Welcome, Guest Login

Rundeck Enterprise Support Center

JNDI Custom Settings On Tomcat

Last Updated: Aug 16, 2016 01:53PM PDT

Using JNDI Resource Database Connection


This setting allow Rundeck to use JNDI database connections instead of the default grails settings.

1) Add the following entry  on $CATALINA_HOME/server.xml under the <GlobalNamingResources>   tag


<!-- Global JNDI resources
      Documentation at /docs/jndi-resources-howto.html
 -->
 <GlobalNamingResources>
   <!-- Editable user database that can also be used by
        UserDatabaseRealm to authenticate users
   -->
   <Resource name="UserDatabase" auth="Container"
             type="org.apache.catalina.UserDatabase"
             description="User database that can be updated and saved"
             factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
             pathname="conf/tomcat-users.xml" />

<Resource name="jdbc/rundeckdb"
                 global="jdbc/rundeckdb"
                 auth="Container"
                 type="javax.sql.DataSource"
   maxActive="100"
                maxIdle="30"
                maxWait="10000"
                username="rundeckuser"
                password="password"
                driverClassName="com.mysql.jdbc.Driver"
                url="jdbc:mysql://localhost:3306/rundeckdb"/>

</GlobalNamingResources>


2) Add the Resource link on $CATALINA_HOME/context.xml

<ResourceLink name="jdbc/rundeckdb"
                        global="jdbc/rundeckdb"
                        type="javax.sql.DataSource"/>


3) on $RDECK_HOME/etc/rundeck-config.properties add the dataSource.jndiName entry:

dataSource.jndiName=java:/comp/env/jdbc/rundeckdb

*this will replace the dataSource.* entries


Using JNDI Database to manage the authentication


To use a custom authentication method using database tables:

1)  It is necessary to have tables like this:

create table users (
user_name varchar(15) not null primary key,
user_pass varchar(15) not null
);

create table user_roles (
user_name varchar(15) not null,
role_name varchar(15) not null,
primary key (user_name, role_name)
);

insert into users('samuel','samuel');
insert into user_roles values('samuel','user');
insert into user_roles values('samuel','admin');


2) all user needs a default role called “user” by default, if you want to change that you need to edit $CATALINA_HOME/webapps/rundeckpro/WEB-INF/web.xml

<security-role> <role-name>user</role-name></security-role>
*change the default role name
3) defined on $CATALINA_HOME/server.xml the Resource connection like:
<!-- Global JNDI resources
      Documentation at /docs/jndi-resources-howto.html
 -->
 <GlobalNamingResources>
   <!-- Editable user database that can also be used by
        UserDatabaseRealm to authenticate users
   -->
   <Resource name="UserDatabase" auth="Container"
             type="org.apache.catalina.UserDatabase"
             description="User database that can be updated and saved"
             factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
             pathname="conf/tomcat-users.xml" />

    <Resource name="jdbc/testDB"
                       auth="Container"
                       type="javax.sql.DataSource"
                       maxActive="100"
                       maxIdle="30"
                       maxWait="10000"
                       username="rundeckauth"
                       password="password"
                       driverClassName="com.mysql.jdbc.Driver"                   
                       url="jdbc:mysql://localhost:3306/userauthdb?autoReconnect=true"/>

  </GlobalNamingResources>



4) defined on $CATALINA_HOME/server.xml the JNDI entry

     <!-- Use the LockOutRealm to prevent attempts to guess user passwords
          via a brute-force attack -->
     <Realm className="org.apache.catalina.realm.LockOutRealm">
       <!-- This Realm uses the UserDatabase configured in the global JNDI
            resources under the key "UserDatabase".  Any edits
            that are performed against this UserDatabase are immediately
            available for use by the Realm.  -->
       <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
              resourceName="UserDatabase"/>
     </Realm>

     <Realm className="org.apache.catalina.realm.DataSourceRealm"
                  dataSourceName="jdbc/testDB"
     userTable="users"
     userNameCol="user_name"
     userCredCol="user_pass" 
     userRoleTable="user_roles" 
     roleNameCol="role_name"/>



Further information on

https://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#DataSourceRealm

https://tomcat.apache.org/tomcat-7.0-doc/jndi-datasource-examples-howto.html#MySQL_DBCP_Example
 
1fb43f9155a47800b95738aff7e657fc@rundeck.desk-mail.com
http://assets0.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete