Low Orbit Flux Logo 2 F

Rundeck

This is a somewhat new and very popular product. It is great for adhoc use and can be used to schedule jobs as well.

Rundeck Jobs

What is Rundeck?

If you had never heard of it, you might be asking what Rundeck is. One of the first questions you likely have about it is whether or not it is free and open source. You probably asked yourself this before even wondering what the basic function of the software is. It is in fact an open source project. It is a job scheduler. Its core functionality is to schedule jobs. In other words, it helps to automate routine operational procedures. Tasks, scripts, and programs that you might want to run repeatedly at a set time can be setup to run on a schedule. These tasks can also be setup to be run on an ad-hoc basis. So it can also serve as a convenient place to launch things from. This gives users and operators one centralized place to launch and control disparate groups of tools and commands. It is great for managing tasks in the data center or in cloud environments.

Rundeck has a ton of great features that will help you deal with time-consuming tasks that should be automated and managed with software. It makes it easy for you to implement automation efforts and to scale those efforts up. It makes it possible to create a self service platform for other users and teams. Jobs can be setup to perform complicated tasks. Once these tasks are all packaged into a job, a user can be allowed to just run that job anytime they need the task completed.

It is easier for teams to collaborate. Processes that have been automated can be shared easily. Some users can be allowed to view the activity of operations while others can be allowed to execute or even modify tasks.

Rundeck gives operators the ability to run jobs on any number of nodes/hosts. It gives them the ability choose exactly which node they want to run a job on. This can all be done from either a web based interface or a CLI if you prefer the command line. There is even an API provided.

Rundeck has a large assortment of features that help administrators to automate operations at scale. It includes the ability to control access control. It can be integrated with kerberos for authentication. Access to jobs and resources can be restricted. It allows for workflow building. Included are all of the standard logging features you would expect. Option data and node information can be pulled from external, integrated sources. It provides, as its core functionality, scheduling capabilities.

Where is Rundeck From?

Rundeck is an open source project. It is hosted on GitHub. It can be found here: GIT Hub - Rundeck. It is managed and developed partially by an organization called SimplifyOps. It is also developed and maintained by the community. Pretty much anyone who wants to take part in the development can. If you want to for the project, you can even do that too.

How is it licensed? It uses an open source license, the Apache Software License. This means that not only is the project free to use but that the source will remain free to all who want to use and modify it.

More Rundeck features

The feature set included should not disappoint. There is a set of command line tools included. These always help to make life easier for anyone who prefers to work from the command line. They aren’t required and you can do most tasks just fine from the GUI though. It allows for distributed command execution. This is pretty handy and serves to make tasks more efficient and to increase productivity. It includes a pluggable execution system. The default execution system is SSH but presumably you could replace this with other things. We’re not sure why you would want to but you can and there is probably a good reason for someone to do this.

There is a web API. People love web APIs. this makes things immeasurably easier for developers. This is a great way to programmatically interface with the system.

It includes, of course, a graphical web console or web GUI. This is actually the main core interface of the system. It allows for running commands and job execution using a nice graphical interface. People love these.

Rundeck doesn’t just include simple one dimensional workflows. It provides support for more advanced multi-step workflows. Sure, if you are lucky and only have simple sets of very straight forward tasks to deal with, you might not need this. If you are, on the other hand, someone with more complicated sets of interrelated tasks to handle, there is a good chance that you will be able to make use of multi step workflows.

With Rundeck, operators are given the flexibility to execute jobs on demand ( ad-hoc jobs ) as well as execute jobs on a schedule. They can be scheduled in much the same way as a standard cron job except that this can be done through a GUI.

This may be an afterthought for some people but it can be really, really helpful to have records of things that you can dig into later. Rundeck provides this capability. This helps if you want to debug or troubleshoot something when a problem arises. It is also helpful just to be able to keep an eye on how things are going. It is critical for monitoring. It is also great just to be able to get an idea of how things work normally, when there are no problems. It helps to establish a baseline. To this end, audit logs and a history have been included.

For a small deployment, or for a simple use case, you might be OK with just the simple, built-in inventory tools. These work great. For many people, more is needed. It is often desirable to pull in hosts from external host inventory tools. Rundeck provides open integration to these tools. It allows for the use of external host lists.

Permissions, authentication, and access control are all very important in a large enterprise as well as in many smaller organizations. Rundeck provides role-based access control (RBAC policies). These allow for a high level of control over who can do what and who has access to which resources. This is done, of course, with support for AD or LDAP.

More

Rundeck isn’t meant to replace every tool out there, not even close. It is meant to work as a complement to other tools. Existing tools that people are already using go well together with Rundeck. It works great in cloud or VM environments. It is really excellent with common tools like Jenkins, Chef, Puppet, Ansible, and other tools. It helps to stitch these together and run things from a centralized location. It acts as an important piece of automation.

Dynamic environments are easier to manage with node abstraction. This helps a lot for cloud environments and large virtualization deployments. It's still great for managing traditional, physical hardware.

Scripts, playbooks, recipes, and commands are often launched from the command line. These can instead be launched from a nice, clean GUI, on demand or on schedule. It doesn’t replace other forms of automation such as scripts or playbooks. It provides a really great way to manage, launch and schedule them. All of this, and Rundeck allows you to do these things against a list of nodes. It basically gives you the ability to run things anywhere with great ease. Things can now be run in parallel easily. This can be done against a set of hosts that match an arbitrary pattern. The main idea with Rundeck is to make tasks as simple as pushing a button while running them across easily configurable lists of hosts.

Rundeck Compared to Tidal Enterprise Scheduler

If you just want to launch jobs easily and mostly on an ad-hoc basis, Rundeck makes a nice convenient alternative to Tidal. It is easier to set up with less of a learning curve. It is more lightweight. It doesn’t have all of the features and integrations that Tidal has. The actual scheduling functionality isn’t anywhere near as elaborate as TES. You can’t define complicated custom calendars. Rundeck allows you to define recurring schedules with the same level of functionality as Cron.

Rundeck Download / Install / Setup

It can be run as a standalone WAR file, run inside a container like tomcat, or installed through a system package. We will be installing the open source “Rundeck Community” and not “Rundeck Enterprise”. A war file and a Debain Ubuntu installer can found here:

DOWNLOAD RUNDECK

See below for full instructions and other platforms.

Debian / Ubuntu Install

Ubuntu and Debian are great choices to for a Rundeck server.

We have put together a full guide covering Rundeck installation on Ubuntu that also includes some bug fixes for important issues here: Rundeck Install and Bug Fix - Stuck at Login Page

RHEL/Fedora/Centos

Yum RPM Install


yum install java-1.8.0
rpm -Uvh https://repo.rundeck.org/latest.rpm
yum install rundeck
service rundeckd start

Upgrade:


yum upgrade rundeck rundeck-config

Docker


docker pull rundeck/rundeck:3.2.0

Self Contained Launcher Install

Go here: https://docs.rundeck.com/downloads.html Download the self contained launcher. It will be a “.war” file.

Running the war file will automatically create a number of rundeck directories. Run it from within a directory.

Run in the foreground:


java -jar rundeck-3.2.0-20191218.war

Run as a daemon:


export RDECK_BASE=/home/user1/rundeck && ./server/sbin/rundeckd start

The output will show you the URL that can be used to access the rundeck GUI. By default it will run on port 4440. You can login with admin/admin. It will look like this:

http://docker1:4440/

Rundeck default port 4440
Rundeck default user admin
Rundeck default password admin

Set Email for the admin user:

Setup a new project:

Run Ad hoc Commands

Create Rundeck a Job

Here is a simple job setup example:

Add Node Source to Project

Nodes can be pulled from multiple different sources.

Use Rundeck XML File For Node Inventory:

Edit the xml file and add an entry like this between the opening and closing project tags:

Use Ansible Inventory File For Node Inventory:

Users and Authentication

Default users:

Authentication Mechanisms:

JAAS modules:

Adding users with the default file based authentication:

Generate a password hash. Use the MD5 hash and not CRYPT.

java -jar rundeck-3.0.0.war –encryptpwd Jetty

Edit your realm.properties configuration file. It will be on one of these two locations:

You will add a line with the username, the hash from above, and any groups. Adding a user named greg1 will look like this:

greg1: MD5:a029d0df84eb5549c641e04a9ef389e5,user,admin

Change Users Without Restarting (Optional)

Edit your JASS config file to allow user changes without restart, then restart.

Change this:


org.eclipse.jetty.jaas.spi.PropertyFileLoginModule

To this:


org.rundeck.jaas.jetty.ReloadablePropertyFileLoginModule

Now you will be able to add or modify users without restarting Rundeck.

Rundeck Change Default Port

4440 is the default port

Edit these files:

$RDECK_BASE/etc/preferences.properties


$RDECK_BASE/framework.server.port=1234

$RDECK_BASE/etc/framework.properties


framework.server.port = 1234
framework.server.url = http://docker1:1234

$RDECK_BASE/server/config/rundeck-config.properties


grails.serverURL=http://docker1:1234

NOTE - To pick up changes in the config files, you can’t just run the WAR file directly. You need to either use the rundeckd script or launch it from systemd. Launching the daemon like this works:

export RDECK_BASE=/home/user1/rundeck && ./server/sbin/rundeckd start

Rundeck MySQL Backend Database

Rundeck uses an embedded database called H2 by default. It is NOT OK for production use. On startup you will see a warning message like this:


"[2019-12-30 17:53:51.811]  WARN BootStrap --- [           main] [Development Mode] Usage of H2 database is recommended only for development and testing"

It is recommended to use a real database server like MySQL or MariaDB. For more details on MySQL DB setup, see our instructions here: MySQL Install

Create Database and User


mysql -u root -p

mysql> create database rundeck;
mysql> grant ALL on rundeck.* to 'rundeckuser'@'localhost' identified by 'rundeckpassword';
mysql> show databases;

Edit rundeck-config.properties:


dataSource.url = jdbc:mysql://myserver/rundeck?autoReconnect=true&useSSL=false
dataSource.username=rundeckuser
dataSource.password=rundeckpassword
dataSource.driverClassName=com.mysql.jdbc.Driver

Edit MySQL Config:


innodb_file_format=barracuda
innodb_file_per_table=true
innodb_large_prefix=true

Alter Tables


mysql> use rundeck;
mysql> ALTER TABLE `event_subscription` ROW_FORMAT=dynamic;
mysql> ALTER TABLE `reaction` ROW_FORMAT=dynamic;
mysql> ALTER TABLE `reaction_event` ROW_FORMAT=dynamic;

Rundeck MySQL Setup