De-cron! Build a job scheduler with Rundeck

Introduction

I had to create a process to execute periodically for multiple existing servers, and I thought that there would be no option to write cron in 2017, and after considering some job schedulers, I settled on Rundeck, so I set it. ~ It is a memo until the regular execution.

The environment I tried is CentOS 7.

Installation

Java installation

Rundeck won't work without Java. If Java is not installed, install it.

yum install java-1.8.0

Install Rundeck

rpm -Uvh http://repo.rundeck.org/latest.rpm
yum install rundeck

This completes the installation.

Rundeck settings

URL change

Since we want to access from a local browser, change it to a global IP or domain that is accessed from the outside.

vi /etc/rundeck/rundeck-config.properties

rundeck-config.properties

grails.serverURL=http://Domain OR IP:4440

Open 4440 port

Let's set the server side and network security so that it can communicate with 4440

admin user settings

Default user settings

Username: admin Password: admin

You can access it with.

This setting is written in /etc/rundeck/realm.properties, but the password is also plain text and it is not good for security at all.

realm.properties

admin:admin,user,admin,architect,deploy,build

Change admin password and md5

First, change this plaintext password and change the description of the configuration file to md5.

In this example, newadmin is set as the new password.

sudo java -cp /var/lib/rundeck/bootstrap/jetty-all-9.0.7.v20131107.jar org.eclipse.jetty.util.security.Password admin newadmin

Then the following hash value will be generated

OBF:1x151t331u2a1y7z1b301t121x1h
MD5:b0a24b98c089b3b0f5d4174420cebe0c
CRYPT:advDltGLaH7Bo

Copy the entire part of MD5: b0a24b98c089b3b0f5d4174420cebe0c here.

Then open /etc/rundeck/realm.properties and make the following changes.

realm.properties

admin:MD5:b0a24b98c089b3b0f5d4174420cebe0c,user,admin,architect,deploy,build

About this script

There is a .jar file in / var / lib / rundeck / bootstrap /, but the number seems to be slightly different depending on the version of Rundeck. Try cd / var / lib / rundeck / bootstrap and use the filename of the .jar file that starts with jetty-all-.

Add new user

Here, add the user poweruser equivalent to admin and the password mypassword.

User add command

java -cp /var/lib/rundeck/bootstrap/jetty-all-9.0.7.v20131107.jar org.eclipse.jetty.util.security.Password poweruser mypassword

Added to realm.properties

The hash is generated as in the case of admin, so copy it. Add the poweruser setting to /etc/rundeck/realm.properties as well as admin as shown below.

realm.properties

# admin
admin:MD5:b0a24b98c089b3b0f5d4174420cebe0c,user,admin,architect,deploy,build
# poweruser
poweruser:MD5:abc24b98c089b3b0f5d4174420cebe0c,user,admin,architect,deploy,build

Add aclpolicy

User permission settings etc. are written in this ʻacl policy file.

If you do cd / etc / rundeck && ll, you will find files such as aclpolicy for admin user and properties which will not be changed this time.

This time we will create a user with the same privileges as `ʻadmin``, so copy admin's aclpolicy.

cd /etc/rundeck
cp admin.aclpolicy poweruser.aclpolicy

This completes the new user settings.

Reboot rundeck

Reflects the settings.

systemctl restart rundeckd

Add project

Minimum settings

You can create a project with just the name for the time being

Creating a job

Create a job from the Create Job button.

Add job name and description

Add Workflow

This time I selected Script and filled in echo "this is TEST".

After inputting, press the Save button and then the Create button of the job.

Manually run the job

Execute the registered job from the Run Job Now button.

If successful, an image like this will be displayed.

Check execution details

If you look at the Node on the Report tab, you can see that the echo you entered is being processed.

Periodic job execution

Opens the job edit screen Jobs menu ⇒ Edit this Job.

Set Schedule to run repeatedly?

From the job setting screen, change Schedule to run repeatedly? To Yes and set.

It's pretty intuitive, or it's okay if you can set it as you see it.

• What time?
• Is it every day?
• Is it monthly?

This is the only setting. There is also a Crontab mode, so it seems to be convenient when porting from an existing Crontab.

After the set time has passed, check if it can be executed. The confirmation method is the same as for manual execution.

Log in to the server and execute the process

So far, we have been working on the server where Rundeck is installed. From here, I will write how to log in to another server that you will actually use and execute the process.

Preparation

It is necessary to be able to perform key authentication login without a password from the server on which Rundeck is installed to the server you want to execute the process.

Add node

Unfortunately, adding a node is not possible from the GUI. Change the configuration file as follows. Since we created a project called test this time, edit the following files. /var/rundeck/projects/test/etc/resources.xml

resources.xml

<?xml version="1.0" encoding="UTF-8"?>
<project>
#Localhost settings that should already be there
<node name="localhost" description="Rundeck server node" tags="" hostname="localhost" osArch="amd64" osFamily="unix" osName="Linux" osVersion="el7.x86_64" username="rundeck"/>

#Add the following
<node name="remotehost" description="Remote server node" tags="" hostname="10.1.0.12" osArch="amd64" osFamily="unix" osName="Linux" osVersion="6.5" username="remoteuser"/>
</project>

Add the following settings to <project> </ project>.

• name: Node name (required)
• description: Node description (optional)
• hostname: IP address to connect to (required)
• osArch: OS architecture (optional)
• osFamily: windows or unix (optional)
• osName: OS name (optional)
• osVersion: OS version (optional)
• username: ssh The name of the user logging in (required)

For details, please see the official http://rundeck.org/docs/man5/resource-xml.html

Set of private keys

This time, it is assumed that there is already a user who can log in to each SSH, and there is a pair of private key and public key.

Check the default private key setting

Press the Configure button from the project home screen.

Press the Simple Configuration button.

If you check the Default Node Executor

/var/lib/rundeck/.ssh/id_rsa

It has become. I think the same value is set for SCP in Default Node File Copier.

This time, we will set the existing private key under this / var / lib / rundeck / .ssh /.

Copy of private key

It is assumed that there is already a user named remoteuser, there is ʻid_rsa``, and ʻauthorized_keys`` is set on the server to connect to.

Copy the private key of remoteuser under /var/lib/rundeck/.ssh and change the group and owner to rundeck

cp /home/remoteuser/.ssh/id_rsa /var/lib/rundeck/.ssh/remoteuser_id_rsa
chown rundeck remoteuser_id_rsa
chgrp rundeck remoteuser_id_rsa

Change project key settings

Follow the same procedure as the previous `` Check the default private key setting'' to move to the setting screen.

Set the key of the copied remoteuser.

Added processing for remote server execution

Open the job and set the Command --Execute a remote command of the Workflow Add a Step.

Run pwd as a test.

After saving, it should be in the following state.

Node settings

If you select Dispatch to Nodes and enter remotehost in Node Filter, the configured nodes will be displayed as candidates.

After setting up to this point, press Save to save.

Confirm execution of remote host

Execute it as before, and if Succeeded is displayed, it is successful. If it fails, Failed will be displayed as shown below, so please reconfirm the settings.

in conclusion

You can now run jobs on a regular basis and on remote hosts. Cron can be easily executed with cron, but it is fine if there are settings that you do not know who added for what purpose, an error occurs, or if you write settings for each when there are multiple servers like this time. There are various problems such as painfulness and difficult execution errors.

I think it's a little different to say that Rundeck solves everything, but at least it's often much clearer than running it with cron, so I'm thinking of gradually migrating the remaining existing cron to this one as well. ..

Also, when I was operating it, I felt that it was close to Jenkins.