Skip to content
Greg Schueler edited this page Jul 30, 2019 · 12 revisions

FAQ

Table of Contents

General

What is Rundeck?

Rundeck is cross-platform open source software that helps you automate ad-hoc and routine procedures in data center or cloud environments. Rundeck allows you to run tasks on any number of nodes from a web-based or command-line interface. Rundeck also includes other features that make it easy to scale up your scripting efforts including: access control, workflow building, scheduling, logging, and integration with external sources for node and option data.

Licensing and Pricing

Rundeck software is free and completely open source. It’s licensed under the terms of the Apache 2.0. Download it. Try it. Use it. If you find value in it and would like to actively participate in the project, introduce yourself on the mailing list or the IRC channel.

Where do I log bugs?

Bugs are tracked on Github Issues.

Where is the mailing list?

Post messages to google groups: http://groups.google.com/group/rundeck-discuss

Where is the IRC channel?

At irc.freenode.net #rundeck

You can see the irc logs here: http://irclog.rundeck.org

Where do I download development builds?

Download a development build from our jenkins-ci instance here: [[http://build.rundeck.org]]

Rundeck has a few goals of its own:

  • Firstly, we want to create an easy way to define routine sequences as "Job workflows" as a basis for runbook automation solutions.

  • Secondly, enable the integration of node and environment metadata sources as Rundeck "resource model providers". In this way, Rundeck can use Puppet or Chef node data to drive remote execution.

  • Thirdly, evolve role-based access control definitions into a high level DSL that ties privilege level to resource model and workflow actions

  • Lastly, to develop Rundeck into a plugin system supporting the concept of "dispatch providers" to delegate to tools like mcollective, knife, func, fabric, PsExec and others for cross tool execution.

Ultimately, we want to create a tool that is simple to use for the end user of the automated process yet be flexible enough to complement existing tool chains.

How is it different from Jenkins?

For more information see a recent article posted on Rundeck.org: Jenkins is for development, Rundeck is for operations.

Rundeck is not a continuous integration server, and Jenkins is not an ops console. At a high level, Rundeck shares some features with Jenkins since both are able to provide a self serve job interface to automate routine procedures. Rundeck and Jenkins are also able to execute shell scripts on remote nodes to facilitate deployment tasks.

They are complementary tools, and it really comes down to use case. Rundeck is meant as job console for the operations group and is geared to work with that ecosystem of tools.

The jenkins rundeck-plugin provides a two-way bridge between Jenkins and Rundeck, and demonstrates how complimentary the two tools are in a continuous deployment tool chain. Jenkins can handle the build end of the CI loop and triggering Rundeck to provide distributed orchestration across the deployment management tool chain. Rundeck can also trigger Jenkins builds if desired, and pull build artifact information from Jenkins to use as input to Job executions.

Interoperability

Is Rundeck cross-platform?

We’re designing Rundeck to work on unix flavors and windows. This assumes the commands you execute can run on the targeted host.

What operating systems does Rundeck run on?

Currently, we test on Linux (Redhat, Centos, Ubuntu), Solaris x86, MacOSX. It should work on BSD. We have have recently begun testing on Windows.

Security

Can I use SSL?

Yes, Rundeck server can be configured to use SSL. Consult the Security section in the manual. http://rundeck.org/docs/administration/configuring-ssl.html

Can I do SSL offloading?

Yes, If you have load balancer or reverse proxy, you can let them handle SSL and just do http between them and Rundeck servers:

  • Set up Rundeck as http

  • in profile file, add option -Drundeck.jetty.connector.forwarded=true to RDECK_JVM

  • Set framework.rundeck.url and grails.serverURL to use https

Can I integrate to LDAP/ActiveDirectory?

Yes, Rundeck can be configured to authenticate to an LDAP directory service. See http://rundeck.org/docs/administration/authenticating-users.html#active-directory.

I get an error logging in: HTTP ERROR 403 …​ Reason: !role

HTTP ERROR 403 Problem accessing /rundeck/. Reason: !role

The cause is that there is a "required role" which any user you wish to allow access to Rundeck must belong to. By default that role name is user (As of Rundeck 2.0 and earlier). The required role name must be manually changed if you want a different required role. (In future versions we plan to make this easier to configure, see Issue #590.)

To modify the required role name, edit the web.xml file:

  • RPM/debian install path: /var/lib/rundeck/exp/webapp/WEB-INF/web.xml

  • Jar/launcher: After running once or executing --installonly, modify the path $RDECK_BASE/server/exp/webapp/WEB-INF/web.xml

    • after modifying the file you must run the launcher jar with --skipinstall to avoid overwriting the file with the original value

Modify the section shown below and replace user with your own required role name:

<security-role>
    <role-name>user</role-name>
</security-role>

Enable TTY allocation for sudo

Your sudoers file might require a user to run sudo in a login shell (tty allocated). The built in (jsch-based) SSH plugin allocates a TTY if secondary sudo password authentication is set.

What uses framework.server.username/password?

These properties are configured in framework.properties configuration file.

Only the CLI tools use these properties to login to rundeck to perform actions for the configured user. The configured user must be allowed to perform the CLI tool actions. Generally, this means it’s a user in the 'admin' group with appropriate ACL policy.

Note, the CLI tools will eventually be refactored to negate this need.

How can I debug LDAP authentication?

You can enable debug for the JettyCachingLdapLoginModule, by setting this java system property: -Dcom.dtolabs.rundeck.jetty.jaas.LEVEL=DEBUG before starting the server.

Technical

Where are 3rd party resource model providers?

How do I configure multiple authentication mechanisms?

You can use multiple JAAS loginmodule configurations within a single named JAAS configuration. See Multiple Authentication Modules

How do I configure a SMTP server for email notifications?

You can add configuration to the Rundeck-config.properties file, using the config settings shown under the Grails Mail Plugin "Configuration" section.

Since the default rundeck config file is Java ".properties" format, you will either have to flatten the config hierarchy shown in that document .e.g "grails.mail.host=hostname", or convert your Rundeck config file to Groovy format, and specify the right config file location at Rundeck startup.

How do I convert my Rundeck config file to groovy?

The groovy format is a java-like language, and it is not the same as properties. You can either use nested values using curly brackets, or use dot-notation "a.b.c", but since it is not simple text properties, strings have to be quoted.

E.g. : a.b.c="blah" is the same as:

a{
    b{
        c="blah"
    }
}

Also, make sure you put quotes around all string values, but it is not necessary for true/false or numbers.

#java properties format
some.property=value

//groovy format:
some.property="value"

How do I Specify a new config file location?

For the launcher, place the file in the $BASEDIR/server/config dir, and specify -Drundeck.config.name=rundeck-config.groovy when you run the launcher.

For the rpm/deb, specify a -Drundeck.config.location=/path/to/rundeck-config.groovy in the /etc/rundeck/profile JVM arguments. Or if you are using just the war file, put that in the $CATALINA_OPTS if you are deploying the war to Tomcat for example.

I see an IOException with a stacktrace coming from java.io.File.createTempFile

This probably means that your Java Temporary Directory location is unset, or pointing at directory that doesn’t exist, or does not have appropriate permission for Rundeck to modify.

How do I specify a new temp directory for Rundeck?

The default for RPM/DEB is /tmp/rundeck, if it doesn’t exist or does not have permissions, you may encounter errors.

If you are using the launcher, you will need to add -Djava.io.tmpdir=/path/to/dir to your Java system properties when you start the server.

If you installed with the RPM package, modify the /etc/sysconfig/rundeckd file, and if you installed with the DEB package, modify the /etc/default/rundeckd file and add:

export RUNDECK_TEMPDIR=/tmp/rundeck

Why do I get redirected to localhost / why do I have to log in twice?

You need to set the grails.serverURL property in your rundeck-config.properties file to specify a fully qualified domain name for your server.

Rundeck uses that URL as the base URL for redirects, so you need to change it from localhost after installation. (Related issue #1049)

How do I change the default session timeout duration?

For Rundeck 3:

Use config property server.session.timeout.

For Rundeck 2:

  1. edit /var/lib/rundeck/exp/webapp/WEB-INF/web.xml (change path depending on you Rundeck install)

  2. find <session-config>

  3. raise the timeout:

    <session-config>
            <session-timeout>43200</session-timeout>
    </session-config>

Why is my PATH or other shell initialization not working?

If you are executing commands to remote nodes that use bash as the login shell, you might not be getting the shell environment you see when logging in interactively. This is because remote commands create a non-interactive shell session.

To illustrate add the following line to your .bash_profile and .bashrc files for a remote user to test.

echo "Reading $BASH_SOURCE"

Next, login as a remote user:

user@rd ~ $ ssh test@centos7
Last login: Fri Jan 12 16:24:26 2018 from linuxmint
Reading .bash_profile

Notice the .bash_profile is read. Now log out.

[test@centos7 ~]$ exit
logout
Connection to centos7 closed.

This time execute a remote command rather than logging in:

user@rd ~ $ ssh -i /home testcentos7 umask
Reading .bashrc
0002

This time .bashrc file is read.

So to summarize:

  • For interactive ssh, it will read .bash_profile

  • For non-interactive ssh, will read .bashrc

Rundeck remote command steps result in a non-interactive shell.

You can check this useful link also, Invocation section: https://linux.die.net/man/1/bash

You can’t perform that action at this time.