Welcome, Guest Login

Rundeck Pro Support Center

Install RUNDECK PRO to my own Tomcat using rdpro-installer

Last Updated: Jan 23, 2017 04:43PM PST
The installer can deploy the RUNDECK PRO webapp to a pre-existing Tomcat container.
 

Obtain the latest software:


http://support.rundeck.com/customer/portal/articles/2242895-last-pro-release


Install package dependencies




The installer uses curl and unzip to get and extract the software. Here the yum command is used to install the dependencies for an RPM-based Linux distribution.

     sudo yum install -y unzip curl java-1.7.0-openjdk


Install Rundeck  


 
  1. Copy the rdpro-installer to the new rundeck base directory
  2. Identify the $CATALINA_BASE path
  3. Run the installer
 
  • Basic Install
     
         ./rdpro-installer install-war  \
         --rdeck-base $RDECK_BASE                   
         --catalina-base $CATALINA_BASE \
         --server-hostname [HOSTNAME] \
         --server-url http://[TOMCAT_HOST]:[PORT]/rundeckpro
 
  • With MYSQL Connection

      ./rdpro-installer install-war  \
      --rdeck-base $RDECK_BASE \
      --catalina-base $CATALINA_BASE \
      --server-hostname [HOSTNAME] \
      --server-url http://[TOMCAT_HOST]:[PORT]/rundeckpro \
      --datasource-driver com.mysql.jdbc.Driver \  
      --datasource-url 'jdbc:mysql://[DBHOSTNAME]/rundeckdb?autoReconnect=true' \
      --datasource-username [RUNDECK_DB_USER] \
      --datasource-password [RUNDECK_DB_PASSWORD]  
 
  • With Oracle Connection

      ./rdpro-installer install-war  \
      --rdeck-base $RDECK_BASE \
      --catalina-base $CATALINA_BASE \
      --server-hostname [HOSTNAME] \
      --server-url http://[TOMCAT_HOST]:[PORT]/rundeckpro \
      --datasource-driver oracle.jdbc.driver.OracleDriver \
      --datasource-url 'jdbc:oracle:thin:@[DBHOSTNAME]:[DBPORT]/[SERVICE_NAME]'   \
      --datasource-username [RUNDECK_DB_USER] \
      --datasource-password [RUNDECK_DB_PASSWORD]             

* This oracle jdbc driver must be copied to $CATALINA_BASE\LIB


 
  1. Edit log4j.properties

          Copy the content of this file
            http://support.rundeck.com/customer/portal/articles/2419019-log4j-properties-template

           To $CATALINA_BASE/webapps/rundeckpro/WEB-INF/classes/log4j.properties
           Replace $RDECK_BASE with your rundeck base path.

 
  1. Change permissions of the rundeck home  in order to tomcat group can access to it.
              eg: change the owner of the runceck home
              chown -R tomcat.tomcat
$RDECK_HOME
             
              or change the group 


              chgrp -R tomcat $RDECK_HOME
 
  1. Change the permision of rundeck-config.properties to be able to read it for tomcat user

              chmod 664 rundeck-config.properties
          
  1. Add rundeck setting to tomcat

             Edit the file setenv.sh en $CATALINA_BASE/bin or
             /etc/tomcat/tomcat.conf  (Red Hat)


              JAVA_OPTS="$JAVA_OPTS -XX:MaxPermSize=256m -Xmx1024m -Xms256m -server  -            
Drdeck.base=$RDECK_BASE -Drundeck.config.location=$RDECK_BASE/etc/rundeck-config.properties"


             for oracle connection it is need to add this in the tomcat.conf
 
             -Dhibernate.jdbc.use_get_generated_keys=true
  1. Add user to $CATALINA_BASE/conf/tomcat_users.xml


             <tomcat-users>
                 <role rolename="user"/>
                 <role rolename="admin"/>
                <user username="user" password="user" roles="user"/>
                <user username="admin" password="admin" roles="user,admin"/>
           </tomcat-users>
 
  1. Add extra settings to $RDECK_BASE/etc/rundeck-config.properties  or $RDECK_BASE/etc/framework.properties

http://rundeck.org/docs/administration/configuration-file-reference.html
 
  1. Restart Tomcat
  2. Check tomcat log file to check the startup process

              tail -f $CATALINA_BASE/server/logs/catalina.out -n 1000
 


Configure Active Directory Authentication (Optional)




If it is needed to using an Active Directory Authentication,
You must edit the %CATALINA_BASE%\conf\server.xml and add the following realm definition.

Replace the "@token@" strings with values corresponding to your Active Directory structure.



    <Realm className="org.apache.catalina.realm.JNDIRealm"
        connectionName="@jndi_connectionName@"
        connectionPassword="@jndi_connectionPassword@"
        connectionURL="@jndi_connectionURL@"
        referrals="follow"
        userPattern="@jndi_userPattern@"
        userSearch="(sAMAccountName={0})"
        userSubtree="true"
        roleBase="@jndi_roleBase@"
        roleName="cn"
        roleSearch="(member={0})"
        roleSubtree="true"
        roleNested="true"
        commonRole="user"
    />        


Here are the descriptions for each attribute:
  • connectionName: The account bind name (eg, cn=user,ou=blah,dc=example,dc=com or eg, Administrator@sops.local)
  • connectionPassword: the connection user's password (eg 'password')
  • connectionURL: the URL to the ldap server (eg, 'ldap://192.168.50.11:389' )
  • userBase: Base for finding users. (eg, 'dc=example,dc=com')             
                or userPattern: Pattern for finding users. (eg, 'cn={0},dc=example,dc=com')
  • userSearch: Filter use to find the user. (eg: (sAMAccountName={0}) or (name={0})
  • roleBase: Base for finding roles (eg 'OU=Rundeck,dc=example,dc=com' )
      

Configuring SSL (Optional)



1) Use the keytool to generate a keystore for use as the server cert and client truststore

keytool -genkey -noprompt \
       -alias     tomcat \
       -keyalg    RSA \
       -dname     "$keystore_dname" \
       -keystore  "$keystore_file" \
       -storepass "$keystore_pass" \
       -keypass   "$keystore_pass"

eg: 
$keystore_file = /opt/rundeck/etc/truststore
$keystore_dname ="CN=acme.org,OU=CA,O=ACME,L=Acme,S=Acme,C=US"


2) Edit server.xml in tomcat config, and add this Connector

<Connector port="@https_port@" protocol="org.apache.coyote.http11.Http11Protocol" 
             SSLEnabled="true"
             scheme="https" secure="true"
             keystoreFile="@keystore_file@" 
             keystorePass="@keystore_pass@"
             clientAuth="false" sslProtocol="TLS"              ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA25,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"
              />

where 

@https_port@: port that you want to use 
@keystore_file@: kestore file generated in 1)
@keystore_pass@:  keystore password

3) Edit rundeck-config.properties and framework.properties to add the new URL and port:

rundeck-config.properties:

grails.serverURL=https://[URL]:[https_port]/rundeckpro

framework.properties

framework.server.port=[https_port]
framework.server.url=https://[URL]:[https_port]/rundeckpro
1fb43f9155a47800b95738aff7e657fc@rundeck.desk-mail.com
http://assets2.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete