Rundeck (Job scheduler and Runbook automation)

sudo apt install -y curl
 
# OPTIONAL: install Java if not already available
sudo apt-get install -y openjdk-11-jre-headless
 
curl -L https://packages.rundeck.com/pagerduty/rundeck/gpgkey | sudo apt-key add -
 
cat <<EOF> /etc/apt/sources.list.d/rundeck.list
deb https://packages.rundeck.com/pagerduty/rundeck/any/ any main
deb-src https://packages.rundeck.com/pagerduty/rundeck/any/ any main
EOF
 
sudo apt-get update
sudo apt-get install -y rundeck
 
#sudo apt install -y sshpass

ansible-playbook rundeck-ansible.example.com.yml -i your_inventory

---
hosts: rundeck-ansible.example.com
  vars:
    port_redirect:
      from: 4440
      to: 80
    install_ansible_plugin: true
  roles:
    - ansible
    - rundeck
>

admin/admin

# override rundeck properties
/etc/rundeck/framework.properties
/etc/rundeck/rundeck-config.properties
/etc/rundeck/realm.properties
/etc/rundeck/rundeck-config.properties
 
# (global)
/etc/rundeck/framework.properties
 
# job database
/var/lib/rundeck/data/rundeckdb.mv.db
 
# hosts
/var/rundeck/projects/JOB_NAME/etc/resources.xml
 
# add user
echo "foo:bar,user,devops" >> /etc/rundeck/realm.properties
 
# acl
/var/rundeck/projects/<project_name>/acls/<project_name>.aclpolicy

# configure nodes
/var/rundeck/projects/<project_name>/etc/resources.xml
 
# use native ssh agent to access host behind proxy / bastion
/var/rundeck/projects/<project_name>/etc/project.properties
plugin.script-exec.default.command=/usr/bin/ssh ${node.username}@${node.hostname} ${exec.command}
plugin.script-copy.default.command=/usr/bin/scp ${file-copy.file} ${node.username}@${node.hostname}\:${file-copy.destination}

# variables
${globals.environment} ${job.project} ${job.name} ${execution.status}

# /etc/rundeck/rundeck-config.properties
grails.mail.host=smtp.example.com
grails.mail.port=25
grails.mail.username=foo
grails.mail.password=bar
 
 
# restart service
service rundeckd restart
 
# ssh
mkdir /var/lib/rundeck/.ssh
chown rundeck:rundeck /var/lib/rundeck/.ssh
chmod 700 /var/lib/rundeck/.ssh
touch /var/lib/rundeck/.ssh/id_rsa
chown rundeck:rundeck /var/lib/rundeck/.ssh/id_rsa
chmod 600 /var/lib/rundeck/.ssh/id_rsa
 
# log
tail -f /var/log/rundeck/*.log

/var/rundeck/projects/PROJECT_NAME/scm
/var/rundeck/projects/PROJECT_NAME/scm/scm-export.properties
/var/rundeck/projects/PROJECT_NAME/scm/cm-import.properties

USERNAME=admin
OLDPW="admin"
NEWPW="my_new_pass"
sed -i "/^${USERNAME}/ s|:${OLDPW}|:${NEWPW}|g" /home/rundeck/server/config/realm.properties
 
 
#RD_PASS=$(openssl rand -base64 16)
#echo ${RD_PASS}
#RD_PASS_MD5=$(java -cp /var/lib/rundeck/bootstrap/jetty-all-9.0.7.v20131107.jar org.eclipse.jetty.util.security.Password admin ${RD_PASS} 2>&1 | grep MD5)
#sed -i "s/^admin:admin/admin:MD5:${RD_PASS_MD5}/g" /etc/rundeck/realm.properties
java -jar /var/lib/rundeck/bootstrap/rundeck-*.war --encryptpwd Jetty
service rundeckd restart
 
# echo "framework.server.password = MD5:${RD_PASS_MD5}" >> /etc/rundeck/framework.properties
 
# Notify icinga
Local Command:
ssh monitoring.example.com '/usr/bin/printf "[%lu] SCHEDULE_FORCED_SVC_CHECK;%s;%s;%s\n" $(date +%s) ${node.name} APT $(date +%s) | tee -a /var/lib/icinga/rw/icinga.cmd'

# use in bash
NODES=$(echo $RD_OPTION_NODES | sed 's/,/ /g')
 
# remote URL
https://docs.gitlab.com/ee/api/repository_files.html#get-file-from-repository
file:///tmp/foo.json
# dep # https://gitlab.example.com/foo/bar/raw/master/file.json?private_token=foo1234
 
https://gitlab.example.com/api/v4/projects/3/repository/files/${job.project}%2F${globals.environment}%2Foptions-hosts.json/raw?ref=master&private_token=${globals.private_token}

export OS_ENV=dev
export TOKEN=12345678
 
# execute GitLab pipeline
curl -X POST \
  --silent \
  --fail \
  -F token=${TOKEN} \
  -F ref=${OS_ENV} \
  https://git.example.com/api/v4/projects/123/trigger/pipeline

echo ${option.RSA} | tee /tmp/debug.txt

# check file size
'[[ $(find /media/backup/db.mr/ -size +50M -name exp_$(date -I)_*.dmp.bz2 ) ]]'

GIT_SERVER=git.example.com
GIT_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
RUNDECK_JOB=287d18f7-6c95-40b7-8857-82d215c143e1
RUNDECK_TOKEN=yyyyyyyyyyyyyyyyyyyyyyyyy
ENVIRONMENT=stage
RUNDECK_SERVER=rundeck.${ENVIRONMENT}.example.com
RUNDECK_JOB_OPTIOONS=$(curl "https://${GIT_SERVER}/api/v4/projects/3/repository/files/OpenStack%2F${ENVIRONMENT}%2Foptions-hosts-all.json/raw?ref=master&private_token=${GIT_TOKEN}" | jq -r '.[] | select(.value != "control") .value' | paste -sd" ")
 
curl --location --request POST "http://${RUNDECK_SERVER}/api/40/job/${RUNDECK_JOB}/run" \
  --header "Accept: application/json" \
  --header "X-Rundeck-Auth-Token: ${RUNDECK_TOKEN}" \
  --header "Content-Type: application/json" \
  --data "{
    options: {
        nodes: ${RUNDECK_JOB_OPTIOONS}
    }
  }" | jq
 
# list tokens
curl -G -s -H "Accept: application/json" -H "X-RunDeck-Auth-Token:${RUNDECK_TOKEN}" "http://${RUNDECK_SERVER}/api/40/tokens" | jq
 
# get job definition
curl -G -s -H "Accept: application/json" -H "X-RunDeck-Auth-Token:${RUNDECK_TOKEN}" "http://${RUNDECK_SERVER}/api/40/job/${RUNDECK_JOB}" | jq
 
# get job info
curl -G -s -H "Accept: application/json" -H "X-RunDeck-Auth-Token:${RUNDECK_TOKEN}" "http://${RUNDECK_SERVER}/api/40/job/${RUNDECK_JOB}/info" | jq
 
# get all jobs
curl -G -s -H "Accept: application/json" -H "X-RunDeck-Auth-Token:${RUNDECK_TOKEN}" "http://${RUNDECK_SERVER}/api/40/project/OpenStack/jobs"  | jq
 
#  (call with parameter from curl)
curl -H "X-Rundeck-Auth-Token: ABCDEFGHIJKLMNOPRST1234567890" --data-urlencode "argString=-sku 'item1 item2 item3'" -X POST http://rundeck.example.com/api/25/job/26356713-8285-479e-860f-221559a64c23422/run
 
# fix Failed loading remote option values / Exception: java.lang.Exception: Unexpected content type received: text/plain; charset=utf-8 in Rundeck Allowed Values > Remote URL with currently:
# https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/23442
echo "framework.globals.environment=dev" >> /etc/rundeck/framework.properties

# color
grep --color=always foo /path/to/file

apt install -y git 
cd /var/rundeck/projects/DevOps/scm
git pull

http://rundeck.example.com/metrics/healthcheck

# generate new token for openstack-ci user
https://git.i.example.com/admin/users/cicd-user/impersonation_tokens
Token name: rundeck
read_repository
 
# get token (@workstation)
 PRIVATE_TOKEN=******
 
# Update private_token in rundeck
for OS_ENV in dev stage prod; do
    source ~/.rd/rundeck.${OS_ENV}.i.example.com.conf
    rd projects configure update -p OpenStack -- --project.globals.private_token=${PRIVATE_TOKEN}
done