The missing tool

Artur Martins(@arturmartins)

Devops Dublin Meetup III 8th July 2015

WHO AM I?

• Name: Artur Martins (@arturmartins on twitter)

• Senior Systems Engineer at

• Using rundeck since April 2014

• I

WHAT IS RUNDECK• Operations Web Dashboard (and a REST API as well)

• fine-grain access controls

• builtin-job scheduler

• jobs can have multiple sequence steps and corresponde error handling

• ability to define workflows (coordinated sequences commands and scripts or jobs)

FEATURES• Import Node info from chef, puppet, amazon ec2, salt or make

your own CMDB/node list.

• Run multiple jobs or workflows in parallel

• Follow job executions running (distributed tail -f)

• Trigger 3rd parties using email or webhook

• Plugins available: JIRA, PagerDuty, Slack, HipChat, Redmine, Puppet, salt, nexus, jenkins, chef, Nexus, AWS EC2 Nodes, Kerberos, IRC, Jabber, AWS S3

BENEFITS

• Formalisation of your IT Ops procedures

• Safely enable Self-service dashboard

• Visibility, Accountability, Logging

INFRASTRUCTURE

source: http://rundeck.org/docs/administration/installation.html

DEV / OPS

source: http://rundeck.org/news/2014/01/08/Jenkins-is-for-development-Rundeck-is-for-operations.html

source: http://blog.mattcallanan.net/2013_03_01_archive.html

OK, I GET IT…

TAXONOMY

• Job - sequence of one or more commands or scripts

• Workflow - sequence of one of more jobs

• Node - a resource accessible through SSH

INSTALL / UPGRADE• Requirements:

Java 1.7+ (Both Open JDK and Sun/Oracle) JAVA_HOME env var defined

• Debian/Ubuntu scenario:

version='2.5.2' wget http://dl.bintray.com/rundeck/rundeck-deb/rundeck-${version}-1-GA.deb sudo dpkg -i rundeck-${version}-1-GA.deb

INSTALL ADVICE

• Install webserver (apache/nginx) and set a reverse proxy

• Authentication should always be under HTTPS, right?

REMOTE NODES SETUP

• Create (at least) one SSH account (depends on context)

• Add ssh pub key

• Add whitelist sudo permissions /etc/sudoers.d/${user} if administration are needed

POST INSTALL CONFIG• realm.properties (add a rundeck user)

admin:admin,user,admin,architect,deploy,build user:password,user,role1,role2,role3

• project.propertiesproject.organization = “Your company"

• framework.propertiesgeneral framework configs.

• rundeck-config.propertiesgrails.serverURL=http://rundeck.yourcompany.comdataSource.url=jdbc:(set your database jdbc connection string here)

NODE DEFINITION

Rundeck also supports resources definition in YML

<node name="app1"> <!-- Rundeck node attributes --> <attribute name="hostname" value="192.168.50.30"/> <attribute name="username" value="rundeckops"/> <attribute name="tags" value="demo,testing"/> <attribute name="description" value="Ubuntu server"/> <attribute name="osName" value="Ubuntu"/> <attribute name="osVersion" value=“14.04 LTS 64bit"/> <attribute name="osFamily" value="unix"/>

<!-- Rundeck SSH related attributes --> <attribute name="ssh-key-storage-path" value="path/to/id_rsa"/>

<!-- Custom attributes --> <attribute name="group" value="other"/> <attribute name="datacenter" value="CA,USA"/> <attribute name="osCodename" value="trusty"/> <attribute name="rdnsName" value="app1.example.com"/> <attribute name="provider" value="digitalocean"/> </node>

DEMO

Demos always work

if you use VAGRANT

… or maybe not :)

CAVEATS• Some characters in password field might cause authentication to fail (/

etc/rundeck/realm.proprieties)

• Assure no spaces a the end of a value in any /etc/rundeck/* config files

• Node filter is tricky if you want to select different nodes by multiple parameters. Workaround: regex all the way.

• Be aware of rundeck rules for quotes escaping for commands:http://rundeck.org/docs/manual/jobs.html#quoting-arguments-to-steps

FURTHER READING• http://rundeck.org/docs/

• https://github.com/rundeck/rundeck

• http://www.slideshare.net/dev2ops/rundecks-history-and-future

• http://lanyrd.com/2012/chefconf/stkdz/

• http://blog.mattcallanan.net/2013_03_01_archive.html

• http://www.slideshare.net/dev2ops/nexus-live-1

• Mailing-list: https://groups.google.com/forum/#!forum/rundeck-discuss

• IRC: #rundeck at freenode.

QUESTIONS?

myself=‘arturmartins’

@{myself}

{myself}@gmail.comie.linkedin.com/in/{myself}

plus.google.com/+{myself}1