Installing and configuring Rundeck on CentOS 7

Posted: February 6, 2018 in Linux, RunDeck

Rundeck is open source software that helps  automate routine operational procedures in data center or cloud environments

Installation:

Rundeck can be configured to use RDB instead of default file-based data storage. RDB is recommended in large environment.In this post we’ll use file-based storage.

Rundeck requires java

# yum install java-1.8.0-openjdk java-1.8.0-openjdk-devel -y

Create java.sh file in /etc/profile/d and and content below:

#!/bin/bash

JAVA_HOME=/usr/bin/java

PATH=$JAVA_HOME/bin:$PATH

export PATH JAVA_HOME

export CLASSPATH=.

Then make file executable

chmod +x /etc/profile.d/java.sh
source /etc/profile.d/java.sh

Rundeck is available on port 4440-that port needs to be open:

Add below line into file: /etc/sysconfig/iptables

-A INPUT -p tcp -m state --state NEW -m tcp --dport 4440 -j ACCEPT
/etc/init.d/iptables restart

Installing Rundeck:

rpm -Uvh http://repo.rundeck.org/latest.rpm 
yum install rundeck
/etc/init.d/rundeckd start

To make sure the service is running:

/etc/init.d/rundeckd status
netstat -anp | grep '4440\|4443'

The default username and password is admin:admin, if password change for admin is required then edit the file: /etc/rundeck/realm.properties

Comment out the following line in file: /etc/rundeck/rundeck-config.properties

# Comment this out from:
grails.serverURL=http://localhost:4440

# To:
grails.serverURL=http://ip address:4440

Modify the below lines in file: /etc/rundeck/framework.properties

framework.server.name = localhost
framework.server.hostname = localhost
framework.server.port = 4440
framework.server.url = http://localhost:4440

to

framework.server.name = ip address
framework.server.hostname = ip address
framework.server.port = 4440
framework.server.url = http://ip address:4440

Now, restart the service and try to login: http://ipaddress:4440

Adding nodes

At this moment, there is no feature which would allow adding nodes using GUI
https://github.com/rundeck/rundeck/issues/1584

Create New project

1.png

Clear SSH key path

1.png

And click Create

1.png

Go to /var/rundeck/projects//etc
Edit resources.xml file

Add following line for every new node (server which needs to be managed)

1.png

New node appears in Web interface

1.png

To add another node just copy node line and change name and node IP address

Creating keypair on Rundeck server

ssh-keygen

Copy private key to clipboard:

cat /root/.ssh/id_rsa

copy content to clipboard

Now, on Rundeck interface click settings (cog icon)-Key Storage

1.png

Click Add or Upload a Key

1.png

Make sure Private Key is selected from drop-down list, paste content of ~/.ssh/id_rsa
And give key a name. Note:storage path and key name must reflect names in /var/rundeck/projects//etc resources.xml file
(ssh-key-storage-path=”keys/Linuxtopic/server.key”)

Instead of Private/Public keys, password can be used as authentication method

1.png

On client (node) create authorized_keys file (under /root/.ssh)
Copy content of id_rsa.pub file (public key) from Rundeck server to authorized_keys file on node machine
Repeat same step for every new node (copy public key from Rundeck server to /root/.ssh/authorized_keys file on every node

Running command

Now when we added node, we can run command on it, from Rundeck server go to commands-type command
From nodes, type node name-Click Run on node

1.png

Key storage

Private key uploaded to Rundeck server in previous steps are located locally on Rundeck server

/var/lib/rundeck/var/storage/content/keys// folder

1.png

Passing Rundeck password storage to script

Create password storage:

Capture

Create job-add option-specify secure-select password storage created in previous step

Capture.PNG

In script option specify arguments

Capture.PNG

In script body specify argument:

jira_password=$1
curl -XN -u user:$1

CRON job to run every first day of the month at 09:00 AM

0 00 09 1 * ? *

Changing “from” Rundeck email address

edit /etc/rundeck/rundeck-config.properties and add

grails.mail.default.from=some@mail.com

Script to test if Rundeck service is running:

#!/usr/bin/python
import sys
import os
import commands

sys.stdout = open('log.txt','wt')

output = commands.getoutput('ps -A')
if 'runuser' in output:
print("Rundeck is up an running!")

else:
os.system("systemctl start rundeckd")
print("Rundeck service started")

We can execute this script via cron:

*/5 * * * * /usr/bin/python /root/scripts/service.py

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s