Upload
artur-martins
View
536
Download
1
Embed Size (px)
Citation preview
The missing tool
Artur Martins(@arturmartins)
Devops Dublin Meetup III 8th July 2015
WHO AM I?
• Name: Artur Martins (@arturmartins on twitter)
• Senior Systems Engineer at
• Using rundeck since April 2014
• I
WHAT IS RUNDECK• Operations Web Dashboard (and a REST API as well)
• fine-grain access controls
• builtin-job scheduler
• jobs can have multiple sequence steps and corresponde error handling
• ability to define workflows (coordinated sequences commands and scripts or jobs)
FEATURES• Import Node info from chef, puppet, amazon ec2, salt or make
your own CMDB/node list.
• Run multiple jobs or workflows in parallel
• Follow job executions running (distributed tail -f)
• Trigger 3rd parties using email or webhook
• Plugins available: JIRA, PagerDuty, Slack, HipChat, Redmine, Puppet, salt, nexus, jenkins, chef, Nexus, AWS EC2 Nodes, Kerberos, IRC, Jabber, AWS S3
BENEFITS
• Formalisation of your IT Ops procedures
• Safely enable Self-service dashboard
• Visibility, Accountability, Logging
INFRASTRUCTURE
source: http://rundeck.org/docs/administration/installation.html
DEV / OPS
source: http://rundeck.org/news/2014/01/08/Jenkins-is-for-development-Rundeck-is-for-operations.html
source: http://blog.mattcallanan.net/2013_03_01_archive.html
OK, I GET IT…
TAXONOMY
• Job - sequence of one or more commands or scripts
• Workflow - sequence of one of more jobs
• Node - a resource accessible through SSH
INSTALL / UPGRADE• Requirements:
Java 1.7+ (Both Open JDK and Sun/Oracle) JAVA_HOME env var defined
• Debian/Ubuntu scenario:
version='2.5.2' wget http://dl.bintray.com/rundeck/rundeck-deb/rundeck-${version}-1-GA.deb sudo dpkg -i rundeck-${version}-1-GA.deb
INSTALL ADVICE
• Install webserver (apache/nginx) and set a reverse proxy
• Authentication should always be under HTTPS, right?
REMOTE NODES SETUP
• Create (at least) one SSH account (depends on context)
• Add ssh pub key
• Add whitelist sudo permissions /etc/sudoers.d/${user} if administration are needed
POST INSTALL CONFIG• realm.properties (add a rundeck user)
admin:admin,user,admin,architect,deploy,build user:password,user,role1,role2,role3
• project.propertiesproject.organization = “Your company"
• framework.propertiesgeneral framework configs.
• rundeck-config.propertiesgrails.serverURL=http://rundeck.yourcompany.comdataSource.url=jdbc:(set your database jdbc connection string here)
NODE DEFINITION
Rundeck also supports resources definition in YML
<node name="app1"> <!-- Rundeck node attributes --> <attribute name="hostname" value="192.168.50.30"/> <attribute name="username" value="rundeckops"/> <attribute name="tags" value="demo,testing"/> <attribute name="description" value="Ubuntu server"/> <attribute name="osName" value="Ubuntu"/> <attribute name="osVersion" value=“14.04 LTS 64bit"/> <attribute name="osFamily" value="unix"/>
<!-- Rundeck SSH related attributes --> <attribute name="ssh-key-storage-path" value="path/to/id_rsa"/>
<!-- Custom attributes --> <attribute name="group" value="other"/> <attribute name="datacenter" value="CA,USA"/> <attribute name="osCodename" value="trusty"/> <attribute name="rdnsName" value="app1.example.com"/> <attribute name="provider" value="digitalocean"/> </node>
DEMO
Demos always work
if you use VAGRANT
… or maybe not :)
CAVEATS• Some characters in password field might cause authentication to fail (/
etc/rundeck/realm.proprieties)
• Assure no spaces a the end of a value in any /etc/rundeck/* config files
• Node filter is tricky if you want to select different nodes by multiple parameters. Workaround: regex all the way.
• Be aware of rundeck rules for quotes escaping for commands:http://rundeck.org/docs/manual/jobs.html#quoting-arguments-to-steps
FURTHER READING• http://rundeck.org/docs/
• https://github.com/rundeck/rundeck
• http://www.slideshare.net/dev2ops/rundecks-history-and-future
• http://lanyrd.com/2012/chefconf/stkdz/
• http://blog.mattcallanan.net/2013_03_01_archive.html
• http://www.slideshare.net/dev2ops/nexus-live-1
• Mailing-list: https://groups.google.com/forum/#!forum/rundeck-discuss
• IRC: #rundeck at freenode.
QUESTIONS?
myself=‘arturmartins’
@{myself}
{myself}@gmail.comie.linkedin.com/in/{myself}
plus.google.com/+{myself}1