Rundeck fun
nano docker-compose.yaml
version: '3'
services:
rundeck:
image: 'rundeck/rundeck:3.4.8'
restart: unless-stopped
environment:
RUNDECK_GRAILS_URL: 'https://rundeck.domain.com'
RUNDECK_SERVER_FORWARDED: 'true'
RUNDECK_DATABASE_DRIVER: org.mariadb.jdbc.Driver
RUNDECK_DATABASE_USERNAME: rundeck
RUNDECK_DATABASE_PASSWORD: rundeck
RUNDECK_DATABASE_URL: jdbc:mysql://mysql/rundeck?autoReconnect=true&useSSL=false
ports:
- 127.0.0.1:4440:4440
volumes:
- ./data/data:/home/rundeck/server/data
- ./data/projects:/home/rundeck/projects
- ./data/realm.properties:/home/rundeck/server/config/realm.properties
depends_on:
- "mysql"
mysql:
image: mysql:5.7
restart: unless-stopped
environment:
- MYSQL_ROOT_PASSWORD=root
- MYSQL_DATABASE=rundeck
- MYSQL_USER=rundeck
- MYSQL_PASSWORD=rundeck
volumes:
- ./data/db:/var/lib/mysql
First you’ll want to comment out - ./data/realm.properties:/home/rundeck/server/config/realm.properties then docker exec -it rundeck_rundeck_1 cat /home/rundeck/server/config/realm.properties > ./data/realm.properties to get the file. Then you’ll uncomment it out and restart the rundeck_rundeck_1
You can edit the users with the realm.properties. You have to manually edit the file. To generate the creds you run docker exec -it rundeck_rundeck_1 java -jar /home/rundeck/rundeck.war --encryptpwd Jetty
NGiNX Reverse Proxy⌗
nano /etc/nginx/conf.d/rundeck.domain.com-HTTPS.conf
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/ssl/rundeck.domain.com/fullchain.crt;
ssl_certificate_key /etc/nginx/ssl/rundeck.domain.com/key;
location / {
proxy_pass http://127.0.0.1:4440;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Host $host;
}
}
Ansible not working⌗
They say you should build your own rundeck image. I haven’t done that yet, but will eventually. Here is how to fix it for the time.
-
Connect into the container
docker exec -it --user root rundeck_rundeck_1 /bin/bash -
Install python3-pip and sshpass for ansible
apt update; apt -y --no-install-recommends install ca-certificates python3-pip sshpass -
Install setuptools and ansible
pip3 --no-cache-dir install --upgrade pip setuptools && pip3 --no-cache-dir install ansible==2.9.2 -
Now we can leave the container
exit
This will need to be done whenever you’re rebuilding the container (any docker-compose.yml) changes⌗
Git not working⌗
-
Connect into the container
docker exec -it --user root rundeck_rundeck_1 /bin/bash -
Install git
apt update; apt install -y git -
Now we can leave the container
exit
For me I just do:⌗
-
Connect into the container
docker exec -it --user root rundeck_rundeck_1 /bin/bash -
Install python3-pip and sshpass for ansible
apt update; apt -y --no-install-recommends install ca-certificates python3-pip sshpass git -
Install setuptools and ansible
pip3 --no-cache-dir install --upgrade pip setuptools && pip3 --no-cache-dir install ansible==2.9.2 -
Now we can leave the container
exit
OSE SSO Using Authentik Proxy⌗
The logout URL is: /akprox/sign_out. Add the below to the docker-compose. I’m not going to add how to in authentik since I plan on doing a dedicated authentik writeup
RUNDECK_PREAUTH_ENABLED: 'true'
RUNDECK_PREAUTH_ATTRIBUTE_NAME: 'REMOTE_USER_GROUPS'
RUNDECK_PREAUTH_DELIMITER: ','
RUNDECK_PREAUTH_USERNAME_HEADER: 'X-authentik-username'
RUNDECK_PREAUTH_ROLES_HEADER: 'X-authentik-groups'
RUNDECK_PREAUTH_REDIRECT_LOGOUT: 'true'
RUNDECK_PREAUTH_REDIRECT_URL: '/akprox/sign_out'
Now we need custom attributes/header for the roles
Add the following to the Attributes section on a new group rundeck-admin for me, then add the admin user to that group.
additionalHeaders:
X-authentik-rundeck-roles: admin,user