Skip to content

Ansible role defining rundeck installation and configuration.

License

Notifications You must be signed in to change notification settings

thesegovia/ansible-rundeck

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

97 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Ansible Rundeck Role

This is an Ansible role to install, configure and ensure sure rundeck is running. Feedback, bug-reports, requests are welcomed and can be done via github issues.

Execution Requirements

  • Tested on Mac OS X with Ansible 2.0.

Role Variables

The following variables can be overridden:

  • rundeck_protocol: Defaults to http but should be set to the protocol the web application with accessed by.
  • rundeck_domain: Defaults to localhost:4440 but should be set to the host name web application with accessed by.
  • rundeck_database_type: Defaults to hsqldb but can be set to postgresql or mysql to use those databases. Users and databases are not automatically created.
  • rundeck_database_host: Defaults to localhost and only needs to be set if using an externally hosted database.
  • rundeck_database_port: Defaults to None and must be set if using a different database than the default hsqldb.
  • rundeck_database_name: Defaults to rundeck but allows you to use a different rundeck database name.
  • rundeck_database_user: Defaults to rundeck but allows you to use a different username to accesses the rundeck database.
  • rundeck_database_pass: Defaults to rundeck but allows you to use a different password for the user access to the rundeck database.
  • rundeck_users: A list of dictionaries of name, password, and a list of roles (One must be an admin). If empty the default admin is not removed. The password will be hashed. A pre-hashed password may be supplied using a key of password_hash rather than password.
  • rundeck_plugins: A list of plugin urls that are downloaded and installed into the rundeck libext, default is none.
  • rundeck_extra_bootstrap: A list of extra jar urls that are downloaded and installed into the rundeck bootstrap, default is none.
  • rundeck_generate_ssh: Automatically generate ssh key, defgault True set to False to stop this action.
  • rundeck_ldap: Determine if LDAP authentication should be used, overrides rundeck_users. Default is False. The LDAP server must a user group to privde access to rundeck web interface.
  • rundeck_ldap_url: The location of the LDAP server, i.e. ldap://localhost:389
  • rundeck_ldap_bind_user: The DN to access the LDAP server, i.e. cn=Manager,dc=example,dc=com
  • rundeck_ldap_bind_pass: The DN user password o access the LDAP server, secrent
  • rundeck_ldap_user_dn: The DN of the users, i.e. ou=People,dc=test1,dc=example,dc=com
  • rundeck_ldap_user_rdn_attr: The attribute that identifies the username, i.e. uid
  • rundeck_ldap_user_id_attr: The attribute that identifies the username, i.e. uid
  • rundeck_ldap_bindinglogin: Default: false. If true, bind as the user that is authenticating, otherwise bind as the manager and perform a search to verify user password
  • rundeck_ldap_user_pass_attr: The attribute that identifies the user password, i.e. userPassword
  • rundeck_ldap_user_filter: The objectClass that is used to find user, i.e. account
  • rundeck_ldap_role_dn: The DN of the roles, i.e. ou=Groups,dc=test1,dc=example,dc=com
  • rundeck_ldap_role_name_attr: The attribute name of the role, i.e. cn
  • rundeck_ldap_role_username_attr: This overrides the rundeck_ldap_role_member_attr determine user membership of roles, i.e. uid
  • rundeck_ldap_role_member_attr: Used to determine user membership of roles, i.e. member
  • rundeck_ldap_role_filter: The objectClass that is used to find role, i.e. groupOfNames
  • rundeck_ldap_netsted_groups: Default: false. If true, will resolve all nested groups for authenticated users
  • rundeck_ldap_debug: Default: false. Enable/Disable ldap debuging
  • rundeck_crowd: Default: False. Determine if Atlassian Crowd authentication should be used, overrides rundeck_users
  • rundeck_crowd_jaas_jars: List of URL to get Crowd JAAS jars from
  • rundeck_crowd_name: Default: 'RunDeck'. Application name to access Crowd
  • rundeck_crowd_pass: Default: 'secret'. Application password to access Crowd
  • rundeck_crowd_url: Default: 'http://localhost/crowd/'.
  • rundeck_crowd_maxconn: Default: 20. httpMaxConnections
  • rundeck_crowd_timeout: Default: 5000. httpTimeout
  • rundeck_crowd_proxy_host: Default: Undefined
  • rundeck_crowd_proxy_port: Default: Undefined
  • rundeck_crowd_proxy_username: Default: Undefined
  • rundeck_crowd_proxy_password: Default: Undefined
  • rundeck_crowd_debug: Default: False. Enable/Disable Crowd auth debugging

Dependencies

This role does not have a hard dependency on any other role to deploy but rundeck does require java to be installed (decoupled on the communities request). smola's ansible-java-role is a good choice with the following configuration:

  • Debian: Ensure java_packages has a debian java package in it, i.e. openjdk-7-jre-headless
  • RedHat: Ensure java_packages has a debian java package in it, i.e. java-1.7.0-openjdk, had to adjust role to include RedHat.yml in main.yml to work.

If you choose to use a database then please ensure it is installed before executing this role. The following roles have been used to create databases:

  • Ubuntu 12.04 & 14.04/PostgreSQL: postgresql
  • Centos 6.5 & 7.0/PostgreSQL: postgresql-on-el6 (with tweeks, watch this space for updates)

Testing

Please check changes using the vagrant boxes provided, i.e.:

cd tests/vagrant-centos65
vagrant up

To use PostgreSQL database, export the playbook first, i.e.:

export PLAYBOOK=postgresql_redhat_test.yml

License

Licensed under the MIT License. See the LICENSE file for details.

About

Ansible role defining rundeck installation and configuration.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Ruby 97.4%
  • Shell 2.6%