Welcome, Guest Login

Rundeck Enterprise Support Center

Install Rundeck PRO with Tomcat on Linux

Last Updated: May 02, 2017 07:55AM PDT

*Replace $RDECK_BASE with your rundeck base path.
*Replace $CATALINA_BASE with your tomcat base path.
 

  1. Download the latest version of rundeck PRO (war file):  http://download.rundeck.com/versions.html
 
  1. Install tomcat on linux environment, this could be done using a rpm/deb package (depending on your OS) or just using the binaries.
  
    Check your tomcat home folder (or Catalina home), eg: /app/tomcat.
 
  1. create the following folders on $RDECK_BASE (eg: /app/rundeckpro)

$RDECK_BASE/etc
$RDECK_BASE/libext
$RDECK_BASE/projects
$RDECK_BASE/var
$RDECK_BASE/var/logs
$RDECK_BASE/var/data
$RDECK_BASE/var/tmp

 
  1. Edit or create the setenv.sh file on $CATALINA_BASE/bin and put this content

JAVA_OPTS="$JAVA_OPTS -XX:MaxPermSize=256m -Xmx2048m -Xms512m -server  -Drdeck.base=$RDECK_BASE -Drundeck.config.location=$RDECK_BASE/etc/rundeck-config.properties"

*If you installed rundeck with RPM, the settings should be on /etc/tomcat/tomcat.conf
*the memory settings depends on your environment
 
  1. Add users to $CATALINA_BASE/conf/tomcat_users.xml

           <tomcat-users>
                <role rolename="user"/>
                <role rolename="admin"/>
               <user username="user" password="user" roles="user"/>
               <user username="admin" password="admin" roles="user,admin"/>
          </tomcat-users>

 
  1. Copy the war file to $CATALINA_BASE/webapps/rundeckpro.war
 
  1. Extract the war file on $CATALINA_BASE/webapps/rundeckpro. This can be done manually (using unzip or tar), or starting tomcat.
 
  1. Create the file log4j.properties on $CATALINA_BASE/webapps/rundeckpro/WEB-INF/classes/log4j.properties

           Copy the content of this file:
           http://support.rundeck.com/customer/portal/articles/2419019-log4j-properties-template

      *replace the paths with $RDECK_BASE
 
  1. Create the following config files on $RDECK_BASE/etc with the content:
 
  • rundeck-config.properties

#loglevel.default is the default log level for jobs: ERROR,WARN,INFO,VERBOSE,DEBUG
loglevel.default=INFO
rdeck.base=$RDECK_BASE #replace with the real path

#rss.enabled if set to true enables RSS feeds that are public (non-authenticated)
rss.enabled=true
grails.serverURL=http://localhost:8080/rundeckpro  #replace with the real URL

dataSource.dbCreate = update
#it is recommended to use an external DB
dataSource.url = jdbc:h2:file:$RDECK_BASE/var/data/grailsdb;MVCC=true

# Pre Auth mode settings
rundeck.security.authorization.preauthenticated.enabled=false
rundeck.security.authorization.preauthenticated.attributeName=REMOTE_USER_GROUPS
rundeck.security.authorization.preauthenticated.delimiter=,
# Header from which to obtain user name
rundeck.security.authorization.preauthenticated.userNameHeader=X-Forwarded-Uuid
# Header from which to obtain list of roles
rundeck.security.authorization.preauthenticated.userRolesHeader=X-Forwarded-Roles
# Redirect to upstream logout url
rundeck.security.authorization.preauthenticated.redirectLogout=false
rundeck.security.authorization.preauthenticated.redirectUrl=/oauth2/sign_in

 
  • framework.properties

# ----------------------------------------------------------------
# Server connection information
# ----------------------------------------------------------------

framework.server.name = servername
framework.server.hostname = serverhostname
framework.server.port = 8080
framework.server.url = http://localhost:8080/rundeckpro  #replace with the real URL

# ----------------------------------------------------------------
# Installation locations
# ----------------------------------------------------------------

rdeck.base=$RDECK_BASE  #replace with the real path

framework.projects.dir=$RDECK_BASE/projects
framework.etc.dir=$RDECK_BASE/etc
framework.var.dir=$RDECK_BASE/var
framework.tmp.dir=$RDECK_BASE/var/tmp
framework.logs.dir=$RDECK_BASE/var/logs
framework.libext.dir=$RDECK_BASE/libext

# ----------------------------------------------------------------
# SSH defaults for node executor and file copier
# ----------------------------------------------------------------

framework.ssh.keypath = /home/someuser/.ssh/id_rsa
framework.ssh.user = someuser

# ssh connection timeout after a specified number of milliseconds.
# "0" value means wait forever.
framework.ssh.timeout = 0

# ----------------------------------------------------------------
rundeck.server.uuid = XXXXXX #generate with uuidgen

# ----------------------------------------------------------------
# System-wide global variables.
# ----------------------------------------------------------------

# Expands to ${globals.var1}
#framework.globals.var1 = value1

# Expands to ${globals.var2}
#framework.globals.var2 = value2

 
  • apitoken.aclpolicy

description: API project level access control
context:
 project: '.*' # all projects
for:
 resource:
   - equals:
       kind: job
     allow: [create,delete,run] # allow create and delete jobs
   - equals:
       kind: node
     allow: [read,create,update,refresh] # allow refresh node sources
   - equals:
       kind: event
     allow: [read,create] # allow read/create events
 adhoc:
   - allow: [read,run,kill] # allow running/killing adhoc jobs and read output
 job:
   - allow: [create,read,update,delete,run,kill] # allow create/read/write/delete/run/kill of all jobs
 node:
   - allow: [read,run] # allow read/run for all nodes
by:
 group: api_token_group

---

description: API Application level access control
context:
 application: 'rundeck'
for:
 resource:
   - equals:
       kind: system
     allow: [read] # allow read of system info
 project:
   - match:
       name: '.*'
     allow: [read] # allow view of all projects
 storage:
   - match:
       path: '(keys|keys/.*)'
     allow: '*' # allow all access to manage stored keys
by:
 group: api_token_group



 
  • admin.aclpolicy

description: Admin, all access.
context:
 project: '.*' # all projects
for:
 resource:
   - allow: '*' # allow read/create all kinds
 adhoc:
   - allow: '*' # allow read/running/killing adhoc jobs
 job:
   - allow: '*' # allow read/write/delete/run/kill of all jobs
 node:
   - allow: '*' # allow read/run for all nodes
by:
 group: admin

---

description: Admin, all access.
context:
 application: 'rundeck'
for:
 resource:
   - allow: '*' # allow create of projects
 project:
   - allow: '*' # allow view/admin of all projects
 project_acl:
   - allow: '*' # allow admin of all project-level ACL policies
 storage:
   - allow: '*' # allow read/create/update/delete for all /keys/* storage content
by:
 group: admin


 
  1. Add extra settings to $RDECK_BASE/etc/rundeck-config.properties

*it is recommended to use an external database, and save the project settings and key storage on this database. Please check: http://rundeck.org/docs/administration/setting-up-an-rdb-datasource.html
 
  1. Add a server UUID on $RDECK_BASE/etc/framework.properties
     Eg: rundeck.server.uuid=XXXXXX.
     You can generate the server UUID the command uuidgen
 
  1. Start or restart tomcat
 
  1. Upload a license key
1fb43f9155a47800b95738aff7e657fc@rundeck.desk-mail.com
http://assets3.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete