Welcome, Guest Login

Rundeck Pro Support Center

Install Rundeck Pro as a WAR+Tomcat on Windows

Last Updated: Jun 20, 2017 08:04AM PDT

The following instructions were created by running through an installation of Tomcat and Rundeck Pro on a Windows Server machine.
 

Install Dependencies

   

Install Apache Tomcat

 
  • Download Tomcat installer: http://tomcat.apache.org/whichversion.html
  • Run installer. Install path should not contain spaces (e.g, use C:\TomcatX.0).
  • It should detect your Java.
  • Note the %CATALINA_BASE% (eg, “C:\TomcatX.0”)

 

Configure Tomcat

 

Edit Tomcat tomcat-users.xml


<tomcat-users>
  <role rolename="user"/>
  <role rolename="admin"/>
  <user username="user" password="user" roles="user"/>
  <user username="admin" password="admin" roles="user,admin"/>
</tomcat-users>


Configure Active Directory Authentication (Optional)

 

Edit the %CATALINA_BASE%\conf\server.xml and add the following realm definition.

Replace the "@token@" strings with values corresponding to your Active Directory structure.
 

     <Realm className="org.apache.catalina.realm.JNDIRealm"
         connectionName="@jndi_connectionName@"
         connectionPassword="@jndi_connectionPassword@"
         connectionURL="@jndi_connectionURL@"
         referrals="follow"
         userPattern="@jndi_userPattern@"
         userSearch="(name={0})"
         userSubtree="true"
         roleBase="@jndi_roleBase@"
         roleName="cn"
         roleSearch="(member={0})"
         roleSubtree="true"
         roleNested="true"
         commonRole="user"
     />  


  Here are the descriptions for each attribute:
  • connectionName: The account bind name (eg, cn=user,ou=blah,dc=example,dc=com or eg, Administrator@sops.local)
  • connectionPassword: the connection user's password (eg 'password')
  • connectionURL: the URL to the ldap server (eg, 'ldap://192.168.50.11:389' )
  • userBase: Base for finding users. (eg, 'dc=example,dc=com')
  •              or userPattern: Pattern for finding users. (eg, 'cn={0},dc=example,dc=com')
  • userSearch: Filter use to find the user. (eg: (sAMAccountName={0}) or (name={0})
  • roleBase: Base for finding roles (eg 'OU=Rundeck,dc=example,dc=com' )

       

Create RUNDECK Instance Directory

 

The Rundeck instance directory contains configuration and data generated by the operational Rundeck. It includes project data, configuration files, logs and policies.

Create the directory structure:


mkdir C:\rundeckpro
mkdir C:\rundeckpro\etc
mkdir C:\rundeckpro\libext
mkdir C:\rundeckpro\projects
mkdir C:\rundeckpro\var
mkdir C:\rundeckpro\var\logs
mkdir C:\rundeckpro\var\tmp

 

Edit Tomcat catalina.properties

 

Add the following system properties in %CATALINA_BASE%\conf\catalina.properties.

These properties are needed during the WAR extraction to populate the %RDECK_BASE%.
 

  • rdeck.base: The path to the base directory where instance and project data reside.
  • rundeck.config.location: The path to the rundeck-config.properties file.
 

Example, add these two system properties (adjust rdeck.base if you chose a different path):


rdeck.base=C:\\rundeckpro
rundeck.config.location=C:\\rundeckpro\\etc\\rundeck-config.properties

 

 

* Note, you have to use two backslashes as a directory separator in the java properties file format.

 

Install the WAR file

 
  • Download the WAR file and locate as CATALINA_BASE%\webapps\rundeckpro.war
  • Extract the WAR file (optional. see note)
 

* Note, the WAR might automatically deploy. If the tomcat windows service is running, the auto deploy will extract the war and you should see a %CATALINA_BASE%\webapps\rundeckpro subdirectory.


Edit the RUNDECK configuration

 
  • Replace the @RDECK_BASE@ (eg, C:\\rundeckpro)
  • Replace the @SERVER_URL@ token with the URL accessible to your users.
  • Replace @SERVER_NAME@ and @SERVER_HOSTNAME@ with the fully qualified hostname.
  • Replace the @SERVER_PORT@ with the tomcat listening port (eg, 8080)
 

Create %RDECK_BASE%\etc\rundeck-config.properties


rdeck.base=@RDECK_BASE@
grails.serverURL=@SERVER_URL@
loglevel.default=INFO
rss.enabled=true
rundeck.projectsStorageType=db
dataSource.dbCreate=update
dataSource.url=jdbc:h2:file:@RDECK_BASE@\\var\\data\\grailsdb;MVCC=true;TRACE_LEVEL_FILE=4
rundeck.gui.login.welcome=Welcome to RUNDECK PRO
rundeck.storage.provider.1.path=/
rundeck.storage.provider.1.type=db



Create %RDECK_BASE%\etc\framework.properties


rdeck.base=@RDECK_BASE@
framework.server.name=@SERVER_NAME@
framework.server.hostname=@SERVER_HOSTNAME@
framework.server.port=@SERVER_PORT@
framework.server.url=@SERVER_URL@
framework.server.username=admin
framework.server.password=admin
framework.libext.dir=@RDECK_BASE@\\libext
framework.etc.dir=@RDECK_BASE@\\etc
framework.projects.dir=@RDECK_BASE@\\projects
framework.var.dir=@RDECK_BASE@\\var
framework.tmp.dir=@RDECK_BASE@\\var\\tmp
framework.logs.dir=@RDECK_BASE@\\var\\logs
framework.ssh.keypath=@RDECK_BASE@\\.ssh\\id_rsa
framework.ssh.user=@RUNDECK_USER@
framework.ssh.timeout=0

 

 Create %RDECK_BASE%\etc\admin.aclpolicy

 
description: Admin, all access.
context:
 project: '.*' # all projects
for:
 resource:
   - allow: '*' # allow read/create all kinds
 adhoc:
   - allow: '*' # allow read/running/killing adhoc jobs
 job: 
   - allow: '*' # allow read/write/delete/run/kill of all jobs
 node:
   - allow: '*' # allow read/run for all nodes
by:
 group: admin
 
---
 
description: Admin, all access.
context:
 application: 'rundeck'
for:
 resource:
   - allow: '*' # allow create of projects
 project:
   - allow: '*' # allow view/admin of all projects
 project_acl:
   - allow: '*' # allow admin of all project-level ACL policies
 storage:
   - allow: '*' # allow read/create/update/delete for all /keys/* storage content
by:
 group: admin


Create %RDECK_BASE%\etc\apitoken.aclpolicy


description: API project level access control
context:
 project: '.*' # all projects
for:
 resource:
   - equals:
       kind: job
     allow: [create,delete] # allow create and delete jobs
   - equals:
       kind: node
     allow: [read,create,update,refresh] # allow refresh node sources
   - equals:
       kind: event
     allow: [read,create] # allow read/create events
 adhoc:
   - allow: [read,run,kill] # allow running/killing adhoc jobs and read output
 job: 
   - allow: [create,read,update,delete,run,kill] # allow create/read/write/delete/run/kill of all jobs
 node:
   - allow: [read,run] # allow read/run for all nodes
by:
 group: api_token_group
 
---
 
description: API Application level access control
context:
 application: 'rundeck'
for:
 resource:
   - equals:
       kind: system
     allow: [read] # allow read of system info
 project:
   - match:
       name: '.*'
     allow: [read] # allow view of all projects
 storage:
   - match:
       path: '(keys|keys/.*)'
     allow: '*' # allow all access to manage stored keys
by:
 group: api_token_group

 

‚ÄčCreate %CATALINA_BASE%\webapps\rundeckpro\WEB-INF\classes\log4j.properties


log4j.rootLogger=warn, stdout, file
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d{ISO8601} %-5p %c{1} - %m%n
log4j.appender.file=org.apache.log4j.DailyRollingFileAppender
log4j.appender.file.file=@RDECK_BASE@\\var\\logs\\rundeck.log
log4j.appender.file.datePattern='.'yyyy-MM-dd
log4j.appender.file.append=true
log4j.appender.file.layout=org.apache.log4j.PatternLayout
log4j.appender.file.layout.ConversionPattern=%d{ISO8601} [%t] %-5p %c - %m%n 


To check a full template, check:

http://support.rundeck.com/customer/portal/articles/2419019-log4j-properties-template

 

Restart the Tomcat Service


Go to the System control panel and open the Services manager.

  • Press Restart link
  • Visit the log files. Logs will be in %CATALINA_BASE%\logs

 

* Note, the should be no stacktraces in the log. If one is found, it will probably be a configuration or installation error.


Login to Rundeck PRO


Go to the server URL and attempt to login.


Troubleshooting
  • Make sure windows firewall opens ports for the windows management application (eg tcp/5985)

 
1fb43f9155a47800b95738aff7e657fc@rundeck.desk-mail.com
http://assets1.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete