SNAPSHOT
(latest master build)3.0.20
3.0.19
,3.0.18
,3.0.17
,3.0.16
,3.0.15
,3.0.14
,3.0.13
,3.0.12
,3.0.11
,3.0.9
,3.0.8
,3.0.7
,3.0.6
,3.0.5
,3.0.3
Check out the Docker Zoo for configuration examples in Docker Compose!
The simplest way to persist data between container starts/upgrades is to
utilize named volumes:
$ docker run --name some-rundeck -v data:/home/rundeck/server/data rundeck/rundeck
Environment variables
Locally run jobs run as the rundeck
user, the same as the server, and may carry the
environment variables used when starting the server. By default all environment variables
starting with RUNDECK_
are unset before starting Rundeck. See RUNDECK_ENVARS_UNSETALL
and
RUNDECK_ENVARS_UNSETS
below for unset options.
You can provide private ssh keys by mounting them into /home/rundeck/.ssh
:
$ docker run --name some-rundeck -v /home/protip/.ssh:/home/rundeck/.ssh rundeck/rundeck
Kubernetes users may wish to mount a private key in through the secrets system. See Kubernetes documentation Use-Case: Pod with ssh keys for details.
Rundeck Key Storage can be used to provide ssh keys to the ssh plugin as well.
$ docker run -m 1024m
The JVM is configured to use cgroup information to set the max heap allocation size.
The RAM ratio is set to 1
by default, so the JVM will utilize up to about the container limit.
See JVM_MAX_RAM_FRACTION
for information on changing this.
By defualt keystorage is set to use the database, and the encryption converters are disabled. To enable encryption, supply a password for one or both of the default converters:
RUNDECK_STORAGE_CONVERTER_1_CONFIG_PASSWORD=supersecret
RUNDECK_CONFIG_STORAGE_CONVERTER_1_CONFIG_PASSWORD=supersecret
Note: It is not recommended to enable/disable encryption after initial project setup! Refer to the docs for more information.
NOTE: For extra reference and clarity, refer to the official docs. For example configurations check out the Zoo.
Default
The default setup utilizes the /home/rundeck/server/config/realm.properties
file. Mount
or otherwise replace this file to manage further users through this method.
JAAS
There is initial support for composing the JAAS modules talk about in the docks.
The convention for listing the modules to use in environment variables:
RUNDECK_JAAS_MODULES_0=JettyCombinedLdapLoginModule
RUNDECK_JAAS_MODULES_1=PropertyFileLoginModule
Config keys are located under:
RUNDECK_JAAS_LDAP_*
RUNDECK_JAAS_FILE_*
By convention the module name matches the name in the docs, and the config keys match the config options listed in the docs uppercase, and all one word.
Remco is used to generate configuration files from templates. It supports different key/value sources such as vault, etcd, and dynamodb. The default configuration uses environment variables.
Extending the configuration involves building a derived image with additional template files.
See the Docker Zoo Exhibit for a complete example.
Not all rundeck configuration listed in the official documentation is available for setup yet. Please take a look at the templates to see all available variables.
The JVM will use 1/x
of the max RAM for heap. For example, a setting of 2
will cause
the JVM to utilize up to half the container limit for heap. This is replaced in
openjdk 10 with a percentage setting that will offer finer control.
Identifies Rundeck instances when multiple are running in the same cluster. While hard-coded to a default for getting started, this should be set manually for more advanced configurations.
Controls the base URL the app will use for links, redirects, etc. This is the URL users will use to access the site.
Set to path Rundeck is running under(i.e. http://localhost/rundeck
). Useful if running Rundeck
behind a reverse proxy under a path on the hostname.
Set to true
if running behind a reverse proxy. X-Forwarded-Proto
header must be set
if running behind a TLS terminating proxy.
Controls both the maxFileSize
and maxRequest
for the grails controller config.
The internal default is approximately 25Mib
or 26214400
.
This is the address or hostname the application will attempt to bind to within the container.
Defaults to jdbc:h2:file:/home/rundeck/server/data/grailsdb;MVCC=true
. The default configuration utilizes an h2 file for data storage.
Set this if using an alternative backend from h2.
org.postgresql.Driver
org.mariadb.jdbc.Driver
com.mysql.jdbc.Driver
The default console strategy configures log4j to send all output to stdout to be collected by the container logging driver.
Set to FILE
to log into /home/rundeck/server/logs
.
Set to anything enables audit logging. This can be very verbose so use with caution.
Configuration options for key storage providers and converts. These map to the Storage Facility Docs.
Configuration options for using the preauthenticated mode.
Specify location of a static tokens file. See configuration file reference for details.
Controls for CSP headers.
Default from address.
Mail properties that get passed through to Grails. For example, to use StartTLS(required by many servers including AWS SES), ["mail.smtp.starttls.enable":"true","mail.smtp.port":"587"]
.
Unsets all environment variables starting with RUNDECK_
before starting Rundeck. Set to false
to utilize the RUNDECK_ENVARS_UNSETS
option.
Set to a space-separated list of environment variables to unset before starting Rundeck.
Set the threadCount value to the max number of threads you want to run concurrently. If not set, default to 10.