first cut of rundeck packaging

This commit is contained in:
2025-04-21 14:08:44 -04:00
parent b382498ea8
commit 898ecaaea6
9 changed files with 205 additions and 4 deletions

View File

@@ -0,0 +1,101 @@
# Rundeck Cloudron Package Build Notes
## Overview
This package deploys Rundeck, an open-source automation and job scheduling tool, on Cloudron. It uses PostgreSQL for data storage and can be configured to use either Cloudron's LDAP or OIDC for authentication.
## Package Contents
- **CloudronManifest.json**: Defines the app for Cloudron
- **Dockerfile**: Builds the container with Rundeck and dependencies
- **start.sh**: Initializes the app and manages configuration
- **nginx.conf**: Configures web server to proxy requests to Rundeck
- **supervisord.conf**: Manages Rundeck and Nginx processes
- **Configuration files**:
- framework.properties: Core Rundeck configuration
- rundeck-config.properties: Database and server settings
- jaas-ldap.conf: LDAP authentication configuration
- jaas-oidc.conf: OAuth/OIDC authentication configuration
- realm.properties: Default user credentials
## Building the Package
1. Create a new directory for your Cloudron package
2. Place all the files in this package in that directory
3. Download a Rundeck logo and save it as `logo.png` in the package directory
4. Build the package with the Cloudron CLI:
```
cloudron build
```
## Testing
1. Install the package on a test Cloudron instance:
```
cloudron install --image [your-image-name]
```
2. After installation, access the app at its Cloudron URL
3. Log in with the credentials shown in the post-install message
4. Test basic functionality:
- Create a project
- Define a simple job
- Run the job and verify it executes correctly
- Check that logs are saved correctly
5. Test authentication:
- If LDAP is enabled, test login with a Cloudron user
- If OIDC is enabled, test single sign-on functionality
- Verify proper permissions mapping
## Deploying to Production
1. After successful testing, publish the package for your production Cloudron:
```
cloudron install --app rundeck --image [your-image-name]
```
2. Configure backup schedules through the Cloudron UI
3. Update the admin password immediately after installation
4. Configure necessary projects and jobs
## Authentication Configuration
The package supports two authentication methods:
### OIDC/OAuth (Preferred)
- Automatically configured if Cloudron provides OAuth environment variables
- Uses Cloudron's identity provider for single sign-on
- User roles mapped from Cloudron groups
- No additional configuration needed
### LDAP
- Automatically configured if Cloudron provides LDAP environment variables
- Uses Cloudron's LDAP server for authentication
- Groups are mapped to Rundeck roles
- Works with all Cloudron user accounts
## Troubleshooting
- If the app fails to start, check the Cloudron logs:
```
cloudron logs -f
```
- Common issues:
- Database connection problems: Check the PostgreSQL addon status
- Authentication issues: Verify LDAP/OIDC configuration
- File permissions: Ensure files in /app/data are owned by cloudron:cloudron
- Memory limits: If Rundeck is slow or crashing, consider increasing the memory limit
## Updating the Package
1. Update the app version in CloudronManifest.json
2. Update the Rundeck version in the Dockerfile
3. Make any necessary changes to configuration files
4. Rebuild and reinstall the package
## Backup and Restore
Cloudron automatically backs up the /app/data directory and PostgreSQL database. No additional configuration is required for backup functionality.
## Security Notes
- Rundeck stores sensitive data (credentials, private keys) in its database and file system
- All sensitive data is stored in the /app/data directory, which is backed up by Cloudron
- API keys and other secrets are encrypted using Jasypt encryption
- Always use HTTPS (provided by Cloudron) for secure access

View File

@@ -1 +0,0 @@
#rundeck docker compose for tsys

View File

@@ -0,0 +1,57 @@
# framework.properties
#
# The base directory for the rundeck server
#
rdeck.base=/app/data
# Indicates a file contains credentials for writing to the output log file.
#
# The contents of this file must contain a single line with 2 comma separated
# strings:
# <username>,<password>
framework.output.password.file=/app/data/etc/output.password
# Framework crypto options
# framework.crypto.keystore.filename=
# framework.crypto.keystore.password=
# framework.crypto.secretkey.password=
# SSH connection timeout after a specified number of milliseconds.
# Default timeout is 30 seconds.
framework.ssh.timeout=30000
# Set the follow to true if you want ssh-agent forwarding to work.
framework.ssh.user.enableagentforward=false
# ssh key storage
framework.ssh.keypath=/app/data/.ssh
framework.ssh.keystore.path=/app/data/var/storage
# SSH authentication type (password or privateKey)
framework.ssh.authentication=privateKey
# Set this to true to use the ssh-key storage for ssh plugin tests
framework.ssh.fileCopier.use.storage=false
#
# Extra environment variables to pass to throttled/queued commands
#
# comma separated list of environment variables to pass from parent process to
# to child process as is
framework.env.retain=JVM_OPTS
# API Tokens File
framework.tokens.file=/app/data/etc/tokens.properties
# For Server URL and Port
framework.server.name=Rundeck
framework.server.hostname=${CLOUDRON_APP_DOMAIN}
framework.server.port=443
framework.server.url=https://${CLOUDRON_APP_DOMAIN}
# Define auth resources
framework.authorization.resource.file.path=/app/data/etc/resources.xml
# Logging
framework.log.dispatch.console.format=[%d{ISO8601}] %-5p %c{2} - %m%n
framework.log.dispatch.file=/app/data/var/logs/rundeck.log

View File

@@ -1 +0,0 @@
This directory contains template files for the application at FQDN indidicated by the parent directory. They will be processed using mo (bash mustache).

View File

@@ -0,0 +1,12 @@
oauth {
org.rundeck.jaas.jetty.JettyRolePropertyFileLoginModule required
debug="true"
useFirstPass="true"
supplementalRoles="user"
file="/app/data/etc/realm.properties";
com.dtolabs.rundeck.jetty.jaas.JettyOIDCUserGroupsLoginModule required
debug="true"
useFirstPass="false"
storePass="true";
};

View File

@@ -1 +0,0 @@
This directory contains final docker compose files for the application at FQDN indidicated by the parent directory.

View File

@@ -0,0 +1,2 @@
# Initial Admin User - will be set up by start.sh
admin:admin,user,admin

View File

@@ -0,0 +1,33 @@
# rundeck-config.properties
#
# Database connection
dataSource.driverClassName = org.postgresql.Driver
dataSource.url = ${RUNDECK_SERVER_DATASTORE_URL}
dataSource.username = ${CLOUDRON_POSTGRESQL_USERNAME}
dataSource.password = ${CLOUDRON_POSTGRESQL_PASSWORD}
dataSource.dbCreate = update
# Plugin installation
rundeck.plugin.dir = /app/data/libext
# Server settings
grails.serverURL = https://${CLOUDRON_APP_DOMAIN}
rundeck.gui.startpage = jobs
rundeck.enableSelfSignedCertDownload = false
rundeck.jetty.connector.forwarded = true
rundeck.security.useHMacRequestTokens = true
rundeck.security.csrf.referer.filterMethod = NONE
rundeck.api.tokens.duration.max = 30d
# Logging
rundeck.log4j.config.file = /app/data/server/config/log4j2.properties
rundeck.logging.dir = /app/data/var/logs
# File storage
rundeck.projectsStorageType=filesystem
rundeck.storage.provider.1.type=file
rundeck.storage.provider.1.path=/app/data/var/storage
rundeck.storage.converter.1.type=jasypt-encryption
rundeck.storage.converter.1.key=keys
rundeck.storage.converter.1.path=keys

View File

@@ -1 +0,0 @@
This directory contains files from the vendor unmodified. They serve as a base for the input-files sibling directory