[ { "path": ".gitignore", "content": ".env\noracle/lib/ojdbc8.jar\n.idea\n.DS_Store\n/percona-xtradb/certs/\n" }, { "path": "README.md", "content": "Rundeck Docker Zoo\n==================\n\nWelcome to Rundeck's docker Zoo! Here we have many exhibits, both\ncommon _and_ exotic.\n\nThese examples are great for trying out Rundeck in different setups,\nas well as a reference and starting place for your own deployments.\n\n## Topics\n\n### Authentication\n* [ldap](./ldap)\n* [ldap-combined](./ldap-combined)\n\n### Extending Configuration \n* [config](./config)\n\n### External Database Config\n* [mysql](./mysql)\n* [oraclexe](./oraclexe)\n* [postgres](./postgres)\n* [sqlserver](./sqlserver)\n\n### Kubernetes\n* `Pro` [kubernetes](./kubernetes)\n\n### Plugin Bundling\n* [cloud](./cloud)\n* [config](./config)\n\n### Reverse Proxy\n* [cloud](./cloud)\n\n### Runner\n* [runner](./runner)\n\n## Conventions\n\n### Config via `.env`\nEach docker-compose based exhibit has a `.env.dist` file that can be used to\nconfigure the example after being copied to `.env` . Some require it be populated\nand will call this out in the instructions. For all others it can be used to\nchanged the Rundeck docker image and other various defaults.\n\n\n### Rundeck Enterpise (fka Pro) images\nFor each exhibit copy `.env.dist` to `.env` and uncomment the\n**pro** section. Provide the desired image and license file location:\n```bash\nRUNDECK_IMAGE=rundeckpro/enterprise:SNAPSHOT\nRUNDECK_LICENSE_FILE=/path/to/rundeck-license.key\n```\n\n### Updating/Changing Images\nFor docker-compose without builds:\n```\ndocker-compose down\ndocker-compose pull\n```\n\nFor docker-compose with builds:\n```\ndocker-compose down\ndocker-compose pull && docker-compose build --pull\ndocker-compose up\n```\n\n### Teardown\nTo remove the setup including data volumes:\n```\ndocker-compose down --volumes\n```\n" }, { "path": "basic/README.md", "content": "Basic Exhibit\n=============\n\nQuickest way to get up and running with a persistent data volume.\n\n\n### Startup\n```\ndocker-compose up\n```\n\n### Teardown\n```\ndocker-compose down -v\n```" }, { "path": "basic/docker-compose.yml", "content": "version: '3'\n\nservices:\n rundeck:\n image: ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT}\n tty: true\n volumes:\n - data:/home/rundeck/server/data\n - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key\n ports:\n - 4440:4440\n\nvolumes:\n data:" }, { "path": "cloud/.gitignore", "content": "libext\n" }, { "path": "cloud/Dockerfile", "content": "ARG RUNDECK_IMAGE\n\nFROM ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT}\n\nCOPY --chown=rundeck:root ./libext ./libext" }, { "path": "cloud/README.md", "content": "Cloud Exhibit\n=============\nThis exhibit demonstrates what a typical cloud or multi-server\ndeployment may look like.\n\nOn display:\n* Running Rundeck behind a reverse proxy\n* Storage backend connected to a database server\n* Execution logs stored in S3\n* Bundling extra plugins\n\n### Reverse proxy\nThis configuration exposes rundeck at `http://localhost:80` through nginx.\nA similiar setup is possible behind a cloud provider proxy, such as AWS ELB[v2],\nand the key is the `RUNDECK_SERVER_FORWARDED=true` environment variable which instructs\nRundeck to respect the standard `X-Forwarded-*` headers.\n\n## Setup\n**Fetch S3 log plugin**\n```\nmkdir libext\ncd libext\nwget https://github.com/rundeck-plugins/rundeck-s3-log-plugin/releases/download/v1.0.8/rundeck-s3-log-plugin-1.0.8.jar\n```\n\n**Populate `.env` file**\n```bash\ncp .env.dist .env\nvim .env\n```\n\n**Build and Up** \n> **NOTE:** Building is not necessary the first time, however\nit will be to use newer or different images after the\nfirst build.\n```\ndocker-compose build\ndocker-compose up\n```\n" }, { "path": "cloud/docker-compose.yml", "content": "version: '3'\n\nservices:\n rundeck:\n build:\n context: ./\n args:\n RUNDECK_IMAGE: ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT}\n links:\n - mysql\n tty: true\n environment:\n RUNDECK_GRAILS_URL: http://localhost\n RUNDECK_SERVER_FORWARDED: 'true'\n RUNDECK_DATABASE_DRIVER: org.mariadb.jdbc.Driver\n RUNDECK_DATABASE_USERNAME: rundeck\n RUNDECK_DATABASE_PASSWORD: rundeck\n RUNDECK_DATABASE_URL: jdbc:mysql://mysql/rundeck?autoReconnect=true&useSSL=false\n RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_NAME: org.rundeck.amazon-s3\n RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_BUCKET: ${RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_BUCKET}\n RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_REGION: ${RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_REGION}\n RUNDECK_STORAGE_CONVERTER_1_CONFIG_PASSWORD: ${RUNDECK_STORAGE_PASSWORD}\n RUNDECK_CONFIG_STORAGE_CONVERTER_1_CONFIG_PASSWORD: ${RUNDECK_STORAGE_PASSWORD}\n volumes:\n - data:/home/rundeck/server/data\n - ${AWS_CREDENTIALS}:/home/rundeck/.aws/credentials\n - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key\n nginx:\n image: nginx\n links:\n - rundeck\n volumes:\n - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro\n ports:\n - 80:80\n mysql:\n image: mysql:5.7\n expose:\n - 3306\n environment:\n - MYSQL_ROOT_PASSWORD=root\n - MYSQL_DATABASE=rundeck\n - MYSQL_USER=rundeck\n - MYSQL_PASSWORD=rundeck\n volumes:\n - dbdata:/var/lib/mysql\n\nvolumes:\n data:\n dbdata:\n" }, { "path": "cloud/nginx/nginx.conf", "content": "events {\n worker_connections 1024;\n}\n\nhttp {\n server {\n location / {\n proxy_pass http://rundeck:4440;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n proxy_set_header X-Forwarded-Proto $scheme;\n proxy_set_header User-Agent $http_user_agent;\n }\n }\n}\n" }, { "path": "config/Dockerfile", "content": "ARG RUNDECK_IMAGE\n\nFROM ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT}\n\nADD --chown=rundeck:root https://github.com/rundeck-plugins/http-tours/releases/download/v0.1.0/http-tours-0.1.0.jar ./libext/\n\nCOPY --chown=rundeck:root remco /etc/remco\n" }, { "path": "config/README.md", "content": "Configurations Exhibit\n=============\nThis exhibit demonstrates how to extend the configuration with settings\nnot included in the base Rundeck docker images.\n\nOn display:\n* Adding new configuration templates\n* Bundling plugins\n\n### Configuration\nExtending the configuration involves adding new [Remco](https://github.com/HeavyHorst/remco)\nresources and templates. These are copied into the derived image\nand get combined into `framework.properties` and `rundeck-config.properties`\nduring startup.\n\nDestinations: \n**framework.properties** \n```\n${REMCO_TMP_DIR}/framework/\n```\n**rundeck-config.properties** \n```\n${REMCO_TMP_DIR}/rundeck-config/\n```\n\n## Setup\n**Build and Up** \n> **NOTE:** Building is not necessary the first time, however\nit will be to use newer or different images after the\nfirst build.\n```\ndocker-compose build\ndocker-compose up\n```\n" }, { "path": "config/docker-compose.yml", "content": "version: '3'\n\nservices:\n rundeck:\n build: \n context: ./\n args:\n RUNDECK_IMAGE: ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT}\n environment:\n RUNDECK_TOUR_ENABLE: 'true'\n RUNDECK_TOUR_ENDPOINT: https://s3.amazonaws.com/tours.rundeck.com/prod\n tty: true\n volumes:\n - data:/home/rundeck/server/data\n - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key\n ports:\n - 4440:4440\n\nvolumes:\n data:\n" }, { "path": "config/remco/resources.d/plugin-http-tours-framework.properties.toml", "content": "[[template]]\n src = \"${REMCO_TEMPLATE_DIR}/plugin-http-tours-framework.properties\"\n dst = \"${REMCO_TMP_DIR}/framework/plugin-http-tours-framework.properties\"\n mode = \"0644\"\n" }, { "path": "config/remco/templates/plugin-http-tours-framework.properties", "content": "{% if exists(\"/rundeck/tour/endpoint\") %}\n\nframework.plugin.TourLoader.httptours.tourEndpoint={{ getv(\"/rundeck/tour/endpoint\") }}\nframework.plugin.TourLoader.httptours.tourManifestName={{ getv(\"/rundeck/tour/manifest\",\"tour-manifest.json\") }}\nframework.plugin.TourLoader.httptours.toursSubpath={{ getv(\"/rundeck/tour/subpath\",\"tours\") }}\n\n{% endif %}" }, { "path": "kubernetes/README.md", "content": "# Deploy Rundeck Enterprise on Kubernetes\n\nThis example deploys a 2-node Rundeck Enterprise cluster with Mysql DB and Minio as logstorage.\n\nThis is a workable architecture that can easily be used as a basis for deploying a fully HA production Rundeck cluster.\n\n## Secrets and connectors\n\nSince this installation involves several services, they all need to be connected. So first we will create the encryption keys and user authentication information needed to tie this all together.\n\n### Create Storage converter secret\n\nCreate a master password for the storage converter - this encrypts Rundeck secrets as they get written to disk. You can refer to the documentation here:\n\nhttps://docs.rundeck.com/docs/administration/configuration/storage-facility.html#storage-converters\n\n```\necho -n 'masterpassword123.' > ./masterpassword\nkubectl create secret generic rundeckpro-storage-converter --from-file=./masterpassword\n\n```\n\n### Create Log Storage Access Credentials\n\nCreate the AWS access key/secret to access the log storage (S3 or any similar storage based on S3, like minio)\n\nNote: you should probably create your own secrets values here.\n\n```\necho -n 'minio' > ./awskey\necho -n 'minio123' > ./awssecret\nkubectl create secret generic rundeckpro-log-storage --from-file=./awskey --from-file=./awssecret\n```\n\n### Create Mysql database password\n\n```\necho -n 'rundeck123.' > ./password\nkubectl create secret generic mysql-rundeckuser --from-file=./password\n```\n\n\n### Create License Key Secret\n\nAdd the Rundeck Enterprise license key as a Kubernetes secret. You will need a license key from your Rundeck account team for this step. Copy that license key into the data subdirectory of this path as ./data/rundeckpro-license.key\n\n```\nkubectl create secret generic rundeckpro-license --from-file=./data/rundeckpro-license.key\n```\n\n### Add custom ACL from secrets\n\nBy default, Rundeck manages ACL groups via a config file placed on the Rundeck instance. We'll store that config file as a Kubernetes secret, enabling us to keep it encrypted at rest as well as edit the ACLs later. To pick up the changes, delete the pods and let Kubernetes reschedule them.\n\n```\nkubectl create secret generic rundeckpro-admin-acl --from-file=./data/admin-role.aclpolicy\n```\n\n## Deploy database and storage\n\nRundeck Enterprise in a cluster configuration works better with common database and log storage. This step will stand up our underlying services for the Rundeck cluster.\n\n\n```\nkubectl apply -f persistent-volumes.yaml\nkubectl apply -f minio-deployment.yaml\nkubectl apply -f mysql-deployment.yaml\n```\n\n## Deploy Rundeck\n\n### Ingress Controller\n\nFor this example, we are using Nginx as an ingress controller, which allows us to use the sticky sessions. Sticky sessions is required for clustered Rundeck. You will need to install it in order to make this example works (see https://github.com/kubernetes/ingress-nginx):\n\nOn a local Docker Desktop environment:\n\n```\nkubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/cloud/deploy.yaml\n\n```\n\n* If you are running this in a cloud, bare-metal, or other environment, please refer to the documentation link and choose your provider specific setup for Nginx ingress .(see https://kubernetes.github.io/ingress-nginx/deploy/)\n\nAfter the Ingress is all setup, run the folling to wait until is ready to process requests:\n\n```\nkubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=90s\n\n```\n\n### Create Rundeckpro deployment\n\nThe required Rundeck configuration options are already set in this file. Please read and review it to make sure it fits your intended purpose, or add to it if necessary.\n\n```\nkubectl apply -f rundeckpro-deployment.yaml\n\n```\n\n### Access Rundeck WebUI \n\nYou will need to port-forward the Rundeck service to access and interact with WebUI running in your Kubernetes cluster from your localhost. \n\n```\nkubectl port-forward service/rundeckpro 8080:8080\n```\n\n## Uninstall\n\n```\n\nkubectl delete deployment,service rundeckpro\nkubectl delete ingress rudeckpro-nginx\nkubectl delete deployment,service mysql\nkubectl delete deployment,service minio\nkubectl delete job minio-create-bucket\n```\n\nNote: These delete commands leave the persistent volumes and secrets in place so you can start up the environment again rather easily." }, { "path": "kubernetes/data/admin-role.aclpolicy", "content": "description: Admin, all access.\ncontext:\n project: '.*' # all projects\nfor:\n resource:\n - allow: '*' # allow read/create all kinds\n adhoc:\n - allow: '*' # allow read/running/killing adhoc jobs\n job:\n - allow: '*' # allow read/write/delete/run/kill of all jobs\n node:\n - allow: '*' # allow read/run for all nodes\nby:\n group: ROLE_admin\n\n---\n\ndescription: Admin, all access.\ncontext:\n application: 'rundeck'\nfor:\n resource:\n - allow: '*' # allow create of projects\n project:\n - allow: '*' # allow view/admin of all projects\n project_acl:\n - allow: '*' # allow admin of all project-level ACL policies\n storage:\n - allow: '*' # allow read/create/update/delete for all /keys/* storage content\nby:\n group: ROLE_admin" }, { "path": "kubernetes/minio-deployment.yaml", "content": "\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n # This name uniquely identifies the Deployment\n name: minio-deployment\n labels:\n app: minio\nspec:\n strategy:\n type: Recreate\n selector:\n matchLabels:\n app: minio\n template:\n metadata:\n labels:\n # Label is used as selector in the service.\n app: minio\n spec:\n # Refer to the PVC created earlier\n volumes:\n - name: storage\n persistentVolumeClaim:\n # Name of the PVC created earlier\n claimName: minio-pv-claim\n containers:\n - name: minio\n # Pulls the default Minio image from Docker Hub\n image: minio/minio:latest\n args:\n - server\n - /data\n env:\n - name: MINIO_ACCESS_KEY\n valueFrom:\n secretKeyRef:\n name: rundeckpro-log-storage\n key: awskey\n - name: MINIO_SECRET_KEY\n valueFrom:\n secretKeyRef:\n name: rundeckpro-log-storage\n key: awssecret\n ports:\n - containerPort: 9000\n hostPort: 9000\n # Mount the volume into the pod\n volumeMounts:\n - name: storage # must match the volume name, above\n mountPath: \"/data\"\n\n\n--- \n\n\napiVersion: v1\nkind: Service\nmetadata:\n name: minio\nspec:\n type: LoadBalancer\n ports:\n - port: 9000\n targetPort: 9000\n protocol: TCP\n selector:\n app: minio\n\n\n---\n# Create rundeck bucket\napiVersion: batch/v1\nkind: Job\nmetadata:\n name: minio-create-bucket\nspec:\n completions: 1\n template:\n metadata:\n name: minio-create-bucket\n spec:\n restartPolicy: Never\n containers:\n - name: minio-bucket\n image: minio/mc\n env:\n - name: MINIO_URL\n value: \"http://minio.default.svc.cluster.local:9000\"\n - name: MINIO_ACCESS_KEY\n valueFrom:\n secretKeyRef:\n name: rundeckpro-log-storage\n key: awskey\n - name: MINIO_SECRET_KEY\n valueFrom:\n secretKeyRef:\n name: rundeckpro-log-storage\n key: awssecret\n - name: MINIO_BUCKET\n value: \"rundeck\"\n command: [\"/bin/sh\",\"-c\",\"sleep 30 && mc config host add miniorundeck $MINIO_URL $MINIO_ACCESS_KEY $MINIO_SECRET_KEY && mc mb miniorundeck/$MINIO_BUCKET --ignore-existing\"]\n\n" }, { "path": "kubernetes/mysql-deployment.yaml", "content": "apiVersion: v1\nkind: Service\nmetadata:\n name: mysql\nspec:\n ports:\n - port: 3306\n targetPort: 3306\n protocol: TCP\n selector:\n app: mysql\n type: LoadBalancer\n\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: mysql\n labels:\n app: mysql\nspec:\n strategy:\n type: Recreate\n selector:\n matchLabels:\n app: mysql\n template:\n metadata:\n labels:\n app: mysql\n spec:\n containers:\n - image: mysql:5.7\n args:\n - \"--ignore-db-dir=lost+found\"\n name: mysql\n env:\n # Use secret in real usage\n - name: \"MYSQL_ROOT_PASSWORD\"\n valueFrom:\n secretKeyRef:\n name: mysql-rundeckuser\n key: password\n - name: \"MYSQL_DATABASE\"\n value: rundeckdb\n - name: \"MYSQL_USER\"\n value: rundeck\n - name: \"MYSQL_PASSWORD\"\n valueFrom:\n secretKeyRef:\n name: mysql-rundeckuser\n key: password\n ports:\n - containerPort: 3306\n name: mysql\n volumeMounts:\n - name: mysql-persistent-storage\n mountPath: /var/lib/mysql\n volumes:\n - name: mysql-persistent-storage\n persistentVolumeClaim:\n claimName: mysql-pv-claim\n" }, { "path": "kubernetes/persistent-volumes.yaml", "content": "kind: PersistentVolume\napiVersion: v1\nmetadata:\n name: minio-pv\nspec:\n accessModes:\n - ReadWriteMany\n volumeMode: Filesystem\n persistentVolumeReclaimPolicy: Retain\n capacity:\n storage: 5Gi\n hostPath:\n path: /kubernetes/minio-data\n\n\n---\n\nkind: PersistentVolumeClaim\napiVersion: v1\nmetadata:\n name: minio-pv-claim\nspec:\n accessModes:\n - ReadWriteMany\n resources:\n requests:\n storage: 5Gi\n volumeName: minio-pv\n storageClassName: \"\"\n\n---\n\nkind: PersistentVolume\napiVersion: v1\nmetadata:\n name: mysql-pv\nspec:\n accessModes:\n - ReadWriteMany\n volumeMode: Filesystem\n persistentVolumeReclaimPolicy: Retain\n capacity:\n storage: 3Gi\n hostPath:\n path: /kubernetes/mysql-data\n\n---\n\nkind: PersistentVolumeClaim\napiVersion: v1\nmetadata:\n name: mysql-pv-claim\nspec:\n accessModes:\n - ReadWriteMany\n resources:\n requests:\n storage: 3Gi\n volumeName: mysql-pv\n storageClassName: \"\"\n\n" }, { "path": "kubernetes/rundeckpro-deployment.yaml", "content": "apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: rundeckpro-nginx\n annotations:\n nginx.ingres.kubernetes.io/affinity: \"cookie\"\n nginx.ingress.kubernetes.io/session-cookie-name: \"route\"\n nginx.ingress.kubernetes.io/session-cookie-expires: \"172800\"\n nginx.ingress.kubernetes.io/session-cookie-max-age: \"172800\"\nspec:\n ingressClassName: nginx\n rules:\n - host: localhost\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: rundeckpro\n port:\n number: 8080\n---\n\napiVersion: v1\nkind: Service\nmetadata:\n name: rundeckpro\nspec:\n type: LoadBalancer\n ports:\n - protocol: TCP\n port: 8080\n targetPort: 4440\n selector:\n app: rundeckpro\n externalTrafficPolicy: Local\n sessionAffinity: ClientIP\n\n---\n\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: rundeckpro\n namespace: default\n labels:\n app: rundeckpro\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: rundeckpro\n template:\n metadata:\n labels:\n app: rundeckpro\n spec:\n containers:\n - name: rundeck\n image: rundeckpro/enterprise:SNAPSHOT\n volumeMounts:\n - mountPath: /home/rundeck/etc/rundeckpro-license.key\n name: license\n subPath: rundeckpro-license.key\n - mountPath: /home/rundeck/etc/admin-role.aclpolicy\n name: acl\n subPath: admin-role.aclpolicy\n - mountPath: /home/rundeck/.kube/config\n name: kubeconfig\n subPath: config\n env:\n - name: RUNDECK_GRAILS_URL\n value: \"http://localhost:8080\"\n - name: RUNDECK_DATABASE_DRIVER\n value: \"org.mariadb.jdbc.Driver\"\n - name: RUNDECK_DATABASE_URL\n value: \"jdbc:mysql://mysql.default.svc.cluster.local:3306/rundeckdb?autoReconnect=true&useSSL=false\"\n - name: RUNDECK_DATABASE_USERNAME\n value: \"rundeck\"\n - name: RUNDECK_DATABASE_PASSWORD\n valueFrom:\n secretKeyRef:\n name: mysql-rundeckuser\n key: password\n - name: RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_NAME\n value: \"com.rundeck.rundeckpro.amazon-s3\"\n - name: RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_BUCKET\n value: \"rundeck\"\n - name: RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_REGION\n value: \"us-east-2\"\n - name: RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_ENDPOINT\n value: \"http://minio.default.svc.cluster.local:9000\"\n - name: RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_PATHSTYLE\n value: \"true\"\n - name: AWS_ACCESS_KEY_ID\n valueFrom:\n secretKeyRef:\n name: rundeckpro-log-storage\n key: awskey\n - name: AWS_SECRET_KEY\n valueFrom:\n secretKeyRef:\n name: rundeckpro-log-storage\n key: awssecret\n - name: RUNDECK_PLUGIN_CLUSTER_HEARTBEAT_CONSIDERDEAD\n value: \"120\"\n - name: RUNDECK_PLUGIN_CLUSTER_AUTOTAKEOVER_SLEEP\n value: \"10\"\n - name: RUNDECK_STORAGE_CONVERTER_1_CONFIG_PASSWORD\n valueFrom:\n secretKeyRef:\n name: rundeckpro-storage-converter\n key: masterpassword\n - name: RUNDECK_CONFIG_STORAGE_CONVERTER_1_CONFIG_PASSWORD\n valueFrom:\n secretKeyRef:\n name: rundeckpro-storage-converter\n key: masterpassword\n - name: RUNDECK_PLUGIN_CLUSTER_REMOTEEXECUTION_ENABLED\n value: \"false\"\n ports:\n - containerPort: 4440\n livenessProbe:\n # an http probe\n httpGet:\n path: /\n port: 4440\n scheme: HTTP\n initialDelaySeconds: 500\n periodSeconds: 120\n readinessProbe:\n httpGet:\n path: /\n port: 4440\n scheme: HTTP\n initialDelaySeconds: 10\n periodSeconds: 5\n volumes:\n - name: license\n secret:\n secretName: rundeckpro-license\n items:\n - key: rundeckpro-license.key\n path: rundeckpro-license.key\n - name: acl\n secret:\n secretName: rundeckpro-admin-acl\n items:\n - key: admin-role.aclpolicy\n path: admin-role.aclpolicy\n - name: kubeconfig\n secret:\n secretName: kubeconfig\n items:\n - key: config\n path: config\n" }, { "path": "ldap/README.md", "content": "LDAP Exhibit\n=============\n\nThis setup configures Rundeck to authenticate users against LDAP.\n\n### Startup\n```\ndocker-compose up\n```\n\n### Teardown\n```\ndocker-compose down -v\n```" }, { "path": "ldap/docker-compose.yml", "content": "version: '3'\n\nservices:\n rundeck1:\n hostname: rundeck1\n image: ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT}\n links:\n - ldap\n tty: true\n environment:\n RUNDECK_JAAS_MODULES_0: JettyCombinedLdapLoginModule\n RUNDECK_JAAS_LDAP_PROVIDERURL: ldap://ldap:389\n RUNDECK_JAAS_LDAP_BINDDN: cn=admin,dc=rdtest,dc=com\n RUNDECK_JAAS_LDAP_BINDPASSWORD: AdminPass123\n RUNDECK_JAAS_LDAP_USERBASEDN: ou=users,dc=rdtest,dc=com\n RUNDECK_JAAS_LDAP_ROLEBASEDN: ou=roles,dc=rdtest,dc=com\n volumes:\n - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key\n ports:\n - 4440:4440\n ldap:\n hostname: ldap\n image: osixia/openldap:1.2.1 \n environment:\n - LDAP_ORGANISATION=RD Test\n - LDAP_DOMAIN=rdtest.com\n - LDAP_ADMIN_PASSWORD=AdminPass123\n volumes:\n - ./ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom:rw\n ports:\n - \"389:389\"\n command: --copy-service" }, { "path": "ldap/ldif/50-bootstrap.ldif", "content": "# Define top-level entry:\n#dn: {{ LDAP_BASE_DN }}\n#objectClass: dcObject\n#objectClass: organization\n#o: Example, Inc.\n#dc: example\n\n# Define an entry to contain users:\ndn: ou=users,{{ LDAP_BASE_DN }}\nobjectClass: organizationalUnit\nou: users\n\n# Define some users:\ndn: cn=admin, ou=users,{{ LDAP_BASE_DN }}\nuid: admin\nuserPassword: admin\nobjectClass: person\nobjectClass: top\nobjectClass: inetOrgPerson\nsn: The admin account for the Example client to use\ncn: admin\n\ndn: cn=build, ou=users,{{ LDAP_BASE_DN }}\nuid: build\nuserPassword: {MD5}sNonVSCRjiPdYV4qdHUo8Q==\n#####\n# MD5 creds, Base64 encoded\n#userPassword: build\nobjectClass: person\nobjectClass: top\nobjectClass: inetOrgPerson\nsn: The account to use to demonstrate managing builds only\ncn: build\n\ndn: cn=deploy, ou=users,{{ LDAP_BASE_DN }}\nuid: deploy\nuserPassword: {CRYPT}de01JmlU8XXTQ\n#####\n# CRYPT creds\n#userPassword: deploy\nobjectClass: person\nobjectClass: top\nobjectClass: inetOrgPerson\nsn: The account to use to demonstrate managing deployment only\ncn: deploy\n\ndn: cn=test, ou=users,{{ LDAP_BASE_DN }}\nuid: test\nuserPassword: test\nobjectClass: person\nobjectClass: top\nobjectClass: inetOrgPerson\nsn: Has no role access\ncn: test\n\n# Define an entry to contain roles:\ndn: ou=roles, {{ LDAP_BASE_DN }}\nobjectClass: organizationalUnit\nou: roles\n\n# Define some roles and their membership:\ndn: cn=architect, ou=roles,{{ LDAP_BASE_DN }}\nobjectClass: groupOfUniqueNames\nuniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }}\ncn: architect\n\ndn: cn=admin, ou=roles,{{ LDAP_BASE_DN }}\nobjectClass: groupOfUniqueNames\nuniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }}\ncn: admin\n\ndn: cn=user, ou=roles,{{ LDAP_BASE_DN }}\nobjectClass: groupOfUniqueNames\nuniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }}\nuniqueMember: cn=deploy,ou=users,{{ LDAP_BASE_DN }}\nuniqueMember: cn=build,ou=users,{{ LDAP_BASE_DN }}\ncn: user\n\ndn: cn=build, ou=roles,{{ LDAP_BASE_DN }}\nobjectClass: groupOfUniqueNames\nuniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }}\nuniqueMember: cn=build,ou=users,{{ LDAP_BASE_DN }}\ncn: build\n\ndn: cn=deploy, ou=roles,{{ LDAP_BASE_DN }}\nobjectClass: groupOfUniqueNames\nuniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }}\nuniqueMember: cn=deploy,ou=users,{{ LDAP_BASE_DN }}\ncn: deploy" }, { "path": "ldap-combined/README.md", "content": "Combined JAAS Modules\n=====================\n\nThis configuration uses LDAP with a property file fall-back.\n\nThe `build` user exists in LDAP, and the `admin` user is in the `realm.properties` file.\n\n**LDAP User:**\n`username: build`\n`password: build`\n\n**Property File User:**\n`username: admin`\n`password: admin`\n" }, { "path": "ldap-combined/docker-compose.yml", "content": "version: '3'\n\nservices:\n rundeck1:\n hostname: rundeck1\n image: ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT}\n links:\n - ldap\n tty: true\n environment:\n RUNDECK_JAAS_MODULES_0: JettyCombinedLdapLoginModule\n RUNDECK_JAAS_LDAP_FLAG: sufficient\n RUNDECK_JAAS_LDAP_PROVIDERURL: ldap://ldap:389\n RUNDECK_JAAS_LDAP_BINDDN: cn=admin,dc=rdtest,dc=com\n RUNDECK_JAAS_LDAP_BINDPASSWORD: AdminPass123\n RUNDECK_JAAS_LDAP_USERBASEDN: ou=users,dc=rdtest,dc=com\n RUNDECK_JAAS_LDAP_ROLEBASEDN: ou=roles,dc=rdtest,dc=com\n\n RUNDECK_JAAS_MODULES_1: PropertyFileLoginModule\n RUNDECK_JAAS_FILE_FLAG: sufficient\n volumes:\n - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key\n ports:\n - 4440:4440\n ldap:\n hostname: ldap\n image: osixia/openldap:1.2.1 \n environment:\n - LDAP_ORGANISATION=RD Test\n - LDAP_DOMAIN=rdtest.com\n - LDAP_ADMIN_PASSWORD=AdminPass123\n volumes:\n - ./ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom:rw\n ports:\n - \"389:389\"\n command: --copy-service" }, { "path": "ldap-combined/ldif/50-bootstrap.ldif", "content": "# Define top-level entry:\n#dn: {{ LDAP_BASE_DN }}\n#objectClass: dcObject\n#objectClass: organization\n#o: Example, Inc.\n#dc: example\n\n# Define an entry to contain users:\ndn: ou=users,{{ LDAP_BASE_DN }}\nobjectClass: organizationalUnit\nou: users\n\n# Define some users:\n\ndn: cn=build, ou=users,{{ LDAP_BASE_DN }}\nuid: build\nuserPassword: {MD5}sNonVSCRjiPdYV4qdHUo8Q==\n#####\n# MD5 creds, Base64 encoded\n#userPassword: build\nobjectClass: person\nobjectClass: top\nobjectClass: inetOrgPerson\nsn: The account to use to demonstrate managing builds only\ncn: build\n\ndn: cn=deploy, ou=users,{{ LDAP_BASE_DN }}\nuid: deploy\nuserPassword: {CRYPT}de01JmlU8XXTQ\n#####\n# CRYPT creds\n#userPassword: deploy\nobjectClass: person\nobjectClass: top\nobjectClass: inetOrgPerson\nsn: The account to use to demonstrate managing deployment only\ncn: deploy\n\ndn: cn=test, ou=users,{{ LDAP_BASE_DN }}\nuid: test\nuserPassword: test\nobjectClass: person\nobjectClass: top\nobjectClass: inetOrgPerson\nsn: Has no role access\ncn: test\n\n# Define an entry to contain roles:\ndn: ou=roles, {{ LDAP_BASE_DN }}\nobjectClass: organizationalUnit\nou: roles\n\n# Define some roles and their membership:\ndn: cn=architect, ou=roles,{{ LDAP_BASE_DN }}\nobjectClass: groupOfUniqueNames\nuniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }}\ncn: architect\n\ndn: cn=admin, ou=roles,{{ LDAP_BASE_DN }}\nobjectClass: groupOfUniqueNames\nuniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }}\ncn: admin\n\ndn: cn=user, ou=roles,{{ LDAP_BASE_DN }}\nobjectClass: groupOfUniqueNames\nuniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }}\nuniqueMember: cn=deploy,ou=users,{{ LDAP_BASE_DN }}\nuniqueMember: cn=build,ou=users,{{ LDAP_BASE_DN }}\ncn: user\n\ndn: cn=build, ou=roles,{{ LDAP_BASE_DN }}\nobjectClass: groupOfUniqueNames\nuniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }}\nuniqueMember: cn=build,ou=users,{{ LDAP_BASE_DN }}\ncn: build\n\ndn: cn=deploy, ou=roles,{{ LDAP_BASE_DN }}\nobjectClass: groupOfUniqueNames\nuniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }}\nuniqueMember: cn=deploy,ou=users,{{ LDAP_BASE_DN }}\ncn: deploy" }, { "path": "ldap-combined-localroles/README.md", "content": "Using LDAP for authentication and local realm file for roles\n=====================\n\nThis configuration uses LDAP for authentication, and uses a realm property file for user roles.\n\nThe user authentication is defined in LDAP, and the groups are defined in the realm.properties file.\n\n**LDAP Users:**\n\n* `username: build`\n\n `password: build`\n\n* `username: admin`\n\n `password: admin`\n" }, { "path": "ldap-combined-localroles/docker-compose.yml", "content": "version: '3'\n\nservices:\n rundeck1:\n hostname: rundeck1\n image: ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT}\n links:\n - ldap\n tty: true\n environment:\n RUNDECK_GRAILS_URL: http://localhost:4440\n RUNDECK_JAAS_MODULES_0: JettyCombinedLdapLoginModule\n RUNDECK_JAAS_LDAP_FLAG: requisite\n RUNDECK_JAAS_LDAP_PROVIDERURL: ldap://ldap:389\n RUNDECK_JAAS_LDAP_BINDDN: cn=admin,dc=rdtest,dc=com\n RUNDECK_JAAS_LDAP_BINDPASSWORD: AdminPass123\n RUNDECK_JAAS_LDAP_USERBASEDN: ou=users,dc=rdtest,dc=com\n RUNDECK_JAAS_LDAP_IGNOREROLES: 'true'\n RUNDECK_JAAS_LDAP_STOREPASS: 'true'\n RUNDECK_JAAS_MODULES_1: JettyRolePropertyFileLoginModule\n RUNDECK_JAAS_FILE_FLAG: required\n RUNDECK_JAAS_FILE_USEFIRSTPASS: 'true'\n RUNDECK_JAAS_DEBUG: 'true'\n volumes:\n - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key\n - ./realm.properties:/home/rundeck/server/config/realm.properties\n ports:\n - 4440:4440\n ldap:\n hostname: ldap\n image: osixia/openldap:1.2.1 \n environment:\n - LDAP_ORGANISATION=RD Test\n - LDAP_DOMAIN=rdtest.com\n - LDAP_ADMIN_PASSWORD=AdminPass123\n volumes:\n - ./ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom:rw\n ports:\n - \"389:389\"\n command: --copy-service" }, { "path": "ldap-combined-localroles/ldif/50-bootstrap.ldif", "content": "# Define top-level entry:\n#dn: {{ LDAP_BASE_DN }}\n#objectClass: dcObject\n#objectClass: organization\n#o: Example, Inc.\n#dc: example\n\n# Define an entry to contain users:\ndn: ou=users,{{ LDAP_BASE_DN }}\nobjectClass: organizationalUnit\nou: users\n\n# Define some users:\n\ndn: cn=admin, ou=users,{{ LDAP_BASE_DN }}\nuid: admin\nuserPassword: admin\n#####\n# MD5 creds, Base64 encoded\n#userPassword: admin\nobjectClass: person\nobjectClass: top\nobjectClass: inetOrgPerson\nsn: The admin account\ncn: admin\n\ndn: cn=build, ou=users,{{ LDAP_BASE_DN }}\nuid: build\nuserPassword: {MD5}sNonVSCRjiPdYV4qdHUo8Q==\n#####\n# MD5 creds, Base64 encoded\n#userPassword: build\nobjectClass: person\nobjectClass: top\nobjectClass: inetOrgPerson\nsn: The account to use to demonstrate managing builds only\ncn: build\n\ndn: cn=deploy, ou=users,{{ LDAP_BASE_DN }}\nuid: deploy\nuserPassword: {CRYPT}de01JmlU8XXTQ\n#####\n# CRYPT creds\n#userPassword: deploy\nobjectClass: person\nobjectClass: top\nobjectClass: inetOrgPerson\nsn: The account to use to demonstrate managing deployment only\ncn: deploy\n\ndn: cn=test, ou=users,{{ LDAP_BASE_DN }}\nuid: test\nuserPassword: test\nobjectClass: person\nobjectClass: top\nobjectClass: inetOrgPerson\nsn: Has no role access\ncn: test\n\n# Define an entry to contain roles:\ndn: ou=roles, {{ LDAP_BASE_DN }}\nobjectClass: organizationalUnit\nou: roles\n\n# Define some roles and their membership:\ndn: cn=architect, ou=roles,{{ LDAP_BASE_DN }}\nobjectClass: groupOfUniqueNames\nuniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }}\ncn: architect\n\ndn: cn=admin, ou=roles,{{ LDAP_BASE_DN }}\nobjectClass: groupOfUniqueNames\nuniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }}\ncn: admin\n\ndn: cn=user, ou=roles,{{ LDAP_BASE_DN }}\nobjectClass: groupOfUniqueNames\nuniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }}\nuniqueMember: cn=deploy,ou=users,{{ LDAP_BASE_DN }}\nuniqueMember: cn=build,ou=users,{{ LDAP_BASE_DN }}\ncn: user\n\ndn: cn=build, ou=roles,{{ LDAP_BASE_DN }}\nobjectClass: groupOfUniqueNames\nuniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }}\nuniqueMember: cn=build,ou=users,{{ LDAP_BASE_DN }}\ncn: build\n\ndn: cn=deploy, ou=roles,{{ LDAP_BASE_DN }}\nobjectClass: groupOfUniqueNames\nuniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }}\nuniqueMember: cn=deploy,ou=users,{{ LDAP_BASE_DN }}\ncn: deploy" }, { "path": "ldap-combined-localroles/realm.properties", "content": "admin:-,user,admin\nbuild:-,user\n" }, { "path": "mysql/README.md", "content": "MySQL Exhibit\n=============\n\nDemonstrates configuring Rundeck to use MySQL as an external database.\n\n\n### Startup\n```\ndocker-compose up\n```\n\n### Teardown\n```\ndocker-compose down -v\n```" }, { "path": "mysql/docker-compose.yml", "content": "version: '3'\n\nservices:\n rundeck:\n image: rundeck/rundeck:SNAPSHOT\n links:\n - mysql\n environment:\n RUNDECK_DATABASE_DRIVER: org.mariadb.jdbc.Driver\n RUNDECK_DATABASE_USERNAME: rundeck\n RUNDECK_DATABASE_PASSWORD: rundeck\n RUNDECK_DATABASE_URL: jdbc:mysql://mysql/rundeck?autoReconnect=true&useSSL=false\n RUNDECK_GRAILS_URL: localhost:4440\n volumes:\n - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key\n ports:\n - 4440:4440\n mysql:\n image: mysql:5.7\n expose:\n - 3306\n environment:\n - MYSQL_ROOT_PASSWORD=root\n - MYSQL_DATABASE=rundeck\n - MYSQL_USER=rundeck\n - MYSQL_PASSWORD=rundeck\n volumes:\n - dbdata:/var/lib/mysql\n\nvolumes:\n dbdata:\n" }, { "path": "mysql8/README.md", "content": "MySQL Exhibit\n=============\n\nDemonstrates configuring Rundeck to use MySQL as an external database.\n\n# How to\n\n## Startup\nStart the docker compose\n\n```\ndocker-compose up\n```\n\n## Teardown\n\ntear down and remove volumes\n\n```\ndocker-compose down -v\n```" }, { "path": "mysql8/docker-compose.yml", "content": "services:\n rundeck:\n image: rundeck/rundeck:SNAPSHOT\n links:\n - mysql\n environment:\n RUNDECK_DATABASE_DRIVER: org.mariadb.jdbc.Driver\n RUNDECK_DATABASE_USERNAME: rundeck\n RUNDECK_DATABASE_PASSWORD: rundeck\n RUNDECK_DATABASE_URL: jdbc:mysql://mysql/rundeck?autoReconnect=true&useSSL=false&allowPublicKeyRetrieval=true\n RUNDECK_GRAILS_URL: http://localhost:4440\n volumes:\n - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key\n ports:\n - 4440:4440\n mysql:\n image: mysql:8\n expose:\n - 3306\n environment:\n - MYSQL_ROOT_PASSWORD=root\n - MYSQL_DATABASE=rundeck\n - MYSQL_USER=rundeck\n - MYSQL_PASSWORD=rundeck\n volumes:\n - dbdata:/var/lib/mysql\n\nvolumes:\n dbdata:\n" }, { "path": "oraclexe/README.md", "content": "Oracle XE Exhibit\n==============\n\n# How to Use\n\n## Download Oracle JDBC Driver\n\n[Download the Oracle JDBC driver \"ojdbc8.jar\"](https://www.oracle.com/database/technologies/appdev/jdbc-downloads.html) and place in `lib/` .\n\n```\nVERS=21.5.0.0\ncurl https://repo1.maven.org/maven2/com/oracle/database/jdbc/ojdbc8/$VERS/ojdbc8-$VERS.jar -o lib/ojdbc8-$VERS.jar\n```\n\n## Start\n\n```\ndocker-compose up -d\n```\n\n## Stop\n\n```\ndocker-compose down -v\n```\n" }, { "path": "oraclexe/docker-compose.yml", "content": "version: '3'\n\nservices:\n rundeck:\n image: ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT}\n links:\n - oracle\n environment:\n RUNDECK_GRAILS_URL: http://localhost:4440\n RUNDECK_DATABASE_DRIVER: oracle.jdbc.OracleDriver\n RUNDECK_DATABASE_DIALECT: org.rundeck.hibernate.RundeckOracleDialect\n RUNDECK_DATABASE_USERNAME: system\n RUNDECK_DATABASE_PASSWORD: mypassword123\n RUNDECK_DATABASE_URL: jdbc:oracle:thin:@oracle:1521:XE\n RUNDECK_DATABASE_VALIDATIONQUERY: SELECT 1 FROM DUAL\n volumes:\n - ./lib:/home/rundeck/server/lib\n - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key\n ports:\n - 4440:4440\n depends_on:\n - oracle\n oracle:\n image: container-registry.oracle.com/database/express:21.3.0-xe\n environment:\n ORACLE_PWD: mypassword123\n expose:\n - 1521\n ports:\n - 1521:1521\n volumes:\n - dbdata:/opt/oracle/oradata\n\nvolumes:\n dbdata:" }, { "path": "oraclexe/lib/.gitignore", "content": "# Ignore everything in this directory\n*\n# Except this file\n!.gitignore\n" }, { "path": "percona-xtradb/Makefile", "content": "RUNDECK_VERSION ?= 4.1.0\nRUNDECK_IMAGE ?= rundeckpro/enterprise\nPERCONA_IMAGE ?= percona/percona-xtradb-cluster:8.0\n\ndefault: bootstrap\n\ncerts:\n\tmkdir -m 777 -p $(PWD)/certs\n\tdocker run --name pxc-cert --rm -v $(PWD)/certs:/cert $(PERCONA_IMAGE) mysql_ssl_rsa_setup -d /cert\n\nbootstrap: certs\n\tdocker compose up rddbnode1 -d\n\techo \"wait 35 seconds for main db to start...\" && sleep 35\n\techo \"Disabling cluster strict mode...\"\n\tdocker compose exec rddbnode1 mysql -hlocalhost -uroot -proot rundeck -e \"SET GLOBAL pxc_strict_mode=PERMISSIVE;\"\n\tdocker compose run -i --rm rdbootstrap\n\techo \"wait 5 seconds before enforcing strict mode again\" && sleep 5\n\tdocker compose exec rddbnode1 mysql -hlocalhost -uroot -proot rundeck -e \"SET GLOBAL pxc_strict_mode=ENFORCING;\"\n\tdocker compose up rddbnode2 -d\n\tdocker compose up rddbnode3 -d\n\ndbstart:\n\tdocker compose up rddbnode1 rddbnode2 rddbnode3 -d\n\nstart:\n\tdocker compose up rundeck -d\n\ndestroy:\n\tdocker compose down -v\n\trm -rf $(PWD)/certs\n\n.PHONY: default\n" }, { "path": "percona-xtradb/README.md", "content": "Percona XtraDB Exhibit\n=======================\n\nDemonstrates Rundeck + Simple Percona cluster setup\n\n### Setup\n\n#### Create database certificates\nGenerate the certificates used by the percona cluster nodes:\n```shell\n$ make certs\n```\nA `certs`directory with the generated certs will be created.\n\n#### First-time Bootstrap of the DB cluster\n\n***TIP**: `make bootstrap` will run this procedure automatically. This command will execute the following:*\n\nThe first time you need to run the `rddbnode1` container first to bootstrap the cluster:\n```\ndocker compose up rddbnode1 -d\n```\n\n- Log into the created mysql node and temporarily disable cluster checks.\n```mysql\nmysql> SET GLOBAL pxc_strict_mode=PERMISSIVE;\n```\n\nRun the rundeck war in dbmigration mode so it creates the database schema:\n```shell\njava -jar rundeck.war -m\n```\n\nEnable strict mode again on the database cluster.\n```mysql\nmysql> SET GLOBAL pxc_strict_mode=ENFORCING;\n```\n\nThen start the other database nodes:\n```\ndocker compose up rddbnode2 rddbnode3 -d\n```\n\n\n\n### Startup\nRun \n`make start`\nor\n`docker-compose up rundeck -d`\n\n### Teardown everything (including db)\n`make destroy` or `docker-compose down -v`\n" }, { "path": "percona-xtradb/config/cluster-cert.cnf", "content": "[mysqld]\nssl-ca = /cert/ca.pem\nssl-cert = /cert/server-cert.pem\nssl-key = /cert/server-key.pem\n\n[client]\nssl-ca = /cert/ca.pem\nssl-cert = /cert/client-cert.pem\nssl-key = /cert/client-key.pem\n\n[sst]\nencrypt = 4\nssl-ca = /cert/ca.pem\nssl-cert = /cert/server-cert.pem\nssl-key = /cert/server-key.pem\n" }, { "path": "percona-xtradb/docker-compose.yml", "content": "version: '3.9'\n\nservices:\n rdbootstrap:\n image: ${RUNDECK_IMAGE:-rundeckpro/enterprise:SNAPSHOT}\n restart: \"no\"\n \n networks: \n - rundeck-network\n environment:\n RUNDECK_EXEC_CMD: java -jar rundeck.war -m\n RUNDECK_DATABASE_DRIVER: org.mariadb.jdbc.Driver\n RUNDECK_DATABASE_USERNAME: rundeck\n RUNDECK_DATABASE_PASSWORD: rundeck\n RUNDECK_DATABASE_URL: jdbc:mysql://rddbnode1/rundeck?autoReconnect=true&useSSL=false\n rundeck:\n image: ${RUNDECK_IMAGE:-rundeckpro/enterprise:SNAPSHOT}\n networks: \n - rundeck-network\n environment:\n RUNDECK_DATABASE_DRIVER: org.mariadb.jdbc.Driver\n RUNDECK_DATABASE_USERNAME: rundeck\n RUNDECK_DATABASE_PASSWORD: rundeck\n RUNDECK_DATABASE_URL: jdbc:mysql://rddbnode1/rundeck?autoReconnect=true&useSSL=false\n RUNDECK_GRAILS_URL: \"http://localhost:4440\"\n volumes:\n - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key\n ports:\n - 4440:4440\n rddbnode1:\n image: percona/percona-xtradb-cluster:8.0\n networks: \n - rundeck-network\n ports:\n - 3306:3306\n environment:\n - MYSQL_ROOT_PASSWORD=root\n - MYSQL_DATABASE=rundeck\n - MYSQL_USER=rundeck\n - MYSQL_PASSWORD=rundeck\n - CLUSTER_NAME=rundeck-cluster\n volumes:\n - ${PWD}/certs:/cert\n - ${PWD}/config:/etc/percona-xtradb-cluster.conf.d\n\n rddbnode2:\n image: percona/percona-xtradb-cluster:8.0\n networks: \n - rundeck-network\n ports:\n - 3307:3306\n environment:\n - MYSQL_ROOT_PASSWORD=root\n - MYSQL_DATABASE=rundeck\n - MYSQL_USER=rundeck\n - MYSQL_PASSWORD=rundeck\n - CLUSTER_NAME=rundeck-cluster\n - CLUSTER_JOIN=rddbnode1\n volumes:\n - ${PWD}/certs:/cert\n - ${PWD}/config:/etc/percona-xtradb-cluster.conf.d\n\n rddbnode3:\n image: percona/percona-xtradb-cluster:8.0\n networks: \n - rundeck-network\n ports:\n - 3308:3306\n environment:\n - MYSQL_ROOT_PASSWORD=root\n - MYSQL_DATABASE=rundeck\n - MYSQL_USER=rundeck\n - MYSQL_PASSWORD=rundeck\n - CLUSTER_NAME=rundeck-cluster\n - CLUSTER_JOIN=rddbnode1\n volumes:\n - ${PWD}/certs:/cert\n - ${PWD}/config:/etc/percona-xtradb-cluster.conf.d\n\nnetworks:\n rundeck-network:\n name: rundeck-network\n" }, { "path": "postgres/Dockerfile", "content": "ARG RUNDECK_IMAGE\n\nFROM ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT}\n\nCOPY --chown=rundeck:root remco /etc/remco" }, { "path": "postgres/README.md", "content": "PostgreSQL Exhibit\n=============\n\nDemonstrates configuring Rundeck to use PostgreSQL as an external database.\n\n\n### Startup\n```\ndocker-compose up\n```\n\n### Teardown\n```\ndocker-compose down -v\n```" }, { "path": "postgres/docker-compose.yml", "content": "version: '3'\n\nservices:\n rundeck:\n image: ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT}\n links:\n - postgres\n environment:\n RUNDECK_DATABASE_DRIVER: org.postgresql.Driver\n RUNDECK_DATABASE_USERNAME: rundeck\n RUNDECK_DATABASE_PASSWORD: rundeck\n RUNDECK_DATABASE_URL: jdbc:postgresql://postgres/rundeck?autoReconnect=true&useSSL=false&allowPublicKeyRetrieval=true\n RUNDECK_GRAILS_URL: http://localhost:4440\n volumes:\n - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key\n ports:\n - 4440:4440\n postgres:\n image: postgres\n expose:\n - 5432\n environment:\n - POSTGRES_DB=rundeck\n - POSTGRES_USER=rundeck\n - POSTGRES_PASSWORD=rundeck\n volumes:\n - dbdata:/var/lib/postgresql/data\n\nvolumes:\n dbdata:\n" }, { "path": "runner/README.md", "content": "# Rundeck Runner Exhibit\n\n## Configuration\n\n* `RUNNER_RUNDECK_SERVER_URL` - The base URL for your Rundeck Enterprise server. This could be `http://host.docker.internal:4440/` for local development or `https://your-subdomain.runbook.pagerduty.cloud/` for a Runbook Automation deployment.\n* `RUNNER_RUNDECK_CLIENT_ID` - The Runner id.\n* `RUNNER_RUNDECK_SERVER_TOKEN` - The Runner's secret token.\n" }, { "path": "runner/docker-compose.yml", "content": "name: rundeck-runner\n\nservices:\n\n runner:\n env_file: .env\n image: rundeckpro/runner:SNAPSHOT\n tty: true\n\nvolumes:\n data:\n" }, { "path": "simple-cluster/README.md", "content": "Simple Cluster Exhibit\n=============\n\nDemonstrates configuring a Rundeck Enterprise Cluster, with NGinx as Load Balancer.\n\n### Setup\n\n- Copy the provided `.env.dist` file as `.env`, and edit the values as needed providing the correct license file.\n- If you want to increase the cluster size, you'll need to adjust the `replicas` parameters in the `docker-compose.yml` file.\nAnd also adjust the `upstream` servers in the `nginx.conf` file. This in order to use nginx as actual load balancer\ninstead of docker's default round-robin load balancer.\n\n\n### Startup\n```\ndocker-compose up\n```\n\n### Teardown\n```\ndocker-compose down -v\n```" }, { "path": "simple-cluster/docker-compose.yml", "content": "\n# We fix the project name so DNS names are deterministic\n# This in order to use nginx LB in full, instead of docker's dns round-robin strategy.\nname: rundeck-cluster\n\nservices:\n nginx:\n image: nginx\n depends_on:\n rundeck:\n condition: service_healthy\n volumes:\n - ./nginx.conf:/etc/nginx/nginx.conf:ro\n ports:\n - 80:80\n\n # slim rundeck container to run database setup.\n # We do this first to prevent collisions between the two nodes when doing the first setup.\n rundeck-migration:\n image: ${RUNDECK_IMAGE:-rundeckpro/enterprise:SNAPSHOT}\n links:\n - dbase\n environment:\n RUNDECK_EXEC_CMD: \"java -jar rundeck.war -m\"\n RUNDECK_DATABASE_DRIVER: org.mariadb.jdbc.Driver\n RUNDECK_DATABASE_USERNAME: rundeck\n RUNDECK_DATABASE_PASSWORD: rundeck\n RUNDECK_DATABASE_URL: jdbc:mysql://dbase/rundeck?autoReconnect=true&useSSL=false&allowPublicKeyRetrieval=true\n\n\n # main cluster\n rundeck:\n deploy:\n replicas: 2 # If this is changed, remember to adjust nginx configuration at nginx.conf\n image: rundeck-node\n build:\n context: rundeck-node\n args:\n RUNDECK_IMAGE: ${RUNDECK_IMAGE:-rundeckpro/enterprise:SNAPSHOT}\n links:\n - rundeck-migration\n - dbase\n depends_on:\n rundeck-migration:\n condition: service_completed_successfully\n environment:\n RUNDECK_GRAILS_URL: http://localhost\n RUNDECK_DATABASE_DRIVER: org.mariadb.jdbc.Driver\n RUNDECK_DATABASE_USERNAME: rundeck\n RUNDECK_DATABASE_PASSWORD: rundeck\n RUNDECK_DATABASE_URL: jdbc:mysql://dbase/rundeck?autoReconnect=true&useSSL=false&allowPublicKeyRetrieval=true\n RUNDECK_SECURITY_DBLOGIN_ENABLED: 'true'\n RUNDECK_SECURITY_DBLOGIN_CREATEADMINUSERANDROLES: 'true'\n RUNDECK_SECURITY_DBLOGIN_ADMINUSERNAME: admin\n RUNDECK_SECURITY_DBLOGIN_ADMINPASSWORD: admin\n RUNDECK_PLUGIN_CLUSTER_REMOTEEXECUTION_ENABLED: 'false'\n RUNDECK_FEATURE_ENTERPRISEACL_ENABLED: 'false'\n RUNDECK_FEATURE_ENTERPRISEACLTRANSFER_ENABLED: 'false'\n RUNDECK_SERVER_ADDRESS: 0.0.0.0\n RUNDECK_GUI_STARTPAGE: jobs\n healthcheck:\n test: \"curl -f http://localhost:4440\"\n interval: 5s\n timeout: 10s\n retries: 50\n start_period: 180s\n start_interval: 10s\n ports:\n - 4440\n# expose:\n# - 4440\n volumes:\n - logdata:/home/rundeck/var/logs:rw\n - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key\n\n dbase:\n image: mysql:8\n ports:\n - 3306:3306\n environment:\n MYSQL_ROOT_PASSWORD: root\n MYSQL_DATABASE: rundeck\n MYSQL_USER: rundeck\n MYSQL_PASSWORD: rundeck\n volumes:\n - dbdata_mysql:/var/lib/mysql\n\nvolumes:\n logdata:\n dbdata_mysql:\n" }, { "path": "simple-cluster/nginx.conf", "content": "events {\n worker_connections 1024;\n}\n\nhttp {\n upstream rundeck {\n ip_hash;\n server rundeck-cluster-rundeck-1:4440 max_fails=3 fail_timeout=30s;\n server rundeck-cluster-rundeck-2:4440 max_fails=3 fail_timeout=30s;\n }\n\n server {\n location / {\n proxy_pass http://rundeck;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n #proxy_set_header X-Forwarded-Proto $scheme;\n #proxy_set_header User-Agent $http_user_agent;\n }\n }\n}\n" }, { "path": "simple-cluster/rundeck-node/Dockerfile", "content": "ARG RUNDECK_IMAGE\nFROM ${RUNDECK_IMAGE}\n\nUSER root\n\n#Create logs dir path\nRUN mkdir -p /home/rundeck/var/logs && \\\n chown rundeck:root /home/rundeck/var/logs\n \n# Set output log dir as volume so it can be shared across containers\nUSER rundeck\nVOLUME /home/rundeck/var/logs\n" }, { "path": "sqlserver/README.md", "content": "MSSQL Server Exhibit\n=============\n\nDemonstrates configuring Rundeck to use MSSQL Server as an external database.\n\n\n### Startup\n```\ndocker-compose up\n```\n\n### Teardown\n```\ndocker-compose down -v\n```" }, { "path": "sqlserver/docker-compose.yml", "content": "version: '3'\nservices:\n rundeck:\n image: ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT}\n links:\n - sqlserver\n environment:\n RUNDECK_GRAILS_URL: http://localhost:${RUNDECK_PORT:-4441}\n RUNDECK_DATABASE_DRIVER: com.microsoft.sqlserver.jdbc.SQLServerDriver\n RUNDECK_DATABASE_USERNAME: sa\n RUNDECK_DATABASE_PASSWORD: RundeckPassw0rd\n RUNDECK_DATABASE_URL: jdbc:sqlserver://sqlserver;DatabaseName=rundeck;autoReconnect=true;useSSL=false\n RUNDECK_DATABASE_DIALECT: org.hibernate.dialect.SQLServer2012Dialect\n volumes:\n - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key\n ports:\n - \"${RUNDECK_PORT:-4441}:4440\"\n depends_on:\n - sqlserver\n\n sqlserver:\n build:\n context: ./sqlserver\n expose:\n - 1433\n ports:\n - 1433:1433\n environment:\n - ACCEPT_EULA=Y\n - MSSQL_PID=Express\n - SA_PASSWORD=RundeckPassw0rd\n command: /bin/bash ./entrypoint.sh\n volumes:\n - mssql_data:/var/opt/mssql\n\nvolumes:\n mssql_data:\n" }, { "path": "sqlserver/sqlserver/Dockerfile", "content": "FROM mcr.microsoft.com/mssql/server:2022-latest\n\nUSER root\n# Create app directory\nRUN mkdir -p /usr/src/app\nWORKDIR /usr/src/app\n\n# Bundle app source\nCOPY . /usr/src/app\n\n# Grant permissions for the import-data script to be executable\nRUN chmod +x /usr/src/app/import-data.sh\n\nUSER mssql\nCMD /bin/bash ./entrypoint.sh" }, { "path": "sqlserver/sqlserver/entrypoint.sh", "content": "/opt/mssql/bin/sqlservr & /usr/src/app/import-data.sh && while true; do sleep 1; done\n" }, { "path": "sqlserver/sqlserver/import-data.sh", "content": "#wait for the SQL Server to come up\nsleep 10s\n\n#run the setup script to create the DB and the schema in the DB\n/opt/mssql-tools18/bin/sqlcmd -C -S localhost -U sa -P $SA_PASSWORD -d master -i setup.sql\n" }, { "path": "sqlserver/sqlserver/setup.sql", "content": "CREATE DATABASE rundeck;" } ]