MKcuqbUUYmY
iPs726ToiB+921OzvwmCuTZjx\nSHDJ2CECgYEAzPxcEe9KCJ6aE5st80qQltvVLwcKsc/YlDsLLJtSMwqQXqHnPMwB\n6/HO460t5/zAIO9hUG6waVq3H54DC
4lVdvFlta8AXUBEo8ycF4x4024c3H+YmsXf\nIuA5sESbMdgKrgceR3mwatsqYjIM6EEMI0qA2pN4m6EklQxiFmNR/NECgYEAyXvp\ncdZ3HPUoyg674xh+veX
XvNuC4PxlCE5HdETat9ZUYjnyn74N320uhfXPKm+072dD\n3Sp7QYYCj/CiF+I6MZHDim7aFAkDVBsZQ6pR7zVNc61f69Up6j9iR6CWCD/+kRX4\n/pEY22mMO
vRrQq2mei74SvaR1lZ5wTZEiYYZRY8CgYAZqECx8fyXRZrNd2/x8tRU\nPaHaaAw7o2NdcmJ8q9hHETxuy98QqgxXhwW5U7TaQ7WcqbnJgoFMPpGLQJDrAb6T\
ny7VKX2QxR9kPk426GNgKxs6P/tyQCtJaICy4Vm4CeCMmEzgEBERDq7kLX25kJ7go\nNqwYL7s555qXmVwxpy7c8QKBgF3vESTrkdjES2H4gIwdrWknMO9xf5E
Y2pmGtTV1\nrGqs1+Z7kav71UfnBRubQBxOvBIpGLCRz6j6q1MkIs3zwKG/jWSKzc0tbonVoG+1\nhkF5nkRh/iha1xHIvy8ZpRjvjOVjUxSL3QTeLmyF60PI5
aZtI4D/d3pwEo+Ll2Ru\nSnXtAoGBAJ105hXm36CGUKDoWN+uKyZVeKf9t4WP02G1pYsJ8GwxxSmoR+aIFoxo\nZ2POfSjybf3hZUMYO9J6jCVMrU05hwPVkwl
W3zEq86o2+hgjwYBJQodBF8H1FOsa\nGjBkfxSrnrze8e6EYC5GV35bY+/tGsxYO/cHUvQXiMAZZIf/dGQK\n-----END RSA PRIVATE KEY-----
Copy the line returned and place in the data bag item as the private_key
.
$ cat /tmp/rundeck_rsa.pub | awk '{ printf "%s\\n", $0 }' ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChVVx3KGplgV9Q/8TiEV5Gi2ATQsGiXJY94OJ9s4wQr3NEJTGLBMsCJmWYZEJQzK1qyUhDXv3NTtYzZ8iJ1Z sDHLLwvs399p0twvYHoe0ow4Jwdb9ee0ymU8DxIozVuNnzUIbVx34kY/uScdnTtqe8hQGWBPcNvDMMTC4CebK+6oLtEGkTVcKYao1QA1C17fr5/tIvsZK/xXUf 7F4A1YzpjzcwQjyG83SexYu8SNVmJ+zIj++O08NXRVF62v4anIriKvWdo0gbhpEc+e16rO4tfaaYU4Vu9FqUsTcarfSqPj8HlDPTBHbyLuslnhnUrQI7tIOtB6 HRM7elQHaqWY2/ rundeck@rundeckserver
Copy the line returned and place in the data bag item as the public_key
.
Use knife to create a new client for Chef-Rundeck integration.
bash
$ knife client create -a chef-rundeck -f /tmp/chef-rundeck
$ cat /tmp/chef-rundeck | awk '{ printf "%s\\n", $0 }'
-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAunxd79sbk2RLP6NRFUCf7ptPuSlhTmqPlDXJPcxjCStUoVbX\n9lcIsVH8FenscWtwReqw7ca
A5mthm3JKke3Ux1eYfwdgBLICdgBUfDox53nuhIg0\nuUcTfODgMtef2+OxEx2Fu0fxydqFM6bIeLi8+REDQ9I/ew5Serreg3Kg+SMWYjkG\ncW5fB1OTaVz6/
Xk9xXWy/pa7rH/Tnq3JEgpG34a6w1+j+NBlpqjS/RmtXUaJQjCb\nrrektQw0P+gfW2+jd+z46DyZSFPT0KYorPIugujdzzJ/Tbl/DBGj0MdA2r2ZDsNX\nHMh
KV0Qqy5s5f3PsHr3+JWC3eyZBFtlh6wzVKwIDAQABAoIBAAwSFLp7wjMuILjD\nx3HKtw9ouiZQCV5cA2MigB4h5p8nUNkIl/338DYaCmkYtRc6TxAXetBJMvq
3JKA9\nK5p6fHVStCo0vgBPzVz59H39/lDvUYL+lfsQILDKlXh1AIHpIQMNvCQ9KedY35pS\nR1OZEZJFiaKQL0+1w5zyD4kOmGDHyk/QTekq7HRN2Z3FXB7Ez
C+44P4NJlM8oK1G\nqEouTGMDoy8bK38Zfd3m6ym2sWBNoSfQe3jufNbWeOW91unSrs74jz+8l0yTn6J/\n9zuDtOvbUfWJubcHIcNiUG5+x7OIIpecaOOwrgk
Wdhxmf0hkNBQaPD+cBaM82NhK\n+dpvRsECgYEA5SfVo5s7syqFOWVa2YjCVYyBFxS6BG7t51RVjRAPyMhV6L/gBnNy\nIJBDKc7XTcWCdCQZvWOEKHqLtMVOp
5vr7lydSukXqcvAVX6hQ7AYuymjjKW2di8K\nqPbvMn/1tEkCZcEPC6Eik7aNc78KYbJGo9bV/W+H0woO75Fv5JeWvvECgYEA0FTn\nkRiIBwk0WJcUe7rnu2m
ITMzi2UEDQ3ClYvFJZQblIYI1tj9ssf5UsutH3BfD/pSi\n67oBDCQX/VqR8eolKbi9Qo7Ix9PI8yX9ELYvPYs5ntbyPmw9kvGGJm8pSNbHvthy\nPjNBME4gX
7uKdxGkvqq9IkYQlFfWBBXHBYI5TdsCgYB+I6ZC79E194LsLDGNKu2m\nP7hTZzJZ/GHyg4awJpY5tKUtgGklw+ifqil+WwBDLCR6H+EXUi9ORN6gPDfmpTqC\
ns/JVaOeArMqLhS/p3YZPiEUhx5ofhhd9GKhkiPFMMyAhuNq6URGCc+t7Oj7RtluS\nFlEmt3zxm0jLcKhCEXuGUQKBgQCB4l1Y9b1g/ZkYHmET3uw4yMvEbfy
ETGcXdbR2\n4k3K4aia4o5QKGzA7/qobc2oZ1y3bL3CT331rs8SEpRpCXzP7TB5vYFqLBzdkvKa\np6r+KL3szL/MsTkWUuQ7NBS+J8HytwlKxDPBRQQkC02Bf
IuEn/g41QvjIHv6ogUp\n5w2I/wKBgG28Z5IAWXa3g5hPe4D2kfOVp+fIAsvMqosc74QLd61lRSX25YU1CgVG\nB+Jgt4trIHPnPqQ5rC8PuHI5khcRObLHr48
yCBfa+Xy7nF/HoPuULDzqIjJccHuJ\ncZC8J0MnQaZvJolodhcCYMK2B6UtRpwmn96oNKsbBBT5WU2f8dEI\n-----END RSA PRIVATE KEY-----\n
Copy the line returned and place in the data bag item as the public_key
.
Set a windows password if managing windows systems, the password needs to be in plain text. (see the encryption options for the rundeck data bag)
Rundeck Users
Local Rundeck users are created via the Rundeck data bag item users. Users are added into the "users" hash as in the example below:
{
"chef_type": "data_bag_item",
"data_bag": "rundeck",
"id": "users",
"description": "Local rundeck users",
"users": {
"admin": {
"groups": [
"user",
"admin",
"architect",
"deploy",
"build"
],
"password": "secrete"
},
"apiuser": {
"groups": [
"user",
"admin",
"deploy"
],
"password": "secrete"
}
}
}
Encrypted Data bag - Rundeck
When using node['rundeck']['secret_file']
you will need to create a secret file for the encryption. Make sure the 'rundeck_secret' file is available on all nodes managed by rundeck.
Generate a secret file with openssl:
bash
$ openssl rand -base64 512 | tr -d '\r\n' > /tmp/rundeck_secret
Generate the encrypted data bag:
bash
$ knife data bag create rundeck secure --secret-file /tmp/rundeck_secret
Rundeck Projects
Create a rundeck_projects
data bag that will contain the projects, and search strings, for the rundeck managed nodes to include by project.
Example rundeck_projects
data bag items can be found in /test/default/data_bags/rundeck_projects/
. In version 4.0.0 of this cookbook, the data bag item format has changed. As of version 4.0.0 of this cookbook, project config will be set to exactly the config described in the "project_settings"
key of the data bag item. Here is an example project data bag item:
{ "id": "the-project-name", "project_settings": { "project": { "description": "The project description", "nodeCache": { "delay": 30, "enabled": true }, "ssh-authentication": "password", "ssh-password-storage-path": "keys/service-account.password", "ssh.user": "service-account", "sudo-command-enabled": true, "sudo-password-storage-path": "keys/service-account.password", "sudo-prompt-max-timeout": 30000, "sudo-response-max-timeout": 30000 }, "extra-config": { "some-key": "some-value", "nested-further": { "a": "A", "b": false } } } }
The data bag item above would create a project named the-project-name
with the following properties:
project.description = The project description project.nodeCache.delay = 30 project.nodeCache.enabled = true project.ssh-authentication = password project.ssh-password-storage-path = keys/service-account.password project.ssh.user = service-account project.sudo-command-enabled = true project.sudo-password-storage-path = keys/service-account.password project.sudo-prompt-max-timeout = 30000 project.sudo-response-max-timeout = 30000 extra-config.some-key = some-value extra-config.nested-further.a = A extra-config.nested-further.b = false
Pre-4.x backwards compatible project data bag item format
Previously, several config keys in the data bag item were used to generate the project config. This made too many assumptions, and greatly complicated the project creation and update functionality. If you want to maintain this data bag item format, backwards compatibility is supported if you set "old_style": true
in the data bag item:
{ "id": "dev-systems", "old_style": true, "hostname": "ipaddress", "username": "rundeck", "pattern": "chef_environment:dev1 OR chef_environment:dev2", "description": "These instances are tied to the dev-systems project in Rundeck.", "chef_rundeck_url" : "Optional: URL for the chef-rundeck integration endpoint" }
-
hostname
- attribute in the data bag item json is used when rundeck try to connect to the node (fqdn
is the default) -
username
- attribute is the user to authenticate to the node with when rundeck connects -
pattern
- attribute is a search query for nodes to include in to the project in rundeck. -
chef_rundeck_url
- optional attribute is a URL to locate the resource project, if not providednode['chef_rundeck_url']
will be used. -
project_settings
- optional attribute is a map of properties that will be added to the rundeck project.properties.
Rundeck Role ACL Policy
A default role acl policy is supported out of the box. You can add new acl policy files in to the configuration directory (node['rundeck']['configdir']
)
Rundeck role acl policy definitions.
License & Authors
- Author:: Peter Crossley peter.crossley@webtrends.com
- Author:: David Andrew david.andrew@webtrends.com
- Author:: Jonathan Mickle jmickle@jonathanmickle.com
Copyright 2014-2015, Webtrends Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Dependent cookbooks
runit >= 0.0.0 |
sudo >= 0.0.0 |
java >= 0.0.0 |
apache2 >= 0.0.0 |
java-libraries >= 0.0.0 |
build-essential >= 0.0.0 |
Contingent cookbooks
Changelog
4.0.0
- Project changes
- Projects are now created and updated according to the data bag definition
- Create projects with api rather than CLI
- Project data bag change: projects will now be created / updated with config exactly matching what is in the
"project_settings"
key in the data bag item. If you want to set extra config for all projects, consider adding attributes into['rundeck']['framework']['properties']
-
The functionality to set
resources.source.1
andproject.resources.file
for all projects has been removed because it makes too many assumptions about projects. You can re-enable this functionality on a per-project basis by setting the"old_style"
key totrue
in the project data bag item. See the lwrp for more information on this.
- Use
['rundeck']['framework']['properties']
to set additional config in theframework.properties
template
3.0.1
- Fixed issue #104 (ACL databag not being handled)
- Support for backward compatibility of Rundeck.
3.0.0
- Added LWRP User
- Added LWRP Plugin
- Support ACL policy file data bag
- Support SSL certs via data bag
- Support LDAP bindDn and password via data bag to enable encryption
- Support RDBMS config via data bag to enable encryption
- Add CA certs to Java truststore
- Fix SSL so that CLI works properly and configure SSL offloading to proxy
- Fix issue with server presenting itself on 127.0.0.1
2.0.12
- Update template file for 2.6.2
- Update downloaded deb and rpm for 2.6.2
- Updated checksum for 2.6.2
- Alter default loglevel
- Change JVM memory settings to an attribute.
- Change Apache template to work with different auth modules (commonly seen with apache 2.2->2.4)
- winrm plugin broken in 2.6. Updating winrm plugin to version 1.3.1 from 1.1
2.0.11
- upgrading to 2.6.0
- fixing AD auth issues with forcebinding not working correctly
2.0.10
- separated out apache, java, and rundeck server install, so you can install your own flavors
- created grails variables so there more control over listening port
2.0.7
- Using attributes for databag items
- Bug fixes
2.0.6
- updating to rundeck version 2.4.2-1 GA
2.0.5
- added more options for LDAP configurations
- improved the install process for the package option
- configurable databag names
- add a users item to rundeck data bag to allow changing of default admin password. This may be encrypted if needed.
- remove the tie of rundeck username and group
- chef-client v10 treats
platform?
as attribute instead of method in attributes file - Add supplemental groups to jaas-activedirectory (https://github.com/rundeck/rundeck/issues/590). This affects default['rundeck']['default_role']
- bump default rundeck version to 2.3.2-1
- configurable server url attributes added
- fixed home dir creation
- berkshelf and cookbook test updates
- fixed platform detection for attributes on rhel and chef 10
2.0.4
- updating to rundeck 2.1.2
- removing runit from rundeck::server recipe. default init scripts work now!
- bug fix issue #6
- removing runit from chef-rundeck recipe. use upstart
- Berkshelf support added
2.0.3
- added support to add custom project properties via the rundeck_project databag
- bug fixes with email settings in framework.properties
- update rundeck 2.0.3
- Added RHEL support (thanks scottymarshall)
2.0.2
- add smtp configuration to rundeck-config.properties
- update for chef-rundeck partial searches with chef 11
2.0.1
- add support for multiple chef-rundeck URL
2.0.0
- update rundeck 2.0.1
- update to chef-rundeck 1.0.2
- added a README.md file
- added a CONTRIBUTING file
- adding Travis-CI integration and foodcritic support
1.1.0
- update rundeck from 1.4 to 1.6
1.0.11
- Move chef-rundeck URL config into the project data bags for multiple chef-rundeck URLs
1.0.10
- Add support for windows via winrm
1.0.7
- Add support for sudo cookbook version 2.0+
1.0.6
- Add support for relational databases mysql and oracle
- Fixed path issues and updated to latest deb
1.0.5
- Address food critic warnings
1.0.4
- Parameterized the rundeck.rb template
1.0.1
- Updating chef-rundeck gem.
1.0:
- Initial releas
Collaborator Number Metric
4.0.1 passed this metric
Foodcritic Metric
4.0.1 failed this metric
FC017: LWRP does not notify when updated: rundeck/providers/project.rb:1
FC059: LWRP provider does not declare use_inline_resources: rundeck/providers/project.rb:1
Run with Foodcritic Version 8.2.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
License Metric
4.0.1 failed this metric
rundeck does not have a valid open source license.
Acceptable licenses include Apache 2.0, apachev2, MIT, mit, GNU Public License 2.0, gplv2, GNU Public License 3.0, gplv3.
4.0.1 passed this metric
4.0.1 failed this metric
FC017: LWRP does not notify when updated: rundeck/providers/project.rb:1
FC059: LWRP provider does not declare use_inline_resources: rundeck/providers/project.rb:1
Run with Foodcritic Version 8.2.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
License Metric
4.0.1 failed this metric
rundeck does not have a valid open source license.
Acceptable licenses include Apache 2.0, apachev2, MIT, mit, GNU Public License 2.0, gplv2, GNU Public License 3.0, gplv3.
4.0.1 failed this metric
Acceptable licenses include Apache 2.0, apachev2, MIT, mit, GNU Public License 2.0, gplv2, GNU Public License 3.0, gplv3.