├── .gitignore ├── README.md ├── basic ├── .env.dist ├── README.md └── docker-compose.yml ├── cloud ├── .env.dist ├── .gitignore ├── Dockerfile ├── README.md ├── docker-compose.yml └── nginx │ └── nginx.conf ├── config ├── .env.dist ├── Dockerfile ├── README.md ├── docker-compose.yml └── remco │ ├── resources.d │ └── plugin-http-tours-framework.properties.toml │ └── templates │ └── plugin-http-tours-framework.properties ├── kubernetes ├── README.md ├── data │ └── admin-role.aclpolicy ├── minio-deployment.yaml ├── mysql-deployment.yaml ├── persistent-volumes.yaml └── rundeckpro-deployment.yaml ├── ldap-combined-localroles ├── README.md ├── docker-compose.yml ├── ldif │ └── 50-bootstrap.ldif └── realm.properties ├── ldap-combined ├── .env.dist ├── README.md ├── docker-compose.yml └── ldif │ └── 50-bootstrap.ldif ├── ldap ├── .env.dist ├── README.md ├── docker-compose.yml └── ldif │ └── 50-bootstrap.ldif ├── mysql ├── .env.dist ├── README.md └── docker-compose.yml ├── mysql8 ├── .env.dist ├── README.md └── docker-compose.yml ├── oraclexe ├── .env.dist ├── README.md ├── docker-compose.yml └── lib │ └── .gitignore ├── percona-xtradb ├── Makefile ├── README.md ├── config │ └── cluster-cert.cnf └── docker-compose.yml ├── postgres ├── .env.dist ├── Dockerfile ├── README.md └── docker-compose.yml ├── runner ├── .env.dist ├── README.md └── docker-compose.yml ├── simple-cluster ├── .env.dist ├── README.md ├── docker-compose.yml ├── nginx.conf └── rundeck-node │ └── Dockerfile └── sqlserver ├── .env.dist ├── README.md ├── docker-compose.yml └── sqlserver ├── Dockerfile ├── entrypoint.sh ├── import-data.sh └── setup.sql /.gitignore: -------------------------------------------------------------------------------- 1 | .env 2 | oracle/lib/ojdbc8.jar 3 | .idea 4 | .DS_Store 5 | /percona-xtradb/certs/ 6 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Rundeck Docker Zoo 2 | ================== 3 | 4 | Welcome to Rundeck's docker Zoo! Here we have many exhibits, both 5 | common _and_ exotic. 6 | 7 | These examples are great for trying out Rundeck in different setups, 8 | as well as a reference and starting place for your own deployments. 9 | 10 | ## Topics 11 | 12 | ### Authentication 13 | * [ldap](./ldap) 14 | * [ldap-combined](./ldap-combined) 15 | 16 | ### Extending Configuration 17 | * [config](./config) 18 | 19 | ### External Database Config 20 | * [mysql](./mysql) 21 | * [oraclexe](./oraclexe) 22 | * [postgres](./postgres) 23 | * [sqlserver](./sqlserver) 24 | 25 | ### Kubernetes 26 | * `Pro` [kubernetes](./kubernetes) 27 | 28 | ### Plugin Bundling 29 | * [cloud](./cloud) 30 | * [config](./config) 31 | 32 | ### Reverse Proxy 33 | * [cloud](./cloud) 34 | 35 | ### Runner 36 | * [runner](./runner) 37 | 38 | ## Conventions 39 | 40 | ### Config via `.env` 41 | Each docker-compose based exhibit has a `.env.dist` file that can be used to 42 | configure the example after being copied to `.env` . Some require it be populated 43 | and will call this out in the instructions. For all others it can be used to 44 | changed the Rundeck docker image and other various defaults. 45 | 46 | 47 | ### Rundeck Enterpise (fka Pro) images 48 | For each exhibit copy `.env.dist` to `.env` and uncomment the 49 | **pro** section. Provide the desired image and license file location: 50 | ```bash 51 | RUNDECK_IMAGE=rundeckpro/enterprise:SNAPSHOT 52 | RUNDECK_LICENSE_FILE=/path/to/rundeck-license.key 53 | ``` 54 | 55 | ### Updating/Changing Images 56 | For docker-compose without builds: 57 | ``` 58 | docker-compose down 59 | docker-compose pull 60 | ``` 61 | 62 | For docker-compose with builds: 63 | ``` 64 | docker-compose down 65 | docker-compose pull && docker-compose build --pull 66 | docker-compose up 67 | ``` 68 | 69 | ### Teardown 70 | To remove the setup including data volumes: 71 | ``` 72 | docker-compose down --volumes 73 | ``` 74 | -------------------------------------------------------------------------------- /basic/.env.dist: -------------------------------------------------------------------------------- 1 | ## Set enterprise options if applicable 2 | # RUNDECK_IMAGE=rundeckpro/enterprise:SNAPSHOT 3 | # RUNDECK_LICENSE_FILE= 4 | -------------------------------------------------------------------------------- /basic/README.md: -------------------------------------------------------------------------------- 1 | Basic Exhibit 2 | ============= 3 | 4 | Quickest way to get up and running with a persistent data volume. 5 | 6 | 7 | ### Startup 8 | ``` 9 | docker-compose up 10 | ``` 11 | 12 | ### Teardown 13 | ``` 14 | docker-compose down -v 15 | ``` -------------------------------------------------------------------------------- /basic/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | rundeck: 5 | image: ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT} 6 | tty: true 7 | volumes: 8 | - data:/home/rundeck/server/data 9 | - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key 10 | ports: 11 | - 4440:4440 12 | 13 | volumes: 14 | data: -------------------------------------------------------------------------------- /cloud/.env.dist: -------------------------------------------------------------------------------- 1 | ## Set pro options if applicable 2 | # RUNDECK_IMAGE=rundeckpro/team:SNAPSHOT 3 | # RUNDECK_LICENSE_FILE= 4 | 5 | AWS_CREDENTIALS= 6 | RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_BUCKET= 7 | RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_REGION= 8 | RUNDECK_STORAGE_PASSWORD= -------------------------------------------------------------------------------- /cloud/.gitignore: -------------------------------------------------------------------------------- 1 | libext 2 | -------------------------------------------------------------------------------- /cloud/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG RUNDECK_IMAGE 2 | 3 | FROM ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT} 4 | 5 | COPY --chown=rundeck:root ./libext ./libext -------------------------------------------------------------------------------- /cloud/README.md: -------------------------------------------------------------------------------- 1 | Cloud Exhibit 2 | ============= 3 | This exhibit demonstrates what a typical cloud or multi-server 4 | deployment may look like. 5 | 6 | On display: 7 | * Running Rundeck behind a reverse proxy 8 | * Storage backend connected to a database server 9 | * Execution logs stored in S3 10 | * Bundling extra plugins 11 | 12 | ### Reverse proxy 13 | This configuration exposes rundeck at `http://localhost:80` through nginx. 14 | A similiar setup is possible behind a cloud provider proxy, such as AWS ELB[v2], 15 | and the key is the `RUNDECK_SERVER_FORWARDED=true` environment variable which instructs 16 | Rundeck to respect the standard `X-Forwarded-*` headers. 17 | 18 | ## Setup 19 | **Fetch S3 log plugin** 20 | ``` 21 | mkdir libext 22 | cd libext 23 | wget https://github.com/rundeck-plugins/rundeck-s3-log-plugin/releases/download/v1.0.8/rundeck-s3-log-plugin-1.0.8.jar 24 | ``` 25 | 26 | **Populate `.env` file** 27 | ```bash 28 | cp .env.dist .env 29 | vim .env 30 | ``` 31 | 32 | **Build and Up** 33 | > **NOTE:** Building is not necessary the first time, however 34 | it will be to use newer or different images after the 35 | first build. 36 | ``` 37 | docker-compose build 38 | docker-compose up 39 | ``` 40 | -------------------------------------------------------------------------------- /cloud/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | rundeck: 5 | build: 6 | context: ./ 7 | args: 8 | RUNDECK_IMAGE: ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT} 9 | links: 10 | - mysql 11 | tty: true 12 | environment: 13 | RUNDECK_GRAILS_URL: http://localhost 14 | RUNDECK_SERVER_FORWARDED: 'true' 15 | RUNDECK_DATABASE_DRIVER: org.mariadb.jdbc.Driver 16 | RUNDECK_DATABASE_USERNAME: rundeck 17 | RUNDECK_DATABASE_PASSWORD: rundeck 18 | RUNDECK_DATABASE_URL: jdbc:mysql://mysql/rundeck?autoReconnect=true&useSSL=false 19 | RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_NAME: org.rundeck.amazon-s3 20 | RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_BUCKET: ${RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_BUCKET} 21 | RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_REGION: ${RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_REGION} 22 | RUNDECK_STORAGE_CONVERTER_1_CONFIG_PASSWORD: ${RUNDECK_STORAGE_PASSWORD} 23 | RUNDECK_CONFIG_STORAGE_CONVERTER_1_CONFIG_PASSWORD: ${RUNDECK_STORAGE_PASSWORD} 24 | volumes: 25 | - data:/home/rundeck/server/data 26 | - ${AWS_CREDENTIALS}:/home/rundeck/.aws/credentials 27 | - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key 28 | nginx: 29 | image: nginx 30 | links: 31 | - rundeck 32 | volumes: 33 | - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro 34 | ports: 35 | - 80:80 36 | mysql: 37 | image: mysql:5.7 38 | expose: 39 | - 3306 40 | environment: 41 | - MYSQL_ROOT_PASSWORD=root 42 | - MYSQL_DATABASE=rundeck 43 | - MYSQL_USER=rundeck 44 | - MYSQL_PASSWORD=rundeck 45 | volumes: 46 | - dbdata:/var/lib/mysql 47 | 48 | volumes: 49 | data: 50 | dbdata: 51 | -------------------------------------------------------------------------------- /cloud/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | events { 2 | worker_connections 1024; 3 | } 4 | 5 | http { 6 | server { 7 | location / { 8 | proxy_pass http://rundeck:4440; 9 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 10 | proxy_set_header X-Forwarded-Proto $scheme; 11 | proxy_set_header User-Agent $http_user_agent; 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /config/.env.dist: -------------------------------------------------------------------------------- 1 | ## Set pro options if applicable 2 | # RUNDECK_IMAGE=rundeckpro/enterprise:SNAPSHOT 3 | # RUNDECK_LICENSE_FILE= -------------------------------------------------------------------------------- /config/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG RUNDECK_IMAGE 2 | 3 | FROM ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT} 4 | 5 | ADD --chown=rundeck:root https://github.com/rundeck-plugins/http-tours/releases/download/v0.1.0/http-tours-0.1.0.jar ./libext/ 6 | 7 | COPY --chown=rundeck:root remco /etc/remco 8 | -------------------------------------------------------------------------------- /config/README.md: -------------------------------------------------------------------------------- 1 | Configurations Exhibit 2 | ============= 3 | This exhibit demonstrates how to extend the configuration with settings 4 | not included in the base Rundeck docker images. 5 | 6 | On display: 7 | * Adding new configuration templates 8 | * Bundling plugins 9 | 10 | ### Configuration 11 | Extending the configuration involves adding new [Remco](https://github.com/HeavyHorst/remco) 12 | resources and templates. These are copied into the derived image 13 | and get combined into `framework.properties` and `rundeck-config.properties` 14 | during startup. 15 | 16 | Destinations: 17 | **framework.properties** 18 | ``` 19 | ${REMCO_TMP_DIR}/framework/ 20 | ``` 21 | **rundeck-config.properties** 22 | ``` 23 | ${REMCO_TMP_DIR}/rundeck-config/ 24 | ``` 25 | 26 | ## Setup 27 | **Build and Up** 28 | > **NOTE:** Building is not necessary the first time, however 29 | it will be to use newer or different images after the 30 | first build. 31 | ``` 32 | docker-compose build 33 | docker-compose up 34 | ``` 35 | -------------------------------------------------------------------------------- /config/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | rundeck: 5 | build: 6 | context: ./ 7 | args: 8 | RUNDECK_IMAGE: ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT} 9 | environment: 10 | RUNDECK_TOUR_ENABLE: 'true' 11 | RUNDECK_TOUR_ENDPOINT: https://s3.amazonaws.com/tours.rundeck.com/prod 12 | tty: true 13 | volumes: 14 | - data:/home/rundeck/server/data 15 | - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key 16 | ports: 17 | - 4440:4440 18 | 19 | volumes: 20 | data: 21 | -------------------------------------------------------------------------------- /config/remco/resources.d/plugin-http-tours-framework.properties.toml: -------------------------------------------------------------------------------- 1 | [[template]] 2 | src = "${REMCO_TEMPLATE_DIR}/plugin-http-tours-framework.properties" 3 | dst = "${REMCO_TMP_DIR}/framework/plugin-http-tours-framework.properties" 4 | mode = "0644" 5 | -------------------------------------------------------------------------------- /config/remco/templates/plugin-http-tours-framework.properties: -------------------------------------------------------------------------------- 1 | {% if exists("/rundeck/tour/endpoint") %} 2 | 3 | framework.plugin.TourLoader.httptours.tourEndpoint={{ getv("/rundeck/tour/endpoint") }} 4 | framework.plugin.TourLoader.httptours.tourManifestName={{ getv("/rundeck/tour/manifest","tour-manifest.json") }} 5 | framework.plugin.TourLoader.httptours.toursSubpath={{ getv("/rundeck/tour/subpath","tours") }} 6 | 7 | {% endif %} -------------------------------------------------------------------------------- /kubernetes/README.md: -------------------------------------------------------------------------------- 1 | # Deploy Rundeck Enterprise on Kubernetes 2 | 3 | This example deploys a 2-node Rundeck Enterprise cluster with Mysql DB and Minio as logstorage. 4 | 5 | This is a workable architecture that can easily be used as a basis for deploying a fully HA production Rundeck cluster. 6 | 7 | ## Secrets and connectors 8 | 9 | Since this installation involves several services, they all need to be connected. So first we will create the encryption keys and user authentication information needed to tie this all together. 10 | 11 | ### Create Storage converter secret 12 | 13 | Create a master password for the storage converter - this encrypts Rundeck secrets as they get written to disk. You can refer to the documentation here: 14 | 15 | https://docs.rundeck.com/docs/administration/configuration/storage-facility.html#storage-converters 16 | 17 | ``` 18 | echo -n 'masterpassword123.' > ./masterpassword 19 | kubectl create secret generic rundeckpro-storage-converter --from-file=./masterpassword 20 | 21 | ``` 22 | 23 | ### Create Log Storage Access Credentials 24 | 25 | Create the AWS access key/secret to access the log storage (S3 or any similar storage based on S3, like minio) 26 | 27 | Note: you should probably create your own secrets values here. 28 | 29 | ``` 30 | echo -n 'minio' > ./awskey 31 | echo -n 'minio123' > ./awssecret 32 | kubectl create secret generic rundeckpro-log-storage --from-file=./awskey --from-file=./awssecret 33 | ``` 34 | 35 | ### Create Mysql database password 36 | 37 | ``` 38 | echo -n 'rundeck123.' > ./password 39 | kubectl create secret generic mysql-rundeckuser --from-file=./password 40 | ``` 41 | 42 | 43 | ### Create License Key Secret 44 | 45 | Add the Rundeck Enterprise license key as a Kubernetes secret. You will need a license key from your Rundeck account team for this step. Copy that license key into the data subdirectory of this path as ./data/rundeckpro-license.key 46 | 47 | ``` 48 | kubectl create secret generic rundeckpro-license --from-file=./data/rundeckpro-license.key 49 | ``` 50 | 51 | ### Add custom ACL from secrets 52 | 53 | By default, Rundeck manages ACL groups via a config file placed on the Rundeck instance. We'll store that config file as a Kubernetes secret, enabling us to keep it encrypted at rest as well as edit the ACLs later. To pick up the changes, delete the pods and let Kubernetes reschedule them. 54 | 55 | ``` 56 | kubectl create secret generic rundeckpro-admin-acl --from-file=./data/admin-role.aclpolicy 57 | ``` 58 | 59 | ## Deploy database and storage 60 | 61 | Rundeck Enterprise in a cluster configuration works better with common database and log storage. This step will stand up our underlying services for the Rundeck cluster. 62 | 63 | 64 | ``` 65 | kubectl apply -f persistent-volumes.yaml 66 | kubectl apply -f minio-deployment.yaml 67 | kubectl apply -f mysql-deployment.yaml 68 | ``` 69 | 70 | ## Deploy Rundeck 71 | 72 | ### Ingress Controller 73 | 74 | For this example, we are using Nginx as an ingress controller, which allows us to use the sticky sessions. Sticky sessions is required for clustered Rundeck. You will need to install it in order to make this example works (see https://github.com/kubernetes/ingress-nginx): 75 | 76 | On a local Docker Desktop environment: 77 | 78 | ``` 79 | kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/cloud/deploy.yaml 80 | 81 | ``` 82 | 83 | * If you are running this in a cloud, bare-metal, or other environment, please refer to the documentation link and choose your provider specific setup for Nginx ingress .(see https://kubernetes.github.io/ingress-nginx/deploy/) 84 | 85 | After the Ingress is all setup, run the folling to wait until is ready to process requests: 86 | 87 | ``` 88 | kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=90s 89 | 90 | ``` 91 | 92 | ### Create Rundeckpro deployment 93 | 94 | The required Rundeck configuration options are already set in this file. Please read and review it to make sure it fits your intended purpose, or add to it if necessary. 95 | 96 | ``` 97 | kubectl apply -f rundeckpro-deployment.yaml 98 | 99 | ``` 100 | 101 | ### Access Rundeck WebUI 102 | 103 | You will need to port-forward the Rundeck service to access and interact with WebUI running in your Kubernetes cluster from your localhost. 104 | 105 | ``` 106 | kubectl port-forward service/rundeckpro 8080:8080 107 | ``` 108 | 109 | ## Uninstall 110 | 111 | ``` 112 | 113 | kubectl delete deployment,service rundeckpro 114 | kubectl delete ingress rudeckpro-nginx 115 | kubectl delete deployment,service mysql 116 | kubectl delete deployment,service minio 117 | kubectl delete job minio-create-bucket 118 | ``` 119 | 120 | Note: These delete commands leave the persistent volumes and secrets in place so you can start up the environment again rather easily. -------------------------------------------------------------------------------- /kubernetes/data/admin-role.aclpolicy: -------------------------------------------------------------------------------- 1 | description: Admin, all access. 2 | context: 3 | project: '.*' # all projects 4 | for: 5 | resource: 6 | - allow: '*' # allow read/create all kinds 7 | adhoc: 8 | - allow: '*' # allow read/running/killing adhoc jobs 9 | job: 10 | - allow: '*' # allow read/write/delete/run/kill of all jobs 11 | node: 12 | - allow: '*' # allow read/run for all nodes 13 | by: 14 | group: ROLE_admin 15 | 16 | --- 17 | 18 | description: Admin, all access. 19 | context: 20 | application: 'rundeck' 21 | for: 22 | resource: 23 | - allow: '*' # allow create of projects 24 | project: 25 | - allow: '*' # allow view/admin of all projects 26 | project_acl: 27 | - allow: '*' # allow admin of all project-level ACL policies 28 | storage: 29 | - allow: '*' # allow read/create/update/delete for all /keys/* storage content 30 | by: 31 | group: ROLE_admin -------------------------------------------------------------------------------- /kubernetes/minio-deployment.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | # This name uniquely identifies the Deployment 6 | name: minio-deployment 7 | labels: 8 | app: minio 9 | spec: 10 | strategy: 11 | type: Recreate 12 | selector: 13 | matchLabels: 14 | app: minio 15 | template: 16 | metadata: 17 | labels: 18 | # Label is used as selector in the service. 19 | app: minio 20 | spec: 21 | # Refer to the PVC created earlier 22 | volumes: 23 | - name: storage 24 | persistentVolumeClaim: 25 | # Name of the PVC created earlier 26 | claimName: minio-pv-claim 27 | containers: 28 | - name: minio 29 | # Pulls the default Minio image from Docker Hub 30 | image: minio/minio:latest 31 | args: 32 | - server 33 | - /data 34 | env: 35 | - name: MINIO_ACCESS_KEY 36 | valueFrom: 37 | secretKeyRef: 38 | name: rundeckpro-log-storage 39 | key: awskey 40 | - name: MINIO_SECRET_KEY 41 | valueFrom: 42 | secretKeyRef: 43 | name: rundeckpro-log-storage 44 | key: awssecret 45 | ports: 46 | - containerPort: 9000 47 | hostPort: 9000 48 | # Mount the volume into the pod 49 | volumeMounts: 50 | - name: storage # must match the volume name, above 51 | mountPath: "/data" 52 | 53 | 54 | --- 55 | 56 | 57 | apiVersion: v1 58 | kind: Service 59 | metadata: 60 | name: minio 61 | spec: 62 | type: LoadBalancer 63 | ports: 64 | - port: 9000 65 | targetPort: 9000 66 | protocol: TCP 67 | selector: 68 | app: minio 69 | 70 | 71 | --- 72 | # Create rundeck bucket 73 | apiVersion: batch/v1 74 | kind: Job 75 | metadata: 76 | name: minio-create-bucket 77 | spec: 78 | completions: 1 79 | template: 80 | metadata: 81 | name: minio-create-bucket 82 | spec: 83 | restartPolicy: Never 84 | containers: 85 | - name: minio-bucket 86 | image: minio/mc 87 | env: 88 | - name: MINIO_URL 89 | value: "http://minio.default.svc.cluster.local:9000" 90 | - name: MINIO_ACCESS_KEY 91 | valueFrom: 92 | secretKeyRef: 93 | name: rundeckpro-log-storage 94 | key: awskey 95 | - name: MINIO_SECRET_KEY 96 | valueFrom: 97 | secretKeyRef: 98 | name: rundeckpro-log-storage 99 | key: awssecret 100 | - name: MINIO_BUCKET 101 | value: "rundeck" 102 | command: ["/bin/sh","-c","sleep 30 && mc config host add miniorundeck $MINIO_URL $MINIO_ACCESS_KEY $MINIO_SECRET_KEY && mc mb miniorundeck/$MINIO_BUCKET --ignore-existing"] 103 | 104 | -------------------------------------------------------------------------------- /kubernetes/mysql-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: mysql 5 | spec: 6 | ports: 7 | - port: 3306 8 | targetPort: 3306 9 | protocol: TCP 10 | selector: 11 | app: mysql 12 | type: LoadBalancer 13 | 14 | --- 15 | apiVersion: apps/v1 16 | kind: Deployment 17 | metadata: 18 | name: mysql 19 | labels: 20 | app: mysql 21 | spec: 22 | strategy: 23 | type: Recreate 24 | selector: 25 | matchLabels: 26 | app: mysql 27 | template: 28 | metadata: 29 | labels: 30 | app: mysql 31 | spec: 32 | containers: 33 | - image: mysql:5.7 34 | args: 35 | - "--ignore-db-dir=lost+found" 36 | name: mysql 37 | env: 38 | # Use secret in real usage 39 | - name: "MYSQL_ROOT_PASSWORD" 40 | valueFrom: 41 | secretKeyRef: 42 | name: mysql-rundeckuser 43 | key: password 44 | - name: "MYSQL_DATABASE" 45 | value: rundeckdb 46 | - name: "MYSQL_USER" 47 | value: rundeck 48 | - name: "MYSQL_PASSWORD" 49 | valueFrom: 50 | secretKeyRef: 51 | name: mysql-rundeckuser 52 | key: password 53 | ports: 54 | - containerPort: 3306 55 | name: mysql 56 | volumeMounts: 57 | - name: mysql-persistent-storage 58 | mountPath: /var/lib/mysql 59 | volumes: 60 | - name: mysql-persistent-storage 61 | persistentVolumeClaim: 62 | claimName: mysql-pv-claim 63 | -------------------------------------------------------------------------------- /kubernetes/persistent-volumes.yaml: -------------------------------------------------------------------------------- 1 | kind: PersistentVolume 2 | apiVersion: v1 3 | metadata: 4 | name: minio-pv 5 | spec: 6 | accessModes: 7 | - ReadWriteMany 8 | volumeMode: Filesystem 9 | persistentVolumeReclaimPolicy: Retain 10 | capacity: 11 | storage: 5Gi 12 | hostPath: 13 | path: /kubernetes/minio-data 14 | 15 | 16 | --- 17 | 18 | kind: PersistentVolumeClaim 19 | apiVersion: v1 20 | metadata: 21 | name: minio-pv-claim 22 | spec: 23 | accessModes: 24 | - ReadWriteMany 25 | resources: 26 | requests: 27 | storage: 5Gi 28 | volumeName: minio-pv 29 | storageClassName: "" 30 | 31 | --- 32 | 33 | kind: PersistentVolume 34 | apiVersion: v1 35 | metadata: 36 | name: mysql-pv 37 | spec: 38 | accessModes: 39 | - ReadWriteMany 40 | volumeMode: Filesystem 41 | persistentVolumeReclaimPolicy: Retain 42 | capacity: 43 | storage: 3Gi 44 | hostPath: 45 | path: /kubernetes/mysql-data 46 | 47 | --- 48 | 49 | kind: PersistentVolumeClaim 50 | apiVersion: v1 51 | metadata: 52 | name: mysql-pv-claim 53 | spec: 54 | accessModes: 55 | - ReadWriteMany 56 | resources: 57 | requests: 58 | storage: 3Gi 59 | volumeName: mysql-pv 60 | storageClassName: "" 61 | 62 | -------------------------------------------------------------------------------- /kubernetes/rundeckpro-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: rundeckpro-nginx 5 | annotations: 6 | nginx.ingres.kubernetes.io/affinity: "cookie" 7 | nginx.ingress.kubernetes.io/session-cookie-name: "route" 8 | nginx.ingress.kubernetes.io/session-cookie-expires: "172800" 9 | nginx.ingress.kubernetes.io/session-cookie-max-age: "172800" 10 | spec: 11 | ingressClassName: nginx 12 | rules: 13 | - host: localhost 14 | http: 15 | paths: 16 | - path: / 17 | pathType: Prefix 18 | backend: 19 | service: 20 | name: rundeckpro 21 | port: 22 | number: 8080 23 | --- 24 | 25 | apiVersion: v1 26 | kind: Service 27 | metadata: 28 | name: rundeckpro 29 | spec: 30 | type: LoadBalancer 31 | ports: 32 | - protocol: TCP 33 | port: 8080 34 | targetPort: 4440 35 | selector: 36 | app: rundeckpro 37 | externalTrafficPolicy: Local 38 | sessionAffinity: ClientIP 39 | 40 | --- 41 | 42 | apiVersion: apps/v1 43 | kind: Deployment 44 | metadata: 45 | name: rundeckpro 46 | namespace: default 47 | labels: 48 | app: rundeckpro 49 | spec: 50 | replicas: 1 51 | selector: 52 | matchLabels: 53 | app: rundeckpro 54 | template: 55 | metadata: 56 | labels: 57 | app: rundeckpro 58 | spec: 59 | containers: 60 | - name: rundeck 61 | image: rundeckpro/enterprise:SNAPSHOT 62 | volumeMounts: 63 | - mountPath: /home/rundeck/etc/rundeckpro-license.key 64 | name: license 65 | subPath: rundeckpro-license.key 66 | - mountPath: /home/rundeck/etc/admin-role.aclpolicy 67 | name: acl 68 | subPath: admin-role.aclpolicy 69 | - mountPath: /home/rundeck/.kube/config 70 | name: kubeconfig 71 | subPath: config 72 | env: 73 | - name: RUNDECK_GRAILS_URL 74 | value: "http://localhost:8080" 75 | - name: RUNDECK_DATABASE_DRIVER 76 | value: "org.mariadb.jdbc.Driver" 77 | - name: RUNDECK_DATABASE_URL 78 | value: "jdbc:mysql://mysql.default.svc.cluster.local:3306/rundeckdb?autoReconnect=true&useSSL=false" 79 | - name: RUNDECK_DATABASE_USERNAME 80 | value: "rundeck" 81 | - name: RUNDECK_DATABASE_PASSWORD 82 | valueFrom: 83 | secretKeyRef: 84 | name: mysql-rundeckuser 85 | key: password 86 | - name: RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_NAME 87 | value: "com.rundeck.rundeckpro.amazon-s3" 88 | - name: RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_BUCKET 89 | value: "rundeck" 90 | - name: RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_REGION 91 | value: "us-east-2" 92 | - name: RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_ENDPOINT 93 | value: "http://minio.default.svc.cluster.local:9000" 94 | - name: RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_PATHSTYLE 95 | value: "true" 96 | - name: AWS_ACCESS_KEY_ID 97 | valueFrom: 98 | secretKeyRef: 99 | name: rundeckpro-log-storage 100 | key: awskey 101 | - name: AWS_SECRET_KEY 102 | valueFrom: 103 | secretKeyRef: 104 | name: rundeckpro-log-storage 105 | key: awssecret 106 | - name: RUNDECK_PLUGIN_CLUSTER_HEARTBEAT_CONSIDERDEAD 107 | value: "120" 108 | - name: RUNDECK_PLUGIN_CLUSTER_AUTOTAKEOVER_SLEEP 109 | value: "10" 110 | - name: RUNDECK_STORAGE_CONVERTER_1_CONFIG_PASSWORD 111 | valueFrom: 112 | secretKeyRef: 113 | name: rundeckpro-storage-converter 114 | key: masterpassword 115 | - name: RUNDECK_CONFIG_STORAGE_CONVERTER_1_CONFIG_PASSWORD 116 | valueFrom: 117 | secretKeyRef: 118 | name: rundeckpro-storage-converter 119 | key: masterpassword 120 | - name: RUNDECK_PLUGIN_CLUSTER_REMOTEEXECUTION_ENABLED 121 | value: "false" 122 | ports: 123 | - containerPort: 4440 124 | livenessProbe: 125 | # an http probe 126 | httpGet: 127 | path: / 128 | port: 4440 129 | scheme: HTTP 130 | initialDelaySeconds: 500 131 | periodSeconds: 120 132 | readinessProbe: 133 | httpGet: 134 | path: / 135 | port: 4440 136 | scheme: HTTP 137 | initialDelaySeconds: 10 138 | periodSeconds: 5 139 | volumes: 140 | - name: license 141 | secret: 142 | secretName: rundeckpro-license 143 | items: 144 | - key: rundeckpro-license.key 145 | path: rundeckpro-license.key 146 | - name: acl 147 | secret: 148 | secretName: rundeckpro-admin-acl 149 | items: 150 | - key: admin-role.aclpolicy 151 | path: admin-role.aclpolicy 152 | - name: kubeconfig 153 | secret: 154 | secretName: kubeconfig 155 | items: 156 | - key: config 157 | path: config 158 | -------------------------------------------------------------------------------- /ldap-combined-localroles/README.md: -------------------------------------------------------------------------------- 1 | Using LDAP for authentication and local realm file for roles 2 | ===================== 3 | 4 | This configuration uses LDAP for authentication, and uses a realm property file for user roles. 5 | 6 | The user authentication is defined in LDAP, and the groups are defined in the realm.properties file. 7 | 8 | **LDAP Users:** 9 | 10 | * `username: build` 11 | 12 | `password: build` 13 | 14 | * `username: admin` 15 | 16 | `password: admin` 17 | -------------------------------------------------------------------------------- /ldap-combined-localroles/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | rundeck1: 5 | hostname: rundeck1 6 | image: ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT} 7 | links: 8 | - ldap 9 | tty: true 10 | environment: 11 | RUNDECK_GRAILS_URL: http://localhost:4440 12 | RUNDECK_JAAS_MODULES_0: JettyCombinedLdapLoginModule 13 | RUNDECK_JAAS_LDAP_FLAG: requisite 14 | RUNDECK_JAAS_LDAP_PROVIDERURL: ldap://ldap:389 15 | RUNDECK_JAAS_LDAP_BINDDN: cn=admin,dc=rdtest,dc=com 16 | RUNDECK_JAAS_LDAP_BINDPASSWORD: AdminPass123 17 | RUNDECK_JAAS_LDAP_USERBASEDN: ou=users,dc=rdtest,dc=com 18 | RUNDECK_JAAS_LDAP_IGNOREROLES: 'true' 19 | RUNDECK_JAAS_LDAP_STOREPASS: 'true' 20 | RUNDECK_JAAS_MODULES_1: JettyRolePropertyFileLoginModule 21 | RUNDECK_JAAS_FILE_FLAG: required 22 | RUNDECK_JAAS_FILE_USEFIRSTPASS: 'true' 23 | RUNDECK_JAAS_DEBUG: 'true' 24 | volumes: 25 | - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key 26 | - ./realm.properties:/home/rundeck/server/config/realm.properties 27 | ports: 28 | - 4440:4440 29 | ldap: 30 | hostname: ldap 31 | image: osixia/openldap:1.2.1 32 | environment: 33 | - LDAP_ORGANISATION=RD Test 34 | - LDAP_DOMAIN=rdtest.com 35 | - LDAP_ADMIN_PASSWORD=AdminPass123 36 | volumes: 37 | - ./ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom:rw 38 | ports: 39 | - "389:389" 40 | command: --copy-service -------------------------------------------------------------------------------- /ldap-combined-localroles/ldif/50-bootstrap.ldif: -------------------------------------------------------------------------------- 1 | # Define top-level entry: 2 | #dn: {{ LDAP_BASE_DN }} 3 | #objectClass: dcObject 4 | #objectClass: organization 5 | #o: Example, Inc. 6 | #dc: example 7 | 8 | # Define an entry to contain users: 9 | dn: ou=users,{{ LDAP_BASE_DN }} 10 | objectClass: organizationalUnit 11 | ou: users 12 | 13 | # Define some users: 14 | 15 | dn: cn=admin, ou=users,{{ LDAP_BASE_DN }} 16 | uid: admin 17 | userPassword: admin 18 | ##### 19 | # MD5 creds, Base64 encoded 20 | #userPassword: admin 21 | objectClass: person 22 | objectClass: top 23 | objectClass: inetOrgPerson 24 | sn: The admin account 25 | cn: admin 26 | 27 | dn: cn=build, ou=users,{{ LDAP_BASE_DN }} 28 | uid: build 29 | userPassword: {MD5}sNonVSCRjiPdYV4qdHUo8Q== 30 | ##### 31 | # MD5 creds, Base64 encoded 32 | #userPassword: build 33 | objectClass: person 34 | objectClass: top 35 | objectClass: inetOrgPerson 36 | sn: The account to use to demonstrate managing builds only 37 | cn: build 38 | 39 | dn: cn=deploy, ou=users,{{ LDAP_BASE_DN }} 40 | uid: deploy 41 | userPassword: {CRYPT}de01JmlU8XXTQ 42 | ##### 43 | # CRYPT creds 44 | #userPassword: deploy 45 | objectClass: person 46 | objectClass: top 47 | objectClass: inetOrgPerson 48 | sn: The account to use to demonstrate managing deployment only 49 | cn: deploy 50 | 51 | dn: cn=test, ou=users,{{ LDAP_BASE_DN }} 52 | uid: test 53 | userPassword: test 54 | objectClass: person 55 | objectClass: top 56 | objectClass: inetOrgPerson 57 | sn: Has no role access 58 | cn: test 59 | 60 | # Define an entry to contain roles: 61 | dn: ou=roles, {{ LDAP_BASE_DN }} 62 | objectClass: organizationalUnit 63 | ou: roles 64 | 65 | # Define some roles and their membership: 66 | dn: cn=architect, ou=roles,{{ LDAP_BASE_DN }} 67 | objectClass: groupOfUniqueNames 68 | uniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }} 69 | cn: architect 70 | 71 | dn: cn=admin, ou=roles,{{ LDAP_BASE_DN }} 72 | objectClass: groupOfUniqueNames 73 | uniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }} 74 | cn: admin 75 | 76 | dn: cn=user, ou=roles,{{ LDAP_BASE_DN }} 77 | objectClass: groupOfUniqueNames 78 | uniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }} 79 | uniqueMember: cn=deploy,ou=users,{{ LDAP_BASE_DN }} 80 | uniqueMember: cn=build,ou=users,{{ LDAP_BASE_DN }} 81 | cn: user 82 | 83 | dn: cn=build, ou=roles,{{ LDAP_BASE_DN }} 84 | objectClass: groupOfUniqueNames 85 | uniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }} 86 | uniqueMember: cn=build,ou=users,{{ LDAP_BASE_DN }} 87 | cn: build 88 | 89 | dn: cn=deploy, ou=roles,{{ LDAP_BASE_DN }} 90 | objectClass: groupOfUniqueNames 91 | uniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }} 92 | uniqueMember: cn=deploy,ou=users,{{ LDAP_BASE_DN }} 93 | cn: deploy -------------------------------------------------------------------------------- /ldap-combined-localroles/realm.properties: -------------------------------------------------------------------------------- 1 | admin:-,user,admin 2 | build:-,user 3 | -------------------------------------------------------------------------------- /ldap-combined/.env.dist: -------------------------------------------------------------------------------- 1 | ## Set pro options if applicable 2 | # RUNDECK_IMAGE=rundeckpro/team:SNAPSHOT 3 | # RUNDECK_LICENSE_FILE= -------------------------------------------------------------------------------- /ldap-combined/README.md: -------------------------------------------------------------------------------- 1 | Combined JAAS Modules 2 | ===================== 3 | 4 | This configuration uses LDAP with a property file fall-back. 5 | 6 | The `build` user exists in LDAP, and the `admin` user is in the `realm.properties` file. 7 | 8 | **LDAP User:** 9 | `username: build` 10 | `password: build` 11 | 12 | **Property File User:** 13 | `username: admin` 14 | `password: admin` 15 | -------------------------------------------------------------------------------- /ldap-combined/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | rundeck1: 5 | hostname: rundeck1 6 | image: ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT} 7 | links: 8 | - ldap 9 | tty: true 10 | environment: 11 | RUNDECK_JAAS_MODULES_0: JettyCombinedLdapLoginModule 12 | RUNDECK_JAAS_LDAP_FLAG: sufficient 13 | RUNDECK_JAAS_LDAP_PROVIDERURL: ldap://ldap:389 14 | RUNDECK_JAAS_LDAP_BINDDN: cn=admin,dc=rdtest,dc=com 15 | RUNDECK_JAAS_LDAP_BINDPASSWORD: AdminPass123 16 | RUNDECK_JAAS_LDAP_USERBASEDN: ou=users,dc=rdtest,dc=com 17 | RUNDECK_JAAS_LDAP_ROLEBASEDN: ou=roles,dc=rdtest,dc=com 18 | 19 | RUNDECK_JAAS_MODULES_1: PropertyFileLoginModule 20 | RUNDECK_JAAS_FILE_FLAG: sufficient 21 | volumes: 22 | - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key 23 | ports: 24 | - 4440:4440 25 | ldap: 26 | hostname: ldap 27 | image: osixia/openldap:1.2.1 28 | environment: 29 | - LDAP_ORGANISATION=RD Test 30 | - LDAP_DOMAIN=rdtest.com 31 | - LDAP_ADMIN_PASSWORD=AdminPass123 32 | volumes: 33 | - ./ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom:rw 34 | ports: 35 | - "389:389" 36 | command: --copy-service -------------------------------------------------------------------------------- /ldap-combined/ldif/50-bootstrap.ldif: -------------------------------------------------------------------------------- 1 | # Define top-level entry: 2 | #dn: {{ LDAP_BASE_DN }} 3 | #objectClass: dcObject 4 | #objectClass: organization 5 | #o: Example, Inc. 6 | #dc: example 7 | 8 | # Define an entry to contain users: 9 | dn: ou=users,{{ LDAP_BASE_DN }} 10 | objectClass: organizationalUnit 11 | ou: users 12 | 13 | # Define some users: 14 | 15 | dn: cn=build, ou=users,{{ LDAP_BASE_DN }} 16 | uid: build 17 | userPassword: {MD5}sNonVSCRjiPdYV4qdHUo8Q== 18 | ##### 19 | # MD5 creds, Base64 encoded 20 | #userPassword: build 21 | objectClass: person 22 | objectClass: top 23 | objectClass: inetOrgPerson 24 | sn: The account to use to demonstrate managing builds only 25 | cn: build 26 | 27 | dn: cn=deploy, ou=users,{{ LDAP_BASE_DN }} 28 | uid: deploy 29 | userPassword: {CRYPT}de01JmlU8XXTQ 30 | ##### 31 | # CRYPT creds 32 | #userPassword: deploy 33 | objectClass: person 34 | objectClass: top 35 | objectClass: inetOrgPerson 36 | sn: The account to use to demonstrate managing deployment only 37 | cn: deploy 38 | 39 | dn: cn=test, ou=users,{{ LDAP_BASE_DN }} 40 | uid: test 41 | userPassword: test 42 | objectClass: person 43 | objectClass: top 44 | objectClass: inetOrgPerson 45 | sn: Has no role access 46 | cn: test 47 | 48 | # Define an entry to contain roles: 49 | dn: ou=roles, {{ LDAP_BASE_DN }} 50 | objectClass: organizationalUnit 51 | ou: roles 52 | 53 | # Define some roles and their membership: 54 | dn: cn=architect, ou=roles,{{ LDAP_BASE_DN }} 55 | objectClass: groupOfUniqueNames 56 | uniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }} 57 | cn: architect 58 | 59 | dn: cn=admin, ou=roles,{{ LDAP_BASE_DN }} 60 | objectClass: groupOfUniqueNames 61 | uniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }} 62 | cn: admin 63 | 64 | dn: cn=user, ou=roles,{{ LDAP_BASE_DN }} 65 | objectClass: groupOfUniqueNames 66 | uniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }} 67 | uniqueMember: cn=deploy,ou=users,{{ LDAP_BASE_DN }} 68 | uniqueMember: cn=build,ou=users,{{ LDAP_BASE_DN }} 69 | cn: user 70 | 71 | dn: cn=build, ou=roles,{{ LDAP_BASE_DN }} 72 | objectClass: groupOfUniqueNames 73 | uniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }} 74 | uniqueMember: cn=build,ou=users,{{ LDAP_BASE_DN }} 75 | cn: build 76 | 77 | dn: cn=deploy, ou=roles,{{ LDAP_BASE_DN }} 78 | objectClass: groupOfUniqueNames 79 | uniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }} 80 | uniqueMember: cn=deploy,ou=users,{{ LDAP_BASE_DN }} 81 | cn: deploy -------------------------------------------------------------------------------- /ldap/.env.dist: -------------------------------------------------------------------------------- 1 | ## Set pro options if applicable 2 | # RUNDECK_IMAGE=rundeckpro/team:SNAPSHOT 3 | # RUNDECK_LICENSE_FILE= -------------------------------------------------------------------------------- /ldap/README.md: -------------------------------------------------------------------------------- 1 | LDAP Exhibit 2 | ============= 3 | 4 | This setup configures Rundeck to authenticate users against LDAP. 5 | 6 | ### Startup 7 | ``` 8 | docker-compose up 9 | ``` 10 | 11 | ### Teardown 12 | ``` 13 | docker-compose down -v 14 | ``` -------------------------------------------------------------------------------- /ldap/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | rundeck1: 5 | hostname: rundeck1 6 | image: ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT} 7 | links: 8 | - ldap 9 | tty: true 10 | environment: 11 | RUNDECK_JAAS_MODULES_0: JettyCombinedLdapLoginModule 12 | RUNDECK_JAAS_LDAP_PROVIDERURL: ldap://ldap:389 13 | RUNDECK_JAAS_LDAP_BINDDN: cn=admin,dc=rdtest,dc=com 14 | RUNDECK_JAAS_LDAP_BINDPASSWORD: AdminPass123 15 | RUNDECK_JAAS_LDAP_USERBASEDN: ou=users,dc=rdtest,dc=com 16 | RUNDECK_JAAS_LDAP_ROLEBASEDN: ou=roles,dc=rdtest,dc=com 17 | volumes: 18 | - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key 19 | ports: 20 | - 4440:4440 21 | ldap: 22 | hostname: ldap 23 | image: osixia/openldap:1.2.1 24 | environment: 25 | - LDAP_ORGANISATION=RD Test 26 | - LDAP_DOMAIN=rdtest.com 27 | - LDAP_ADMIN_PASSWORD=AdminPass123 28 | volumes: 29 | - ./ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom:rw 30 | ports: 31 | - "389:389" 32 | command: --copy-service -------------------------------------------------------------------------------- /ldap/ldif/50-bootstrap.ldif: -------------------------------------------------------------------------------- 1 | # Define top-level entry: 2 | #dn: {{ LDAP_BASE_DN }} 3 | #objectClass: dcObject 4 | #objectClass: organization 5 | #o: Example, Inc. 6 | #dc: example 7 | 8 | # Define an entry to contain users: 9 | dn: ou=users,{{ LDAP_BASE_DN }} 10 | objectClass: organizationalUnit 11 | ou: users 12 | 13 | # Define some users: 14 | dn: cn=admin, ou=users,{{ LDAP_BASE_DN }} 15 | uid: admin 16 | userPassword: admin 17 | objectClass: person 18 | objectClass: top 19 | objectClass: inetOrgPerson 20 | sn: The admin account for the Example client to use 21 | cn: admin 22 | 23 | dn: cn=build, ou=users,{{ LDAP_BASE_DN }} 24 | uid: build 25 | userPassword: {MD5}sNonVSCRjiPdYV4qdHUo8Q== 26 | ##### 27 | # MD5 creds, Base64 encoded 28 | #userPassword: build 29 | objectClass: person 30 | objectClass: top 31 | objectClass: inetOrgPerson 32 | sn: The account to use to demonstrate managing builds only 33 | cn: build 34 | 35 | dn: cn=deploy, ou=users,{{ LDAP_BASE_DN }} 36 | uid: deploy 37 | userPassword: {CRYPT}de01JmlU8XXTQ 38 | ##### 39 | # CRYPT creds 40 | #userPassword: deploy 41 | objectClass: person 42 | objectClass: top 43 | objectClass: inetOrgPerson 44 | sn: The account to use to demonstrate managing deployment only 45 | cn: deploy 46 | 47 | dn: cn=test, ou=users,{{ LDAP_BASE_DN }} 48 | uid: test 49 | userPassword: test 50 | objectClass: person 51 | objectClass: top 52 | objectClass: inetOrgPerson 53 | sn: Has no role access 54 | cn: test 55 | 56 | # Define an entry to contain roles: 57 | dn: ou=roles, {{ LDAP_BASE_DN }} 58 | objectClass: organizationalUnit 59 | ou: roles 60 | 61 | # Define some roles and their membership: 62 | dn: cn=architect, ou=roles,{{ LDAP_BASE_DN }} 63 | objectClass: groupOfUniqueNames 64 | uniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }} 65 | cn: architect 66 | 67 | dn: cn=admin, ou=roles,{{ LDAP_BASE_DN }} 68 | objectClass: groupOfUniqueNames 69 | uniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }} 70 | cn: admin 71 | 72 | dn: cn=user, ou=roles,{{ LDAP_BASE_DN }} 73 | objectClass: groupOfUniqueNames 74 | uniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }} 75 | uniqueMember: cn=deploy,ou=users,{{ LDAP_BASE_DN }} 76 | uniqueMember: cn=build,ou=users,{{ LDAP_BASE_DN }} 77 | cn: user 78 | 79 | dn: cn=build, ou=roles,{{ LDAP_BASE_DN }} 80 | objectClass: groupOfUniqueNames 81 | uniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }} 82 | uniqueMember: cn=build,ou=users,{{ LDAP_BASE_DN }} 83 | cn: build 84 | 85 | dn: cn=deploy, ou=roles,{{ LDAP_BASE_DN }} 86 | objectClass: groupOfUniqueNames 87 | uniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }} 88 | uniqueMember: cn=deploy,ou=users,{{ LDAP_BASE_DN }} 89 | cn: deploy -------------------------------------------------------------------------------- /mysql/.env.dist: -------------------------------------------------------------------------------- 1 | ## Set pro options if applicable 2 | # RUNDECK_IMAGE=rundeckpro/team:SNAPSHOT 3 | # RUNDECK_LICENSE_FILE= -------------------------------------------------------------------------------- /mysql/README.md: -------------------------------------------------------------------------------- 1 | MySQL Exhibit 2 | ============= 3 | 4 | Demonstrates configuring Rundeck to use MySQL as an external database. 5 | 6 | 7 | ### Startup 8 | ``` 9 | docker-compose up 10 | ``` 11 | 12 | ### Teardown 13 | ``` 14 | docker-compose down -v 15 | ``` -------------------------------------------------------------------------------- /mysql/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | rundeck: 5 | image: rundeck/rundeck:SNAPSHOT 6 | links: 7 | - mysql 8 | environment: 9 | RUNDECK_DATABASE_DRIVER: org.mariadb.jdbc.Driver 10 | RUNDECK_DATABASE_USERNAME: rundeck 11 | RUNDECK_DATABASE_PASSWORD: rundeck 12 | RUNDECK_DATABASE_URL: jdbc:mysql://mysql/rundeck?autoReconnect=true&useSSL=false 13 | RUNDECK_GRAILS_URL: localhost:4440 14 | volumes: 15 | - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key 16 | ports: 17 | - 4440:4440 18 | mysql: 19 | image: mysql:5.7 20 | expose: 21 | - 3306 22 | environment: 23 | - MYSQL_ROOT_PASSWORD=root 24 | - MYSQL_DATABASE=rundeck 25 | - MYSQL_USER=rundeck 26 | - MYSQL_PASSWORD=rundeck 27 | volumes: 28 | - dbdata:/var/lib/mysql 29 | 30 | volumes: 31 | dbdata: 32 | -------------------------------------------------------------------------------- /mysql8/.env.dist: -------------------------------------------------------------------------------- 1 | ## Set pro options if applicable 2 | # RUNDECK_IMAGE=rundeckpro/enterprise:SNAPSHOT 3 | # RUNDECK_LICENSE_FILE= -------------------------------------------------------------------------------- /mysql8/README.md: -------------------------------------------------------------------------------- 1 | MySQL Exhibit 2 | ============= 3 | 4 | Demonstrates configuring Rundeck to use MySQL as an external database. 5 | 6 | # How to 7 | 8 | ## Startup 9 | Start the docker compose 10 | 11 | ``` 12 | docker-compose up 13 | ``` 14 | 15 | ## Teardown 16 | 17 | tear down and remove volumes 18 | 19 | ``` 20 | docker-compose down -v 21 | ``` -------------------------------------------------------------------------------- /mysql8/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | rundeck: 3 | image: rundeck/rundeck:SNAPSHOT 4 | links: 5 | - mysql 6 | environment: 7 | RUNDECK_DATABASE_DRIVER: org.mariadb.jdbc.Driver 8 | RUNDECK_DATABASE_USERNAME: rundeck 9 | RUNDECK_DATABASE_PASSWORD: rundeck 10 | RUNDECK_DATABASE_URL: jdbc:mysql://mysql/rundeck?autoReconnect=true&useSSL=false&allowPublicKeyRetrieval=true 11 | RUNDECK_GRAILS_URL: http://localhost:4440 12 | volumes: 13 | - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key 14 | ports: 15 | - 4440:4440 16 | mysql: 17 | image: mysql:8 18 | expose: 19 | - 3306 20 | environment: 21 | - MYSQL_ROOT_PASSWORD=root 22 | - MYSQL_DATABASE=rundeck 23 | - MYSQL_USER=rundeck 24 | - MYSQL_PASSWORD=rundeck 25 | volumes: 26 | - dbdata:/var/lib/mysql 27 | 28 | volumes: 29 | dbdata: 30 | -------------------------------------------------------------------------------- /oraclexe/.env.dist: -------------------------------------------------------------------------------- 1 | ## Set pro options if applicable 2 | # RUNDECK_IMAGE=rundeckpro/enterprise:SNAPSHOT 3 | # RUNDECK_LICENSE_FILE= -------------------------------------------------------------------------------- /oraclexe/README.md: -------------------------------------------------------------------------------- 1 | Oracle XE Exhibit 2 | ============== 3 | 4 | # How to Use 5 | 6 | ## Download Oracle JDBC Driver 7 | 8 | [Download the Oracle JDBC driver "ojdbc8.jar"](https://www.oracle.com/database/technologies/appdev/jdbc-downloads.html) and place in `lib/` . 9 | 10 | ``` 11 | VERS=21.5.0.0 12 | curl https://repo1.maven.org/maven2/com/oracle/database/jdbc/ojdbc8/$VERS/ojdbc8-$VERS.jar -o lib/ojdbc8-$VERS.jar 13 | ``` 14 | 15 | ## Start 16 | 17 | ``` 18 | docker-compose up -d 19 | ``` 20 | 21 | ## Stop 22 | 23 | ``` 24 | docker-compose down -v 25 | ``` 26 | -------------------------------------------------------------------------------- /oraclexe/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | rundeck: 5 | image: ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT} 6 | links: 7 | - oracle 8 | environment: 9 | RUNDECK_GRAILS_URL: http://localhost:4440 10 | RUNDECK_DATABASE_DRIVER: oracle.jdbc.OracleDriver 11 | RUNDECK_DATABASE_DIALECT: org.rundeck.hibernate.RundeckOracleDialect 12 | RUNDECK_DATABASE_USERNAME: system 13 | RUNDECK_DATABASE_PASSWORD: mypassword123 14 | RUNDECK_DATABASE_URL: jdbc:oracle:thin:@oracle:1521:XE 15 | RUNDECK_DATABASE_VALIDATIONQUERY: SELECT 1 FROM DUAL 16 | volumes: 17 | - ./lib:/home/rundeck/server/lib 18 | - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key 19 | ports: 20 | - 4440:4440 21 | depends_on: 22 | - oracle 23 | oracle: 24 | image: container-registry.oracle.com/database/express:21.3.0-xe 25 | environment: 26 | ORACLE_PWD: mypassword123 27 | expose: 28 | - 1521 29 | ports: 30 | - 1521:1521 31 | volumes: 32 | - dbdata:/opt/oracle/oradata 33 | 34 | volumes: 35 | dbdata: -------------------------------------------------------------------------------- /oraclexe/lib/.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore everything in this directory 2 | * 3 | # Except this file 4 | !.gitignore 5 | -------------------------------------------------------------------------------- /percona-xtradb/Makefile: -------------------------------------------------------------------------------- 1 | RUNDECK_VERSION ?= 4.1.0 2 | RUNDECK_IMAGE ?= rundeckpro/enterprise 3 | PERCONA_IMAGE ?= percona/percona-xtradb-cluster:8.0 4 | 5 | default: bootstrap 6 | 7 | certs: 8 | mkdir -m 777 -p $(PWD)/certs 9 | docker run --name pxc-cert --rm -v $(PWD)/certs:/cert $(PERCONA_IMAGE) mysql_ssl_rsa_setup -d /cert 10 | 11 | bootstrap: certs 12 | docker compose up rddbnode1 -d 13 | echo "wait 35 seconds for main db to start..." && sleep 35 14 | echo "Disabling cluster strict mode..." 15 | docker compose exec rddbnode1 mysql -hlocalhost -uroot -proot rundeck -e "SET GLOBAL pxc_strict_mode=PERMISSIVE;" 16 | docker compose run -i --rm rdbootstrap 17 | echo "wait 5 seconds before enforcing strict mode again" && sleep 5 18 | docker compose exec rddbnode1 mysql -hlocalhost -uroot -proot rundeck -e "SET GLOBAL pxc_strict_mode=ENFORCING;" 19 | docker compose up rddbnode2 -d 20 | docker compose up rddbnode3 -d 21 | 22 | dbstart: 23 | docker compose up rddbnode1 rddbnode2 rddbnode3 -d 24 | 25 | start: 26 | docker compose up rundeck -d 27 | 28 | destroy: 29 | docker compose down -v 30 | rm -rf $(PWD)/certs 31 | 32 | .PHONY: default 33 | -------------------------------------------------------------------------------- /percona-xtradb/README.md: -------------------------------------------------------------------------------- 1 | Percona XtraDB Exhibit 2 | ======================= 3 | 4 | Demonstrates Rundeck + Simple Percona cluster setup 5 | 6 | ### Setup 7 | 8 | #### Create database certificates 9 | Generate the certificates used by the percona cluster nodes: 10 | ```shell 11 | $ make certs 12 | ``` 13 | A `certs`directory with the generated certs will be created. 14 | 15 | #### First-time Bootstrap of the DB cluster 16 | 17 | ***TIP**: `make bootstrap` will run this procedure automatically. This command will execute the following:* 18 | 19 | The first time you need to run the `rddbnode1` container first to bootstrap the cluster: 20 | ``` 21 | docker compose up rddbnode1 -d 22 | ``` 23 | 24 | - Log into the created mysql node and temporarily disable cluster checks. 25 | ```mysql 26 | mysql> SET GLOBAL pxc_strict_mode=PERMISSIVE; 27 | ``` 28 | 29 | Run the rundeck war in dbmigration mode so it creates the database schema: 30 | ```shell 31 | java -jar rundeck.war -m 32 | ``` 33 | 34 | Enable strict mode again on the database cluster. 35 | ```mysql 36 | mysql> SET GLOBAL pxc_strict_mode=ENFORCING; 37 | ``` 38 | 39 | Then start the other database nodes: 40 | ``` 41 | docker compose up rddbnode2 rddbnode3 -d 42 | ``` 43 | 44 | 45 | 46 | ### Startup 47 | Run 48 | `make start` 49 | or 50 | `docker-compose up rundeck -d` 51 | 52 | ### Teardown everything (including db) 53 | `make destroy` or `docker-compose down -v` 54 | -------------------------------------------------------------------------------- /percona-xtradb/config/cluster-cert.cnf: -------------------------------------------------------------------------------- 1 | [mysqld] 2 | ssl-ca = /cert/ca.pem 3 | ssl-cert = /cert/server-cert.pem 4 | ssl-key = /cert/server-key.pem 5 | 6 | [client] 7 | ssl-ca = /cert/ca.pem 8 | ssl-cert = /cert/client-cert.pem 9 | ssl-key = /cert/client-key.pem 10 | 11 | [sst] 12 | encrypt = 4 13 | ssl-ca = /cert/ca.pem 14 | ssl-cert = /cert/server-cert.pem 15 | ssl-key = /cert/server-key.pem 16 | -------------------------------------------------------------------------------- /percona-xtradb/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.9' 2 | 3 | services: 4 | rdbootstrap: 5 | image: ${RUNDECK_IMAGE:-rundeckpro/enterprise:SNAPSHOT} 6 | restart: "no" 7 | 8 | networks: 9 | - rundeck-network 10 | environment: 11 | RUNDECK_EXEC_CMD: java -jar rundeck.war -m 12 | RUNDECK_DATABASE_DRIVER: org.mariadb.jdbc.Driver 13 | RUNDECK_DATABASE_USERNAME: rundeck 14 | RUNDECK_DATABASE_PASSWORD: rundeck 15 | RUNDECK_DATABASE_URL: jdbc:mysql://rddbnode1/rundeck?autoReconnect=true&useSSL=false 16 | rundeck: 17 | image: ${RUNDECK_IMAGE:-rundeckpro/enterprise:SNAPSHOT} 18 | networks: 19 | - rundeck-network 20 | environment: 21 | RUNDECK_DATABASE_DRIVER: org.mariadb.jdbc.Driver 22 | RUNDECK_DATABASE_USERNAME: rundeck 23 | RUNDECK_DATABASE_PASSWORD: rundeck 24 | RUNDECK_DATABASE_URL: jdbc:mysql://rddbnode1/rundeck?autoReconnect=true&useSSL=false 25 | RUNDECK_GRAILS_URL: "http://localhost:4440" 26 | volumes: 27 | - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key 28 | ports: 29 | - 4440:4440 30 | rddbnode1: 31 | image: percona/percona-xtradb-cluster:8.0 32 | networks: 33 | - rundeck-network 34 | ports: 35 | - 3306:3306 36 | environment: 37 | - MYSQL_ROOT_PASSWORD=root 38 | - MYSQL_DATABASE=rundeck 39 | - MYSQL_USER=rundeck 40 | - MYSQL_PASSWORD=rundeck 41 | - CLUSTER_NAME=rundeck-cluster 42 | volumes: 43 | - ${PWD}/certs:/cert 44 | - ${PWD}/config:/etc/percona-xtradb-cluster.conf.d 45 | 46 | rddbnode2: 47 | image: percona/percona-xtradb-cluster:8.0 48 | networks: 49 | - rundeck-network 50 | ports: 51 | - 3307:3306 52 | environment: 53 | - MYSQL_ROOT_PASSWORD=root 54 | - MYSQL_DATABASE=rundeck 55 | - MYSQL_USER=rundeck 56 | - MYSQL_PASSWORD=rundeck 57 | - CLUSTER_NAME=rundeck-cluster 58 | - CLUSTER_JOIN=rddbnode1 59 | volumes: 60 | - ${PWD}/certs:/cert 61 | - ${PWD}/config:/etc/percona-xtradb-cluster.conf.d 62 | 63 | rddbnode3: 64 | image: percona/percona-xtradb-cluster:8.0 65 | networks: 66 | - rundeck-network 67 | ports: 68 | - 3308:3306 69 | environment: 70 | - MYSQL_ROOT_PASSWORD=root 71 | - MYSQL_DATABASE=rundeck 72 | - MYSQL_USER=rundeck 73 | - MYSQL_PASSWORD=rundeck 74 | - CLUSTER_NAME=rundeck-cluster 75 | - CLUSTER_JOIN=rddbnode1 76 | volumes: 77 | - ${PWD}/certs:/cert 78 | - ${PWD}/config:/etc/percona-xtradb-cluster.conf.d 79 | 80 | networks: 81 | rundeck-network: 82 | name: rundeck-network 83 | -------------------------------------------------------------------------------- /postgres/.env.dist: -------------------------------------------------------------------------------- 1 | ## Set pro options if applicable 2 | # RUNDECK_IMAGE=rundeckpro/team:SNAPSHOT 3 | # RUNDECK_LICENSE_FILE= -------------------------------------------------------------------------------- /postgres/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG RUNDECK_IMAGE 2 | 3 | FROM ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT} 4 | 5 | COPY --chown=rundeck:root remco /etc/remco -------------------------------------------------------------------------------- /postgres/README.md: -------------------------------------------------------------------------------- 1 | PostgreSQL Exhibit 2 | ============= 3 | 4 | Demonstrates configuring Rundeck to use PostgreSQL as an external database. 5 | 6 | 7 | ### Startup 8 | ``` 9 | docker-compose up 10 | ``` 11 | 12 | ### Teardown 13 | ``` 14 | docker-compose down -v 15 | ``` -------------------------------------------------------------------------------- /postgres/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | rundeck: 5 | image: ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT} 6 | links: 7 | - postgres 8 | environment: 9 | RUNDECK_DATABASE_DRIVER: org.postgresql.Driver 10 | RUNDECK_DATABASE_USERNAME: rundeck 11 | RUNDECK_DATABASE_PASSWORD: rundeck 12 | RUNDECK_DATABASE_URL: jdbc:postgresql://postgres/rundeck?autoReconnect=true&useSSL=false&allowPublicKeyRetrieval=true 13 | RUNDECK_GRAILS_URL: http://localhost:4440 14 | volumes: 15 | - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key 16 | ports: 17 | - 4440:4440 18 | postgres: 19 | image: postgres 20 | expose: 21 | - 5432 22 | environment: 23 | - POSTGRES_DB=rundeck 24 | - POSTGRES_USER=rundeck 25 | - POSTGRES_PASSWORD=rundeck 26 | volumes: 27 | - dbdata:/var/lib/postgresql/data 28 | 29 | volumes: 30 | dbdata: 31 | -------------------------------------------------------------------------------- /runner/.env.dist: -------------------------------------------------------------------------------- 1 | # Set enterprise options if applicable 2 | # RUNNER_RUNDECK_CLIENT_ID= 3 | # RUNNER_RUNDECK_SERVER_TOKEN= 4 | # RUNNER_RUNDECK_SERVER_URL= 5 | -------------------------------------------------------------------------------- /runner/README.md: -------------------------------------------------------------------------------- 1 | # Rundeck Runner Exhibit 2 | 3 | ## Configuration 4 | 5 | * `RUNNER_RUNDECK_SERVER_URL` - The base URL for your Rundeck Enterprise server. This could be `http://host.docker.internal:4440/` for local development or `https://your-subdomain.runbook.pagerduty.cloud/` for a Runbook Automation deployment. 6 | * `RUNNER_RUNDECK_CLIENT_ID` - The Runner id. 7 | * `RUNNER_RUNDECK_SERVER_TOKEN` - The Runner's secret token. 8 | -------------------------------------------------------------------------------- /runner/docker-compose.yml: -------------------------------------------------------------------------------- 1 | name: rundeck-runner 2 | 3 | services: 4 | 5 | runner: 6 | env_file: .env 7 | image: rundeckpro/runner:SNAPSHOT 8 | tty: true 9 | 10 | volumes: 11 | data: 12 | -------------------------------------------------------------------------------- /simple-cluster/.env.dist: -------------------------------------------------------------------------------- 1 | ## Set pro options if applicable 2 | RUNDECK_IMAGE=rundeckpro/enterprise:SNAPSHOT 3 | RUNDECK_LICENSE_FILE=/path/to/licence.file 4 | -------------------------------------------------------------------------------- /simple-cluster/README.md: -------------------------------------------------------------------------------- 1 | Simple Cluster Exhibit 2 | ============= 3 | 4 | Demonstrates configuring a Rundeck Enterprise Cluster, with NGinx as Load Balancer. 5 | 6 | ### Setup 7 | 8 | - Copy the provided `.env.dist` file as `.env`, and edit the values as needed providing the correct license file. 9 | - If you want to increase the cluster size, you'll need to adjust the `replicas` parameters in the `docker-compose.yml` file. 10 | And also adjust the `upstream` servers in the `nginx.conf` file. This in order to use nginx as actual load balancer 11 | instead of docker's default round-robin load balancer. 12 | 13 | 14 | ### Startup 15 | ``` 16 | docker-compose up 17 | ``` 18 | 19 | ### Teardown 20 | ``` 21 | docker-compose down -v 22 | ``` -------------------------------------------------------------------------------- /simple-cluster/docker-compose.yml: -------------------------------------------------------------------------------- 1 | 2 | # We fix the project name so DNS names are deterministic 3 | # This in order to use nginx LB in full, instead of docker's dns round-robin strategy. 4 | name: rundeck-cluster 5 | 6 | services: 7 | nginx: 8 | image: nginx 9 | depends_on: 10 | rundeck: 11 | condition: service_healthy 12 | volumes: 13 | - ./nginx.conf:/etc/nginx/nginx.conf:ro 14 | ports: 15 | - 80:80 16 | 17 | # slim rundeck container to run database setup. 18 | # We do this first to prevent collisions between the two nodes when doing the first setup. 19 | rundeck-migration: 20 | image: ${RUNDECK_IMAGE:-rundeckpro/enterprise:SNAPSHOT} 21 | links: 22 | - dbase 23 | environment: 24 | RUNDECK_EXEC_CMD: "java -jar rundeck.war -m" 25 | RUNDECK_DATABASE_DRIVER: org.mariadb.jdbc.Driver 26 | RUNDECK_DATABASE_USERNAME: rundeck 27 | RUNDECK_DATABASE_PASSWORD: rundeck 28 | RUNDECK_DATABASE_URL: jdbc:mysql://dbase/rundeck?autoReconnect=true&useSSL=false&allowPublicKeyRetrieval=true 29 | 30 | 31 | # main cluster 32 | rundeck: 33 | deploy: 34 | replicas: 2 # If this is changed, remember to adjust nginx configuration at nginx.conf 35 | image: rundeck-node 36 | build: 37 | context: rundeck-node 38 | args: 39 | RUNDECK_IMAGE: ${RUNDECK_IMAGE:-rundeckpro/enterprise:SNAPSHOT} 40 | links: 41 | - rundeck-migration 42 | - dbase 43 | depends_on: 44 | rundeck-migration: 45 | condition: service_completed_successfully 46 | environment: 47 | RUNDECK_GRAILS_URL: http://localhost 48 | RUNDECK_DATABASE_DRIVER: org.mariadb.jdbc.Driver 49 | RUNDECK_DATABASE_USERNAME: rundeck 50 | RUNDECK_DATABASE_PASSWORD: rundeck 51 | RUNDECK_DATABASE_URL: jdbc:mysql://dbase/rundeck?autoReconnect=true&useSSL=false&allowPublicKeyRetrieval=true 52 | RUNDECK_SECURITY_DBLOGIN_ENABLED: 'true' 53 | RUNDECK_SECURITY_DBLOGIN_CREATEADMINUSERANDROLES: 'true' 54 | RUNDECK_SECURITY_DBLOGIN_ADMINUSERNAME: admin 55 | RUNDECK_SECURITY_DBLOGIN_ADMINPASSWORD: admin 56 | RUNDECK_PLUGIN_CLUSTER_REMOTEEXECUTION_ENABLED: 'false' 57 | RUNDECK_FEATURE_ENTERPRISEACL_ENABLED: 'false' 58 | RUNDECK_FEATURE_ENTERPRISEACLTRANSFER_ENABLED: 'false' 59 | RUNDECK_SERVER_ADDRESS: 0.0.0.0 60 | RUNDECK_GUI_STARTPAGE: jobs 61 | healthcheck: 62 | test: "curl -f http://localhost:4440" 63 | interval: 5s 64 | timeout: 10s 65 | retries: 50 66 | start_period: 180s 67 | start_interval: 10s 68 | ports: 69 | - 4440 70 | # expose: 71 | # - 4440 72 | volumes: 73 | - logdata:/home/rundeck/var/logs:rw 74 | - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key 75 | 76 | dbase: 77 | image: mysql:8 78 | ports: 79 | - 3306:3306 80 | environment: 81 | MYSQL_ROOT_PASSWORD: root 82 | MYSQL_DATABASE: rundeck 83 | MYSQL_USER: rundeck 84 | MYSQL_PASSWORD: rundeck 85 | volumes: 86 | - dbdata_mysql:/var/lib/mysql 87 | 88 | volumes: 89 | logdata: 90 | dbdata_mysql: 91 | -------------------------------------------------------------------------------- /simple-cluster/nginx.conf: -------------------------------------------------------------------------------- 1 | events { 2 | worker_connections 1024; 3 | } 4 | 5 | http { 6 | upstream rundeck { 7 | ip_hash; 8 | server rundeck-cluster-rundeck-1:4440 max_fails=3 fail_timeout=30s; 9 | server rundeck-cluster-rundeck-2:4440 max_fails=3 fail_timeout=30s; 10 | } 11 | 12 | server { 13 | location / { 14 | proxy_pass http://rundeck; 15 | proxy_set_header X-Real-IP $remote_addr; 16 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 17 | #proxy_set_header X-Forwarded-Proto $scheme; 18 | #proxy_set_header User-Agent $http_user_agent; 19 | } 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /simple-cluster/rundeck-node/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG RUNDECK_IMAGE 2 | FROM ${RUNDECK_IMAGE} 3 | 4 | USER root 5 | 6 | #Create logs dir path 7 | RUN mkdir -p /home/rundeck/var/logs && \ 8 | chown rundeck:root /home/rundeck/var/logs 9 | 10 | # Set output log dir as volume so it can be shared across containers 11 | USER rundeck 12 | VOLUME /home/rundeck/var/logs 13 | -------------------------------------------------------------------------------- /sqlserver/.env.dist: -------------------------------------------------------------------------------- 1 | ## Set pro options if applicable 2 | # RUNDECK_IMAGE=rundeckpro/enterprise:SNAPSHOT 3 | # RUNDECK_LICENSE_FILE= 4 | # RUNDECK_PORT=4441 -------------------------------------------------------------------------------- /sqlserver/README.md: -------------------------------------------------------------------------------- 1 | MSSQL Server Exhibit 2 | ============= 3 | 4 | Demonstrates configuring Rundeck to use MSSQL Server as an external database. 5 | 6 | 7 | ### Startup 8 | ``` 9 | docker-compose up 10 | ``` 11 | 12 | ### Teardown 13 | ``` 14 | docker-compose down -v 15 | ``` -------------------------------------------------------------------------------- /sqlserver/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | services: 3 | rundeck: 4 | image: ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT} 5 | links: 6 | - sqlserver 7 | environment: 8 | RUNDECK_GRAILS_URL: http://localhost:${RUNDECK_PORT:-4441} 9 | RUNDECK_DATABASE_DRIVER: com.microsoft.sqlserver.jdbc.SQLServerDriver 10 | RUNDECK_DATABASE_USERNAME: sa 11 | RUNDECK_DATABASE_PASSWORD: RundeckPassw0rd 12 | RUNDECK_DATABASE_URL: jdbc:sqlserver://sqlserver;DatabaseName=rundeck;autoReconnect=true;useSSL=false 13 | RUNDECK_DATABASE_DIALECT: org.hibernate.dialect.SQLServer2012Dialect 14 | volumes: 15 | - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key 16 | ports: 17 | - "${RUNDECK_PORT:-4441}:4440" 18 | depends_on: 19 | - sqlserver 20 | 21 | sqlserver: 22 | build: 23 | context: ./sqlserver 24 | expose: 25 | - 1433 26 | ports: 27 | - 1433:1433 28 | environment: 29 | - ACCEPT_EULA=Y 30 | - MSSQL_PID=Express 31 | - SA_PASSWORD=RundeckPassw0rd 32 | command: /bin/bash ./entrypoint.sh 33 | volumes: 34 | - mssql_data:/var/opt/mssql 35 | 36 | volumes: 37 | mssql_data: 38 | -------------------------------------------------------------------------------- /sqlserver/sqlserver/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM mcr.microsoft.com/mssql/server:2022-latest 2 | 3 | USER root 4 | # Create app directory 5 | RUN mkdir -p /usr/src/app 6 | WORKDIR /usr/src/app 7 | 8 | # Bundle app source 9 | COPY . /usr/src/app 10 | 11 | # Grant permissions for the import-data script to be executable 12 | RUN chmod +x /usr/src/app/import-data.sh 13 | 14 | USER mssql 15 | CMD /bin/bash ./entrypoint.sh -------------------------------------------------------------------------------- /sqlserver/sqlserver/entrypoint.sh: -------------------------------------------------------------------------------- 1 | /opt/mssql/bin/sqlservr & /usr/src/app/import-data.sh && while true; do sleep 1; done 2 | -------------------------------------------------------------------------------- /sqlserver/sqlserver/import-data.sh: -------------------------------------------------------------------------------- 1 | #wait for the SQL Server to come up 2 | sleep 10s 3 | 4 | #run the setup script to create the DB and the schema in the DB 5 | /opt/mssql-tools18/bin/sqlcmd -C -S localhost -U sa -P $SA_PASSWORD -d master -i setup.sql 6 | -------------------------------------------------------------------------------- /sqlserver/sqlserver/setup.sql: -------------------------------------------------------------------------------- 1 | CREATE DATABASE rundeck; --------------------------------------------------------------------------------