first cut of rundeck packaging
This commit is contained in:
101
Techops/rundeck.knownelement.com/Rundeck-BuildNotes.md
Normal file
101
Techops/rundeck.knownelement.com/Rundeck-BuildNotes.md
Normal file
@@ -0,0 +1,101 @@
|
||||
# Rundeck Cloudron Package Build Notes
|
||||
|
||||
## Overview
|
||||
This package deploys Rundeck, an open-source automation and job scheduling tool, on Cloudron. It uses PostgreSQL for data storage and can be configured to use either Cloudron's LDAP or OIDC for authentication.
|
||||
|
||||
## Package Contents
|
||||
- **CloudronManifest.json**: Defines the app for Cloudron
|
||||
- **Dockerfile**: Builds the container with Rundeck and dependencies
|
||||
- **start.sh**: Initializes the app and manages configuration
|
||||
- **nginx.conf**: Configures web server to proxy requests to Rundeck
|
||||
- **supervisord.conf**: Manages Rundeck and Nginx processes
|
||||
- **Configuration files**:
|
||||
- framework.properties: Core Rundeck configuration
|
||||
- rundeck-config.properties: Database and server settings
|
||||
- jaas-ldap.conf: LDAP authentication configuration
|
||||
- jaas-oidc.conf: OAuth/OIDC authentication configuration
|
||||
- realm.properties: Default user credentials
|
||||
|
||||
## Building the Package
|
||||
|
||||
1. Create a new directory for your Cloudron package
|
||||
2. Place all the files in this package in that directory
|
||||
3. Download a Rundeck logo and save it as `logo.png` in the package directory
|
||||
4. Build the package with the Cloudron CLI:
|
||||
```
|
||||
cloudron build
|
||||
```
|
||||
|
||||
## Testing
|
||||
|
||||
1. Install the package on a test Cloudron instance:
|
||||
```
|
||||
cloudron install --image [your-image-name]
|
||||
```
|
||||
2. After installation, access the app at its Cloudron URL
|
||||
3. Log in with the credentials shown in the post-install message
|
||||
4. Test basic functionality:
|
||||
- Create a project
|
||||
- Define a simple job
|
||||
- Run the job and verify it executes correctly
|
||||
- Check that logs are saved correctly
|
||||
5. Test authentication:
|
||||
- If LDAP is enabled, test login with a Cloudron user
|
||||
- If OIDC is enabled, test single sign-on functionality
|
||||
- Verify proper permissions mapping
|
||||
|
||||
## Deploying to Production
|
||||
|
||||
1. After successful testing, publish the package for your production Cloudron:
|
||||
```
|
||||
cloudron install --app rundeck --image [your-image-name]
|
||||
```
|
||||
2. Configure backup schedules through the Cloudron UI
|
||||
3. Update the admin password immediately after installation
|
||||
4. Configure necessary projects and jobs
|
||||
|
||||
## Authentication Configuration
|
||||
|
||||
The package supports two authentication methods:
|
||||
|
||||
### OIDC/OAuth (Preferred)
|
||||
- Automatically configured if Cloudron provides OAuth environment variables
|
||||
- Uses Cloudron's identity provider for single sign-on
|
||||
- User roles mapped from Cloudron groups
|
||||
- No additional configuration needed
|
||||
|
||||
### LDAP
|
||||
- Automatically configured if Cloudron provides LDAP environment variables
|
||||
- Uses Cloudron's LDAP server for authentication
|
||||
- Groups are mapped to Rundeck roles
|
||||
- Works with all Cloudron user accounts
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
- If the app fails to start, check the Cloudron logs:
|
||||
```
|
||||
cloudron logs -f
|
||||
```
|
||||
- Common issues:
|
||||
- Database connection problems: Check the PostgreSQL addon status
|
||||
- Authentication issues: Verify LDAP/OIDC configuration
|
||||
- File permissions: Ensure files in /app/data are owned by cloudron:cloudron
|
||||
- Memory limits: If Rundeck is slow or crashing, consider increasing the memory limit
|
||||
|
||||
## Updating the Package
|
||||
|
||||
1. Update the app version in CloudronManifest.json
|
||||
2. Update the Rundeck version in the Dockerfile
|
||||
3. Make any necessary changes to configuration files
|
||||
4. Rebuild and reinstall the package
|
||||
|
||||
## Backup and Restore
|
||||
|
||||
Cloudron automatically backs up the /app/data directory and PostgreSQL database. No additional configuration is required for backup functionality.
|
||||
|
||||
## Security Notes
|
||||
|
||||
- Rundeck stores sensitive data (credentials, private keys) in its database and file system
|
||||
- All sensitive data is stored in the /app/data directory, which is backed up by Cloudron
|
||||
- API keys and other secrets are encrypted using Jasypt encryption
|
||||
- Always use HTTPS (provided by Cloudron) for secure access
|
@@ -1 +0,0 @@
|
||||
#rundeck docker compose for tsys
|
57
Techops/rundeck.knownelement.com/framework.properties
Normal file
57
Techops/rundeck.knownelement.com/framework.properties
Normal file
@@ -0,0 +1,57 @@
|
||||
# framework.properties
|
||||
#
|
||||
# The base directory for the rundeck server
|
||||
#
|
||||
rdeck.base=/app/data
|
||||
|
||||
# Indicates a file contains credentials for writing to the output log file.
|
||||
#
|
||||
# The contents of this file must contain a single line with 2 comma separated
|
||||
# strings:
|
||||
# <username>,<password>
|
||||
framework.output.password.file=/app/data/etc/output.password
|
||||
|
||||
# Framework crypto options
|
||||
# framework.crypto.keystore.filename=
|
||||
# framework.crypto.keystore.password=
|
||||
# framework.crypto.secretkey.password=
|
||||
|
||||
# SSH connection timeout after a specified number of milliseconds.
|
||||
# Default timeout is 30 seconds.
|
||||
framework.ssh.timeout=30000
|
||||
|
||||
# Set the follow to true if you want ssh-agent forwarding to work.
|
||||
framework.ssh.user.enableagentforward=false
|
||||
|
||||
# ssh key storage
|
||||
framework.ssh.keypath=/app/data/.ssh
|
||||
framework.ssh.keystore.path=/app/data/var/storage
|
||||
|
||||
# SSH authentication type (password or privateKey)
|
||||
framework.ssh.authentication=privateKey
|
||||
|
||||
# Set this to true to use the ssh-key storage for ssh plugin tests
|
||||
framework.ssh.fileCopier.use.storage=false
|
||||
|
||||
#
|
||||
# Extra environment variables to pass to throttled/queued commands
|
||||
#
|
||||
# comma separated list of environment variables to pass from parent process to
|
||||
# to child process as is
|
||||
framework.env.retain=JVM_OPTS
|
||||
|
||||
# API Tokens File
|
||||
framework.tokens.file=/app/data/etc/tokens.properties
|
||||
|
||||
# For Server URL and Port
|
||||
framework.server.name=Rundeck
|
||||
framework.server.hostname=${CLOUDRON_APP_DOMAIN}
|
||||
framework.server.port=443
|
||||
framework.server.url=https://${CLOUDRON_APP_DOMAIN}
|
||||
|
||||
# Define auth resources
|
||||
framework.authorization.resource.file.path=/app/data/etc/resources.xml
|
||||
|
||||
# Logging
|
||||
framework.log.dispatch.console.format=[%d{ISO8601}] %-5p %c{2} - %m%n
|
||||
framework.log.dispatch.file=/app/data/var/logs/rundeck.log
|
@@ -1 +0,0 @@
|
||||
This directory contains template files for the application at FQDN indidicated by the parent directory. They will be processed using mo (bash mustache).
|
12
Techops/rundeck.knownelement.com/jaas-oidc.conf
Normal file
12
Techops/rundeck.knownelement.com/jaas-oidc.conf
Normal file
@@ -0,0 +1,12 @@
|
||||
oauth {
|
||||
org.rundeck.jaas.jetty.JettyRolePropertyFileLoginModule required
|
||||
debug="true"
|
||||
useFirstPass="true"
|
||||
supplementalRoles="user"
|
||||
file="/app/data/etc/realm.properties";
|
||||
|
||||
com.dtolabs.rundeck.jetty.jaas.JettyOIDCUserGroupsLoginModule required
|
||||
debug="true"
|
||||
useFirstPass="false"
|
||||
storePass="true";
|
||||
};
|
@@ -1 +0,0 @@
|
||||
This directory contains final docker compose files for the application at FQDN indidicated by the parent directory.
|
2
Techops/rundeck.knownelement.com/realm.properties
Normal file
2
Techops/rundeck.knownelement.com/realm.properties
Normal file
@@ -0,0 +1,2 @@
|
||||
# Initial Admin User - will be set up by start.sh
|
||||
admin:admin,user,admin
|
33
Techops/rundeck.knownelement.com/rundeck-config.properties
Normal file
33
Techops/rundeck.knownelement.com/rundeck-config.properties
Normal file
@@ -0,0 +1,33 @@
|
||||
# rundeck-config.properties
|
||||
#
|
||||
|
||||
# Database connection
|
||||
dataSource.driverClassName = org.postgresql.Driver
|
||||
dataSource.url = ${RUNDECK_SERVER_DATASTORE_URL}
|
||||
dataSource.username = ${CLOUDRON_POSTGRESQL_USERNAME}
|
||||
dataSource.password = ${CLOUDRON_POSTGRESQL_PASSWORD}
|
||||
dataSource.dbCreate = update
|
||||
|
||||
# Plugin installation
|
||||
rundeck.plugin.dir = /app/data/libext
|
||||
|
||||
# Server settings
|
||||
grails.serverURL = https://${CLOUDRON_APP_DOMAIN}
|
||||
rundeck.gui.startpage = jobs
|
||||
rundeck.enableSelfSignedCertDownload = false
|
||||
rundeck.jetty.connector.forwarded = true
|
||||
rundeck.security.useHMacRequestTokens = true
|
||||
rundeck.security.csrf.referer.filterMethod = NONE
|
||||
rundeck.api.tokens.duration.max = 30d
|
||||
|
||||
# Logging
|
||||
rundeck.log4j.config.file = /app/data/server/config/log4j2.properties
|
||||
rundeck.logging.dir = /app/data/var/logs
|
||||
|
||||
# File storage
|
||||
rundeck.projectsStorageType=filesystem
|
||||
rundeck.storage.provider.1.type=file
|
||||
rundeck.storage.provider.1.path=/app/data/var/storage
|
||||
rundeck.storage.converter.1.type=jasypt-encryption
|
||||
rundeck.storage.converter.1.key=keys
|
||||
rundeck.storage.converter.1.path=keys
|
@@ -1 +0,0 @@
|
||||
This directory contains files from the vendor unmodified. They serve as a base for the input-files sibling directory
|
Reference in New Issue
Block a user