Welcome, Guest Login

Rundeck Pro Support Center

Install RUNDECK PRO to my own Tomcat using rdpro-installer

Last Updated: Jan 23, 2017 04:43PM PST
The installer can deploy the RUNDECK PRO webapp to a pre-existing Tomcat container.

Obtain the latest software:


Install package dependencies

The installer uses curl and unzip to get and extract the software. Here the yum command is used to install the dependencies for an RPM-based Linux distribution.

     sudo yum install -y unzip curl java-1.7.0-openjdk

Install Rundeck  

  1. Copy the rdpro-installer to the new rundeck base directory
  2. Identify the $CATALINA_BASE path
  3. Run the installer
  • Basic Install
         ./rdpro-installer install-war  \
         --rdeck-base $RDECK_BASE                   
         --catalina-base $CATALINA_BASE \
         --server-hostname [HOSTNAME] \
         --server-url http://[TOMCAT_HOST]:[PORT]/rundeckpro
  • With MYSQL Connection

      ./rdpro-installer install-war  \
      --rdeck-base $RDECK_BASE \
      --catalina-base $CATALINA_BASE \
      --server-hostname [HOSTNAME] \
      --server-url http://[TOMCAT_HOST]:[PORT]/rundeckpro \
      --datasource-driver com.mysql.jdbc.Driver \  
      --datasource-url 'jdbc:mysql://[DBHOSTNAME]/rundeckdb?autoReconnect=true' \
      --datasource-username [RUNDECK_DB_USER] \
      --datasource-password [RUNDECK_DB_PASSWORD]  
  • With Oracle Connection

      ./rdpro-installer install-war  \
      --rdeck-base $RDECK_BASE \
      --catalina-base $CATALINA_BASE \
      --server-hostname [HOSTNAME] \
      --server-url http://[TOMCAT_HOST]:[PORT]/rundeckpro \
      --datasource-driver oracle.jdbc.driver.OracleDriver \
      --datasource-url 'jdbc:oracle:thin:@[DBHOSTNAME]:[DBPORT]/[SERVICE_NAME]'   \
      --datasource-username [RUNDECK_DB_USER] \
      --datasource-password [RUNDECK_DB_PASSWORD]             

* This oracle jdbc driver must be copied to $CATALINA_BASE\LIB

  1. Edit log4j.properties

          Copy the content of this file

           To $CATALINA_BASE/webapps/rundeckpro/WEB-INF/classes/log4j.properties
           Replace $RDECK_BASE with your rundeck base path.

  1. Change permissions of the rundeck home  in order to tomcat group can access to it.
              eg: change the owner of the runceck home
              chown -R tomcat.tomcat
              or change the group 

              chgrp -R tomcat $RDECK_HOME
  1. Change the permision of rundeck-config.properties to be able to read it for tomcat user

              chmod 664 rundeck-config.properties
  1. Add rundeck setting to tomcat

             Edit the file setenv.sh en $CATALINA_BASE/bin or
             /etc/tomcat/tomcat.conf  (Red Hat)

              JAVA_OPTS="$JAVA_OPTS -XX:MaxPermSize=256m -Xmx1024m -Xms256m -server  -            
Drdeck.base=$RDECK_BASE -Drundeck.config.location=$RDECK_BASE/etc/rundeck-config.properties"

             for oracle connection it is need to add this in the tomcat.conf
  1. Add user to $CATALINA_BASE/conf/tomcat_users.xml

                 <role rolename="user"/>
                 <role rolename="admin"/>
                <user username="user" password="user" roles="user"/>
                <user username="admin" password="admin" roles="user,admin"/>
  1. Add extra settings to $RDECK_BASE/etc/rundeck-config.properties  or $RDECK_BASE/etc/framework.properties

  1. Restart Tomcat
  2. Check tomcat log file to check the startup process

              tail -f $CATALINA_BASE/server/logs/catalina.out -n 1000

Configure Active Directory Authentication (Optional)

If it is needed to using an Active Directory Authentication,
You must edit the %CATALINA_BASE%\conf\server.xml and add the following realm definition.

Replace the "@token@" strings with values corresponding to your Active Directory structure.

    <Realm className="org.apache.catalina.realm.JNDIRealm"

Here are the descriptions for each attribute:
  • connectionName: The account bind name (eg, cn=user,ou=blah,dc=example,dc=com or eg, Administrator@sops.local)
  • connectionPassword: the connection user's password (eg 'password')
  • connectionURL: the URL to the ldap server (eg, 'ldap://' )
  • userBase: Base for finding users. (eg, 'dc=example,dc=com')             
                or userPattern: Pattern for finding users. (eg, 'cn={0},dc=example,dc=com')
  • userSearch: Filter use to find the user. (eg: (sAMAccountName={0}) or (name={0})
  • roleBase: Base for finding roles (eg 'OU=Rundeck,dc=example,dc=com' )

Configuring SSL (Optional)

1) Use the keytool to generate a keystore for use as the server cert and client truststore

keytool -genkey -noprompt \
       -alias     tomcat \
       -keyalg    RSA \
       -dname     "$keystore_dname" \
       -keystore  "$keystore_file" \
       -storepass "$keystore_pass" \
       -keypass   "$keystore_pass"

$keystore_file = /opt/rundeck/etc/truststore
$keystore_dname ="CN=acme.org,OU=CA,O=ACME,L=Acme,S=Acme,C=US"

2) Edit server.xml in tomcat config, and add this Connector

<Connector port="@https_port@" protocol="org.apache.coyote.http11.Http11Protocol" 
             scheme="https" secure="true"


@https_port@: port that you want to use 
@keystore_file@: kestore file generated in 1)
@keystore_pass@:  keystore password

3) Edit rundeck-config.properties and framework.properties to add the new URL and port:




seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found