KNEL/KNELProductionContainers
2
0
Fork 0
Code Pull Requests Actions Packages Releases Activity
Files
9f74e0fc3977d368f1ca4846843607c75cd05b1c
KNELProductionContainers/Techops/rundeck.knownelement.com/Rundeck-BuildNotes.md

101 lines
3.7 KiB
Markdown
Raw Blame History

# Rundeck Cloudron Package Build Notes
## Overview
This package deploys Rundeck, an open-source automation and job scheduling tool, on Cloudron. It uses PostgreSQL for data storage and can be configured to use either Cloudron's LDAP or OIDC for authentication.
## Package Contents
- **CloudronManifest.json**: Defines the app for Cloudron
- **Dockerfile**: Builds the container with Rundeck and dependencies
- **start.sh**: Initializes the app and manages configuration
- **nginx.conf**: Configures web server to proxy requests to Rundeck
- **supervisord.conf**: Manages Rundeck and Nginx processes
- **Configuration files**:
- framework.properties: Core Rundeck configuration
- rundeck-config.properties: Database and server settings
- jaas-ldap.conf: LDAP authentication configuration
- jaas-oidc.conf: OAuth/OIDC authentication configuration
- realm.properties: Default user credentials
## Building the Package
1. Create a new directory for your Cloudron package
2. Place all the files in this package in that directory
3. Download a Rundeck logo and save it as `logo.png` in the package directory
4. Build the package with the Cloudron CLI:
```
cloudron build
```
## Testing
1. Install the package on a test Cloudron instance:
```
cloudron install --image [your-image-name]
```
2. After installation, access the app at its Cloudron URL
3. Log in with the credentials shown in the post-install message
4. Test basic functionality:
- Create a project
- Define a simple job
- Run the job and verify it executes correctly
- Check that logs are saved correctly
5. Test authentication:
- If LDAP is enabled, test login with a Cloudron user
- If OIDC is enabled, test single sign-on functionality
- Verify proper permissions mapping
## Deploying to Production
1. After successful testing, publish the package for your production Cloudron:
```
cloudron install --app rundeck --image [your-image-name]
```
2. Configure backup schedules through the Cloudron UI
3. Update the admin password immediately after installation
4. Configure necessary projects and jobs
## Authentication Configuration
The package supports two authentication methods:
### OIDC/OAuth (Preferred)
- Automatically configured if Cloudron provides OAuth environment variables
- Uses Cloudron's identity provider for single sign-on
- User roles mapped from Cloudron groups
- No additional configuration needed
### LDAP
- Automatically configured if Cloudron provides LDAP environment variables
- Uses Cloudron's LDAP server for authentication
- Groups are mapped to Rundeck roles
- Works with all Cloudron user accounts
## Troubleshooting
- If the app fails to start, check the Cloudron logs:
```
cloudron logs -f
```
- Common issues:
- Database connection problems: Check the PostgreSQL addon status
- Authentication issues: Verify LDAP/OIDC configuration
- File permissions: Ensure files in /app/data are owned by cloudron:cloudron
- Memory limits: If Rundeck is slow or crashing, consider increasing the memory limit
## Updating the Package
1. Update the app version in CloudronManifest.json
2. Update the Rundeck version in the Dockerfile
3. Make any necessary changes to configuration files
4. Rebuild and reinstall the package
## Backup and Restore
Cloudron automatically backs up the /app/data directory and PostgreSQL database. No additional configuration is required for backup functionality.
## Security Notes
- Rundeck stores sensitive data (credentials, private keys) in its database and file system
- All sensitive data is stored in the /app/data directory, which is backed up by Cloudron
- API keys and other secrets are encrypted using Jasypt encryption
- Always use HTTPS (provided by Cloudron) for secure access
View Git Blame Copy Permalink