A fresh install contains an init script from the RPM. Your template does not include # chkconfig: 2345 90 10 in the header and thus this happens:
Error: Could not enable rundeckd: Execution of '/sbin/chkconfig rundeckd on' returned 1: service rundeckd does not support chkconfig

Is there some awesome reason for not using the provided init script?

Got this error message, when try to set the plugin via hiera yaml file:

Error: Failed to apply catalog: Cannot alias File[/var/lib/rundeck/libext/] to ["/var/lib/rundeck/libext"] at /etc/puppet/environments/devtest_coreaws_MC_2230/dist/modules/rundeck/manifests/config/plugin.pp:77; resource ["File", "/var/lib/rundeck/libext"] already declared

Related hiera yaml file:

cat rundeck.yaml:

rundeck::plugin:
    name: rundeck-ec2-nodes-plugin-1.5.jar
    source: https://github.com/rundeck-plugins/rundeck-ec2-nodes-plugin/releases/download/1.5/rundeck-ec2-nodes-plugin-1.5.jar

Related rundeck pp file:

  rundeck::config::plugin{ 'rundeck-ec2-nodes-plugin':
#    name   => 'rundeck-ec2-nodes-plugin-1.5.jar',
#    source => 'https://github.com/rundeck-plugins/rundeck-ec2-nodes-plugin/releases/download/1.5/rundeck-ec2-nodes-plugin-1.5.jar'
     name => $::rundeck::plugin::name,
     source => $::rundeck::plugin::source
  }

If I give the name and source directly (commented in above pp code), code works fine and plugin is installed.

New in version 2.5

For sites using RFC 2307 posixGroup for roles, the roleMemberAttribute does not work, because the posixGroup memberUid attributes are usernames and not DNs; the roleUsernameMemberAttribute is for this.

The module ignores the ssl_enabled setting when configuring the framework properties, and the grails server url. In both cases it uses http and port 4440, instead of switching to https 4443 when ssl is enabled.

I noticed the build has been failing the last 3 months or so (https://travis-ci.org/opentable/puppet-rundeck/builds) and the code on forge.puppetlabs.com is outdated. In my case (CentOS) it's not working anymore because of a specific jre that's not available (anymore?).

Part of params.pp

    'RedHat', 'Amazon': {
      $package_name = 'rundeck'
      $package_version = '2.0.3-1.14.GA'
      $package_ensure = 'installed'
      $service_name = 'rundeckd'
      $jre_name = 'java-1.6.0-openjdk'
      $jre_version = '1.6.0.0-1.66.1.13.0.el6'
    }

Output of yum info java-1.6.0-openjdk

Name        : java-1.6.0-openjdk
Arch        : x86_64
Epoch       : 1
Version     : 1.6.0.34
Release     : 1.13.6.1.el6_6

There is a minor error in manifests/config/resource_source.pp in the ensure_resource calls for the project dir and the etc subdirectory -- they refer to $user and $group instead of $u and $g.

@liamjbennett

Could you please share me a sample of hiera yaml file to list most params? I am stuck to set them properly, and waste a lot of time.

For example, how to setup:

auth_type
auth_config
plugin::name
plugin::source

If you can provide, issue #77 and #78 can be closed.

New setting in 2.5

One hour before, I found puppet-rundeck has new release 1.1, and the repository name has been changed from opentable/rundeck to puppet-community/puppet-rundeck

Any updates for us?

report the issue to rundeck with rundeck/rundeck#1268

I found the reason, so it need be fixed in puppet-rundeck.

When change the admin password in /etc/rundeck/realm.properties, the password in /etc/rundeck/framework.properties is not changed. Then rd-jobs command is failed.

Could you please add new feature to update the admin password at same time in both /etc/rundeck/realm.properties and /etc/rundeck/framework.properties ?

In default admin.aclpolicy there is no access for "admin" to storage to upload/manage keys.
There is a reference but only in API policy. There is no reference to resource_types storage in params.pp.

storage:
- match:
path: '(keys|keys/.)'
allow: '' # allow all access to manage stored keys

I set with ldaps, but didn't get what I need. After review the code, i found the setting in _auth_ldap.erb are only for ldap, not for ldaps

I think this is a typo:

...
bindDn="<%= @auth_config['ldap']['bind_dn']%>,<%= @auth_config['ldap']['user_base_dn'] %>"
                                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
...
userBaseDn="<%= @auth_config['ldap']['user_base_dn'] %>"

According to official documentation:

....
bindDn="cn=Manager,dc=example,dc=com"
...
userBaseDn="ou=People,dc=test1,dc=example,dc=com"

it's breaking ldap authentication

please merge following to fix this

The file rundeck/files/rundeck_version is not OS aware. It contains a reference to dpkg, but not rpm.

Maybe it's possible to use the resource abstraction layer from puppet to figure out the version:

$ puppet resource package rundeck
package { 'rundeck':
  ensure => '2.4.2-1.3.GA',
}

I'll make a fork, patch and pull request in a moment.

The grails server url in '/etc/rundeck/rundeck-config.properties' should respect the server url. Otherwise, the paths are incorrect in various links. I had to do something like below to fix it:

  file_line { 'setup-rundeck-config':
    path    => '/etc/rundeck/rundeck-config.properties',
    match   => '^grails.serverURL=',
    line    => "grails.serverURL=${rundeckServerUrl}",
    before  => Class['rundeck::service'],
    notify  => Class['rundeck::service'],
  }

Hi

I found the define for bindDn are different between templates/_auth_ad.erb and templates/_auth_ldap.erb

templates/_auth_ad.erb

bindDn="<%= @auth_config['active_directory']['bind_dn']%>"

templates/_auth_ldap.erb
bindDn="CN=<%= @auth_config['ldap']['bind_dn']%>,<%= @auth_config['ldap']['user_base_dn'] %>"

Because of this, I got very strange result in ldpa setting (merged bindDN and userDN), and our ldap tree is not start from CN= . Fix is simple, but any reason to do that?

bindDn="<%= @auth_config['ldap']['bind_dn']%>"

Hi

Find this issue when change default plugin directory, and the unless command ls + grep can be merged into one ls command.

Change plugin.pp from:

unless  => "/bin/ls -l /var/lib/rundeck/libext/ | grep ${name}"

to

unless  => "/bin/ls ${pd}/${name} 2>/dev/null"

the change has been tested with updated code.

Debug: Exec[download plugin rundeck-ec2-nodes-plugin-1.5.jar](provider=posix): Executing check '/bin/ls /var/lib/rundeck/libext/rundeck-ec2-nodes-plugin-1.5.jar 2>/dev/null'
Debug: Executing '/bin/ls /var/lib/rundeck/libext/rundeck-ec2-nodes-plugin-1.5.jar 2>/dev/null'
Debug: /Stage[main]/Role::Rundeck/Rundeck::Config::Plugin[rundeck-ec2-nodes-plugin]/Exec[download plugin rundeck-ec2-nodes-plugin-1.5.jar]/unless: /var/lib/rundeck/libext/rundeck-ec2-nodes-plugin-1.5.jar

Not sure with this issue, which github repository I need target (puppet-rundeck or andytinycat/puppet-omnibus), but since we use puppet-omnibus with other forge packages and private packages without this issue, so I put my issue here.

My office use puppet-omnibus on all puppet agents.

I install puppet-rundeck with puppetlabs puppet/facter/hierada without issue. But when install with puppet-omnibus, the first time when run puppet apply directly, rundeck is successfully installed, I can see the services running on port 4440. Then I got this error with any puppet command:

$ puppet --version
Starting puppet agent: /opt/puppet-omnibus/embedded/lib/ruby/gems/2.0.0/gems/facter-1.7.3/lib/facter/util/parser.rb:73:in `parse': undefined method `each_line' for nil:NilClass (NoMethodError)
   from /opt/puppet-omnibus/embedded/lib/ruby/gems/2.0.0/gems/facter-1.7.3/lib/facter/util/parser.rb:120:in `results'
   from /opt/puppet-omnibus/embedded/lib/ruby/gems/2.0.0/gems/facter-1.7.3/lib/facter/util/directory_loader.rb:61:in `block in load'
   from /opt/puppet-omnibus/embedded/lib/ruby/gems/2.0.0/gems/facter-1.7.3/lib/facter/util/directory_loader.rb:55:in `each'
   from /opt/puppet-omnibus/embedded/lib/ruby/gems/2.0.0/gems/facter-1.7.3/lib/facter/util/directory_loader.rb:55:in `load'
   from /opt/puppet-omnibus/embedded/lib/ruby/gems/2.0.0/gems/facter-1.7.3/lib/facter/util/composite_loader.rb:10:in `block in load'
   from /opt/puppet-omnibus/embedded/lib/ruby/gems/2.0.0/gems/facter-1.7.3/lib/facter/util/composite_loader.rb:10:in `each'
   from /opt/puppet-omnibus/embedded/lib/ruby/gems/2.0.0/gems/facter-1.7.3/lib/facter/util/composite_loader.rb:10:in `load'
   from /opt/puppet-omnibus/embedded/lib/ruby/gems/2.0.0/gems/facter-1.7.3/lib/facter/util/collection.rb:109:in `load'
   from /opt/puppet-omnibus/embedded/lib/ruby/gems/2.0.0/gems/facter-1.7.3/lib/facter/util/collection.rb:84:in `fact'
   from /opt/puppet-omnibus/embedded/lib/ruby/gems/2.0.0/gems/facter-1.7.3/lib/facter/util/collection.rb:139:in `value'
   from /opt/puppet-omnibus/embedded/lib/ruby/gems/2.0.0/gems/facter-1.7.3/lib/facter.rb:112:in `block (2 levels) in singleton class'
   from /opt/puppet-omnibus/embedded/lib/ruby/gems/2.0.0/gems/puppet-3.3.1/lib/puppet/defaults.rb:4:in `default_diffargs'
   from /opt/puppet-omnibus/embedded/lib/ruby/gems/2.0.0/gems/puppet-3.3.1/lib/puppet/defaults.rb:183:in `<module:Puppet>'
   from /opt/puppet-omnibus/embedded/lib/ruby/gems/2.0.0/gems/puppet-3.3.1/lib/puppet/defaults.rb:1:in `<top (required)>'
   from /opt/puppet-omnibus/embedded/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:45:in `require'
   from /opt/puppet-omnibus/embedded/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:45:in `require'
   from /opt/puppet-omnibus/embedded/lib/ruby/gems/2.0.0/gems/puppet-3.3.1/lib/puppet.rb:109:in `<module:Puppet>'
   from /opt/puppet-omnibus/embedded/lib/ruby/gems/2.0.0/gems/puppet-3.3.1/lib/puppet.rb:29:in `<top (required)>'
   from /opt/puppet-omnibus/embedded/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:45:in `require'
   from /opt/puppet-omnibus/embedded/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:45:in `require'
   from /opt/puppet-omnibus/embedded/lib/ruby/gems/2.0.0/gems/puppet-3.3.1/lib/puppet/util/command_line.rb:12:in `<top (required)>'
   from /opt/puppet-omnibus/embedded/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:45:in `require'
   from /opt/puppet-omnibus/embedded/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:45:in `require'
   from /opt/puppet-omnibus/embedded/lib/ruby/gems/2.0.0/gems/puppet-3.3.1/bin/puppet:3:in `<top (required)>'
   from /usr/bin/puppet:23:in `load'
   from /usr/bin/puppet:23:in `<main>'

let me know what I need check, seems the root cause is related to facter command.

puppet-omnibus version is 3.3.1
Linux version is CentOS 6.5

Add support for passing in e-mail configuration. This would include the values here itemized in the grails docs and making the rundeck config a .groovy file:
http://www.grails.org/plugin/mail#Configuration

I need rename default rundeck account from rundeck to other (following the company naming standard).

rundeck::user: A1234
rundeck::group: A1234

After installed rundeck on a new system, two folders and subfolders are fine with user A1234:

/etc/rundeck
/var/rundeck

But rundeck user is still created, and folder /var/lib/rundeck and subfolders are owned by rundeck.

rundeck:x:502:502::/var/lib/rundeck:/bin/bash

My rundeck system is running on CentOS 6.6

I need install old version, so I updated my hiera yaml file as below,

rundeck::package_version: '1.6.2-1.GA'
rundeck::package_ensure: present

It didn't work. Then I review the manifests/install.pp code, and found it didn't support properly for Redhat/centOS. it have hard-coding to install latest rundeck version and only from di.bintray.com, there is no chance you can choice the version and baseurl (package_source)

Second, there is no version 1.6 you can download from dl.bintray.com , lowest version is 2.0.

    'RedHat': {
      if $manage_yum_repo == true {
        yumrepo { 'bintray-rundeck':
          baseurl  => 'http://dl.bintray.com/rundeck/rundeck-rpm/',
          descr    => 'bintray rundeck repo',
          enabled  => '1',
          gpgcheck => '0',
          priority => '1',
          before   => Package['rundeck'],
        }
      }

      ensure_resource('package', 'rundeck', {'ensure' => $package_ensure} )
    }

Using this manifest:

rundeck::config::project { 'foo':
  resource_sources => {
    'foo' => {
      project_name             => 'foo',
      include_server_node => false,
      resource_format        => 'resourceyaml',
      source_type               => 'url',
      url                               => 'https://myservice',
      url_timeout                 => '30',
      url_cache                   => true,
    }
  }
}

triggers following error:

==> default: Error: Duplicate declaration: File[/var/rundeck/projects/foo/etc/project.properties] is already declared in file /tmp/vagrant-puppet-3/modules-0/rundeck/manifests/config/project.pp:78; cannot redeclare at /tmp/vagrant-puppet-3/modules-0/rundeck/manifests/config/resource_source.pp:199 on node localhost
==> default: Error: Duplicate declaration: File[/var/rundeck/projects/foo/etc/project.properties] is already declared in file /tmp/vagrant-puppet-3/modules-0/rundeck/manifests/config/project.pp:78; cannot redeclare at /tmp/vagrant-puppet-3/modules-0/rundeck/manifests/config/resource_source.pp:199 on node localhost

Who is responsible for creating the directory structure and the $properties_file?
Is it a good idea to use a resource_source.pp without a project.pp? I think resource_source.pp can not life without an project.pp because of the required param project_name by resource_source.
IMHO the project.pp should be responsible for $properties_file and the folder structure. So we can remove some duplicated code from resource_source.pp and make resource_source.pp a private define.

What do you think?

The current template hard-codes "ldap" in the providerURL parameter, which does not work if one wants to use LDAPS.

http://rundeck.org/docs/administration/setting-up-an-rdb-datasource.html

Given the complicated structure of the $acl_policies parameter of rundeck::config::aclpolicyfile, it would also be nice to see validation of a minimal policy hash. (Determining what that minimum is, of course, is possibly the more complicated problem.)

In your /etc/rundeck/rundeck-config.properties add:
rundeck.clusterMode.enabled=true

And in your /etc/rundeck/framework.properties
rundeck.server.uuid= "XXXXXXXX-YYYY-ZZZZ-VVVV-BBBBBBBBBBBB"

We use rundeck with foreman a we have a self signed certificate on the foreman server. We then use the foreman api to get the node list in rundeck. For this to work, we need to import the self-signed certificates in the truststore (the foreman CA and the foreman SSL cert). We also need to fix /etc/rundeck/profile. It would be nice to have a sub module to configure this. Right now we use the following code but it's not perfect as the rundeck module already manages the profile file.

Here's the code we used:

  file { '/root/foreman.local.pem':
    source  => "puppet:///modules/${module_name}/rundeck/foreman.local.pem",
    mode    => '0600',
    require => Class['rundeck'],
  }->
  exec { 'import-foreman-self-signed-certificates':
    command =>
      'keytool -import -alias foreman_cert -file /root/foreman.local.pem -keystore /etc/rundeck/ssl/truststore -storepass adminadmin -noprompt &&\
       keytool -import -alias foreman_ca -file /var/lib/puppet/ssl/certs/ca.pem -keystore /etc/rundeck/ssl/truststore -storepass adminadmin -noprompt',
    path    => '/usr/bin:/usr/sbin:/bin:/sbin',
    creates => '/etc/rundeck/ssl/truststore',
  }
  file_line { 'fix-etc-rdeck-ssl-opts':
    path    => '/etc/rundeck/profile',
    line    => 'export RDECK_SSL_OPTS="-Djavax.net.ssl.trustStore=/etc/rundeck/ssl/truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol"',
    match   => '^export\ RDECK_SSL_OPTS.*$',
    notify  => Class['rundeck::service'],
  }->
  file_line { 'fix-etc-rundeck-jvm':
    path    => '/etc/rundeck/profile',
    line    => 'export RDECK_JVM="$RDECK_JVM $RDECK_SSL_OPTS"',
    after   => '^export\ RDECK_SSL_OPTS.*$',
    notify  => Class['rundeck::service'],
  }

The default JDK versions are for 1.6; Rundeck has required 1.7 since at least 2.4, released in December. (I didn't look back further.) The service fails to start when only 1.6 is installed.

We should have a basic way of managing the rundeck jobs using the api:

Here is a gist of roughly how it should work (this can be split into examples):

https://gist.github.com/liamjbennett/741c9139a66198dc38b2

admin_password should be a parameter so it's easy to override the value used by realm.properties.

Need to manage this file so that we can configure things like the respawn settings.

Update the default rundeck version to 2.2.3-1-GA.

The template for the log4j properties appears to be truncated; there are a few characters missing from the format for the access log, resulting is an unusable log.

Hi everyone,

I'm receiving the following error when attempting to include this module with my Puppet script (executed on Vagrant, with a CentOS 6.5 base box)

Error: Could not find package rundeck-2.0.3-1.14.GA
Error: /Stage[main]/Rundeck::Install/Package[rundeck-2.0.3-1.14.GA]/ensure: change from absent to present failed: Could not find package rundeck-2.0.3-1.14.GA

Is this a known issue, or am I doing something daft?

Best wishes,

Daniel

The rundeck tag on puppet forge for this project is 'rundeck,' (with the comma) which is causing it to not show up in searches for rundeck by tag. Should probably be fixed.

https://forge.puppetlabs.com/opentable/rundeck

thanks!

The indentation is wrong in the policy files which results in you not have any access to create projects when you login as admin and there are errors in rundeck.audit.log mentioning the same.

conditions:

jre_manage => false,

result:

Error: Could not find dependency Package[openjdk-6-jre] for Exec[install rundeck package] at /tmp/vagrant-puppet/modules-19bec28118f8e7920dd00b800dce29f5/rundeck/manifests/install.pp:69
The SSH command responded with a non-zero exit status. Vagrant
assumes that this means the command failed. The output for this command
should be in the log above. Please read the output to determine what
went wrong.

I need prepare hiera yaml file for template realm.properties.erb

rundeck::params::auth_config:
    file:
       admin_user: admin
       admin_password: password
       auth_users: ['user1', 'user2']
      ???
      ???

Seems it doesn't work. For example, I need set /etc/rundeck/realm.properties to

admin:password,user,admin,architect,deploy,build
user1:abc,user,deploy
user2:xyz,admin

So could you please share me the sample of hiera yaml file for this setting?

@grafjo There is a problem with PR #76 in that it misses the deep_merge that happens in rundeck::config, which merges the framework_config parameter from rundeck and rundeck::params::framework_config. I haven't had time to test if just inserting config:: is sufficient or not.

class { '::rundeck':
   ...
  framework_config => {
    'framework.server.port' => '8008',
    'framework.server.url' => 'https://rundeck.example.com',
  },
}

err: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid relationship: File[/admin.aclpolicy] { require => File[undef] }, because File[undef] doesn't seem to be in the catalog

Currently $jvm_args from rundeck::params is hard-coded and not modifiable.

With $jvm_args only accessible in rundeck::params, it is not possible override the values there. It is necessary add to the JVM parameters to configure rundeckd to listen on a different port than the default and bind to a specific IP address, both of which are preferred when setting up Apache httpd to proxy (I want to change the port to one that SELinux allows httpd to connect to by default, such as 8008); it is also necessary to add "-Drundeck.jetty.connector.forwarded=true" to enable it to use the X-Forwarded-* HTTP headers.

After upgrade rundeck-config, i found the file /etc/rundeck/rundeck-config.properties is removed.

The commit 1cbe621 did it on purpose, but I didn't understand it, I can't find the related document in rundeck.

So why /etc/rundeck/rundeck-config.properties is removed and replaced by rundeck-config.groovy? Can we change it back?

Notice: /Stage[main]/Rundeck::Install/Package[rundeck-config]/ensure: ensure changed '2.5.0-1.6.GA' to '2.5.1-1.7.GA'
Info: /Stage[main]/Rundeck::Install/Package[rundeck-config]: Scheduling refresh of Class[Rundeck::Service]
Notice: /Stage[main]/Rundeck::Config/File[/etc/rundeck/apitoken.aclpolicy]/mode: mode changed '0644' to '0640'
Notice: /Stage[main]/Rundeck::Config::Global::Project/File[/etc/rundeck/project.properties]/mode: mode changed '0644' to '0640'
Info: FileBucket adding {md5}fd43dcc8b23a1d9bc63a6b48a2fde7f7
Info: /Stage[main]/Rundeck::Config::Global::Rundeck_config/File[/etc/rundeck/rundeck-config.properties]: Filebucketed /etc/rundeck/rundeck-config.properties to puppet with sum fd43dcc8b23a1d9bc63a6b48a2fde7f7
Notice: /Stage[main]/Rundeck::Config::Global::Rundeck_config/File[/etc/rundeck/rundeck-config.properties]/ensure: removed
Info: Class[Rundeck::Service]: Scheduling refresh of Service[rundeckd]

Hello,

I was using your module to launch a new Rundeck box. I noticed that certain version numbers are hard coded (jre and rundeck) in the module.
The hard coded version of Rundeck for the RedHat family is outdated, the yum repository the module installs has a newer version.
The version for jre was not present in my default CentOS 7 repos.

So instead of baking default versions into the module, it would be perhaps better to just use 'installed' as default, which installs the latest version available. If users wish to stick to a certain version they can specify it.

Furthermore, in our environment yum distro-sync runs daily, which would upgrade the package to the newest version available, then Puppet would downgrade it to the version specified in the module.

BR,
ak0ska

Refactoring and switching to the groovy format will make adding more complex features such as #14 easier to implement.

I successfully set the puppet code (release 1.0) within vagrant. I can login via http://192.168.1.2:4440/user/login from my laptop, created some projects and jobs and save the setting.

Today I saw the new release (1.1) announced, did git pull, and vagrant reload --provision. I still can see the login page, but when I try to login with Google Chrome, it stays at login page. When I login with Safari, the URL is changed to http://localhost:4440/menu/home and no content is displayed.

# pwd
/etc/rundeck
# grep "example.com"  *
framework.properties:framework.server.hostname = rundeck.example.com
framework.properties:framework.server.name = rundeck.example.com
framework.properties:framework.server.url = http://rundeck.example.com:4440
rundeck-config.properties:grails.serverURL=http://rundeck.example.com:4440

Any thing I need adjust?

I just ran into a full file system due to rundeck/rundeck#1175, which is fixed upstream and included in the latest RPM, but lost due to the template overwriting it. The easy solution is to just update the template with this and other changes from the upstream but this will likely be a problem again in the future and, in general, continues to limit users' flexibility.

Before I start coding anything, I would like to propose several options:

1. Just update the damn template and move on
2. Add a parameter to override the log4j template
3. Add a parameter to disable managing the log4j file altogether and let the user do it on his own if necessary.
4. Switch to a more granular way of managing the file, using ini_setting or augeas resources, and not disturb the stock config more than necessary.

Option 4 is my preference, encapsulating with a defined type. (I would probably use ini_setting, since that's already in use and people are generally more comfortable with that.)