Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

loginmodule unnecessary overwritten in Docker instance ignoring file #4430

Closed
aparedero opened this issue Jan 28, 2019 · 2 comments

Comments

@aparedero
Copy link

commented Jan 28, 2019

Describe the bug
Definition of loginmodule.name is unnecesary overwritten via command line with "rundeck" policy, ignoring the default name RDpropertyfilelogin in configuration file

My Rundeck detail

  • Rundeck version: 3.0.12
  • install type: Docker
  • OS Name/version: ubuntu 16.04
  • DB Type/version: [choose: mysql, postgres, mssql, oracle, ... ]

To Reproduce
Steps to reproduce the behavior:

  1. execute ps aux | fold
rundeck      1 11.9 26.5 11724468 2069676 ?    Ssl  14:59   1:24 java -XX:+Unloc
kExperimentalVMOptions -XX:MaxRAMFraction=1 -XX:+UseCGroupMemoryLimitForHeap -Dl
oginmodule.conf.name=jaas-loginmodule.conf -Dloginmodule.name=rundeck -Drundeck.
jaaslogin=true -Drundeck.jetty.connector.forwarded=false -jar rundeck.war
  1. execute cat ~/server/config$ cat rundeck-config.properties | grep loginmodule
loginmodule.name=RDpropertyfilelogin

In step 1 we can see -Dloginmodule.name=rundeck , also the file jaas-loginmodule.conf is different from .deb installation because is overwritten with a too many blank lines followed by a "rundeck" with an small policy.

Would not it be more logical to follow the same structure as the .deb installation mantaining the name RDpropertyfilelogin and using configuration files?

Expected behavior
All configuration files properties were being used without overwriting via command line.

@ProTip

This comment has been minimized.

Copy link
Contributor

commented Jan 30, 2019

Hi @aparedero ,

Thank you for bringing this to our attention. The settings in the entry.sh are correct as the rundeck-config.properties setting is incorrect and should be removed. If you wish to override this setting for now, you can pass an override through to the JVM via the docker command: docker run rundeck/rundeck:3.0.13 -Dloginmodule.name=rundeck. We may move this out into an environment variable in the future.

The configuration strategy for the Docker image is largely unrelated to the deb and rpm packages. In order to have an image that is configurable in a familiar way, through environment variables, most all of the configuration files are generated from templates here: https://github.com/rundeck/rundeck/tree/master/docker/official/remco/templates

This includes the JAAS module which can configured in many of the most common ways as shown here:
https://github.com/rundeck/docker-zoo/blob/master/ldap-combined/docker-compose.yml#L11

The module name of rundeck was used as RDpropertyfilelogin is overly specific and potentially inaccurate for how that block can be configured.

Due to the way the configuration files are generated, there are certain to be small differences in formatting and other between the Docker image and other installation methods.

Cheers,
-ProTip

@aparedero

This comment has been minimized.

Copy link
Author

commented Jan 31, 2019

@ProTip I adapted your image with Helm and Kubernetes so the correct way for sending additional arguments is as follows:

[...]
        image: {{ .Values.rundeck.image }}:{{ .Values.rundeck.tag }}
        args: ["-Dloginmodule.name=rundeck"]
[...]

I agree the files are not being used in docker image should be removed in order to to prevent confusions

ProTip added a commit that referenced this issue Feb 5, 2019

@ProTip ProTip added this to the 3.0.14 milestone Feb 5, 2019

@ProTip ProTip closed this in #4452 Feb 5, 2019

ProTip added a commit that referenced this issue Feb 5, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.