Rundeck 2.6.10 upgrade breaks rundeck on CentOS #2164

Closed
xyntrix opened this Issue Nov 11, 2016 · 13 comments

Projects

None yet

6 participants

@xyntrix
xyntrix commented Nov 11, 2016

Bug report

(Note: Please fill in the blank ___ about your rundeck installation below. You can remove this line.)

My Rundeck detail
Did an rpm update this morning and our Rundeck installation was left in a broken state.

Aug 04 05:47:32 Updated: rundeck-2.6.9-1.21.GA.noarch
Aug 04 05:47:32 Updated: rundeck-config-2.6.9-1.21.GA.noarch

Nov 11 04:23:01 Updated: rundeck-config-2.6.10-1.22.GA.noarch
Nov 11 04:23:05 Updated: rundeck-2.6.10-1.22.GA.noarch

  • Rundeck version: 2.6.10
  • install type: rpm
  • OS Name/version: CentOS 6.8

Expected Behavior

Rundeck to seamlessly update


Actual Behavior
Rundeck no longer starts after rpm update

It looks like the rpm adds significant changes to the /etc/rundeck/profile file, and the previous file is not replaced (the rpm update copies the file to /etc/rundeck/profile.rpmnew). We had to manually copy this into place to get rundeck to start.

Now that it's started. ldap no longer works.. so we're troubleshooting that now too.


How to reproduce Behavior

Install rundeck 2.6.9 and update to 2.6.10 rpm.


Enhancement request

(For enhancements: Please search the existing Issues and look at the Trello board for your idea before posting.)

...

@xyntrix
xyntrix commented Nov 11, 2016 edited

old 2.6.9 profile file:

DECK_BASE=/var/lib/rundeck
export RDECK_BASE
JAVA_CMD=java
RUNDECK_TEMPDIR=/tmp/rundeck
RDECK_HTTP_PORT=4440
RDECK_HTTPS_PORT=4443
#
# If JAVA_HOME is set, then add it to home and set JAVA_CMD to use the version specified in that
# path.  JAVA_HOME can be set in the rundeck profile.  Or set in this file.
#JAVA_HOME=<path/to/JDK or JRE/install>
if [ ! -z $JAVA_HOME ]; then
    PATH=$PATH:$JAVA_HOME/bin
    export PATH
    JAVA_CMD=$JAVA_HOME/bin/java
fi
export CLI_CP=$(find /var/lib/rundeck/cli -name \*.jar -printf %p:)
export BOOTSTRAP_CP=$(find /var/lib/rundeck/bootstrap -name \*.jar -printf %p:)
export RDECK_JVM="-Djava.security.auth.login.config=/etc/rundeck/jaas-ldap.conf \
    -Dloginmodule.name=ldap \
    -Drdeck.config=/etc/rundeck \
    -Drdeck.base=/var/lib/rundeck \
    -Drundeck.server.configDir=/etc/rundeck \
    -Dserver.datastore.path=/var/lib/rundeck/data \
    -Drundeck.server.serverDir=/var/lib/rundeck \
    -Drdeck.projects=/var/rundeck/projects \
    -Drdeck.runlogs=/var/lib/rundeck/logs \
    -Drundeck.config.location=/etc/rundeck/rundeck-config.properties \
    -Djava.io.tmpdir=$RUNDECK_TEMPDIR"
#
# Set min/max heap size
#
RDECK_JVM="$RDECK_JVM -Xmx8192m -Xms2048m -XX:MaxPermSize=256m -Dcom.sun.management.jmxremote -server"
#
# SSL Configuration - Uncomment the following to enable.  Check SSL.properties for details.
#
#export RDECK_JVM="$RDECK_JVM -Drundeck.ssl.config=/etc/rundeck/ssl/ssl.properties -Dserver.https.port=${RDECK_HTTPS_PORT}"
export RDECK_SSL_OPTS="-Djavax.net.ssl.trustStore=/etc/rundeck/ssl/truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol"
if test -t 0 -a -z "$RUNDECK_CLI_TERSE"
then
  RUNDECK_CLI_TERSE=true
  export RUNDECK_CLI_TERSE
fi
if test -n "$JRE_HOME"
then
   unset JRE_HOME
fi
umask 002

new 2.6.10 profile:

RDECK_INSTALL="${RDECK_INSTALL:-/var/lib/rundeck}"
RDECK_BASE="${RDECK_BASE:-/var/lib/rundeck}"
RDECK_CONFIG="${RDECK_CONFIG:-/etc/rundeck}"
RDECK_SERVER_BASE="${RDECK_SERVER_BASE:-$RDECK_BASE}"
RDECK_SERVER_CONFIG="${RDECK_SERVER_CONFIG:-$RDECK_CONFIG}"
RDECK_SERVER_DATA="${RDECK_SERVER_DATA:-$RDECK_BASE/data}"
RDECK_PROJECTS="${RDECK_PROJECTS:-$RDECK_BASE/projects}"
RUNDECK_TEMPDIR="${RUNDECK_TEMPDIR:-/tmp/rundeck}"
RUNDECK_WORKDIR="${RUNDECK_TEMPDIR:-$RDECK_BASE/work}"
RUNDECK_LOGDIR="${RUNDECK_LOGDIR:-$RDECK_BASE/logs}"
RDECK_JVM_SETTINGS="${RDECK_JVM_SETTINGS:- -Xmx1024m -Xms256m -XX:MaxPermSize=256m -server}"
RDECK_TRUSTSTORE_FILE="${RDECK_TRUSTSTORE_FILE:-$RDECK_CONFIG/ssl/truststore}"
RDECK_TRUSTSTORE_TYPE="${RDECK_TRUSTSTORE_TYPE:-jks}"
JAAS_CONF="${JAAS_CONF:-$RDECK_CONFIG/jaas-loginmodule.conf}"
LOGIN_MODULE="${LOGIN_MODULE:-RDpropertyfilelogin}"
RDECK_HTTP_PORT=${RDECK_HTTP_PORT:-4440}
RDECK_HTTPS_PORT=${RDECK_HTTP_PORT:-4443}


# If no JAVA_CMD, try to find it in $JAVA_HOME
if [ -z "$JAVA_CMD" ] && [ -n "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ] ; then
  JAVA_CMD=$JAVA_HOME/bin/java
  PATH=$PATH:$JAVA_HOME/bin
  export JAVA_HOME
elif [ -z "$JAVA_CMD" ] ; then
  JAVA_CMD=java
fi

# build classpath without lone : that includes .
for jar in $(find $RDECK_INSTALL/cli -name '*.jar') ; do
  CLI_CP=${CLI_CP:+$CLI_CP:}$jar
done
for jar in $(find $RDECK_INSTALL/bootstrap -name '*.jar') ; do
  BOOTSTRAP_CP=${BOOTSTRAP_CP:+$BOOTSTRAP_CP:}$jar
done

RDECK_JVM="-Djava.security.auth.login.config=$JAAS_CONF \
           -Dloginmodule.name=$LOGIN_MODULE \
           -Drdeck.config=$RDECK_CONFIG \
           -Drundeck.server.configDir=$RDECK_SERVER_CONFIG \
           -Dserver.datastore.path=$RDECK_SERVER_DATA/rundeck \
           -Drundeck.server.serverDir=$RDECK_INSTALL \
           -Drdeck.projects=$RDECK_PROJECTS \
           -Drdeck.runlogs=$RUNDECK_LOGDIR \
           -Drundeck.config.location=$RDECK_CONFIG/rundeck-config.properties \
           -Djava.io.tmpdir=$RUNDECK_TEMPDIR \
           -Drundeck.server.workDir=$RUNDECK_WORKDIR \
           -Dserver.http.port=$RDECK_HTTP_PORT"
#
# Set min/max heap size
#
RDECK_JVM="$RDECK_JVM $RDECK_JVM_SETTINGS"
#
# SSL Configuration - Uncomment the following to enable.  Check SSL.properties for details.
#
if [ -n "$RUNDECK_WITH_SSL" ] ; then
  RDECK_JVM="$RDECK_JVM -Drundeck.ssl.config=$RDECK_SERVER_CONFIG/ssl.properties -Dserver.https.port=${RDECK_HTTPS_PORT}"
  RDECK_SSL_OPTS="${RDECK_SSL_OPTS:- -Djavax.net.ssl.trustStore=$RDECK_TRUSTSTORE_FILE -Djavax.net.ssl.trustStoreType=$RDECK_TRUSTSTORE_TYPE -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol}"
fi

if [ -t 0 ] && [ -z "$RUNDECK_CLI_TERSE" ] ; then
  RUNDECK_CLI_TERSE=true
  export RUNDECK_CLI_TERSE
fi

unset JRE_HOME

umask 002

rundeckd="$JAVA_CMD $RDECK_JVM $RDECK_JVM_OPTS -cp $BOOTSTRAP_CP com.dtolabs.rundeck.RunServer $RDECK_BASE"
@willemdh
willemdh commented Nov 11, 2016 edited

As my fw blocked my yum update I had to do localinstall. No /etc/rundeck/profile.rpmnew was created. After replacing the old config with your new config you posted, I was able to get the rundeckd service started.

The service is started, but I'm not able to get the webservice running. My log syays:

2016-11-11 20:38:08.363:INFO:oejs.Server:jetty-7.6.0.v20120127
2016-11-11 20:38:10.980:INFO:oejw.StandardDescriptorProcessor:NO JSP Support for /, did not find org.apache.jasper.servlet.JspServlet
2016-11-11 20:38:12.152:INFO:/:Initializing Spring root WebApplicationContext
INFO  BootStrap: Starting Rundeck 2.6.10-1 (2016-11-10) ...
INFO  BootStrap: using rdeck.base config property: /var/lib/rundeck
INFO  BootStrap: loaded configuration: /etc/rundeck/framework.properties
INFO  BootStrap: RSS feeds disabled
INFO  BootStrap: Preauthentication is disabled
INFO  BootStrap: Rundeck is ACTIVE: executions can be run.
INFO  BootStrap: Rundeck startup finished in 1581ms
2016-11-11 20:38:31.585:INFO:oejsh.ContextHandler:started o.e.j.w.WebAppContext{/,file:/var/lib/rundeck/exp/webapp/},/var/lib/rundeck/exp/webapp
2016-11-11 20:38:31.678:INFO:/:Initializing Spring FrameworkServlet 'grails'
2016-11-11 20:38:31.833:INFO:oejus.SslContextFactory:Enabled Protocols [SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2] of [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]
2016-11-11 20:38:31.855:INFO:oejs.AbstractConnector:Started SslSelectChannelConnector@0.0.0.0:4440
INFO  ScheduledExecutionService: creating trigger with crontab expression: 0 00 13 ? * FRI *

But my url gives an ERR_CONNECTION_REFUSED.

Found my problem. In stead of

RDECK_HTTPS_PORT=${RDECK_HTTP_PORT:-4443}
I set
RDECK_HTTPS_PORT=4443

@willemdh
willemdh commented Nov 11, 2016 edited

My AD integration seem also broken. The security roles were deleted from the
/var/lib/rundeck/exp/webapp/WEB-INF/web.xml
again, just as the last update. I re-added them and configured
JAAS_CONF="/etc/rundeck/jaas-MultiAuth.conf"

But I get this when I try to log in:

2016-11-11 21:02:16.694:WARN:oejpj.JAASLoginService:
javax.security.auth.login.LoginException: No LoginModules configured for RDpropertyfilelogin
        at javax.security.auth.login.LoginContext.init(LoginContext.java:272)
        at javax.security.auth.login.LoginContext.<init>(LoginContext.java:389)
        at javax.security.auth.login.LoginContext.<init>(LoginContext.java:466)
        at org.eclipse.jetty.plus.jaas.JAASLoginService.login(JAASLoginService.java:215)
        at org.eclipse.jetty.security.authentication.FormAuthenticator.validateRequest(FormAuthenticator.java:183)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:456)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:227)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1031)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:186)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:965)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111)
        at org.eclipse.jetty.server.Server.handle(Server.java:349)
        at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:449)
        at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:925)
        at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:857)
        at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
        at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:76)
        at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:191)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:609)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:45)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:599)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:534)
        at java.lang.Thread.run(Thread.java:745)
2016-11-11 21:02:34.549:WARN:oejpj.JAASLoginService:
MultiAuth {

com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule sufficient
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
providerUrl="ldap://adserver:389"
bindDn="<hiddendn>"
bindPassword="<hiddenpw>"
authenticationMethod="simple"
forceBindingLogin="true"
userBaseDn="<hiddendn>"
userRdnAttribute="sAMAccountName"
userIdAttribute="sAMAccountName"
userPasswordAttribute="unicodePwd"
userObjectClass="user"
roleBaseDn="<hiddendn>"
roleNameAttribute="cn"
roleMemberAttribute="member"
roleObjectClass="group"
cacheDurationMillis="300000"
reportStatistics="true";

org.eclipse.jetty.plus.jaas.spi.PropertyFileLoginModule required
debug="true"
file="/etc/rundeck/realm.properties";
};

I'm able to log in with admin, but not with my ad account. When I try to log the log gives me this error:

2016-11-11 21:29:32.816:WARN:oejpj.JAASLoginService:
javax.security.auth.login.LoginException: java.lang.NullPointerException|?at org.eclipse.jetty.plus.jaas.spi.AbstractLoginModule.logout(AbstractLoginModule.java:260)|?at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)|?at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)|?at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)|?at java.lang.reflect.Method.invoke(Method.java:606)|?at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)|?at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)|?at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)|?at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)|?at java.security.AccessController.doPrivileged(Native Method)|?at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)|?at javax.security.auth.login.LoginContext.logout(LoginContext.java:636)|?at org.eclipse.jetty.plus.jaas.JAASLoginService.logout(JAASLoginService.java:274)|?at org.eclipse.jetty.security.SecurityHandler.logout(SecurityHandler.java:561)|?at org.eclipse.jetty.security.authentication.SessionAuthentication.doLogout(SessionAuthentication.java:103)|?at org.eclipse.jetty.security.authentication.SessionAuthentication.valueUnbound(SessionAuthentication.java:130)|?at org.eclipse.jetty.server.session.AbstractSession.unbindValue(AbstractSession.java:489)|?at org.eclipse.jetty.server.session.AbstractSession.setAttribute(AbstractSession.java:415)|?at org.eclipse.jetty.security.authentication.FormAuthenticator.validateRequest(FormAuthenticator.java:205)|?at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:456)|?at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:227)|?at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1031)|?at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)|?at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:186)|?at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:965)|?at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)|?at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111)|?at org.eclipse.jetty.server.Server.handle(Server.java:349)|?at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:449)|?at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:925)|?at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:857)|?at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)|?at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:76)|?at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:191)|?at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:609)|?at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:45)|?at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:599)|?at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:534)|?at java.lang.Thread.run(Thread.java:745)|
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:864)
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
        at javax.security.auth.login.LoginContext.logout(LoginContext.java:636)
        at org.eclipse.jetty.plus.jaas.JAASLoginService.logout(JAASLoginService.java:274)
        at org.eclipse.jetty.security.SecurityHandler.logout(SecurityHandler.java:561)
        at org.eclipse.jetty.security.authentication.SessionAuthentication.doLogout(SessionAuthentication.java:103)
        at org.eclipse.jetty.security.authentication.SessionAuthentication.valueUnbound(SessionAuthentication.java:130)
        at org.eclipse.jetty.server.session.AbstractSession.unbindValue(AbstractSession.java:489)
        at org.eclipse.jetty.server.session.AbstractSession.setAttribute(AbstractSession.java:415)
        at org.eclipse.jetty.security.authentication.FormAuthenticator.validateRequest(FormAuthenticator.java:205)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:456)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:227)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1031)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:186)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:965)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111)
        at org.eclipse.jetty.server.Server.handle(Server.java:349)
        at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:449)
        at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:925)
        at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:857)
        at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
        at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:76)
        at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:191)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:609)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:45)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:599)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:534)
        at java.lang.Thread.run(Thread.java:745)
@gschueler
Contributor

make sure your login module name matches the one you defined in your jaas config. it is looking for the default "RDpropertyfilelogin".

This is the relevant line from /etc/rundeck/profile:

LOGIN_MODULE="${LOGIN_MODULE:-RDpropertyfilelogin}"
@willemdh

Hey Greg,

I just restored my snapshot. But I set JAAS_CONF="/etc/rundeck/jaas-MultiAuth.conf" and LOGIN_MODULE="MultiAuth"

Grtz

@willemdh

Good news! Just retried the upgrade and kept the original file. I found which missing info is the reason the rundeckd cannot be started:

rundeckd="$JAVA_CMD $RDECK_JVM $RDECK_JVM_OPTS -cp $BOOTSTRAP_CP com.dtolabs.rundeck.RunServer $RDECK_BASE"

I was also able to get ad authentication working. I think I restored the web.xml from a backup. A diff between the old and hte new shows more changes then only the omitted user roles...

<       <display-name>/rundeck-production-2.6.9</display-name>
---
>       <display-name>/rundeck-production-2.6.10</display-name>
9c9
<               <param-value>rundeck-production-2.6.9</param-value>
---
>               <param-value>rundeck-production-2.6.10</param-value>
26,37d25
         <security-role>
                 <role-name>ad-group</role-name>
         </security-role>
         <security-role>
                 <role-name>ad-group</role-name>
         </security-role>
         <security-role>
                 <role-name>ad-group</role-name>
         </security-role>
         <security-role>
                 <role-name>ad-group</role-name>
         </security-role>
147c135
<               <filter-class>asset.pipeline.AssetPipelineFilter</filter-class>
---
>               <filter-class>asset.pipeline.grails.AssetPipelineFilter</filter-class>

@xyntrix Try making use of the original profile, edit web.xml with your security roles, restart rundeckd and let us know if you also manage to make it work :)

For convenience, this is my full working profile atm:

RDECK_INSTALL="${RDECK_INSTALL:-/var/lib/rundeck}"
RDECK_BASE=="${RDECK_INSTALL:-/var/lib/rundeck}"
RDECK_BASE="${RDECK_BASE:-/var/lib/rundeck}"
RDECK_CONFIG="${RDECK_CONFIG:-/etc/rundeck}"
RDECK_SERVER_BASE="${RDECK_SERVER_BASE:-$RDECK_BASE}"
RDECK_SERVER_CONFIG="${RDECK_SERVER_CONFIG:-$RDECK_CONFIG}"
RDECK_SERVER_DATA="${RDECK_SERVER_DATA:-$RDECK_BASE/data}"
RDECK_PROJECTS="${RDECK_PROJECTS:-$RDECK_BASE/projects}"
RUNDECK_TEMPDIR="${RUNDECK_TEMPDIR:-/tmp/rundeck}"
RUNDECK_WORKDIR="${RUNDECK_TEMPDIR:-$RDECK_BASE/work}"
RUNDECK_LOGDIR="${RUNDECK_LOGDIR:-$RDECK_BASE/logs}"
RDECK_JVM_SETTINGS="${RDECK_JVM_SETTINGS:- -Xmx1024m -Xms256m -XX:MaxPermSize=256m -server}"
RDECK_TRUSTSTORE_FILE="${RDECK_TRUSTSTORE_FILE:-$RDECK_CONFIG/ssl/truststore}"
RDECK_TRUSTSTORE_TYPE="${RDECK_TRUSTSTORE_TYPE:-jks}"
JAAS_CONF="${JAAS_CONF:-$RDECK_CONFIG/jaas-MultiAuth.conf}"
LOGIN_MODULE="${LOGIN_MODULE:-RDpropertyfilelogin}"
RDECK_HTTP_PORT=${RDECK_HTTP_PORT:-4440}
RDECK_HTTPS_PORT=4443

if [ -z "$JAVA_CMD" ] && [ -n "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ] ; then
  JAVA_CMD=$JAVA_HOME/bin/java
  PATH=$PATH:$JAVA_HOME/bin
  export JAVA_HOME
elif [ -z "$JAVA_CMD" ] ; then
  JAVA_CMD=java
fi

for jar in $(find $RDECK_INSTALL/cli -name '*.jar') ; do
  CLI_CP=${CLI_CP:+$CLI_CP:}$jar
done
for jar in $(find $RDECK_INSTALL/bootstrap -name '*.jar') ; do
  BOOTSTRAP_CP=${BOOTSTRAP_CP:+$BOOTSTRAP_CP:}$jar
done

RDECK_JVM="-Djava.security.auth.login.config=/etc/rundeck/jaas-MultiAuth.conf \
        -Dloginmodule.name=MultiAuth \
        -Drdeck.config=/etc/rundeck \
        -Drdeck.base=/var/lib/rundeck \
        -Drundeck.server.configDir=/etc/rundeck \
        -Dserver.datastore.path=/var/lib/rundeck/data \
        -Drundeck.server.serverDir=/var/lib/rundeck \
        -Drdeck.projects=/var/rundeck/projects \
        -Drdeck.runlogs=/var/lib/rundeck/logs \
        -Drundeck.config.location=/etc/rundeck/rundeck-config.properties \
        -Djava.io.tmpdir=$RUNDECK_TEMPDIR"

RDECK_JVM="$RDECK_JVM $RDECK_JVM_SETTINGS"
RDECK_JVM="$RDECK_JVM -Drundeck.ssl.config=/etc/rundeck/ssl/ssl.properties -Dserver.https.port=${RDECK_HTTPS_PORT}"
RDECK_SSL_OPTS="-Djavax.net.ssl.trustStore=/etc/rundeck/ssl/truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol"

if test -t 0 -a -z "$RUNDECK_CLI_TERSE" ; then
  RUNDECK_CLI_TERSE=true
  export RUNDECK_CLI_TERSE
fi

unset JRE_HOME

umask 002

rundeckd="$JAVA_CMD $RDECK_JVM $RDECK_JVM_OPTS -cp $BOOTSTRAP_CP com.dtolabs.rundeck.RunServer $RDECK_BASE"

Grtz
Willem

@grafjo
Contributor
grafjo commented Nov 12, 2016

Hi guys,

just a small note how i got my rundeck up and running again.

my setup:

[root@localhost rundeck]# rpm -qa| grep rundeck
rundeck-config-2.6.10-1.22.GA.noarch
rundeck-2.6.10-1.22.GA.noarch
[root@localhost rundeck]# cat /etc/*release
CentOS Linux release 7.2.1511 (Core) 
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

CentOS Linux release 7.2.1511 (Core) 
CentOS Linux release 7.2.1511 (Core) 
[root@localhost rundeck]# 
  • I replaced the /etc/rundeck/profile with /etc/rundeck/profile.rpmnew
  • in the new profile file, i changed -Drundeck.config.location=$RDECK_CONFIG/rundeck-config.properties -> -Drundeck.config.location=$RDECK_CONFIG/rundeck-config.groovy
  • deleted /etc/rundeck/rundeck-config.properties
  • start rundeckd again
@grafjo grafjo referenced this issue in voxpupuli/puppet-rundeck Nov 12, 2016
Closed

/etc/rundeck/profile format changed with rundeck-2.6.10 #284

@willemdh

@grafjo Tx for posting your config. Can I ask why you are using rundeck-config.groovy instead of rundeck-config.properties? I don't even have the rundeck-config.groovy in my install.

@grafjo
Contributor
grafjo commented Nov 13, 2016

@willemdh the puppet module voxpupuli/puppet-rundeck is using the groovy based config file

@fbacchella

For the RDECK_HTTPS_PORT, the fix is in pull request #2169.

@gschueler gschueler modified the milestone: 2.6.x Nov 14, 2016
@gschueler
Contributor

sorry for this install issue. I think for 2.6 we should revert the profile changes to make sure 2.6.x upgrades are clean. For 2.7 we can move forward with the new changes allowing use of /etc/sysconfig/rundeckd overrides

@talenhao

I can't start rundeck service before I copy profile.rpmnew to replace profile.
Now it seems OK.

@gschueler
Contributor

profile changes for 2.6 reverted in d7f17a9

@gschueler gschueler closed this Nov 15, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment