Skip to content

Latest commit

 

History

History
80 lines (68 loc) · 5.72 KB

README.md

File metadata and controls

80 lines (68 loc) · 5.72 KB
Raw

Ansible Rundeck Role

This is an Ansible role to install, configure and ensure sure rundeck is running. Feedback, bug-reports, requests are welcomed and can be done via github issues.

Execution Requirements

  • Tested on Mac OS X with Ansible 2.0.

Role Variables

The following variables can be overridden:

  • rundeck_protocol: Defaults to http but should be set to the protocol the web application with accessed by.
  • rundeck_domain: Defaults to localhost:4440 but should be set to the host name web application with accessed by.
  • rundeck_database_type: Defaults to hsqldb but can be set to postgresql or mysql to use those databases. Users and databases are not automatically created.
  • rundeck_database_host: Defaults to localhost and only needs to be set if using an externally hosted database.
  • rundeck_database_port: Defaults to None and must be set if using a different database than the default hsqldb.
  • rundeck_database_name: Defaults to rundeck but allows you to use a different rundeck database name.
  • rundeck_database_user: Defaults to rundeck but allows you to use a different username to accesses the rundeck database.
  • rundeck_database_pass: Defaults to rundeck but allows you to use a different password for the user access to the rundeck database.
  • rundeck_users: A list of dictionaries of name, password (hashed) and a list of roles (One must be an admin). If empty the default admin is not removed.
  • rundeck_plugins: A list of plugin urls that are downloaded and installed into the rundeck libext, default is none.
  • rundeck_extra_bootstrap: A list of extra jar urls that are downloaded and installed into the rundeck bootstrap, default is none.
  • rundeck_generate_ssh: Automatically generate ssh key, defgault True set to False to stop this action.
  • rundeck_ldap: Determine if LDAP authentication should be used, overrides rundeck_users. Default is False. The LDAP server must a user group to privde access to rundeck web interface.
  • rundeck_ldap_url: The location of the LDAP server, i.e. ldap://localhost:389
  • rundeck_ldap_bind_user: The DN to access the LDAP server, i.e. cn=Manager,dc=example,dc=com
  • rundeck_ldap_bind_pass: The DN user password o access the LDAP server, secrent
  • rundeck_ldap_user_dn: The DN of the users, i.e. ou=People,dc=test1,dc=example,dc=com
  • rundeck_ldap_user_rdn_attr: The attribute that identifies the username, i.e. uid
  • rundeck_ldap_user_id_attr: The attribute that identifies the username, i.e. uid
  • rundeck_ldap_bindinglogin: Default: false. If true, bind as the user that is authenticating, otherwise bind as the manager and perform a search to verify user password
  • rundeck_ldap_user_pass_attr: The attribute that identifies the user password, i.e. userPassword
  • rundeck_ldap_user_filter: The objectClass that is used to find user, i.e. account
  • rundeck_ldap_role_dn: The DN of the roles, i.e. ou=Groups,dc=test1,dc=example,dc=com
  • rundeck_ldap_role_name_attr: The attribute name of the role, i.e. cn
  • rundeck_ldap_role_username_attr: This overrides the rundeck_ldap_role_member_attr determine user membership of roles, i.e. uid
  • rundeck_ldap_role_member_attr: Used to determine user membership of roles, i.e. member
  • rundeck_ldap_role_filter: The objectClass that is used to find role, i.e. groupOfNames
  • rundeck_ldap_netsted_groups: Default: false. If true, will resolve all nested groups for authenticated users
  • rundeck_ldap_debug: Default: false. Enable/Disable ldap debuging
  • rundeck_crowd: Default: False. Determine if Atlassian Crowd authentication should be used, overrides rundeck_users
  • rundeck_crowd_jaas_jars: List of URL to get Crowd JAAS jars from
  • rundeck_crowd_name: Default: 'RunDeck'. Application name to access Crowd
  • rundeck_crowd_pass: Default: 'secret'. Application password to access Crowd
  • rundeck_crowd_url: Default: 'http://localhost/crowd/'.
  • rundeck_crowd_maxconn: Default: 20. httpMaxConnections
  • rundeck_crowd_timeout: Default: 5000. httpTimeout
  • rundeck_crowd_proxy_host: Default: Undefined
  • rundeck_crowd_proxy_port: Default: Undefined
  • rundeck_crowd_proxy_username: Default: Undefined
  • rundeck_crowd_proxy_password: Default: Undefined
  • rundeck_crowd_debug: Default: False. Enable/Disable Crowd auth debugging

Dependencies

This role does not have a hard dependency on any other role to deploy but rundeck does require java to be installed (decoupled on the communities request). smola's ansible-java-role is a good choice with the following configuration:

  • Debian: Ensure java_packages has a debian java package in it, i.e. openjdk-7-jre-headless
  • RedHat: Ensure java_packages has a debian java package in it, i.e. java-1.7.0-openjdk, had to adjust role to include RedHat.yml in main.yml to work.

If you choose to use a database then please ensure it is installed before executing this role. The following roles have been used to create databases:

  • Ubuntu 12.04 & 14.04/PostgreSQL: postgresql
  • Centos 6.5 & 7.0/PostgreSQL: postgresql-on-el6 (with tweeks, watch this space for updates)

Testing

Please check changes using the vagrant boxes provided, i.e.:

cd tests/vagrant-centos65
vagrant up

To use PostgreSQL database, export the playbook first, i.e.:

export PLAYBOOK=postgresql_redhat_test.yml

License

Licensed under the MIT License. See the LICENSE file for details.